[PATCH] powerpc/83xx: fix use-after-free on mpc831x_usb_cfg()

[Wen Yang]

The np variable is still being used after the of_node_put() call,
which may result in use-after-free.
We fix this issue by calling of_node_put() after the last usage.
This patatch also do some cleanup.

Fixes: fd066e850351 ("powerpc/mpc8308: fix USB DR controller initialization")
Signed-off-by: Wen Yang <wen.yan...@zte.com.cn>
Cc: Scott Wood <o...@buserror.net>
Cc: Kumar Gala <ga...@kernel.crashing.org>
Cc: Benjamin Herrenschmidt <b...@kernel.crashing.org>
Cc: Paul Mackerras <pau...@samba.org>
Cc: Michael Ellerman <m...@ellerman.id.au>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-ker...@vger.kernel.org
---
 arch/powerpc/platforms/83xx/usb.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/arch/powerpc/platforms/83xx/usb.c 
b/arch/powerpc/platforms/83xx/usb.c
index 3d247d7..56b36fa 100644
--- a/arch/powerpc/platforms/83xx/usb.c
+++ b/arch/powerpc/platforms/83xx/usb.c
@@ -158,14 +158,11 @@ int mpc831x_usb_cfg(void)
 
        iounmap(immap);
 
-       of_node_put(immr_node);
-
        /* Map USB SOC space */
        ret = of_address_to_resource(np, 0, &res);
-       if (ret) {
-               of_node_put(np);
-               return ret;
-       }
+       if (ret)
+               goto out_put_node;
+
        usb_regs = ioremap(res.start, resource_size(&res));
 
        /* Using on-chip PHY */
@@ -174,7 +171,7 @@ int mpc831x_usb_cfg(void)
                u32 refsel;
 
                if (of_device_is_compatible(immr_node, "fsl,mpc8308-immr"))
-                       goto out;
+                       goto out_unmap;
 
                if (of_device_is_compatible(immr_node, "fsl,mpc8315-immr"))
                        refsel = CONTROL_REFSEL_24MHZ;
@@ -201,8 +198,10 @@ int mpc831x_usb_cfg(void)
                ret = -EINVAL;
        }
 
-out:
+out_unmap:
        iounmap(usb_regs);
+out_put_node:
+       of_node_put(immr_node);
        of_node_put(np);
        return ret;
 }
-- 
2.9.5