[PATCH 2/3] efi_loader: avoid pointer access after calling efi_delete_handle

[Masahisa Kojima]

efi_delete_handle() calls efi_purge_handle(), then it finally
frees the efi handle.
Both diskobj and handle variables in efi_disk_remove() have
the same pointer, we can not access diskobj->dp after calling
efi_delete_handle().

This commit saves the struct efi_device_path pointer before
calling efi_delete_handle(). This commit also fixes the
missing free for volume member in struct efi_disk_obj.

Signed-off-by: Masahisa Kojima <masahisa.koj...@linaro.org>
---
 lib/efi_loader/efi_disk.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib/efi_loader/efi_disk.c b/lib/efi_loader/efi_disk.c
index a2f8b531a3..415d8601ba 100644
--- a/lib/efi_loader/efi_disk.c
+++ b/lib/efi_loader/efi_disk.c
@@ -701,7 +701,9 @@ int efi_disk_remove(void *ctx, struct event *event)
        struct udevice *dev = event->data.dm.dev;
        efi_handle_t handle;
        struct blk_desc *desc;
+       struct efi_device_path *dp = NULL;
        struct efi_disk_obj *diskobj = NULL;
+       struct efi_simple_file_system_protocol *volume = NULL;
        efi_status_t ret;
 
        if (dev_tag_get_ptr(dev, DM_TAG_EFI, (void **)&handle))
@@ -722,14 +724,18 @@ int efi_disk_remove(void *ctx, struct event *event)
                return 0;
        }
 
+       if (diskobj) {
+               dp = diskobj->dp;
+               volume = diskobj->volume;
+       }
+
        ret = efi_delete_handle(handle);
        /* Do not delete DM device if there are still EFI drivers attached. */
        if (ret != EFI_SUCCESS)
                return -1;
 
-       if (diskobj)
-               efi_free_pool(diskobj->dp);
-
+       efi_free_pool(dp);
+       free(volume);
        dev_tag_del(dev, DM_TAG_EFI);
 
        return 0;
-- 
2.34.1