[PATCH] arm64: pi: validate bootargs before parsing them

Next message: Pengpeng Hou: "[PATCH] ARM: compressed: validate memory node device_type strings"
Previous message: K Prateek Nayak: "Re: [PATCH v4 1/2] cpufreq/amd-pstate: Pass the policy to amd_pstate_update()"
Next in thread: Will Deacon: "Re: [PATCH] arm64: pi: validate bootargs before parsing them"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pengpeng Hou

Date: Fri Apr 03 2026 - 00:07:29 EST

get_bootargs_cmdline() fetches the raw bootargs property from the FDT
and immediately calls strlen() on it before later passing the same
pointer into the early command-line parser. Flat DT properties are
external boot input, and this path does not prove that bootargs is
NUL-terminated within its declared bounds.

Use fdt_stringlist_get() so malformed unterminated bootargs are
rejected before the local parser treats them as C strings.

Signed-off-by: Pengpeng Hou <pengpeng@xxxxxxxxxxx>
---
arch/arm64/kernel/pi/idreg-override.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/kernel/pi/idreg-override.c b/arch/arm64/kernel/pi/idreg-override.c
index bc57b290e5e7..310ed279ef26 100644
--- a/arch/arm64/kernel/pi/idreg-override.c
+++ b/arch/arm64/kernel/pi/idreg-override.c
@@ -373,11 +373,11 @@ static __init const u8 *get_bootargs_cmdline(const void *fdt, int node)
if (node < 0)
return NULL;

- prop = fdt_getprop(fdt, node, bootargs, NULL);
+ prop = fdt_stringlist_get(fdt, node, bootargs, 0, NULL);
if (!prop)
return NULL;

- return strlen(prop) ? prop : NULL;
+ return *prop ? prop : NULL;
}

static __init void parse_cmdline(const void *fdt, int chosen)
--
2.50.1 (Apple Git-155)