@@ -1503,11 +1503,17 @@ static void dualsense_remove(struct ps_device *ps_dev)
{
struct dualsense *ds = container_of(ps_dev, struct dualsense, base);
unsigned long flags;
+ int i;
spin_lock_irqsave(&ds->base.lock, flags);
ds->output_worker_initialized = false;
spin_unlock_irqrestore(&ds->base.lock, flags);
+ for (i = 0; i < ARRAY_SIZE(ds->player_leds); i++)
+ devm_led_classdev_unregister(&ps_dev->hdev->dev, &ds->player_leds[i]);
+
+ devm_led_classdev_multicolor_unregister(&ps_dev->hdev->dev, &ds->lightbar);
+
cancel_work_sync(&ds->output_worker);
}
Unregister the LED controllers before device removal, to prevent unnecessary runs of dualsense_player_led_set_brightness(). Fixes: 8c0ab553b072 ("HID: playstation: expose DualSense player LEDs through LED class.") Signed-off-by: Pietro Borrello <borrello@diag.uniroma1.it> --- Contrary to the other patches in this series, failing to unregister the led controller does not results into a use-after-free thanks to the output_worker_initialized variable and the spinlock checks. Changes in v2: - Unregister multicolor led controller - Clarify UAF - Link to v1: https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-3-9a5192dcef16@diag.uniroma1.it/ --- drivers/hid/hid-playstation.c | 6 ++++++ 1 file changed, 6 insertions(+)