iio: dummy_evgen: Fix use after free on error in iio_dummy_evgen_create()

We need to preserve the "iio_evgen->irq_sim_domain" error code before
we free "iio_evgen" otherwise it leads to a use after free.

Fixes: 337cbeb2c13e ("genirq/irq_sim: Simplify the API")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>

diff --git a/drivers/iio/dummy/iio_dummy_evgen.c b/drivers/iio/dummy/iio_dummy_evgen.c
index 409fe0f..ee85d59 100644 (file)
--- a/drivers/iio/dummy/iio_dummy_evgen.c
+++ b/drivers/iio/dummy/iio_dummy_evgen.c
@@ -45,6 +45,8 @@ static struct iio_dummy_eventgen *iio_evgen;
 
 static int iio_dummy_evgen_create(void)
 {
+       int ret;
+
        iio_evgen = kzalloc(sizeof(*iio_evgen), GFP_KERNEL);
        if (!iio_evgen)
                return -ENOMEM;
@@ -52,8 +54,9 @@ static int iio_dummy_evgen_create(void)
        iio_evgen->irq_sim_domain = irq_domain_create_sim(NULL,
                                                          IIO_EVENTGEN_NO);
        if (IS_ERR(iio_evgen->irq_sim_domain)) {
+               ret = PTR_ERR(iio_evgen->irq_sim_domain);
                kfree(iio_evgen);
-               return PTR_ERR(iio_evgen->irq_sim_domain);
+               return ret;
        }
 
        mutex_init(&iio_evgen->lock);