mtd: rawnand: atmel: fix OF child-node lookup

commit 5d1e9c2212ea6b4dd735e4fc3dd6279a365d5d10 upstream.

Use the new of_get_compatible_child() helper to lookup the nfc child
node instead of using of_find_compatible_node(), which searches the
entire tree from a given start node and thus can return an unrelated
(i.e. non-child) node.

This also addresses a potential use-after-free (e.g. after probe
deferral) as the tree-wide helper drops a reference to its first
argument (i.e. the node of the device being probed).

While at it, also fix a related nfc-node reference leak.

Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver")
Cc: stable <stable@vger.kernel.org>     # 4.11
Cc: Nicolas Ferre <nicolas.ferre@microchip.com>
Cc: Josh Wu <rainyfeeling@outlook.com>
Cc: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/mtd/nand/atmel/nand-controller.c b/drivers/mtd/nand/atmel/nand-controller.c
index 32a2f94..0b93f15 100644 (file)
--- a/drivers/mtd/nand/atmel/nand-controller.c
+++ b/drivers/mtd/nand/atmel/nand-controller.c
@@ -2077,8 +2077,7 @@ atmel_hsmc_nand_controller_legacy_init(struct atmel_hsmc_nand_controller *nc)
        int ret;
 
        nand_np = dev->of_node;
-       nfc_np = of_find_compatible_node(dev->of_node, NULL,
-                                        "atmel,sama5d3-nfc");
+       nfc_np = of_get_compatible_child(dev->of_node, "atmel,sama5d3-nfc");
        if (!nfc_np) {
                dev_err(dev, "Could not find device node for sama5d3-nfc\n");
                return -ENODEV;
@@ -2492,15 +2491,19 @@ static int atmel_nand_controller_probe(struct platform_device *pdev)
        }
 
        if (caps->legacy_of_bindings) {
+               struct device_node *nfc_node;
                u32 ale_offs = 21;
 
                /*
                 * If we are parsing legacy DT props and the DT contains a
                 * valid NFC node, forward the request to the sama5 logic.
                 */
-               if (of_find_compatible_node(pdev->dev.of_node, NULL,
-                                           "atmel,sama5d3-nfc"))
+               nfc_node = of_get_compatible_child(pdev->dev.of_node,
+                                                  "atmel,sama5d3-nfc");
+               if (nfc_node) {
                        caps = &atmel_sama5_nand_caps;
+                       of_node_put(nfc_node);
+               }
 
                /*
                 * Even if the compatible says we are dealing with an