Commit 52dee2c9 authored Apr 18, 2016 by H. Nikolaus Schaller Committed by Dmitry Torokhov Apr 19, 2016

Input: twl6040-vibra - fix NULL pointer dereference by removing workqueue



commit 21fb9f0d ("Input: twl6040-vibra - use system workqueue")

says that it switches to use the system workqueue but it did neither

- remove the workqueue struct variable
- replace code to really use the system workqueue

Instead it calls queue_work() on uninitialized info->workqueue.

The result is a NULL pointer dereference in vibra_play().

Solution: use schedule_work

Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>

parent eda5ecc0

drivers/input/misc/twl6040-vibra.c

+1 −2

Original line number	Diff line number	Diff line
		@@ -45,7 +45,6 @@
		struct vibra_info {
		struct device *dev;
		struct input_dev *input_dev;
		struct workqueue_struct *workqueue;
		struct work_struct play_work;
		struct mutex mutex;
		int irq;
		@@ -213,7 +212,7 @@ static int vibra_play(struct input_dev input, void data,
		info->strong_speed = effect->u.rumble.strong_magnitude;
		info->direction = effect->direction < EFFECT_DIR_180_DEG ? 1 : -1;

		ret = queue_work(info->workqueue, &info->play_work);
		ret = schedule_work(&info->play_work);
		if (!ret) {
		dev_info(&input->dev, "work is already on queue\n");
		return ret;

Admin message