Re: [PATCH v4 07/14] of: property: Fix potential fwnode reference's argument count got out of range

devicetree.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Rob Herring <robh@kernel.org>
To: Zijun Hu <zijun_hu@icloud.com>
Cc: Saravana Kannan <saravanak@google.com>,
	Maxime Ripard <mripard@kernel.org>,
	Robin Murphy <robin.murphy@arm.com>,
	Grant Likely <grant.likely@secretlab.ca>,
	Marc Zyngier <maz@kernel.org>,
	Andreas Herrmann <andreas.herrmann@calxeda.com>,
	Marek Szyprowski <m.szyprowski@samsung.com>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Mike Rapoport <rppt@kernel.org>,
	Oreoluwa Babatunde <quic_obabatun@quicinc.com>,
	devicetree@vger.kernel.org, linux-kernel@vger.kernel.org,
	Zijun Hu <quic_zijuhu@quicinc.com>
Subject: Re: [PATCH v4 07/14] of: property: Fix potential fwnode reference's argument count got out of range
Date: Fri, 10 Jan 2025 14:35:21 -0600	[thread overview]
Message-ID: <20250110203521.GA3520266-robh@kernel.org> (raw)
In-Reply-To: <20250109-of_core_fix-v4-7-db8a72415b8c@quicinc.com>

On Thu, Jan 09, 2025 at 09:26:58PM +0800, Zijun Hu wrote:
> From: Zijun Hu <quic_zijuhu@quicinc.com>
> 
> Currently, the maximal fwnode reference argument count supported is
> 8, and the maximal OF node phandle argument count supported is 16, but
> of_fwnode_get_reference_args() directly assigns OF node phandle count
> @of_args.args_count to fwnode reference count @args->nargs, so may cause
> fwnode reference argument count got is out of range, namely, in [9, 16].
> 
> Fix by truncating @args->nargs got to 8 and warning if it > 8.
> 
> Fixes: b66548e2a9ba ("of: Increase MAX_PHANDLE_ARGS")

No, it would have been 3e3119d3088f ("device property: Introduce 
fwnode_property_get_reference_args").

Why don't we increase NR_FWNODE_REFERENCE_ARGS or rework things such 
that MAX_PHANDLE_ARGS and NR_FWNODE_REFERENCE_ARGS can't disagree?

> Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
> ---
>  drivers/of/property.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/drivers/of/property.c b/drivers/of/property.c
> index 6245cbff3527d762c16e7f4b7b7b3d4f2e9ddbe6..5ef9b2ced43ee7c4bfe88ea3cb11f3182da0dab9 100644
> --- a/drivers/of/property.c
> +++ b/drivers/of/property.c
> @@ -1072,6 +1072,11 @@ of_fwnode_get_reference_args(const struct fwnode_handle *fwnode,
>  	}
>  
>  	args->nargs = of_args.args_count;
> +	if (args->nargs > NR_FWNODE_REFERENCE_ARGS) {
> +		pr_warn("%s: Truncate arg count %d for property '%s' phandle index %d\n",
> +			__func__, of_args.args_count, prop, index);
> +		args->nargs = NR_FWNODE_REFERENCE_ARGS;
> +	}
>  	args->fwnode = of_fwnode_handle(of_args.np);
>  
>  	for (i = 0; i < NR_FWNODE_REFERENCE_ARGS; i++)
> 
> -- 
> 2.34.1
>

next prev parent reply	other threads:[~2025-01-10 20:35 UTC|newest]

