brcmf_sdiod_remove has been called inside brcmf_sdiod_probe when fails,
so there's no need to call another one. Otherwise, sdiodev->freezer
would be double freed.
Fixes: 7836102a750a ("brcmfmac: reset SDIO bus on a firmware crash")
Signed-off-by: Tong Tiangen <[email protected]>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
index 16ed325795a8..3a1c98a046f0 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
@@ -4162,7 +4162,6 @@ static int brcmf_sdio_bus_reset(struct device *dev)
if (ret) {
brcmf_err("Failed to probe after sdio device reset: ret %d\n",
ret);
- brcmf_sdiod_remove(sdiodev);
}
return ret;
--
2.18.0.huawei.25
Tong Tiangen <[email protected]> wrote:
> brcmf_sdiod_remove has been called inside brcmf_sdiod_probe when fails,
> so there's no need to call another one. Otherwise, sdiodev->freezer
> would be double freed.
>
> Fixes: 7836102a750a ("brcmfmac: reset SDIO bus on a firmware crash")
> Signed-off-by: Tong Tiangen <[email protected]>
> Reviewed-by: Arend van Spriel <[email protected]>
Patch applied to wireless-drivers-next.git, thanks.
7ea7a1e05c7f brcmfmac: Fix a double-free in brcmf_sdio_bus_reset
--
https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches