When an error happens after device_initialize(), idxd_setup_engines()
calls put_device(conf_dev).

The device release callback idxd_conf_engine_release() frees engine,
but the current error paths then call kfree(engine) again, causing a
double free.

Keep the cleanup in idxd_conf_engine_release() after put_device() and
avoid freeing engine again in idxd_setup_engines().

Fixes: 817bced19d1d ("dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines")
Cc: stable@vger.kernel.org
Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com>
---
 drivers/dma/idxd/init.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/drivers/dma/idxd/init.c b/drivers/dma/idxd/init.c
index d9a9d56dd277..4eff74182225 100644
--- a/drivers/dma/idxd/init.c
+++ b/drivers/dma/idxd/init.c
@@ -310,7 +310,7 @@ static int idxd_setup_engines(struct idxd_device *idxd)
 		rc = dev_set_name(conf_dev, "engine%d.%d", idxd->id, engine->id);
 		if (rc < 0) {
 			put_device(conf_dev);
-			kfree(engine);
+
 			goto err;
 		}
 
@@ -324,7 +324,7 @@ static int idxd_setup_engines(struct idxd_device *idxd)
 		engine = idxd->engines[i];
 		conf_dev = engine_confdev(engine);
 		put_device(conf_dev);
-		kfree(engine);
+
 	}
 	kfree(idxd->engines);
 
@@ -374,7 +374,6 @@ static int idxd_setup_groups(struct idxd_device *idxd)
 		rc = dev_set_name(conf_dev, "group%d.%d", idxd->id, group->id);
 		if (rc < 0) {
 			put_device(conf_dev);
-
 			goto err;
 		}
 
@@ -399,7 +398,6 @@ static int idxd_setup_groups(struct idxd_device *idxd)
 	while (--i >= 0) {
 		group = idxd->groups[i];
 		put_device(group_confdev(group));
-
 	}
 	kfree(idxd->groups);
 
-- 
2.43.0