CVE-2022-50457

In the Linux kernel, the following vulnerability has been resolved:

mtd: core: Fix refcount error in delmtddevice()

delmtddevice() will call ofnodeput() to mtdgetofnode(mtd), which is mtd->dev.ofnode. However, memset(&mtd->dev, 0) is called before ofnodeput(). As the result, ofnodeput() won't do anything in delmtddevice(), and causes the refcount leak.

delmtddevice() memset(&mtd->dev, 0, sizeof(mtd->dev) # clear mtd->dev ofnodeput() mtdgetofnode(mtd) # mtd->dev is cleared, can't locate ofnode # ofnodeput(NULL) won't do anything

Fix the error by caching the pointer of the device_node.

OF: ERROR: memory leak, expected refcount 1 instead of 2, ofnodeget()/ofnodeput() unbalanced - destroy cset entry: attach overlay node /spi/spi-sram@0 CPU: 3 PID: 275 Comm: python3 Tainted: G N 6.1.0-rc3+ #54 0d8a1edddf51f172ff5226989a7565c6313b08e2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dumpstacklvl+0x67/0x83 kobjectget+0x155/0x160 ofnodeget+0x1f/0x30 offwnodeget+0x43/0x70 fwnodehandleget+0x54/0x80 fwnodegetnthparent+0xc9/0xe0 fwnodefullnamestring+0x3f/0xa0 devicenodestring+0x30f/0x750 pointer+0x598/0x7a0 vsnprintf+0x62d/0x9b0 ... cfsoverlayrelease+0x30/0x90 configitemrelease+0xbe/0x1a0 configitemput+0x5e/0x80 configfsrmdir+0x3bd/0x540 vfsrmdir+0x18c/0x320 dormdir+0x198/0x330 __x64sysrmdir+0x2c/0x40 dosyscall64+0x37/0x90 entrySYSCALL64afterhwframe+0x63/0xcd

[miquel.raynal@bootlin.com: Light reword of the commit log]