Commit 52dee2c9 authored by H. Nikolaus Schaller's avatar H. Nikolaus Schaller Committed by Dmitry Torokhov

Input: twl6040-vibra - fix NULL pointer dereference by removing workqueue

commit 21fb9f0d ("Input: twl6040-vibra - use system workqueue")

says that it switches to use the system workqueue but it did neither

- remove the workqueue struct variable
- replace code to really use the system workqueue

Instead it calls queue_work() on uninitialized info->workqueue.

The result is a NULL pointer dereference in vibra_play().

Solution: use schedule_work
Signed-off-by: default avatarH. Nikolaus Schaller <hns@goldelico.com>
Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
parent eda5ecc0
...@@ -45,7 +45,6 @@ ...@@ -45,7 +45,6 @@
struct vibra_info { struct vibra_info {
struct device *dev; struct device *dev;
struct input_dev *input_dev; struct input_dev *input_dev;
struct workqueue_struct *workqueue;
struct work_struct play_work; struct work_struct play_work;
struct mutex mutex; struct mutex mutex;
int irq; int irq;
...@@ -213,7 +212,7 @@ static int vibra_play(struct input_dev *input, void *data, ...@@ -213,7 +212,7 @@ static int vibra_play(struct input_dev *input, void *data,
info->strong_speed = effect->u.rumble.strong_magnitude; info->strong_speed = effect->u.rumble.strong_magnitude;
info->direction = effect->direction < EFFECT_DIR_180_DEG ? 1 : -1; info->direction = effect->direction < EFFECT_DIR_180_DEG ? 1 : -1;
ret = queue_work(info->workqueue, &info->play_work); ret = schedule_work(&info->play_work);
if (!ret) { if (!ret) {
dev_info(&input->dev, "work is already on queue\n"); dev_info(&input->dev, "work is already on queue\n");
return ret; return ret;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment