[PATCH v4 07/14] of: property: Fix potential fwnode reference's argument count got out of range
From: Zijun Hu
Date: Thu Jan 09 2025 - 08:29:39 EST
From: Zijun Hu <quic_zijuhu@xxxxxxxxxxx>
Currently, the maximal fwnode reference argument count supported is
8, and the maximal OF node phandle argument count supported is 16, but
of_fwnode_get_reference_args() directly assigns OF node phandle count
@of_args.args_count to fwnode reference count @args->nargs, so may cause
fwnode reference argument count got is out of range, namely, in [9, 16].
Fix by truncating @args->nargs got to 8 and warning if it > 8.
Fixes: b66548e2a9ba ("of: Increase MAX_PHANDLE_ARGS")
Signed-off-by: Zijun Hu <quic_zijuhu@xxxxxxxxxxx>
---
drivers/of/property.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/of/property.c b/drivers/of/property.c
index 6245cbff3527d762c16e7f4b7b7b3d4f2e9ddbe6..5ef9b2ced43ee7c4bfe88ea3cb11f3182da0dab9 100644
--- a/drivers/of/property.c
+++ b/drivers/of/property.c
@@ -1072,6 +1072,11 @@ of_fwnode_get_reference_args(const struct fwnode_handle *fwnode,
}
args->nargs = of_args.args_count;
+ if (args->nargs > NR_FWNODE_REFERENCE_ARGS) {
+ pr_warn("%s: Truncate arg count %d for property '%s' phandle index %d\n",
+ __func__, of_args.args_count, prop, index);
+ args->nargs = NR_FWNODE_REFERENCE_ARGS;
+ }
args->fwnode = of_fwnode_handle(of_args.np);
for (i = 0; i < NR_FWNODE_REFERENCE_ARGS; i++)
--
2.34.1