From: Pengpeng Hou <pengpeng@iscas.ac.cn>
To: Rob Herring <robh@kernel.org>, Saravana Kannan <saravanak@kernel.org>
Cc: devicetree@vger.kernel.org, linux-kernel@vger.kernel.org,
pengpeng@iscas.ac.cn
Subject: [PATCH] drivers/of: fdt: validate flat DT string properties before string use
Date: Fri, 3 Apr 2026 08:47:51 +0800 [thread overview]
Message-ID: <69CF17C9.10A8CC.26415@cstnet.cn> (raw)
Firmware-supplied flat DT properties are raw byte sequences. Several
early FDT helpers fetch properties such as status, model, compatible,
and device_type and then use them as C strings with strcmp(), strlen(),
or pr_info() without first proving that the property is NUL-terminated
within its declared length.
Use fdt_stringlist_get() for these string properties instead. That
preserves the existing behavior for valid DTBs while rejecting malformed
unterminated properties before they are passed to C string helpers.
Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
---
drivers/of/fdt.c | 25 +++++++++++--------------
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
index 331646d667b9..311a258fc225 100644
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -68,7 +68,7 @@ void __init of_fdt_limit_memory(int limit)
bool of_fdt_device_is_available(const void *blob, unsigned long node)
{
- const char *status = fdt_getprop(blob, node, "status", NULL);
+ const char *status = fdt_stringlist_get(blob, node, "status", 0, NULL);
if (!status)
return true;
@@ -741,9 +741,10 @@ const char * __init of_flat_dt_get_machine_name(void)
const char *name;
unsigned long dt_root = of_get_flat_dt_root();
- name = of_get_flat_dt_prop(dt_root, "model", NULL);
+ name = fdt_stringlist_get(initial_boot_params, dt_root, "model", 0, NULL);
if (!name)
- name = of_get_flat_dt_prop(dt_root, "compatible", NULL);
+ name = fdt_stringlist_get(initial_boot_params, dt_root,
+ "compatible", 0, NULL);
return name;
}
@@ -775,19 +776,14 @@ const void * __init of_flat_dt_match_machine(const void *default_match,
}
if (!best_data) {
const char *prop;
- int size;
+ int idx = 0, size;
pr_err("\n unrecognized device tree list:\n[ ");
- prop = of_get_flat_dt_prop(dt_root, "compatible", &size);
- if (prop) {
- while (size > 0) {
- printk("'%s' ", prop);
- size -= strlen(prop) + 1;
- prop += strlen(prop) + 1;
- }
- }
- printk("]\n\n");
+ while ((prop = fdt_stringlist_get(initial_boot_params, dt_root,
+ "compatible", idx++, &size)))
+ pr_err("'%s' ", prop);
+ pr_err("]\n\n");
return NULL;
}
@@ -1032,7 +1028,8 @@ int __init early_init_dt_scan_memory(void)
const void *fdt = initial_boot_params;
fdt_for_each_subnode(node, fdt, 0) {
- const char *type = of_get_flat_dt_prop(node, "device_type", NULL);
+ const char *type = fdt_stringlist_get(fdt, node,
+ "device_type", 0, NULL);
const __be32 *reg;
int i, l;
bool hotpluggable;
--
2.50.1 (Apple Git-155)
reply other threads:[~2026-04-03 1:28 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69CF17C9.10A8CC.26415@cstnet.cn \
--to=pengpeng@iscas.ac.cn \
--cc=devicetree@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=robh@kernel.org \
--cc=saravanak@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox