[PATCH 2/2] NFC: st95hf: drop illegal kfree_skb()

Daniel Mack <daniel@xxxxxxxxxx> · Wed, 16 May 2018 15:32:47 +0200

The skb that is passed in to ->in_send_cmd() is freed by the core when the
function returns. Calling kfree_skb() on it from the driver callback will
hence lead to a double-free.

Signed-off-by: Daniel Mack <daniel@xxxxxxxxxx>
---
 drivers/nfc/st95hf/core.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/nfc/st95hf/core.c b/drivers/nfc/st95hf/core.c
index 394bdc7b0cf2..a50a95cfcfd8 100644
--- a/drivers/nfc/st95hf/core.c
+++ b/drivers/nfc/st95hf/core.c
@@ -995,8 +995,6 @@ static int st95hf_in_send_cmd(struct nfc_digital_dev *ddev,
 		goto free_skb_resp;
 	}
 
-	kfree_skb(skb);
-
 	return rc;
 
 free_skb_resp:
-- 
2.14.3







