efi: Fix error handling in add_sysfs_runtime_map_entry()

I spotted two (difficult to hit) bugs while reviewing this.

1)  There is a double free bug because we unregister "map_kset" in
    add_sysfs_runtime_map_entry() and also efi_runtime_map_init().
2)  If we fail to allocate "entry" then we should return
    ERR_PTR(-ENOMEM) instead of NULL.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Guangyu Sun <guangyu.sun@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/drivers/firmware/efi/runtime-map.c b/drivers/firmware/efi/runtime-map.c
index 87b8e3b900d2..5c55227a34c8 100644
--- a/drivers/firmware/efi/runtime-map.c
+++ b/drivers/firmware/efi/runtime-map.c
@@ -120,7 +120,8 @@ add_sysfs_runtime_map_entry(struct kobject *kobj, int nr)
         entry = kzalloc(sizeof(*entry), GFP_KERNEL);
         if (!entry) {
                 kset_unregister(map_kset);
-                return entry;
+                map_kset = NULL;
+                return ERR_PTR(-ENOMEM);
         }
 
         memcpy(&entry->md, efi_runtime_map + nr * efi_memdesc_size,
@@ -132,6 +133,7 @@ add_sysfs_runtime_map_entry(struct kobject *kobj, int nr)
         if (ret) {
                 kobject_put(&entry->kobj);
                 kset_unregister(map_kset);
+                map_kset = NULL;
                 return ERR_PTR(ret);
         }
 
@@ -195,8 +197,6 @@ out_add_entry:
                 entry = *(map_entries + j);
                 kobject_put(&entry->kobj);
         }
-        if (map_kset)
-                kset_unregister(map_kset);
 out:
         return ret;
 }