Re: [PATCH v2 1/4] HID: asus: mitigate possible use-after-free

Next message: Brendan Jackman: "Re: [PATCH v2 09/22] mm/page_alloc: don't overload migratetype in find_suitable_fallback()"
Previous message: IBM: "Re: [PATCH v3 RESEND 02/10] KVM: selftests: Add aligned guest physical page allocator"
In reply to: Denis Benato: "[PATCH v2 1/4] HID: asus: mitigate possible use-after-free"
Next in thread: Denis Benato: "[PATCH v2 2/4] HID: asus: prevent wrong pointer cast"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Antheas Kapenekakis

Date: Fri Jun 12 2026 - 10:44:56 EST

On Fri, 12 Jun 2026 at 16:23, Denis Benato <denis.benato@xxxxxxxxx> wrote:
>
> The kbd_backlight pointer is not being set to NULL after being freed in
> asus_kbd_register_leds and other portions of the driver checks that field,
> therefore set the pointer to NULL after being freed.
>
> Link: https://lore.kernel.org/all/20260612130125.AAAE71F000E9@xxxxxxxxxxxxxxx/
>
> Suggested-by: sashiko-bot@xxxxxxxxxx

Good catch. I verified devm_kfree does not mutate the pointer. I
recall this being there before from the comment.

Reviewed-by: Antheas Kapenekakis <lkml@xxxxxxxxxxx>

> Signed-off-by: Denis Benato <denis.benato@xxxxxxxxx>
> ---
> drivers/hid/hid-asus.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/hid/hid-asus.c b/drivers/hid/hid-asus.c
> index d34d74df3dc0..4d7110b892bd 100644
> --- a/drivers/hid/hid-asus.c
> +++ b/drivers/hid/hid-asus.c
> @@ -777,6 +777,7 @@ static int asus_kbd_register_leds(struct hid_device *hdev)
> if (ret < 0) {
> /* No need to have this still around */
> devm_kfree(&hdev->dev, drvdata->kbd_backlight);
> + drvdata->kbd_backlight = NULL;
> }
>
> return ret;
> --
> 2.47.3
>
>