ASoC: sma1307: fix double free of devm_kzalloc() memory

A previous change added NULL checks and cleanup for allocation
failures in sma1307_setting_loaded().

However, the cleanup for mode_set entries is wrong. Those entries are
allocated with devm_kzalloc(), so they are device-managed resources and
must not be freed with kfree(). Manually freeing them in the error path
can lead to a double free when devres later releases the same memory.

Drop the manual kfree() loop and let devres handle the cleanup.

Fixes: 0ec6bd16705fe ("ASoC: sma1307: Add NULL check in sma1307_setting_loaded()")
Cc: stable@vger.kernel.org
Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com>
Link: https://patch.msgid.link/20260313040611.391479-1-lgs201920130244@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>

diff --git a/sound/soc/codecs/sma1307.c b/sound/soc/codecs/sma1307.c
index 4bb59e5c089153f888d4b800cd3454fe3d9f92f7..5850bf6e71cade36d0e504de73a57cc1ffbb7ad2 100644 (file)
--- a/sound/soc/codecs/sma1307.c
+++ b/sound/soc/codecs/sma1307.c
@@ -1759,8 +1759,10 @@ static void sma1307_setting_loaded(struct sma1307_priv *sma1307, const char *fil
                                   sma1307->set.mode_size * 2 * sizeof(int),
                                   GFP_KERNEL);
                if (!sma1307->set.mode_set[i]) {
-                       for (int j = 0; j < i; j++)
-                               kfree(sma1307->set.mode_set[j]);
+                       for (int j = 0; j < i; j++) {
+                               devm_kfree(sma1307->dev, sma1307->set.mode_set[j]);
+                               sma1307->set.mode_set[j] = NULL;
+                       }
                        sma1307->set.status = false;
                        return;
                }