Received: by 10.223.164.202 with SMTP id h10csp4140703wrb; Wed, 29 Nov 2017 01:27:23 -0800 (PST) X-Google-Smtp-Source: AGs4zMab3qLzYFNuJ1YH4MNF4kVY6ikqWlhjlWKyqIujV+uNAjHcDxJGl5BcfQRpj4K60LarZYxb X-Received: by 10.84.232.76 with SMTP id f12mr2202472pln.195.1511947643620; Wed, 29 Nov 2017 01:27:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1511947643; cv=none; d=google.com; s=arc-20160816; b=ZMtlNXDCJlTbBKZyI8HGtgz02qLSEeUfa6cRrzj1ubvQq6Gbo99tc0fK8jNmrkpP3e GGw2EVg6AF3zS81LlgXefy1s2x6KOntVKnRIXyiRZhPsRUWPvVBpnHUuwhYg9/IGb09H xWtND+H+iYQ025ebWZ7JOUN5lrVzLe1wPvxd5TE9keiz4W0f/xREHBKUPKlWyCPTeXHd 5izKKTI3dFf41ww2xFM/iwimY8r6c1o4BlXubms/xPc8hc5csy9L6YkCkDotoQqPorJF F43u9FiK9va9Z1CzLOWSXfvxThDSs43T5EC3GMmawWcDVu31tGQMmfTvWh4sU6V4Ugyi pDtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=OXwBGt9i/kdzTlQeWg1lf253PDLh2eTcoWvZc+dkim4=; b=fpUJ0gFE8EBLa8xRDPN+Xh4c4ZOw+rU7IpoJHPkL9hguQrbBzYEuCx975zTSo+kYeg Rd1ZcsDYO/cwLTJ7kW8kIFUHvAOwnT6qAQox6Wf/UOKWBZbf5VCKay2BC3Aw2LV+G/wx NvsxyBzlEp47M5ip2iLvHZV6/vQ0jxvULSeaaIMPPiFXO1+/cZQRCgqBCZS3chqwYawN EJIdBArl8FuxOEV9ly+/qq1Q7UmQfphVEMN5KT+pJ/yNm0hyNxOdVS9QJpnw3/Zd3nIM cwqUY479fZM3i8BwA15outMqRG3c44wRn9aygG6c1MfGN/agxCbtHZ17w3DfTdwptIVu K8mg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Dw3GWJUs; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1si960356plz.262.2017.11.29.01.27.13; Wed, 29 Nov 2017 01:27:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Dw3GWJUs; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932159AbdK2J0R (ORCPT + 70 others); Wed, 29 Nov 2017 04:26:17 -0500 Received: from mail-pl0-f68.google.com ([209.85.160.68]:33243 "EHLO mail-pl0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932106AbdK2J0N (ORCPT ); Wed, 29 Nov 2017 04:26:13 -0500 Received: by mail-pl0-f68.google.com with SMTP id q7so1746778plk.0; Wed, 29 Nov 2017 01:26:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=OXwBGt9i/kdzTlQeWg1lf253PDLh2eTcoWvZc+dkim4=; b=Dw3GWJUsM0DOn2Sf0LZXkF3bxNydD8nUlUWHfVapcM7LJ1qamfR5z6sQpYHuGm7VZJ Kxb9glRb2HHVEgLhV+jYijY5aDGS86jzyKK05MjkGhMqWdfczEQr50KsxidZkLwRXKhI 2hwvSBuf3prlRW3VpoowuEARkTmwHlEaIG61vOwgOCOxlFFb8GknRejYT1XMK9WZ3QYT a/c51juuxoH/Gpry1z1ezCZkDmh5KN2WFoqUTwc2gaQV6xtSCjpQtsmduKi0jAgAIGbe JLdtVjtk2EuuaJQCNhAESueE7KzUtEpnnx6orHV8AUkONWdseHpzwF91TF3XgMGJBWj3 MF7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=OXwBGt9i/kdzTlQeWg1lf253PDLh2eTcoWvZc+dkim4=; b=p+JfkngBUVIvb79yMLPOhErjt3LWFkYbFKe8+Py2J9PGjTORBen9frUcjoMMcGIJzk hFDJPdsIi1Hx74s8GsANYvs/3ziotX0qwYyjjWXQT+GkaVN7IxMFOA69P3KHT+Ys5Hzo v8dDa8+0+LAt0Sqd/treaoqUwHrRAT+/laMgIChOq6viucP34/mXH0y9tsJKreivv8Nl 1Z6xjwacncQ9vgqr5KNtTJ9CGqwgCfEhPCRx+tuWiMp0/zIAaTHXJfNW9hH99bW1ID80 vm9OX1Zb//JGJSXO+zLW85a72rslzJDe9CMKZeZViqkd8uLpriilF7QF9hJtvYypufEw 5N6A== X-Gm-Message-State: AJaThX7OZ+jkFf2cgxgjR4jHK2vnPriOqT3fxrvtYo+wAr6nhKroyLEe NarZzT6PiqoBGNFKwC8x7Wc= X-Received: by 10.84.137.106 with SMTP id 97mr2243515plm.429.1511947573091; Wed, 29 Nov 2017 01:26:13 -0800 (PST) Received: from [192.168.43.210] (mobile-166-170-36-10.mycingular.net. [166.170.36.10]) by smtp.gmail.com with ESMTPSA id l73sm2583803pfi.82.2017.11.29.01.26.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 29 Nov 2017 01:26:12 -0800 (PST) Subject: Re: [RFC 1/2] of: overlay: add whitelist To: Alan Tull , Rob Herring Cc: Pantelis Antoniou , Moritz Fischer , "devicetree@vger.kernel.org" , linux-kernel , linux-fpga@vger.kernel.org References: <1511816284-12145-1-git-send-email-atull@kernel.org> <1511816284-12145-2-git-send-email-atull@kernel.org> <20171128151538.2w6fjcib6my6wt5n@rob-hp-laptop> From: Frank Rowand Message-ID: <791d0e87-c3c4-faa6-6a55-9141be2ca0ac@gmail.com> Date: Wed, 29 Nov 2017 04:25:59 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/28/17 14:26, Alan Tull wrote: > On Tue, Nov 28, 2017 at 9:15 AM, Rob Herring wrote: >> On Mon, Nov 27, 2017 at 02:58:03PM -0600, Alan Tull wrote: >>> Add simple whitelist. When an overlay is submitted, if any target in >>> the overlay is not in the whitelist, the overlay is rejected. Drivers >>> that support dynamic configuration can register their device node with: >>> >>> int of_add_whitelist_node(struct device_node *np) >>> >>> and remove themselves with: >>> >>> void of_remove_whitelist_node(struct device_node *np) >> >> I think these should be named for what they do, not how it is >> implemented. > > Sure, such as of_node_overlay_enable and of_node_overlay_disable? of_allow_overlay_on_node(), of_disallow_overlay_on_node()? > >> >>> >>> Signed-off-by: Alan Tull >>> --- >>> drivers/of/overlay.