provider [david.laight[at]runbox.com] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager SpamTally: Final spam score: 4 On Sat, 29 Nov 2025 08:33:42 +0800 Gui-Dong Han wrote: > On Sat, Nov 29, 2025 at 3:37=E2=80=AFAM david laight wrote: > > > > On Fri, 28 Nov 2025 20:38:16 +0800 > > Gui-Dong Han wrote: > > =20 > > > The macros FAN_FROM_REG and TEMP_FROM_REG evaluate their arguments > > > multiple times. When used in lockless contexts involving shared driver > > > data, this causes Time-of-Check to Time-of-Use (TOCTOU) race > > > conditions. > > > > > > Convert the macros to static functions. This guarantees that arguments > > > are evaluated only once (pass-by-value), preventing the race > > > conditions. > > > > > > Adhere to the principle of minimal changes by only converting macros > > > that evaluate arguments multiple times and are used in lockless > > > contexts. > > > > > > Link: https://lore.kernel.org/all/CALbr=3DLYJ_ehtp53HXEVkSpYoub+XYSTU= 8Rg=3Do1xxMJ8=3D5z8B-g@mail.gmail.com/ > > > Fixes: 85f03bccd6e0 ("hwmon: Add support for Winbond W83L786NG/NR") > > > Cc: stable@vger.kernel.org > > > Signed-off-by: Gui-Dong Han > > > --- > > > Based on the discussion in the link, I will submit a series of patche= s to > > > address TOCTOU issues in the hwmon subsystem by converting macros to > > > functions or adjusting locking where appropriate. > > > --- > > > drivers/hwmon/w83l786ng.c | 26 ++++++++++++++++++-------- > > > 1 file changed, 18 insertions(+), 8 deletions(-) > > > > > > diff --git a/drivers/hwmon/w83l786ng.c b/drivers/hwmon/w83l786ng.c > > > index 9b81bd406e05..1d9109ca1585 100644 > > > --- a/drivers/hwmon/w83l786ng.c > > > +++ b/drivers/hwmon/w83l786ng.c > > > @@ -76,15 +76,25 @@ FAN_TO_REG(long rpm, int div) > > > return clamp_val((1350000 + rpm * div / 2) / (rpm * div), 1, 25= 4); > > > } > > > > > > -#define FAN_FROM_REG(val, div) ((val) =3D=3D 0 ? -1 : \ > > > - ((val) =3D=3D 255 ? 0 : \ > > > - 1350000 / ((val) * (div)))) > > > +static int fan_from_reg(int val, int div) > > > +{ > > > + if (val =3D=3D 0) > > > + return -1; > > > + if (val =3D=3D 255) > > > + return 0; > > > + return 1350000 / (val * div); > > > +} > > > > > > /* for temp */ > > > #define TEMP_TO_REG(val) (clamp_val(((val) < 0 ? (val) + 0x100 *= 1000 \ > > > : (val)) / 1000, = 0, 0xff)) =20 > > > > Can you change TEMP_TO_REG() as well. > > And just use plain clamp() while you are at it. > > Both these temperature conversion functions have to work with negative = temperatures. > > But the signed-ness gets passed through from the parameter - which may = not be right. > > IIRC some come from FIELD_GET() and will be 'unsigned long' unless cast= somewhere. > > The function parameter 'corrects' the type to a signed one. > > > > So you are fixing potential bugs as well. =20 >=20 > Hi David, >=20 > Thanks for your feedback on TEMP_TO_REG and the detailed explanation > regarding macro risks. >=20 > Guenter has already applied this patch. Patches are supposed to be posted for review and applied a few days later. > Since the primary scope here > was strictly addressing TOCTOU race conditions (and TEMP_TO_REG is not > used in lockless contexts), it wasn't included. >=20 > However, I appreciate your point regarding type safety. I will look > into addressing that in a future separate patch. It's not just type safety, and #define that evaluates an argument more than one is just a bug waiting to happen. We've been removing (or trying not to write) those since the 1980s. You also just didn't read the code: -#define TEMP_FROM_REG(val) (((val) & 0x80 ? \ - (val) - 0x100 : (val)) * 1000) + +static int temp_from_reg(int val) +{ + if (val & 0x80) + return (val - 0x100) * 1000; + return val * 1000; +} Both those only work if 'val' is 8 bits. They are just ((s8)(val) * 1000) and generate a milli-centigrade value from the 8-bit signed centigrade value the hardware provides. TEMP_TO_REG() is the opposite, so is: (u8)clamp((val) / 1000, -128, 127) That is subtly different since it truncates negative values towards zero rather than -infinity. The more complicated: (u8)(clamp(((val) + 128 * 1000)/1000, 0, 0xff) - 128) would exactly match the original (and generate less code) but I suspect it doesn't matter here. David >=20 > Best regards, > Gui-Dong Han >=20 From - Sat Nov 29 12:37:08 2025 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Delivered-To: hi@josie.lol Received: from witcher.mxrouting.net by witcher.mxrouting.net with LMTP id 8FgfGvDoKmnlaQkAYBR5ng (envelope-from ) for ; Sat, 29 Nov 2025 12:37:04 +0000 Return-path: Envelope-to: hi@josie.lol Delivery-date: Sat, 29 Nov 2025 12:37:04 +0000 Received: from sv.mirrors.kernel.org ([139.178.88.99]) by witcher.mxrouting.net with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.98) (envelope-from ) id 1vPKCF-00000002m7k-4208 for hi@josie.lol; Sat, 29 Nov 2025 12:37:04 +0000 Received: from smtp.subspace.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id A3FA93A286A for ; Sat, 29 Nov 2025 12:37:02 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3E4C318C03F; Sat, 29 Nov 2025 12:36:58 +0000 (UTC) X-Original-To: stable@vger.kernel.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D4A8778F3A; Sat, 29 Nov 2025 12:36:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764419818; cv=none; b=Wsi6CMI7Q3Lwx24W6nD7gvl9lfVLDgxiUHJCPdM7wCxpQMKYG/MPqqTI7WV5P8VOmQnLvecvCBWUlbgCj22hm547hK6iTywtJGffDjn8/Dt5ekx1diGIPVRd+qCtpn6ln2qpMbjn7LN+tVgYIhRWKyGS4ntUqCjFWGrb6rHIDb8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764419818; c=relaxed/simple; bh=DiV1stPWOn0B1rqNeg36zldNtgUkou0lBtBa+NAFznI=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Content-Type; b=B4i9fkDEK1UUWGm0YKFPK+yPpEVcq8V2eWtuAqYtmbBAIXvJjaMP7y7k3NkzhoUcB97TFpyJd9XqOi8zL1BOLKH+run+xozSawQSjT+VzDjdzSltA4A0JomRyLaJapt21lGMUTEf2H9CRkMTjbxyxntJZWlkiOR2aASd9/zmgC0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6D1E51063; Sat, 29 Nov 2025 04:36:46 -0800 (PST) Received: from e12