wilc1000: fix double free error in probe()

[ Upstream commit 4894edacfa93d7046bec4fc61fc402ac6a2ac9e8 ]

Smatch complains that there is a double free in probe:

drivers/net/wireless/microchip/wilc1000/spi.c:186 wilc_bus_probe() error: double free of 'spi_priv'
drivers/net/wireless/microchip/wilc1000/sdio.c:163 wilc_sdio_probe() error: double free of 'sdio_priv'

The problem is that wilc_netdev_cleanup() function frees "wilc->bus_data".
That's confusing and a layering violation.  Leave the frees in probe(),
delete the free in wilc_netdev_cleanup(), and add some new frees to the
remove() functions.

Fixes: dc8b338f3bcd ("wilc1000: use goto labels on error path")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20211217150311.GC16611@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/net/wireless/microchip/wilc1000/netdev.c b/drivers/net/wireless/microchip/wilc1000/netdev.c
index 7e4d9235251cb3f6722fc18f249253e3deaec50f..9dfb1a285e6a4b5ad6cab594a9eef09a0d8ea831 100644 (file)
--- a/drivers/net/wireless/microchip/wilc1000/netdev.c
+++ b/drivers/net/wireless/microchip/wilc1000/netdev.c
@@ -901,7 +901,6 @@ void wilc_netdev_cleanup(struct wilc *wilc)
 
        wilc_wlan_cfg_deinit(wilc);
        wlan_deinit_locks(wilc);
-       kfree(wilc->bus_data);
        wiphy_unregister(wilc->wiphy);
        wiphy_free(wilc->wiphy);
 }

diff --git a/drivers/net/wireless/microchip/wilc1000/sdio.c b/drivers/net/wireless/microchip/wilc1000/sdio.c
index 42e03a701ae165a64ff313262b1755def1185241..8b3b7352310858c092f26d0710d620f9f386ebf9 100644 (file)
--- a/drivers/net/wireless/microchip/wilc1000/sdio.c
+++ b/drivers/net/wireless/microchip/wilc1000/sdio.c
@@ -167,9 +167,11 @@ free:
 static void wilc_sdio_remove(struct sdio_func *func)
 {
        struct wilc *wilc = sdio_get_drvdata(func);
+       struct wilc_sdio *sdio_priv = wilc->bus_data;
 
        clk_disable_unprepare(wilc->rtc_clk);
        wilc_netdev_cleanup(wilc);
+       kfree(sdio_priv);
 }
 
 static int wilc_sdio_reset(struct wilc *wilc)

diff --git a/drivers/net/wireless/microchip/wilc1000/spi.c b/drivers/net/wireless/microchip/wilc1000/spi.c
index dd481dc0b5ce01713656c70048a726d17f8f44e6..c98c0999a6b67027b653da8d88d3b149f72075be 100644 (file)
--- a/drivers/net/wireless/microchip/wilc1000/spi.c
+++ b/drivers/net/wireless/microchip/wilc1000/spi.c
@@ -182,9 +182,11 @@ free:
 static int wilc_bus_remove(struct spi_device *spi)
 {
        struct wilc *wilc = spi_get_drvdata(spi);
+       struct wilc_spi *spi_priv = wilc->bus_data;
 
        clk_disable_unprepare(wilc->rtc_clk);
        wilc_netdev_cleanup(wilc);
+       kfree(spi_priv);
 
        return 0;
 }