Re: [PATCH] ARM: mvebu: validate memory node device_type strings
From: Andrew Lunn
Date: Fri Apr 03 2026 - 10:36:20 EST
On Fri, Apr 03, 2026 at 10:42:46AM +0800, Pengpeng Hou wrote:
> mvebu_scan_mem() fetches the raw device_type property and immediately
> compares it with strcmp(). Flat DT properties are external boot input,
> and this path does not prove that the property is NUL-terminated within
> its declared bounds.
>
> Use fdt_stringlist_get() so malformed unterminated device_type
> properties are rejected before they are used as C strings.
>
> Signed-off-by: Pengpeng Hou <pengpeng@xxxxxxxxxxx>
> ---
> arch/arm/mach-mvebu/board-v7.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm/mach-mvebu/board-v7.c b/arch/arm/mach-mvebu/board-v7.c
> index a0740ab0dca9..f867f6233108 100644
> --- a/arch/arm/mach-mvebu/board-v7.c
> +++ b/arch/arm/mach-mvebu/board-v7.c
> @@ -11,6 +11,7 @@
>
> #include <linux/kernel.h>
> #include <linux/init.h>
> +#include <linux/libfdt.h>
> #include <linux/of_address.h>
> #include <linux/of_fdt.h>
> #include <linux/io.h>
> @@ -66,7 +67,8 @@ void __iomem *mvebu_get_scu_base(void)
> static int __init mvebu_scan_mem(unsigned long node, const char *uname,
> int depth, void *data)
> {
> - const char *type = of_get_flat_dt_prop(node, "device_type", NULL);
> + const char *type = fdt_stringlist_get(initial_boot_params, node,
> + "device_type", 0, NULL);
> const __be32 *reg, *endp;
> int l;
Did you read the comment?
/*
* When returning from suspend, the platform goes through the
* bootloader, which executes its DDR3 training code. This code has
* the unfortunate idea of using the first 10 KB of each DRAM bank to
* exercise the RAM and calculate the optimal timings. Therefore, this
* area of RAM is overwritten, and shouldn't be used by the kernel if
* suspend/resume is supported.
*/
You probably want to make use of:
* -FDT_ERR_BADVALUE if the property value is not NUL-terminated
* -FDT_ERR_NOTFOUND if the property does not exist
Andrew