configfs: fix a use-after-free in __configfs_open_file

[linux-2.6-microblaze.git] / fs / configfs / file.c

diff --git a/fs/configfs/file.c b/fs/configfs/file.c
index 1f02702..da8351d 100644 (file)
--- a/fs/configfs/file.c
+++ b/fs/configfs/file.c
@@ -378,7 +378,7 @@ static int __configfs_open_file(struct inode *inode, struct file *file, int type
 
        attr = to_attr(dentry);
        if (!attr)
-               goto out_put_item;
+               goto out_free_buffer;
 
        if (type & CONFIGFS_ITEM_BIN_ATTR) {
                buffer->bin_attr = to_bin_attr(dentry);
@@ -391,7 +391,7 @@ static int __configfs_open_file(struct inode *inode, struct file *file, int type
        /* Grab the module reference for this attribute if we have one */
        error = -ENODEV;
        if (!try_module_get(buffer->owner))
-               goto out_put_item;
+               goto out_free_buffer;
 
        error = -EACCES;
        if (!buffer->item->ci_type)
@@ -435,8 +435,6 @@ static int __configfs_open_file(struct inode *inode, struct file *file, int type
 
 out_put_module:
        module_put(buffer->owner);
-out_put_item:
-       config_item_put(buffer->item);
 out_free_buffer:
        up_read(&frag->frag_sem);
        kfree(buffer);