Received: by 10.223.164.221 with SMTP id h29csp4349397wrb; Thu, 19 Oct 2017 13:56:38 -0700 (PDT) X-Received: by 10.98.158.6 with SMTP id s6mr2702197pfd.191.1508446598562; Thu, 19 Oct 2017 13:56:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508446598; cv=none; d=google.com; s=arc-20160816; b=fYzFA9BarYqzN5K97sovcHwjFBwvvy8885uhheADBQ0WvucaaFIPnRrJsXKnz/nI7d hGUw2Bgc89ArRMVMsBrLAvWk7ujetdcSk82WjHgZiur0tFOWqJL+8CJhX4UDU0wcRM6Y klVXs9GqE3mZTcv6ZxDKK+cZnpuJGEkUNWxwMYEq+8fZgNqKjrvBCr71Dsgtus/IyPe/ DKZnF2wE2nQULW0m8Nr2YHoUTiMYCbj1KqUGVNDgglW6FiUf8oDB/dD+f+Twq15dzZ/z 8Alq2hoO5dzEZ9KwZtj/iesb3k4Y8FKoMFYVA54JmhYBElwk7snKfVo356R3tQpydVfa TpoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=pKUli2Jh/ozrzNHe0V/0po/DPV4w8IlczDwNOKUbnfM=; b=l3gdd9WHke9Xq83eo5nJvh4zOjz+jI5z8s4zeZj7qYNykXKi5uN000+XlGzvtLPpmI l19r1ohhilebTKT5Q+flgyDZF7LjDqp5W+QoFr548iswtKMsDUN5tMAIwX8D5RQV/qcg ErIZ1eK3BKpt8z5cElAWDE68ZKThoKsqu4lzfuhFPd/3Y79Ke/T0jmt4+BR0ddeQ2Od0 ychAM2+ezEr+e+TKFYSqHE39bMry1yEjazqAAR1xZjSNTsQK1p/itaXTbRbJk9yVS+qR JVmOkZwBsGkNfR6PwJ7yDYrk3JenPNYfud9ygbGa8o2Cgi/5c4AbutXp1B+A13LyQh7A 83Kg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a10si9199196pgf.48.2017.10.19.13.56.24; Thu, 19 Oct 2017 13:56:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753414AbdJSUHr (ORCPT + 99 others); Thu, 19 Oct 2017 16:07:47 -0400 Received: from mail-pf0-f196.google.com ([209.85.192.196]:45256 "EHLO mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752720AbdJSUHm (ORCPT ); Thu, 19 Oct 2017 16:07:42 -0400 Received: by mail-pf0-f196.google.com with SMTP id d28so7565623pfe.2 for ; Thu, 19 Oct 2017 13:07:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=pKUli2Jh/ozrzNHe0V/0po/DPV4w8IlczDwNOKUbnfM=; b=CIck7dA1vbiopx8UNk4ulNbeo70Wj0A5rND75LgqfaEWp5rtoACSdWJ5nRGVYitufH 4EJxqauvg+Sq3zffxzlfctFUw8gKsCTcSU/pAHfx3lvAoQduW5CircsWDH5se9FI4c2k aVCeA0BWSPoWoK4eY1FrKT8QA6MUldPDa+f/Hi/wDt8eSiaoZxdrjNGJSPvdIN4URXiH kgixtWHliUDLICCveG1TMWkS8U9Dg608pmpdwVd2sH+80QFtXHrfyfHS9JJqItKIjOkY FPFq6i4y0+U4s37g6lROqpnMx6H85jGm+QFQUXgFDfkiPcvnEzQJ8KxViap3KBK5D8c+ 10JQ== X-Gm-Message-State: AMCzsaXUpEubgswijI+PeSYJMoT1uPysbqZ9SeriFHD3YS7ZyilqHJvR mDKMCuSDy0oxdgj1gU2OaDKtGw== X-Google-Smtp-Source: ABhQp+T56Y0nsJsoOSnqRgm9GbpqeihSBXGGEOqSOY0F9isqVu0XuLPxVbe5uJRPOJ7NXkAgOH6PdA== X-Received: by 10.98.233.20 with SMTP id j20mr2616955pfh.281.1508443661839; Thu, 19 Oct 2017 13:07:41 -0700 (PDT) Received: from localhost (207-114-172-147.static.twtelecom.net. [207.114.172.147]) by smtp.gmail.com with ESMTPSA id l28sm26192058pgu.38.2017.10.19.13.07.40 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 19 Oct 2017 13:07:40 -0700 (PDT) Date: Thu, 19 Oct 2017 13:06:15 -0700 From: Moritz Fischer To: Pantelis Antoniou Cc: Rob Herring , Alan Tull , Frank Rowand , "devicetree@vger.kernel.org" , Michael Ellerman , linuxppc-dev , linux-kernel , Benjamin Herrenschmidt , Paul Mackerras , David Laight , linux-fpga@vger.kernel.org Subject: Re: [PATCH v2 5/5] of/fdt: only store the device node basename in full_name Message-ID: <20171019200615.GA10743@tyrael.ni.corp.natinst.com> References: <20170821151651.25096-1-robh@kernel.org> <20170821151651.25096-6-robh@kernel.org> <59E69786.2030406@gmail.com> <1508341985.25643.12.camel@hp800z> <4393AFA4-620F-4C21-995D-A9806DAE1990@konsulko.