Commit a3b53563 authored Jun 07, 2024 by Danny Kaehn Committed by Yuan Can Jun 07, 2024

hid: cp2112: Fix duplicate workqueue initialization

stable inclusion
from stable-v4.19.299
commit 3d959406c8fff2334d83d0c352d54fd6f5b2e7cd
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9RFR6
CVE: CVE-2023-52853

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3d959406c8fff2334d83d0c352d54fd6f5b2e7cd



--------------------------------

Previously the cp2112 driver called INIT_DELAYED_WORK within
cp2112_gpio_irq_startup, resulting in duplicate initilizations of the
workqueue on subsequent IRQ startups following an initial request. This
resulted in a warning in set_work_data in workqueue.c, as well as a rare
NULL dereference within process_one_work in workqueue.c.

Initialize the workqueue within _probe instead.

Fixes: 13de9cca ("HID: cp2112: add IRQ chip handling")
Signed-off-by: Danny Kaehn <danny.kaehn@plexus.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>

Conflicts:
        drivers/hid/hid-cp2112.c
[Fix context]
Signed-off-by: Yuan Can <yuancan@huawei.com>

parent 5673bfb2

drivers/hid/hid-cp2112.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -1158,8 +1158,6 @@ static unsigned int cp2112_gpio_irq_startup(struct irq_data *d)
		struct gpio_chip *gc = irq_data_get_irq_chip_data(d);
		struct cp2112_device *dev = gpiochip_get_data(gc);

		INIT_DELAYED_WORK(&dev->gpio_poll_worker, cp2112_gpio_poll_callback);

		if (!dev->gpio_poll) {
		dev->gpio_poll = true;
		schedule_delayed_work(&dev->gpio_poll_worker, 0);
		@@ -1343,6 +1341,8 @@ static int cp2112_probe(struct hid_device hdev, const struct hid_device_id id)
		dev->gc.can_sleep = 1;
		dev->gc.parent = &hdev->dev;

		INIT_DELAYED_WORK(&dev->gpio_poll_worker, cp2112_gpio_poll_callback);

		ret = gpiochip_add_data(&dev->gc, dev);
		if (ret < 0) {
		hid_err(hdev, "error registering gpio chip\n");