• Johannes Weiner's avatar
    HID: fix waitqueue usage in hiddev · 96fe2ab8
    Johannes Weiner authored
    DECLARE_WAITQUEUE doesn't initialize the wait descriptor's task_list
    to 'empty' but to zero.
    
    prepare_to_wait() will not enqueue the descriptor to the waitqueue and
    finish_wait() will do list_del_init() on a list head that contains
    NULL pointers, which oopses.
    
    This was introduced by 07903407 "HID: hiddev cleanup -- handle all
    error conditions properly".
    
    The prior code used an unconditional add_to_waitqueue() which didn't
    care about the wait descriptor's list head and enqueued the thing
    unconditionally.
    
    The new code uses prepare_to_wait() which DOES check the prior list
    state, so use DEFINE_WAIT instead.
    Signed-off-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
    Cc: Oliver Neukum <oliver@neukum.name>
    Cc: Jiri Kosina <jkosina@suse.cz>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
    96fe2ab8
hiddev.c 23.4 KB