From b0c35cb59f7b640f455fa426074fea155296a37c Mon Sep 17 00:00:00 2001
From: Kefeng Wang <wangkefeng.wang@huawei.com>
Date: Fri, 31 May 2019 23:23:24 +0800
Subject: [PATCH] misc: mic: scif: fix potential double free of scif_dev

_scif_init() free scif_dev in the free_sdev erro path,
but _scif_exit will free it again when module exit, it
cause BUG_ON issue,

  kernel BUG at mm/slub.c:3944!
  invalid opcode: 0000 [#1] SMP KASAN PTI

Set scif_dev to NULL in scif_destroy_scifdev() to fix it.

Cc: Sudeep Dutt <sudeep.dutt@intel.com>
Cc: Ashutosh Dixit <ashutosh.dixit@intel.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/misc/mic/scif/scif_main.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/misc/mic/scif/scif_main.c b/drivers/misc/mic/scif/scif_main.c
index 490e3bd..e2278bf 100644
--- a/drivers/misc/mic/scif/scif_main.c
+++ b/drivers/misc/mic/scif/scif_main.c
@@ -133,6 +133,7 @@ static int scif_setup_scifdev(void)
 static void scif_destroy_scifdev(void)
 {
 	kfree(scif_dev);
+	scif_dev = NULL;
 }
 
 static int scif_probe(struct scif_hw_dev *sdev)
-- 
2.7.4