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++ >>> include/linux/of.h | 12 +++++++++ >>> 2 files changed, 85 insertions(+) >>> >>> diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c >>> index c150abb..5f952a1 100644 >>> --- a/drivers/of/overlay.c >>> +++ b/drivers/of/overlay.c >>> @@ -21,6 +21,7 @@ >>> #include >>> #include >>> #include >>> +#include >>> >>> #include "of_private.h" >>> >>> @@ -646,6 +647,74 @@ static void free_overlay_changeset(struct overlay_changeset *ovcs) >>> kfree(ovcs); >>> } >>> >>> +/* lock for adding/removing device nodes to the whitelist */ >>> +static spinlock_t whitelist_lock; >>> + >>> +static struct list_head whitelist_list = LIST_HEAD_INIT(whitelist_list); >>> + >>> +struct dt_overlay_whitelist { >>> + struct device_node *np; >>> + struct list_head node; >>> +}; >> >> Can't we just add a flags bit in device_node.flags? That would be much >> simpler. > > Yes, much simpler. Such as: > > #define OF_OVERLAY_ENABLED 5 /* allow DT overlay targeting this node */ > >> >>> + >>> +int of_add_whitelist_node(struct device_node *np) >>> +{ >>> + unsigned long flags; >>> + struct dt_overlay_whitelist *wln; >>> + >>> + wln = kzalloc(sizeof(*wln), GFP_KERNEL); >>> + if (!wln) >>> + return -ENOMEM; >>> + >>> + wln->np = np; >>> + >>> + spin_lock_irqsave(&whitelist_lock, flags); >>> + list_add(&wln->node, &whitelist_list); >>> + spin_unlock_irqrestore(&whitelist_lock, flags); >>> + >>> + return 0; >>> +} >>> +EXPORT_SYMBOL_GPL(of_add_whitelist_node); >>> + >>> +void of_remove_whitelist_node(struct device_node *np) >>> +{ >>> + struct dt_overlay_whitelist *wln; >>> + unsigned long flags; >>> + >>> + list_for_each_entry(wln, &whitelist_list, node) { >>> + if (np == wln->np) { >>> + spin_lock_irqsave(&whitelist_lock, flags); >>> + list_del(&wln->node); >>> + spin_unlock_irqrestore(&whitelist_lock, flags); >>> + kfree(wln); >>> + return; >>> + } >>> + } >>> +} >>> +EXPORT_SYMBOL_GPL(of_remove_whitelist_node); >>> + >>> +static int of_check_whitelist(struct overlay_changeset *ovcs) >>> +{ >>> + struct dt_overlay_whitelist *wln; >>> + struct device_node *target; >>> + int i; >>> + >>> + for (i = 0; i < ovcs->count; i++) { >>> + target = ovcs->fragments[i].target; >>> + if (!of_node_cmp(target->name, "__symbols__")) >>> + continue; >>> + >>> + list_for_each_entry(wln, &whitelist_list, node) >>> + if (target == wln->np) >>> + break; >>> + >>> + if (target != wln->np) >>> + return -ENODEV; >>> + } >>> + >>> + return 0; >>> +} >>> + >>> /** >>> * of_overlay_apply() - Create and apply an overlay changeset >>> * @tree: Expanded overlay device tree >>> @@ -717,6 +786,10 @@ int of_overlay_apply(struct device_node *tree, int *ovcs_id) >>> if (ret) >>> goto err_free_overlay_changeset; >>> >>> + ret = of_check_whitelist(ovcs); >>> + if (ret) >>> + goto err_free_overlay_changeset; >> >> This will break you until the next patch and breaks any other users. I >> think this is now just the unittest as tilcdc overlay is getting >> removed. >> >> You have to make this chunk the last patch in the series. > > I'd rather squash the two patches. In either case, the contents of > second patch are dependent on stuff in char-misc-testing today, so it > won't be able to apply yet on linux-next or anywhere else. > > Thanks > Alan > >> >> Rob > From 1585339208698893443@xxx Tue Nov 28 19:28:06 +0000 2017 X-GM-THRID: 1585254360276330086 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread