1. Patchew
  2. linux
  3. View series

[PATCH] HID: wacom: fix crash in wacom_aes_battery_handler()

Thomas Zeitlhofer posted 1 patch 7 months ago 
drivers/hid/wacom_sys.c | 1 +
1 file changed, 1 insertion(+)
[PATCH] HID: wacom: fix crash in wacom_aes_battery_handler()
Posted by Thomas Zeitlhofer 7 months ago 
Commit fd2a9b29dc9c ("HID: wacom: Remove AES power_supply after extended
inactivity") introduced wacom_aes_battery_handler() which is scheduled
as a delayed work (aes_battery_work).

In wacom_remove(), aes_battery_work is not canceled. Consequently, if
the device is removed while aes_battery_work is still pending, then hard
crashes or "Oops: general protection fault..." are experienced when
wacom_aes_battery_handler() is finally called. E.g., this happens with
built-in USB devices after resume from hibernate when aes_battery_work
was still pending at the time of hibernation.

So, take care to cancel aes_battery_work in wacom_remove().

Fixes: fd2a9b29dc9c ("HID: wacom: Remove AES power_supply after extended inactivity")
Signed-off-by: Thomas Zeitlhofer <thomas.zeitlhofer+lkml@ze-it.at>
---
 drivers/hid/wacom_sys.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c
index eaf099b2efdb..e74c1a4c5b61 100644
--- a/drivers/hid/wacom_sys.c
+++ b/drivers/hid/wacom_sys.c
@@ -2901,6 +2901,7 @@ static void wacom_remove(struct hid_device *hdev)
 	hid_hw_stop(hdev);
 
 	cancel_delayed_work_sync(&wacom->init_work);
+	cancel_delayed_work_sync(&wacom->aes_battery_work);
 	cancel_work_sync(&wacom->wireless_work);
 	cancel_work_sync(&wacom->battery_work);
 	cancel_work_sync(&wacom->remote_work);
-- 
2.39.5
Re: [PATCH] HID: wacom: fix crash in wacom_aes_battery_handler()
Posted by Jiri Kosina 6 months, 1 week ago 
On Mon, 19 May 2025, Thomas Zeitlhofer wrote:

> Commit fd2a9b29dc9c ("HID: wacom: Remove AES power_supply after extended
> inactivity") introduced wacom_aes_battery_handler() which is scheduled
> as a delayed work (aes_battery_work).
> 
> In wacom_remove(), aes_battery_work is not canceled. Consequently, if
> the device is removed while aes_battery_work is still pending, then hard
> crashes or "Oops: general protection fault..." are experienced when
> wacom_aes_battery_handler() is finally called. E.g., this happens with
> built-in USB devices after resume from hibernate when aes_battery_work
> was still pending at the time of hibernation.
> 
> So, take care to cancel aes_battery_work in wacom_remove().
> 
> Fixes: fd2a9b29dc9c ("HID: wacom: Remove AES power_supply after extended inactivity")
> Signed-off-by: Thomas Zeitlhofer <thomas.zeitlhofer+lkml@ze-it.at>

This looks good to me, and I am planning to push it to Linus through 
for-6.16/upstream-fixes.

Jason, Ping, any chance you could give your Ack to this one before I do 
so, please?

Thanks.

> ---
>  drivers/hid/wacom_sys.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c
> index eaf099b2efdb..e74c1a4c5b61 100644
> --- a/drivers/hid/wacom_sys.c
> +++ b/drivers/hid/wacom_sys.c
> @@ -2901,6 +2901,7 @@ static void wacom_remove(struct hid_device *hdev)
>  	hid_hw_stop(hdev);
>  
>  	cancel_delayed_work_sync(&wacom->init_work);
> +	cancel_delayed_work_sync(&wacom->aes_battery_work);
>  	cancel_work_sync(&wacom->wireless_work);
>  	cancel_work_sync(&wacom->battery_work);
>  	cancel_work_sync(&wacom->remote_work);
> -- 
> 2.39.5
> 

