From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue, 2 Oct 2012 08:34:40 +0000 (+0300)
Subject: iommu/amd: Fix possible use after free in get_irq_table()
X-Git-Tag: v3.7-rc1~93^2^6~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=821f0f68ca5fa93c757a892129392e751a7407a3;p=profile%2Fivi%2Fkernel-x86-ivi.git

iommu/amd: Fix possible use after free in get_irq_table()

We should return NULL on error instead of the freed pointer.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---

diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
index 312dd4d..ff16c5e 100644
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c
@@ -3865,6 +3865,7 @@ static struct irq_remap_table *get_irq_table(u16 devid, bool ioapic)
 	table->table = kmem_cache_alloc(amd_iommu_irq_cache, GFP_ATOMIC);
 	if (!table->table) {
 		kfree(table);
+		table = NULL;
 		goto out;
 	}