From 6706664d92ea841913d5fcfd06c290fbe6d33bd2 Mon Sep 17 00:00:00 2001
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Date: Mon, 20 Jul 2015 16:02:49 -0700
Subject: [PATCH] rtc: class: fix double free in rtc_register_device() error
 path

Commit 59cca865f21e ("drivers/rtc/class.c: fix device_register() error
handling") correctly noted that naked kfree() should not be used after
failed device_register() call, however, while it added the needed
put_device() it forgot to remove the original kfree() causing double-free.

Cc: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Reviewed-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
---
 drivers/rtc/class.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/drivers/rtc/class.c b/drivers/rtc/class.c
index ea2a315df6b7..eb82ec2a21bd 100644
--- a/drivers/rtc/class.c
+++ b/drivers/rtc/class.c
@@ -234,8 +234,9 @@ struct rtc_device *rtc_device_register(const char *name, struct device *dev,
 
 	err = device_register(&rtc->dev);
 	if (err) {
+		/* This will free both memory and the ID */
 		put_device(&rtc->dev);
-		goto exit_kfree;
+		goto exit;
 	}
 
 	rtc_dev_add_device(rtc);
@@ -247,9 +248,6 @@ struct rtc_device *rtc_device_register(const char *name, struct device *dev,
 
 	return rtc;
 
-exit_kfree:
-	kfree(rtc);
-
 exit_ida:
 	ida_simple_remove(&rtc_ida, id);