summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohannes Weiner <hannes@cmpxchg.org>2009-03-10 22:44:01 +0100
committerJiri Kosina <jkosina@suse.cz>2009-03-10 22:44:01 +0100
commit96fe2ab830d7dffee1b3d8abf27ced4d7d5765e7 (patch)
treef59b1549ecf9fe5e2c5adafc77d16aa36942e07d
parentHID: fix incorrect free in hiddev (diff)
downloadlinux-96fe2ab830d7dffee1b3d8abf27ced4d7d5765e7.tar.xz
linux-96fe2ab830d7dffee1b3d8abf27ced4d7d5765e7.zip
HID: fix waitqueue usage in hiddev
DECLARE_WAITQUEUE doesn't initialize the wait descriptor's task_list to 'empty' but to zero. prepare_to_wait() will not enqueue the descriptor to the waitqueue and finish_wait() will do list_del_init() on a list head that contains NULL pointers, which oopses. This was introduced by 079034073 "HID: hiddev cleanup -- handle all error conditions properly". The prior code used an unconditional add_to_waitqueue() which didn't care about the wait descriptor's list head and enqueued the thing unconditionally. The new code uses prepare_to_wait() which DOES check the prior list state, so use DEFINE_WAIT instead. Signed-off-by: Johannes Weiner <hannes@cmpxchg.org> Cc: Oliver Neukum <oliver@neukum.name> Cc: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-rw-r--r--drivers/hid/usbhid/hiddev.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
index 00ea1ed282a9..1f5b5d4c3c34 100644
--- a/drivers/hid/usbhid/hiddev.c
+++ b/drivers/hid/usbhid/hiddev.c
@@ -323,7 +323,7 @@ static ssize_t hiddev_write(struct file * file, const char __user * buffer, size
*/
static ssize_t hiddev_read(struct file * file, char __user * buffer, size_t count, loff_t *ppos)
{
- DECLARE_WAITQUEUE(wait, current);
+ DEFINE_WAIT(wait);
struct hiddev_list *list = file->private_data;
int event_size;
int retval;