--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -401,8 +401,8 @@ int cap_inode_getsecurity(struct user_na
 				      &tmpbuf, size, GFP_NOFS);
 	dput(dentry);
 
-	if (ret < 0 || !tmpbuf)
-		return ret;
+	if (ret < 0)
+		goto out_free;
 
 	fs_ns = inode->i_sb->s_user_ns;
 	cap = (struct vfs_cap_data *) tmpbuf;
@@ -412,7 +412,7 @@ int cap_inode_getsecurity(struct user_na
 		nscap = (struct vfs_ns_cap_data *) tmpbuf;
 		root = le32_to_cpu(nscap->rootid);
 	} else {
-		size = -EINVAL;
+		ret = -EINVAL;
 		goto out_free;
 	}
 
@@ -431,7 +431,7 @@ int cap_inode_getsecurity(struct user_na
 				/* v2 -> v3 conversion */
 				nscap = kzalloc(size, GFP_ATOMIC);
 				if (!nscap) {
-					size = -ENOMEM;
+					ret = -ENOMEM;
 					goto out_free;
 				}
 				nsmagic = VFS_CAP_REVISION_3;
@@ -447,11 +447,11 @@ int cap_inode_getsecurity(struct user_na
 			nscap->rootid = cpu_to_le32(mappedroot);
 			*buffer = nscap;
 		}
-		goto out_free;
+		goto success;
 	}
 
 	if (!rootid_owns_currentns(kroot)) {
-		size = -EOVERFLOW;
+		ret = -EOVERFLOW;
 		goto out_free;
 	}
 
@@ -462,7 +462,7 @@ int cap_inode_getsecurity(struct user_na
 			/* v3 -> v2 conversion */
 			cap = kzalloc(size, GFP_ATOMIC);
 			if (!cap) {
-				size = -ENOMEM;
+				ret = -ENOMEM;
 				goto out_free;
 			}
 			magic = VFS_CAP_REVISION_2;
@@ -477,9 +477,11 @@ int cap_inode_getsecurity(struct user_na
 		}
 		*buffer = cap;
 	}
+success:
+	ret = size;
 out_free:
 	kfree(tmpbuf);
-	return size;
+	return ret;
 }
 
 /**