iommu/amd: Fix possible use after free in get_irq_table()

We should return NULL on error instead of the freed pointer.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>

diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
index 312dd4dd47914e87e51c598091fa7b37f12e3f5c..ff16c5ece7354af3f5cb4f0db13531aa25d6b987 100644 (file)
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c
@@ -3865,6 +3865,7 @@ static struct irq_remap_table *get_irq_table(u16 devid, bool ioapic)
        table->table = kmem_cache_alloc(amd_iommu_irq_cache, GFP_ATOMIC);
        if (!table->table) {
                kfree(table);
+               table = NULL;
                goto out;
        }