iommu: Fix refcount leak in iommu_device_claim_dma_owner

iommu_group_get() returns the group with the reference incremented.
Move iommu_group_get() after owner check to fix the refcount leak.

Fixes: 89395ccedbc1 ("iommu: Add device-centric DMA ownership interfaces")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Lu Baolu <baolu.lu@linux.intel.com>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/r/20221230083100.1489569-1-linmq006@gmail.com
[ joro: Remove *group = NULL initialization ]
Signed-off-by: Joerg Roedel <jroedel@suse.de>

diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index de91dd88705bd3dc108ac4d68ed52445d7faa9ff..5f6a85aea501ecc8c2a390cc63f5cb232cbe6e95 100644 (file)
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -3185,14 +3185,16 @@ EXPORT_SYMBOL_GPL(iommu_group_claim_dma_owner);
  */
 int iommu_device_claim_dma_owner(struct device *dev, void *owner)
 {
-       struct iommu_group *group = iommu_group_get(dev);
+       struct iommu_group *group;
        int ret = 0;
 
-       if (!group)
-               return -ENODEV;
        if (WARN_ON(!owner))
                return -EINVAL;
 
+       group = iommu_group_get(dev);
+       if (!group)
+               return -ENODEV;
+
        mutex_lock(&group->mutex);
        if (group->owner_cnt) {
                if (group->owner != owner) {