Input: twl6040-vibra - fix NULL pointer dereference by removing workqueue

commit 21fb9f0d ("Input: twl6040-vibra - use system workqueue") says that it switches to use the system workqueue but it did neither - remove the workqueue struct variable - replace code to really use the system workqueue Instead it calls queue_work() on uninitialized info->workqueue. The result is a NULL pointer dereference in vibra_play(). Solution: use schedule_work Signed-off-by: N H. Nikolaus Schaller <hns@goldelico.com> Signed-off-by: N Dmitry Torokhov <dmitry.torokhov@gmail.com>

Input: twl6040-vibra - fix NULL pointer dereference by removing workqueue
commit 21fb9f0d ("Input: twl6040-vibra - use system workqueue") says that it switches to use the system workqueue but it did neither - remove the workqueue struct variable - replace code to really use the system workqueue Instead it calls queue_work() on uninitialized info->workqueue. The result is a NULL pointer dereference in vibra_play(). Solution: use schedule_work Signed-off-by: N H. Nikolaus Schaller <hns@goldelico.com> Signed-off-by: N Dmitry Torokhov <dmitry.torokhov@gmail.com>
52dee2c9 · H. Nikolaus Schaller · Dmitry Torokhov · eda5ecc0 · 52dee2c9
隐藏空白更改
内联并排

Showing with 1 addition and 2 deletion

drivers/input/misc/twl6040-vibra.c drivers/input/misc/twl6040-vibra.c +1 -2

未找到文件。
--- a/drivers/input/misc/twl6040-vibra.c
+++ b/drivers/input/misc/twl6040-vibra.c
@@ -45,7 +45,6 @@
 struct vibra_info {
 	struct device *dev;
 	struct input_dev *input_dev;
-	struct workqueue_struct *workqueue;
 	struct work_struct play_work;
 	struct mutex mutex;
 	int irq;
@@ -213,7 +212,7 @@ static int vibra_play(struct input_dev *input, void *data,
 	info->strong_speed = effect->u.rumble.strong_magnitude;
 	info->direction = effect->direction < EFFECT_DIR_180_DEG ? 1 : -1;

-	ret = queue_work(info->workqueue, &info->play_work);
+	ret = schedule_work(&info->play_work);
 	if (!ret) {
 		dev_info(&input->dev, "work is already on queue\n");
 		return ret;