powerpc/pmac/windfarm: Correct potential double free

The conditionals were testing different values, but then all freeing the same one, which could result in a double free. A simplified version of the semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ expression x,e; identifier f; iterator I; statement S; @@ *kfree(x); ... when != &x when != x = e when != I(x,...) S *x // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

powerpc/pmac/windfarm: Correct potential double free
The conditionals were testing different values, but then all freeing the same one, which could result in a double free. A simplified version of the semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ expression x,e; identifier f; iterator I; statement S; @@ *kfree(x); ... when != &x when != x = e when != I(x,...) S *x // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Julia Lawall · Benjamin Herrenschmidt
1 parent 637a99022f
Showing 1 changed file with 3 additions and 6 deletions Side-by-side Diff
drivers/macintosh/windfarm_pm91.c
@@ -687,12 +687,9 @@
 		wf_put_control(cpufreq_clamp);
  
 	/* Destroy control loops state structures */
-	if (wf_smu_slots_fans)
-		kfree(wf_smu_cpu_fans);
-	if (wf_smu_drive_fans)
-		kfree(wf_smu_cpu_fans);
-	if (wf_smu_cpu_fans)
-		kfree(wf_smu_cpu_fans);
+	kfree(wf_smu_slots_fans);
+	kfree(wf_smu_drive_fans);
+	kfree(wf_smu_cpu_fans);
  
 	return 0;
 }
...	...	@@ -687,12 +687,9 @@
687	687	wf_put_control(cpufreq_clamp);
688	688
689	689	/* Destroy control loops state structures */
690		- if (wf_smu_slots_fans)
691		- kfree(wf_smu_cpu_fans);
692		- if (wf_smu_drive_fans)
693		- kfree(wf_smu_cpu_fans);
694		- if (wf_smu_cpu_fans)
695		- kfree(wf_smu_cpu_fans);
	690	+ kfree(wf_smu_slots_fans);
	691	+ kfree(wf_smu_drive_fans);
	692	+ kfree(wf_smu_cpu_fans);
696	693
697	694	return 0;
698	695	}