pinctrl: spacemit: fix double free of map

The map pointer is freed by pinctrl_utils_free_map().  It must not be a
devm_ pointer or it leads to a double free when the device is unloaded.

This is similar to a couple bugs Harshit Mogalapalli fixed earlier in
commits 3fd976afe974 ("pinctrl: nuvoton: fix a double free in
ma35_pinctrl_dt_node_to_map_func()") and 4575962aeed6 ("pinctrl: sophgo:
fix double free in cv1800_pctrl_dt_node_to_map()").

Fixes: a83c29e1d145 ("pinctrl: spacemit: add support for SpacemiT K1 SoC")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Acked-by: Yixun Lan <dlan@gentoo.org>
Link: https://lore.kernel.org/4b5f1306-dc01-4edc-96d3-b232b930ddf2@stanley.mountain
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>

diff --git a/drivers/pinctrl/spacemit/pinctrl-k1.c b/drivers/pinctrl/spacemit/pinctrl-k1.c
index c75ea27..a32579d 100644 (file)
--- a/drivers/pinctrl/spacemit/pinctrl-k1.c
+++ b/drivers/pinctrl/spacemit/pinctrl-k1.c
@@ -314,7 +314,7 @@ static int spacemit_pctrl_dt_node_to_map(struct pinctrl_dev *pctldev,
        if (!grpnames)
                return -ENOMEM;
 
-       map = devm_kcalloc(dev, ngroups * 2, sizeof(*map), GFP_KERNEL);
+       map = kcalloc(ngroups * 2, sizeof(*map), GFP_KERNEL);
        if (!map)
                return -ENOMEM;