lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 9 Dec 2017 10:04:48 +0100
From:   Geert Uytterhoeven <>
To:     Frank Rowand <>
Cc:     Geert Uytterhoeven <>,
        Pantelis Antoniou <>,
        Rob Herring <>,
        "" <>,
        Linux-Renesas <>,
        "" <>
Subject: Re: [PATCH 0/2] of: overlay: Crash fix and improvement

Hi Frank,

On Sat, Dec 9, 2017 at 7:01 AM, Frank Rowand <> wrote:
> On 12/08/17 05:13, Geert Uytterhoeven wrote:
>> This patch series fixes memory corruption when applying overlays.
>> I first noticed this when using OF configfs.  After lots of failed
>> debugging attempts, I bisected it to "of: overlay: add per overlay sysfs
>> attributes", which is not upstream.  But that was a red herring: that
>> commit enlarged struct fragment to exactly 64-bytes, which just made it
>> more likely to cause random corruption when writing beyond the end of an
>> array of fragment structures.  With the smaller structure size before,
>> such writes usually ended up in the unused holes between allocated
>> blocks, causing no harm.
>> The first patch is the real fix, and applies to both v4.15-rc2 and Rob's
>> for-next branch.
>> The second patch is a small improvement, and applies to Rob's for-next
>> branch only.
> Overlay FDT files should not have invalid contents.  But they inevitably
> will, so the code has to handle those cases.  Thanks for finding this
> problem and making the code better!

Sure, people can throw anything at it ;-)

In my case, I'm wondering if the dtbo was actually invalid?
Simplification of the decompiled dtbo:


/ {

        fragment-name {
                target-path = [2f 00];

                __overlay__ {

                        node-name {
                                compatible = "foo,bar";
                                gpios = <0xffffffff 0x0 0x0>;

        __fixups__ {
                bank0 = "/fragment-name/__overlay__/node-name:gpios:0";

So it has __fixup__, but no __symbols__, which looks totally valid to me.

> For the full series:
> Reviewed-by: Frank Rowand <>




Geert Uytterhoeven -- There's lots of Linux beyond ia32 --

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Powered by blists - more mailing lists