From: Wandun <chenwandun1@gmail.com>
To: Rob Herring <robh@kernel.org>
Cc: sashiko-reviews@lists.linux.dev, devicetree@vger.kernel.org,
conor+dt@kernel.org
Subject: Re: [PATCH 1/2] of: reserved_mem: avoid stack buffer overflow in fdt_scan_reserved_mem()
Date: Fri, 5 Jun 2026 10:10:52 +0800 [thread overview]
Message-ID: <b8a5e883-16be-4106-97d3-d4ab69faa8bb@gmail.com> (raw)
In-Reply-To: <20260604193041.GA1057262-robh@kernel.org>
On 6/5/26 03:30, Rob Herring wrote:
> On Thu, Jun 04, 2026 at 05:18:09PM +0800, Wandun wrote:
>>
>> On 6/4/26 15:45, sashiko-bot@kernel.org wrote:
>>> Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
>>> - [Medium] The newly added bounds check for `dynamic_nodes_cnt` is placed outside the block that evaluates whether a node is actually a dynamically-placed region, leading to spurious error logs.
>>> --
>>>
>>> commit 6a79f526de5e1185b7c79fb469545f4094fb402f
>>> Author: Wandun Chen <chenwandun@lixiang.com>
>>>
>>> of: reserved_mem: avoid stack buffer overflow in fdt_scan_reserved_mem()
>>>
>>> This commit adds bounds checking on dynamic_nodes_cnt to prevent a
>>> potential stack buffer overflow in fdt_scan_reserved_mem().
>>>
>>> Link: https://sashiko.dev/#/patchset/20260604015332.3669384-1-chenwandun1%40gmail.com?part=1 [1]
>>>
>>>> diff --git a/drivers/of/of_reserved_mem.c b/drivers/of/of_reserved_mem.c
>>>> --- a/drivers/of/of_reserved_mem.c
>>>> +++ b/drivers/of/of_reserved_mem.c
>>> [ ... ]
>>>
>>>> @@ -341,6 +341,12 @@ int __init fdt_scan_reserved_mem(void)
>>>> err = __reserved_mem_reserve_reg(child, uname);
>>>> if (!err)
>>>> count++;
>>>> +
>>>> + if (dynamic_nodes_cnt >= MAX_RESERVED_REGIONS) {
>>>> + pr_err_once("Reserved memory: reached MAX_RESERVED_REGIONS(%d)\n",
>>>> + MAX_RESERVED_REGIONS);
>>>> + continue;
>>>> + }
>>> [Severity: Medium]
>>> Will this bounds check trigger spurious error logs for statically-placed
>>> regions?
>> Yes, it indeed, will fix in v2.
> I now have the same change (and same problems) in another submission:
>
> https://lore.kernel.org/all/20260603152709.941788-1-ekffu200098@gmail.com/
>
> See my comment there.
Thanks for pointing out the other submission. Since the same fix is
already being worked on, I'll drop this patch. Best regards, Wandun
>
> Rob
next prev parent reply other threads:[~2026-06-05 2:10 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-04 7:36 [PATCH 0/2] of: reserved_mem: fix stack overflow and make dynamic reserved region configurable Wandun Chen
2026-06-04 7:36 ` [PATCH 1/2] of: reserved_mem: avoid stack buffer overflow in fdt_scan_reserved_mem() Wandun Chen
2026-06-04 7:45 ` sashiko-bot
2026-06-04 9:18 ` Wandun
2026-06-04 19:30 ` Rob Herring
2026-06-05 2:10 ` Wandun [this message]
2026-06-04 7:36 ` [PATCH 2/2] of: reserved_mem: add config to extend dynamic reserved memory regions Wandun Chen
2026-06-04 7:44 ` sashiko-bot
2026-06-04 19:33 ` Rob Herring
2026-06-05 2:21 ` Wandun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b8a5e883-16be-4106-97d3-d4ab69faa8bb@gmail.com \
--to=chenwandun1@gmail.com \
--cc=conor+dt@kernel.org \
--cc=devicetree@vger.kernel.org \
--cc=robh@kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox