Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp748763yba;
        Thu, 16 May 2019 08:19:36 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyGD8h5XdMobt1gmhdteaOb3VOCKNTRf3knuAb9ovvrCCBTtLeI0tJcVqv/orDZl+NoDYL1
X-Received: by 2002:a17:902:3143:: with SMTP id w61mr43887026plb.292.1558019975936;
        Thu, 16 May 2019 08:19:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1558019975; cv=none;
        d=google.com; s=arc-20160816;
        b=UJQN3vOzUz1YzOJy6UoEcTAfxvBIrRCcaMjatRzZHw+zAHLEFSaf9vL/z+eYxIctd5
         Q7pm4qfEqGGoGmLCM2awQHafFmDEU1tYQ0XOoo2y5q8URrP8L7tNPExN60nYyF/Aiu4v
         E3XyvtJoyKWLm4Pz1oh/c9cT2v5dZjgIenuHsKW/Ycp73GRBDAxEbdyFFrxQKPdZorh1
         5i4RTra/ku68AgrdyG2aJ/IH5P9meMib0Jt5jjTzulzsM6o5ONhM2u2Sx5My01l7DN2L
         NCSh4mKKJM4jVsfftIhGiQZ83LRxjNeSJDXFVYwJ/+gFtC4jyzJI/p8P1x8r/bKexYGa
         PvfQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=1X9zeWjlcYb2MnyQt4MjpR/dFTrZ2l3MMYLvdCDra2E=;
        b=DgX4InpWi3wg81Y+pUeyyi3OsZdD0k2zmkT6MkrxX1UpoyCarGdrjpFNA1nnO9acpI
         iLo5fLevtOD/Sbe46C914Zoxwy0wJ/RaE8PWQhDuvQWPEp2HToGFbpb1+IZ9nrumVtHb
         69DxWgfDhdiDHph6XCS3zHYeS9mW+g7p6b3sxbwcaMHWf6nskTG1rhAGaPiLf7QWJORN
         lv8Rrss/BjhvVOK/PokPkEB3XzknsWMwFdOfqZmdkiIHvXJuZwG6em4GOQNclz2qhT1a
         UBdSj5DElX7IT+k8EPYj0zkic6XsEiXU5BjzhKHOVF8ElvKPLCVzh//8dSsrLGu6Dzxs
         zWbA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=1O52Vzdm;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k184si5011160pge.82.2019.05.16.08.19.19;
        Thu, 16 May 2019 08:19:35 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=1O52Vzdm;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727188AbfEPPSK (ORCPT <rfc822;ttoukan.linux@gmail.com>
        + 99 others); Thu, 16 May 2019 11:18:10 -0400
Received: from mail.kernel.org ([198.145.29.99]:53290 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726687AbfEPPSK (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 16 May 2019 11:18:10 -0400
Received: from mail-qt1-f176.google.com (mail-qt1-f176.google.com [209.85.160.176])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 900CB20833;
        Thu, 16 May 2019 15:18:08 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1558019888;
        bh=ZM7ppt/S5KJwv0acQCOQ76OkA49Aolc34/4ZQeZCdco=;
        h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
        b=1O52VzdmaWpclF2Vq5eVFl+XFTl+jyTJm2sXqSL/6DNVKTb2AN2wggy1ABR4GT+Ol
         zeVFkidsdioXrsnfl0X/+MB44YQbSff6eIy59n/HGd+Ejo+ct3oG7wRujt7w+n9Yo/
         I9DS4ya12Up8RU8Y2TZULqMiiYMAP1f0k2jCyYxs=
Received: by mail-qt1-f176.google.com with SMTP id y42so4333841qtk.6;
        Thu, 16 May 2019 08:18:08 -0700 (PDT)
X-Gm-Message-State: APjAAAX/RnUhhRPrF0nN8q6buOaTyx4Vz5Jend58MUn3cR9B6qtvEAaF
        ecX+PywwAl6vmHKEZcLq8T76p5TUWz5/qlCcXA==
X-Received: by 2002:ac8:3862:: with SMTP id r31mr42313002qtb.26.1558019887828;
 Thu, 16 May 2019 08:18:07 -0700 (PDT)
MIME-Version: 1.0
References: <20190516102817.188519-1-hsinyi@chromium.org> <20190516102817.188519-2-hsinyi@chromium.org>
 <CAL_JsqLx1UdjCnZ69aQm0GU_uOdd7tTdD_oM=D7yhDANoQ0fEA@mail.gmail.com> <20190516144303.GF43059@lakrids.cambridge.arm.com>
In-Reply-To: <20190516144303.GF43059@lakrids.cambridge.arm.com>
From:   Rob Herring <robh+dt@kernel.org>
