[PATCH v2] HID: pidff: Fix condition effect bit clearing

Next message: Ulf Hansson: "Re: [PATCH v1] PM: sleep: core: Clear device async state upfront during suspend"
Previous message: Chris Spencer: "[PATCH v2] iio: chemical: bme680: Fix measurement wait duration calculation"
Next in thread: kernel test robot: "Re: [PATCH v2] HID: pidff: Fix condition effect bit clearing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tomasz Pakuła

Date: Wed Feb 04 2026 - 08:37:58 EST

As reported by MPDarkGuy on discord, NULL pointer dereferences were
happening because not all the conditional effects bits were cleared.

Properly clear all conditional effect bits from ffbit

Fixes: 7f3d7bc0df4b ("HID: pidff: Better quirk assigment when searching for fields")
Cc: <stable@xxxxxxxxxxxxxxx> # 6.18.x
Signed-off-by: Tomasz Pakuła <tomasz.pakula.oficjalny@xxxxxxxxx>
---
Urgent for 6.19 rc period
V1 -> V2: Simplify by using bitwise or operator

drivers/hid/usbhid/hid-pidff.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/hid/usbhid/hid-pidff.c b/drivers/hid/usbhid/hid-pidff.c
index a4e700b40ba9..792992c69837 100644
--- a/drivers/hid/usbhid/hid-pidff.c
+++ b/drivers/hid/usbhid/hid-pidff.c
@@ -1452,9 +1452,10 @@ static int pidff_init_fields(struct pidff_device *pidff, struct input_dev *dev)
hid_warn(pidff->hid, "unknown ramp effect layout\n");

if (PIDFF_FIND_FIELDS(set_condition, PID_SET_CONDITION, 1)) {
- if (test_and_clear_bit(FF_SPRING, dev->ffbit) ||
- test_and_clear_bit(FF_DAMPER, dev->ffbit) ||
- test_and_clear_bit(FF_FRICTION, dev->ffbit) ||
+ /* Bitwise to ensure all the bits will be cleared */
+ if (test_and_clear_bit(FF_SPRING, dev->ffbit) |
+ test_and_clear_bit(FF_DAMPER, dev->ffbit) |
+ test_and_clear_bit(FF_FRICTION, dev->ffbit) |
test_and_clear_bit(FF_INERTIA, dev->ffbit))
hid_warn(pidff->hid, "unknown condition effect layout\n");
}
--
2.52.0