crypto: iaa - Fix potential use after free bug

The free_device_compression_mode(iaa_device, device_mode) function frees
"device_mode" but it iss passed to iaa_compression_modes[i]->free() a few
lines later resulting in a use after free.

The good news is that, so far as I can tell, nothing implements the
->free() function and the use after free happens in dead code.  But, with
this fix, when something does implement it, we'll be ready.  :)

Fixes: b190447e0fa3 ("crypto: iaa - Add compression mode management along with fixed mode")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/intel/iaa/iaa_crypto_main.c b/drivers/crypto/intel/iaa/iaa_crypto_main.c
index e810d286ee8c4280b1e782b5bb0be31a609c15e0..237f870000702151d1cd597474db89ce0d2586f9 100644 (file)
--- a/drivers/crypto/intel/iaa/iaa_crypto_main.c
+++ b/drivers/crypto/intel/iaa/iaa_crypto_main.c
@@ -495,10 +495,10 @@ static void remove_device_compression_modes(struct iaa_device *iaa_device)
                if (!device_mode)
                        continue;
 
-               free_device_compression_mode(iaa_device, device_mode);
-               iaa_device->compression_modes[i] = NULL;
                if (iaa_compression_modes[i]->free)
                        iaa_compression_modes[i]->free(device_mode);
+               free_device_compression_mode(iaa_device, device_mode);
+               iaa_device->compression_modes[i] = NULL;
        }
 }