Thread (31 messages) 31 messages, 8 authors, 2017-11-28

Re: [PATCH v2 5/5] of/fdt: only store the device node basename in full_name

From: Pantelis Antoniou <hidden>
Date: 2017-10-19 08:51:50
Also in: linux-devicetree, linux-fpga, lkml 

Hi Rob,

On Oct 18, 2017, at 21:30 , Rob Herring [off-list ref] wrote:
=20
On Wed, Oct 18, 2017 at 10:53 AM, Pantelis Antoniou
[off-list ref] wrote:
quoted
On Wed, 2017-10-18 at 10:44 -0500, Rob Herring wrote:
quoted
On Wed, Oct 18, 2017 at 10:12 AM, Alan Tull [off-list ref] =
wrote:
quoted
quoted
quoted
On Tue, Oct 17, 2017 at 6:51 PM, Frank Rowand =
[off-list ref] wrote:
quoted
quoted
quoted
quoted
On 10/17/17 14:46, Rob Herring wrote:
quoted
On Tue, Oct 17, 2017 at 4:32 PM, Alan Tull [off-list ref] =
wrote:
quoted
quoted
quoted
quoted
quoted
quoted
On Mon, Aug 21, 2017 at 10:16 AM, Rob Herring [off-list ref] =
wrote:
quoted
quoted
quoted
quoted
quoted
quoted
=20
Hi Rob,
=20
quoted
With dependencies on a statically allocated full path name =
converted to
quoted
quoted
quoted
quoted
quoted
quoted
quoted
use %pOF format specifier, we can store just the basename of =
node, and
quoted
quoted
quoted
quoted
quoted
quoted
quoted
the unflattening of the FDT can be simplified.
=20
This commit will affect the remaining users of full_name. After
analyzing these users, the remaining cases should only change =
some print
quoted
quoted
quoted
quoted
quoted
quoted
quoted
messages. The main users of full_name are providing a name for =
struct
quoted
quoted
quoted
quoted
quoted
quoted
quoted
resource. The resource names shouldn't be important other than =
providing
quoted
quoted
quoted
quoted
quoted
quoted
quoted
/proc/iomem names.
=20
We no longer distinguish between pre and post 0x10 dtb formats =
as either
quoted
quoted
quoted
quoted
quoted
quoted
quoted
a full path or basename will work. However, less than 0x10 =
formats have
quoted
quoted
quoted
quoted
quoted
quoted
quoted
been broken since the conversion to use libfdt (and no one has =
cared).
quoted
quoted
quoted
quoted
quoted
quoted
quoted
The conversion of the unflattening code to be non-recursive =
also broke
quoted
quoted
quoted
quoted
quoted
quoted
quoted
pre 0x10 formats as the populate_node function would return 0 =
in that
quoted
quoted
quoted
quoted
quoted
quoted
quoted
case.
=20
Signed-off-by: Rob Herring <robh@kernel.org>
---
v2:
- rebase to linux-next
=20
drivers/of/fdt.c | 69 =
+++++++++-----------------------------------------------
quoted
quoted
quoted
quoted
quoted
quoted
quoted
1 file changed, 11 insertions(+), 58 deletions(-)
=20
I've just updated to the latest next branch and am finding =
problems
quoted
quoted
quoted
quoted
quoted
quoted
applying overlays.   Reverting this commit alleviates things.  =
The
quoted
quoted
quoted
quoted
quoted
quoted
errors I get are:
=20
[   88.498704] OF: overlay: Failed to apply prop =
@/__symbols__/clk_0
quoted
quoted
quoted
quoted
quoted
quoted
[   88.513447] OF: overlay: apply failed '/__symbols__'
[   88.518423] create_overlay: Failed to create overlay =
(err=3D-12)
quoted
quoted
quoted
quoted
quoted
=20
Frank's series with overlay updates should fix this.
=20
Yes, it does:
=20
 [PATCH v3 11/12] of: overlay: remove a dependency on device node =
full_name
quoted
quoted
quoted
=20
Thanks for the fast response.  I fetched the dt/next branch to test
this but there are sufficient changes that Pantelis' "OF: =
DT-Overlay
quoted
quoted
quoted
configfs interface (v7)" is broken now.  I've been adding that
downstream since 4.4.  We're using it as an interface for applying
overlays to program FPGAs.  If we fix it again, is there any chance
that can go upstream now?
=20
With a drive-by posting once every few years, no.
=20
=20
I take offense to that. There's nothing changed in the patch for =
years.
quoted
Reposting the same patch without changes would achieve nothing.
=20
Are you still expecting review comments on it or something?
Furthermore, If something is posted infrequently, then I'm not
inclined to comment or care if the next posting is going to be after I
forget what I previously said (which is not very long).
=20
I'm just saying, don't expect to forward port, post and it will be
accepted. Below is minimally one of the issues that needs to be
addressed.
=20
quoted
quoted
The issue remains that the kernel is not really setup to deal with =
any
quoted
quoted
random property or node to be changed at any point in run-time. I
think there needs to be some restrictions around what the overlays =
can
quoted
quoted
touch. We can't have it be wide open and then lock things down later
and break users. One example of what you could do is you can only =
add
quoted
quoted
sub-trees to whitelisted nodes. That's probably acceptable for your
usecase.
=20
=20
Defining what can and what cannot be changed is not as trivial as a
list of white-listed nodes.
=20
No, but we have to start somewhere and we are not starting with any
change allowed anywhere at anytime. If that is what people want, then
they are going to get to maintain that out of tree.
=20
I am still not sold on this =E2=80=98dangerous=E2=80=99 idea. No-one is =
crazy enough to
suggest overlays to be loadable by an unprivileged user. It=E2=80=99s =
exactly the
same =E2=80=98danger=E2=80=99 as loading a kernel module, while is sure =
capable of much
greater mischief.
quoted
In some cases there is a whole node hierarchy being inserted (like in
a FPGA).
=20
Yes, so you'd have a target fpga region. That sounds fine to me. Maybe
its not a static whitelist, but drivers have to register target
nodes/paths.
=20
quoted
In others, it's merely changing a status property to "okay" and
a few device parameters.
=20
That seems fine too. Disabled nodes could be allowed. But what if you
add/change properties on a node that is not disabled? Once a node is
enabled, who is responsible for registering the device?
=20
What about changing a node from enabled to disabled? The kernel would
need to handle that or not allow it.
=20
So it seems a simple whitelist won=E2=80=99t cut it. We=E2=80=99re =
already talking about
special casing for this or that property.

My argument is that this kind of validation is not part of the =
core-device tree,
but instead is a policy decision different for each board.
=20
quoted
The real issue is that the kernel has no way to verify that a given
device tree, either at boot time or at overlay application time, is
correct.
=20
When the tree is wrong at boot-time you'll hang (if you're lucky).
If the tree is wrong at run-time you'll get some into some =
unidentified
quoted
funky state.
=20
Or have some security hole or a mechanism for userspace to crash the =
system.
=20
User-space as in regular users should never have enough privileges to =
apply an
overlay, same as in loading a kernel module.
quoted
Finally what is, and what is not 'correct' is not for the kernel to
decide arbitrarily, it's a matter of policy, different for each
use-case.
=20
It is if the kernel will break doing so.
=20
I still haven=E2=80=99t seen a real example of the kernel breaking.

I have seen a lot of cases where the kernel is crashing due to the =
device
removal path being broken, but those are kernel bugs to fix, not =
something
to use to hold back functionality that people want to use.

Rob
Regards

=E2=80=94 Pantelis
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help