mtd: Fix possible refcounting issue when going through partition nodes

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Under normal conditions, the loop goes over all child partitions, and
'breaks' when the relevant partition is found. In this case we get a
reference to the partition node without ever releasing it. Indeed, right
after the mtd_check_of_node() function returns, we call of_node_get()
again over this very same node. It is probably safer to keep the
counters even in this helper and call of_node_put() before break-ing.

Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Julia Lawall <julia.lawall@inria.fr>
Closes: https://lore.kernel.org/r/202312250546.ISzglvM2-lkp@intel.com/
Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20240104081446.126540-1-miquel.raynal@bootlin.com

Miquel Raynal 2 years ago 5ab9bbf6 59950610

1 changed file

expand all

drivers

mtd

mtdcore.c

drivers/mtd/mtdcore.c

··· 621 621 if (plen == mtd_name_len && 622 622 !strncmp(mtd->name, pname + offset, plen)) { 623 623 mtd_set_of_node(mtd, mtd_dn); 624 + of_node_put(mtd_dn); 624 625 break; 625 626 } 626 627 }