-- 
Jiri Kosina
SUSE Labs
Re: [PATCH] HID: wacom: fix crash in wacom_aes_battery_handler()
Posted by Ping Cheng 6 months, 1 week ago 
On Tue, Jun 10, 2025 at 12:21 PM Jiri Kosina <jikos@kernel.org> wrote:
>
> On Mon, 19 May 2025, Thomas Zeitlhofer wrote:
>
> > Commit fd2a9b29dc9c ("HID: wacom: Remove AES power_supply after extended
> > inactivity") introduced wacom_aes_battery_handler() which is scheduled
> > as a delayed work (aes_battery_work).
> >
> > In wacom_remove(), aes_battery_work is not canceled. Consequently, if
> > the device is removed while aes_battery_work is still pending, then hard
> > crashes or "Oops: general protection fault..." are experienced when
> > wacom_aes_battery_handler() is finally called. E.g., this happens with
> > built-in USB devices after resume from hibernate when aes_battery_work
> > was still pending at the time of hibernation.
> >
> > So, take care to cancel aes_battery_work in wacom_remove().
> >
> > Fixes: fd2a9b29dc9c ("HID: wacom: Remove AES power_supply after extended inactivity")
> > Signed-off-by: Thomas Zeitlhofer <thomas.zeitlhofer+lkml@ze-it.at>

Acked-by: Ping Cheng <ping.cheng@wacom.com>

Thank you, Thomas, for the patch. Your support is greatly appreciated!

> This looks good to me, and I am planning to push it to Linus through
> for-6.16/upstream-fixes.
>
> Jason, Ping, any chance you could give your Ack to this one before I do
> so, please?

The patch looks reasonable to me, too. My Acked-by is added above.

Thank you, both of you!
Ping

>
> Thanks.
>
> > ---
> >  drivers/hid/wacom_sys.c | 1 +
> >  1 file changed, 1 insertion(+)
> >
> > diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c
> > index eaf099b2efdb..e74c1a4c5b61 100644
> > --- a/drivers/hid/wacom_sys.c
> > +++ b/drivers/hid/wacom_sys.c
> > @@ -2901,6 +2901,7 @@ static void wacom_remove(struct hid_device *hdev)
> >       hid_hw_stop(hdev);
> >
> >       cancel_delayed_work_sync(&wacom->init_work);
> > +     cancel_delayed_work_sync(&wacom->aes_battery_work);
> >       cancel_work_sync(&wacom->wireless_work);
> >       cancel_work_sync(&wacom->battery_work);
> >       cancel_work_sync(&wacom->remote_work);
> > --
> > 2.39.5
> >
>
> --
> Jiri Kosina
> SUSE Labs
>
>
Re: [PATCH] HID: wacom: fix crash in wacom_aes_battery_handler()
Posted by Jiri Kosina 6 months, 1 week ago 
On Tue, 10 Jun 2025, Ping Cheng wrote:

> > > Commit fd2a9b29dc9c ("HID: wacom: Remove AES power_supply after extended
> > > inactivity") introduced wacom_aes_battery_handler() which is scheduled
> > > as a delayed work (aes_battery_work).
> > >
> > > In wacom_remove(), aes_battery_work is not canceled. Consequently, if
> > > the device is removed while aes_battery_work is still pending, then hard
> > > crashes or "Oops: general protection fault..." are experienced when
> > > wacom_aes_battery_handler() is finally called. E.g., this happens with
> > > built-in USB devices after resume from hibernate when aes_battery_work
> > > was still pending at the time of hibernation.
> > >
> > > So, take care to cancel aes_battery_work in wacom_remove().
> > >
> > > Fixes: fd2a9b29dc9c ("HID: wacom: Remove AES power_supply after extended inactivity")
> > > Signed-off-by: Thomas Zeitlhofer <thomas.zeitlhofer+lkml@ze-it.at>
> 
> Acked-by: Ping Cheng <ping.cheng@wacom.com>
> 
> Thank you, Thomas, for the patch. Your support is greatly appreciated!

Excellent, thanks. Now queued in hid.git#for-6.16/upstream-fixes.

Thanks,

-- 
Jiri Kosina
SUSE Labs

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.