clk: mediatek: fix double free in mtk_clk_register_pllfh()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The mtk_clk_register_pll_ops() currently frees the "pll" parameter.
The function has two callers, mtk_clk_register_pll() and
mtk_clk_register_pllfh(). The first one, the _pll() function relies on
the free, but for the second _pllfh() function it causes a double free
bug.

Really the frees should be done in the caller because that's where
the allocation is.

Fixes: d7964de8a8ea ("clk: mediatek: Add new clock driver to handle FHCTL hardware")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/cd7fa365-28cc-4c34-ac64-6da57c98baa6@moroto.mountain
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>

authored by

Dan Carpenter and committed by

Stephen Boyd 2 years ago bd54ccc0 0d6e24b4

+3 -3

1 changed file

expand all

drivers

clk

mediatek

clk-pll.c

+3 -3

drivers/clk/mediatek/clk-pll.c

··· 321 321 322 322 ret = clk_hw_register(NULL, &pll->hw); 323 323 324 - if (ret) { 325 - kfree(pll); 324 + if (ret) 326 325 return ERR_PTR(ret); 327 - } 328 326 329 327 return &pll->hw; 330 328 } ··· 338 340 return ERR_PTR(-ENOMEM); 339 341 340 342 hw = mtk_clk_register_pll_ops(pll, data, base, &mtk_pll_ops); 343 + if (IS_ERR(hw)) 344 + kfree(pll); 341 345 342 346 return hw; 343 347 }