soc: qcom: smp2p: Fix possible smp2p entry double free (a8174f0e) · Commits · e / devices / android_kernel_fairphone_FP5

drivers/soc/qcom/smp2p.c

+7 −4

Original line number	Diff line number	Diff line
		@@ -573,6 +573,7 @@ static int smp2p_parse_ipc(struct qcom_smp2p *smp2p)
		static int qcom_smp2p_probe(struct platform_device *pdev)
		{
		struct smp2p_entry *entry;
		struct smp2p_entry *next_entry;
		struct device_node *node;
		struct qcom_smp2p *smp2p;
		const char *key;
		@@ -686,12 +687,12 @@ static int qcom_smp2p_probe(struct platform_device *pdev)
		wakeup_source_unregister(smp2p->ws);

		unwind_interfaces:
		list_for_each_entry(entry, &smp2p->inbound, node) {
		list_for_each_entry_safe(entry, next_entry, &smp2p->inbound, node) {
		irq_domain_remove(entry->domain);
		kfree(entry);
		}

		list_for_each_entry(entry, &smp2p->outbound, node) {
		list_for_each_entry_safe(entry, next_entry, &smp2p->outbound, node) {
		qcom_smem_state_unregister(entry->state);
		kfree(entry);
		}
		@@ -712,15 +713,16 @@ static int qcom_smp2p_remove(struct platform_device *pdev)
		{
		struct qcom_smp2p *smp2p = platform_get_drvdata(pdev);
		struct smp2p_entry *entry;
		struct smp2p_entry *next_entry;

		wakeup_source_unregister(smp2p->ws);

		list_for_each_entry(entry, &smp2p->inbound, node) {
		list_for_each_entry_safe(entry, next_entry, &smp2p->inbound, node) {
		irq_domain_remove(entry->domain);
		kfree(entry);
		}

		list_for_each_entry(entry, &smp2p->outbound, node) {
		list_for_each_entry_safe(entry, next_entry, &smp2p->outbound, node) {
		qcom_smem_state_unregister(entry->state);
		kfree(entry);
		}
		@@ -773,6 +775,7 @@ static int qcom_smp2p_restore(struct device *dev)
		enable_irq_wake(smp2p->irq);
		/* Kick the outgoing edge after allocating entries */
		qcom_smp2p_kick(smp2p);
		return ret;

		rel_entry:
		kfree(entry);