Date:   Thu, 16 May 2019 10:17:56 -0500
X-Gmail-Original-Message-ID: <CAL_Jsq+Tmht+oxdmjtyhzwrYw4NNAkVnimAuEGODC_2fAprSjg@mail.gmail.com>
Message-ID: <CAL_Jsq+Tmht+oxdmjtyhzwrYw4NNAkVnimAuEGODC_2fAprSjg@mail.gmail.com>
Subject: Re: [PATCH v3 2/3] arm64: implement update_fdt_pgprot()
To:     Mark Rutland <mark.rutland@arm.com>
Cc:     Hsin-Yi Wang <hsinyi@chromium.org>,
        "moderated list:ARM/FREESCALE IMX / MXC ARM ARCHITECTURE" 
        <linux-arm-kernel@lists.infradead.org>, devicetree@vger.kernel.org,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Frank Rowand <frowand.list@gmail.com>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will.deacon@arm.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Mike Rapoport <rppt@linux.ibm.com>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Miles Chen <miles.chen@mediatek.com>,
        James Morse <james.morse@arm.com>,
        Andrew Murray <andrew.murray@arm.com>,
        Chintan Pandya <cpandya@codeaurora.org>,
        Jun Yao <yaojun8558363@gmail.com>, Yu Zhao <yuzhao@google.com>,
        Robin Murphy <robin.murphy@arm.com>,
        Laura Abbott <labbott@redhat.com>,
        Stephen Boyd <swboyd@chromium.org>,
        Kees Cook <keescook@chromium.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, May 16, 2019 at 9:43 AM Mark Rutland <mark.rutland@arm.com> wrote:
>
> On Thu, May 16, 2019 at 09:37:05AM -0500, Rob Herring wrote:
> > On Thu, May 16, 2019 at 5:28 AM Hsin-Yi Wang <hsinyi@chromium.org> wrote:
> > >
> > > Basically does similar things like __fixmap_remap_fdt(). It's supposed
> > > to be called after fixmap_remap_fdt() is called at least once, so region
> > > checking can be skipped. Since it needs to know dt physical address, make
> > > a copy of the value of __fdt_pointer.
> > >
> > > Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
> > > ---
> > >  arch/arm64/kernel/setup.c |  2 ++
> > >  arch/arm64/mm/mmu.c       | 17 +++++++++++++++++
> > >  2 files changed, 19 insertions(+)
> >
> > Why not just map the FDT R/W at the start and change it to RO just
> > before calling unflatten_device_tree? Then all the FDT scanning
> > functions or any future fixups we need can just assume R/W. That is
> > essentially what Stephen suggested. However, there's no need for a
> > weak function as it can all be done within the arch code.
> >
> > However, I'm still wondering why the FDT needs to be RO in the first place.
>
> We want to preserve the original FDT in a pristine form for kexec (and
> when exposed to userspace), and mapping it RO was the easiest way to
> catch it being randomly modified (e.g. without fixups applied).

The CRC check already existed for this purpose and that works for
every arch including ones where the FDT is copied.

BTW, This version of the patchset disables the export to userspace
since the CRC will be wrong.

> I'd prefer to keep it RO once we've removed/cleared certain properties
> from the chosen node that don't make sense to pass on for kexec

I want clear rules about when the FDT can be modified or not which are
not arch specific.

It's really only a question of with what granularity it's made R/W.
Wrapping every modification seems like overkill to me.

Rob