[RFC v1 2/3] max17042_battery: fix potential user-after-free on module unload
From: Sven Van Asbroeck
Date: Mon Feb 04 2019 - 17:10:11 EST
The work which is scheduled on a POR boot is potentially left
pending or running until after the driver module is unloaded.
Fix by using resource-controlled version of INIT_WORK().
Signed-off-by: Sven Van Asbroeck <TheSven73@xxxxxxxxxxxxxx>
---
drivers/power/supply/max17042_battery.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/power/supply/max17042_battery.c b/drivers/power/supply/max17042_battery.c
index 2a8d75e5e930..a61e2b81f68a 100644
--- a/drivers/power/supply/max17042_battery.c
+++ b/drivers/power/supply/max17042_battery.c
@@ -1100,7 +1100,10 @@ static int max17042_probe(struct i2c_client *client,
regmap_read(chip->regmap, MAX17042_STATUS, &val);
if (val & STATUS_POR_BIT) {
- INIT_WORK(&chip->work, max17042_init_worker);
+ ret = devm_init_work(&client->dev, &chip->work,
+ max17042_init_worker);
+ if (ret)
+ return ret;
schedule_work(&chip->work);
} else {
chip->init_complete = 1;
--
2.17.1