[PATCH] iommu: amd: Fix uninitialized dev_data on probe failure

[Rakuram Eswaran]

amd_iommu_probe_device() may jump to the out_err path when
iommu_init_device() fails. In that case, dev_data has not been
initialized yet, but the out_err path unconditionally dereferences
dev_data, leading to an uninitialized pointer dereference.

The IOMMU core explicitly allows ->probe_device() callbacks to
return ERR_PTR() on failure. Return immediately when device
initialization fails instead of falling through the shared error
path, which assumes that per-device IOMMU state exists.

This avoids dereferencing dev_data on error paths where the device
was not successfully initialized.

Reported-by: kernel test robot <lkp@xxxxxxxxx>
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Closes: https://lore.kernel.org/r/202512191724.meqJENXe-lkp@xxxxxxxxx/
Signed-off-by: Rakuram Eswaran <rakuram.e96@xxxxxxxxx>
---
Testing note:
Compile tested only.

Build and Analysis:
This patch was compiled against the configuration file reported by
0day CI in the above link (config: x86_64-randconfig-r073-20251215)
using gcc version 15.2.0 (Ubuntu 15.2.0-4ubuntu4).

Static analysis was performed with Smatch to ensure the reported warning
no longer reproduces after applying this fix.

Command using for testing:
~/project/smatch/smatch_scripts/kchecker ./drivers/iommu/amd/iommu.c

 drivers/iommu/amd/iommu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
index 5d45795c367a..075125f0f52b 100644
--- a/drivers/iommu/amd/iommu.c
+++ b/drivers/iommu/amd/iommu.c
@@ -2426,7 +2426,7 @@ static struct iommu_device *amd_iommu_probe_device(struct device *dev)
 		dev_err(dev, "Failed to initialize - trying to proceed anyway\n");
 		iommu_dev = ERR_PTR(ret);
 		iommu_ignore_device(iommu, dev);
-		goto out_err;
+		return iommu_dev;
 	}
 
 	amd_iommu_set_pci_msi_domain(dev, iommu);
-- 
2.51.0