Re: [PATCH v4 07/14] of: property: Fix potential fwnode reference's argument count got out of range
From: Rob Herring
Date: Fri Jan 10 2025 - 15:35:31 EST
On Thu, Jan 09, 2025 at 09:26:58PM +0800, Zijun Hu wrote:
> From: Zijun Hu <quic_zijuhu@xxxxxxxxxxx>
>
> Currently, the maximal fwnode reference argument count supported is
> 8, and the maximal OF node phandle argument count supported is 16, but
> of_fwnode_get_reference_args() directly assigns OF node phandle count
> @of_args.args_count to fwnode reference count @args->nargs, so may cause
> fwnode reference argument count got is out of range, namely, in [9, 16].
>
> Fix by truncating @args->nargs got to 8 and warning if it > 8.
>
> Fixes: b66548e2a9ba ("of: Increase MAX_PHANDLE_ARGS")
No, it would have been 3e3119d3088f ("device property: Introduce
fwnode_property_get_reference_args").
Why don't we increase NR_FWNODE_REFERENCE_ARGS or rework things such
that MAX_PHANDLE_ARGS and NR_FWNODE_REFERENCE_ARGS can't disagree?
> Signed-off-by: Zijun Hu <quic_zijuhu@xxxxxxxxxxx>
> ---
> drivers/of/property.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/of/property.c b/drivers/of/property.c
> index 6245cbff3527d762c16e7f4b7b7b3d4f2e9ddbe6..5ef9b2ced43ee7c4bfe88ea3cb11f3182da0dab9 100644
> --- a/drivers/of/property.c
> +++ b/drivers/of/property.c
> @@ -1072,6 +1072,11 @@ of_fwnode_get_reference_args(const struct fwnode_handle *fwnode,
> }
>
> args->nargs = of_args.args_count;
> + if (args->nargs > NR_FWNODE_REFERENCE_ARGS) {
> + pr_warn("%s: Truncate arg count %d for property '%s' phandle index %d\n",
> + __func__, of_args.args_count, prop, index);
> + args->nargs = NR_FWNODE_REFERENCE_ARGS;
> + }
> args->fwnode = of_fwnode_handle(of_args.np);
>
> for (i = 0; i < NR_FWNODE_REFERENCE_ARGS; i++)
>
> --
> 2.34.1
>