usb: gadget: f_qc_rndis: Fix double-free in qcrndis_free_inst

qcrndis_free_inst function can double free f_qc_rndis pointer.
Hence fix this memory bug in qcrndis_free_inst function.

Same bool RNDIS flag is used for USB_CONFIGFS_RNDIS and
USB_CONFIGFS_QCRNDIS. Add bool Change in Kconfig to differentiate
these two different configs.

Change-Id: I8e7c4be090107618cd6cbac394a57f109f8a1ced
Signed-off-by: Chandana Kishori Chiluveru <cchiluve@codeaurora.org>

drivers/usb/gadget/Kconfig

@@ -325,7 +325,7 @@ config USB_CONFIGFS_ECM_SUBSET
 	  a simple CDC subset is used, placing fewer demands on USB.
 
 config USB_CONFIGFS_QCRNDIS
-	bool "RNDIS"
+	bool "QCRNDIS"
 	depends on USB_CONFIGFS
 	depends on RNDIS_IPA
 	depends on NET

drivers/usb/gadget/function/f_qc_rndis.c

@@ -1320,19 +1320,16 @@ static struct miscdevice rndis_qc_device = {
 
 static void qcrndis_free_inst(struct usb_function_instance *f)
 {
-	struct f_rndis_qc	*rndis;
 	struct f_rndis_qc_opts	*opts = container_of(f,
 				struct f_rndis_qc_opts, func_inst);
 	unsigned long flags;
 
-	rndis = opts->rndis;
 	misc_deregister(&rndis_qc_device);
 
 	ipa_data_free(USB_IPA_FUNC_RNDIS);
 	spin_lock_irqsave(&rndis_lock, flags);
-	kfree(rndis);
-	_rndis_qc = NULL;
 	kfree(opts->rndis);
+	_rndis_qc = NULL;
 	kfree(opts);
 	spin_unlock_irqrestore(&rndis_lock, flags);
 }
@@ -1414,13 +1411,6 @@ static struct usb_function_instance *qcrndis_alloc_inst(void)
 	return &opts->func_inst;
 }
 
-static void rndis_qc_cleanup(void)
-{
-	pr_info("rndis QC cleanup\n");
-
-	misc_deregister(&rndis_qc_device);
-}
-
 void *rndis_qc_get_ipa_rx_cb(void)
 {
 	return rndis_ipa_params.ipa_rx_notify;
@@ -1458,7 +1448,6 @@ static int __init usb_qcrndis_init(void)
 static void __exit usb_qcrndis_exit(void)
 {
 	usb_function_unregister(&rndis_bamusb_func);
-	rndis_qc_cleanup();
 }
 
 module_init(usb_qcrndis_init);