When an error happens after device_initialize(), idxd_setup_groups()
calls put_device(conf_dev).

The device release callback idxd_conf_group_release() frees group, but
the current error paths then call kfree(group) again, causing a double
free.

Keep the cleanup in idxd_conf_group_release() after put_device() and
avoid freeing group again in idxd_setup_groups().

Fixes: aa6f4f945b10 ("dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups")
Cc: stable@vger.kernel.org
Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com>
---
 drivers/dma/idxd/init.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/dma/idxd/init.c b/drivers/dma/idxd/init.c
index b782eb3c191d..d9a9d56dd277 100644
--- a/drivers/dma/idxd/init.c
+++ b/drivers/dma/idxd/init.c
@@ -374,7 +374,7 @@ static int idxd_setup_groups(struct idxd_device *idxd)
 		rc = dev_set_name(conf_dev, "group%d.%d", idxd->id, group->id);
 		if (rc < 0) {
 			put_device(conf_dev);
-			kfree(group);
+
 			goto err;
 		}
 
@@ -399,7 +399,7 @@ static int idxd_setup_groups(struct idxd_device *idxd)
 	while (--i >= 0) {
 		group = idxd->groups[i];
 		put_device(group_confdev(group));
-		kfree(group);
+
 	}
 	kfree(idxd->groups);
 
-- 
2.43.0