Thread overview: 56+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-09 13:26 [PATCH v4 00/14] of: fix bugs and improve codes Zijun Hu
2025-01-09 13:26 ` [PATCH v4 01/14] of: Correct child specifier used as input of the 2nd nexus node Zijun Hu
2025-01-10 17:38   ` Rob Herring (Arm)
2025-01-09 13:26 ` [PATCH v4 02/14] of: Do not expose of_alias_scan() and correct its comments Zijun Hu
2025-01-10 17:43   ` Rob Herring
2025-01-10 22:40     ` Zijun Hu
2025-01-09 13:26 ` [PATCH v4 03/14] of: Make of_property_present() applicable to all kinds of property Zijun Hu
2025-01-10 17:45   ` Rob Herring
2025-01-10 22:59     ` Zijun Hu
2025-01-09 13:26 ` [PATCH v4 04/14] of: property: Use of_property_present() for of_fwnode_property_present() Zijun Hu
2025-01-09 13:26 ` [PATCH v4 05/14] of: Fix available buffer size calculating error in API of_device_uevent_modalias() Zijun Hu
2025-01-10 17:48   ` Rob Herring
2025-01-10 23:33     ` Zijun Hu
2025-01-09 13:26 ` [PATCH v4 06/14] of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map() Zijun Hu
2025-01-10 20:26   ` Rob Herring
2025-01-10 22:34     ` Zijun Hu
2025-01-11  9:01       ` Krzysztof Kozlowski
2025-01-11 12:52         ` Zijun Hu
2025-01-13 13:43   ` Rob Herring (Arm)
2025-01-09 13:26 ` [PATCH v4 07/14] of: property: Fix potential fwnode reference's argument count got out of range Zijun Hu
2025-01-10 20:35   ` Rob Herring [this message]
2025-01-11  0:40     ` Zijun Hu
2025-01-09 13:26 ` [PATCH v4 08/14] of: Remove a duplicated code block Zijun Hu
2025-01-13 14:39   ` Rob Herring (Arm)
2025-01-09 13:27 ` [PATCH v4 09/14] of: reserved-memory: Fix using wrong number of cells to get property 'alignment' Zijun Hu
2025-01-13 23:25   ` Rob Herring
2025-02-25  1:18     ` William McVicker
2025-02-25  2:46       ` Zijun Hu
2025-02-25 17:46         ` William McVicker
2025-02-26 19:45           ` Rob Herring
2025-02-26 20:31             ` Zijun Hu
2025-02-26 21:30               ` Rob Herring
2025-02-26 21:36                 ` William McVicker
2025-02-26 23:25                   ` Zijun Hu
2025-02-26 23:52                 ` Zijun Hu
2025-02-27 11:55                 ` Zijun Hu
2025-01-09 13:27 ` [PATCH v4 10/14] of: reserved-memory: Do not make kmemleak ignore freed address Zijun Hu
2025-01-13 23:27   ` Rob Herring (Arm)
2025-01-09 13:27 ` [PATCH v4 11/14] of: reserved-memory: Warn for missing static reserved memory regions Zijun Hu
2025-01-13 23:16   ` Rob Herring
2025-01-14 14:52     ` Zijun Hu
2025-01-09 13:27 ` [PATCH v4 12/14] of: reserved-memory: Move an assignment to effective place in __reserved_mem_alloc_size() Zijun Hu
2025-01-13 23:32   ` Rob Herring (Arm)
2025-01-09 13:27 ` [PATCH v4 13/14] of/fdt: Check fdt_get_mem_rsv() error in early_init_fdt_scan_reserved_mem() Zijun Hu
2025-01-13 23:32   ` Rob Herring (Arm)
2025-01-09 13:27 ` [PATCH v4 14/14] of: Improve __of_add_property_sysfs() readability Zijun Hu
2025-01-10 20:41   ` Rob Herring
2025-01-10 23:48     ` Zijun Hu
2025-01-11  9:17       ` Krzysztof Kozlowski
2025-01-11 12:44         ` Zijun Hu
2025-01-13  8:33           ` Krzysztof Kozlowski
2025-01-14 15:20         ` Zijun Hu
2025-01-14 15:30           ` Krzysztof Kozlowski
2025-01-13 15:00     ` Zijun Hu
2025-01-13 23:46       ` Rob Herring
2025-01-14 15:13         ` Zijun Hu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250110203521.GA3520266-robh@kernel.org \
    --to=robh@kernel.org \
    --cc=andreas.herrmann@calxeda.com \
    --cc=catalin.marinas@arm.com \
    --cc=devicetree@vger.kernel.org \
    --cc=grant.likely@secretlab.ca \
    --cc=linux-kernel@vger.kernel.org \
    --cc=m.szyprowski@samsung.com \
    --cc=maz@kernel.org \
    --cc=mripard@kernel.org \
    --cc=quic_obabatun@quicinc.com \
    --cc=quic_zijuhu@quicinc.com \
    --cc=robin.murphy@arm.com \
    --cc=rppt@kernel.org \
    --cc=saravanak@google.com \
    --cc=zijun_hu@icloud.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).