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="uAKRQypu60I7Lcqm" Content-Disposition: inline In-Reply-To: <4393AFA4-620F-4C21-995D-A9806DAE1990@konsulko.com> User-Agent: Mutt/1.9.1 (2017-09-22) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --uAKRQypu60I7Lcqm Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 19, 2017 at 11:51:40AM +0300, Pantelis Antoniou wrote: > Hi Rob, >=20 > > On Oct 18, 2017, at 21:30 , Rob Herring wrote: > >=20 > > On Wed, Oct 18, 2017 at 10:53 AM, Pantelis Antoniou > > wrote: > >> On Wed, 2017-10-18 at 10:44 -0500, Rob Herring wrote: > >>> On Wed, Oct 18, 2017 at 10:12 AM, Alan Tull wrote: > >>>> On Tue, Oct 17, 2017 at 6:51 PM, Frank Rowand wrote: > >>>>> On 10/17/17 14:46, Rob Herring wrote: > >>>>>> On Tue, Oct 17, 2017 at 4:32 PM, Alan Tull wrot= e: > >>>>>>> On Mon, Aug 21, 2017 at 10:16 AM, Rob Herring w= rote: > >>>>>>>=20 > >>>>>>> Hi Rob, > >>>>>>>=20 > >>>>>>>> With dependencies on a statically allocated full path name conve= rted to > >>>>>>>> use %pOF format specifier, we can store just the basename of nod= e, and > >>>>>>>> the unflattening of the FDT can be simplified. > >>>>>>>>=20 > >>>>>>>> This commit will affect the remaining users of full_name. After > >>>>>>>> analyzing these users, the remaining cases should only change so= me print > >>>>>>>> messages. The main users of full_name are providing a name for s= truct > >>>>>>>> resource. The resource names shouldn't be important other than p= roviding > >>>>>>>> /proc/iomem names. > >>>>>>>>=20 > >>>>>>>> We no longer distinguish between pre and post 0x10 dtb formats a= s either > >>>>>>>> a full path or basename will work. However, less than 0x10 forma= ts have > >>>>>>>> been broken since the conversion to use libfdt (and no one has c= ared). > >>>>>>>> The conversion of the unflattening code to be non-recursive also= broke > >>>>>>>> pre 0x10 formats as the populate_node function would return 0 in= that > >>>>>>>> case. > >>>>>>>>=20 > >>>>>>>> Signed-off-by: Rob Herring > >>>>>>>> --- > >>>>>>>> v2: > >>>>>>>> - rebase to linux-next > >>>>>>>>=20 > >>>>>>>> drivers/of/fdt.c | 69 +++++++++---------------------------------= -------------- > >>>>>>>> 1 file changed, 11 insertions(+), 58 deletions(-) > >>>>>>>=20 > >>>>>>> I've just updated to the latest next branch and am finding proble= ms > >>>>>>> applying overlays. Reverting this commit alleviates things. The > >>>>>>> errors I get are: > >>>>>>>=20 > >>>>>>> [ 88.498704] OF: overlay: Failed to apply prop @/__symbols__/cl= k_0 > >>>>>>> [ 88.513447] OF: overlay: apply failed '/__symbols__' > >>>>>>> [ 88.518423] create_overlay: Failed to create overlay (err=3D-1= 2) > >>>>>>=20 > >>>>>> Frank's series with overlay updates should fix this. > >>>>>=20 > >>>>> Yes, it does: > >>>>>=20 > >>>>> [PATCH v3 11/12] of: overlay: remove a dependency on device node f= ull_name > >>>>=20 > >>>> Thanks for the fast response. I fetched the dt/next branch to test > >>>> this but there are sufficient changes that Pantelis' "OF: DT-Overlay > >>>> configfs interface (v7)" is broken now. I've been adding that > >>>> downstream since 4.4. We're using it as an interface for applying > >>>> overlays to program FPGAs. If we fix it again, is there any chance > >>>> that can go upstream now? > >>>=20 > >>> With a drive-by posting once every few years, no. > >>>=20 > >>=20 > >> I take offense to that. There's nothing changed in the patch for years. > >> Reposting the same patch without changes would achieve nothing. > >=20 > > Are you still expecting review comments on it or something? > > Furthermore, If something is posted infrequently, then I'm not > > inclined to comment or care if the next posting is going to be after I > > forget what I previously said (which is not very long). > >=20 > > I'm just saying, don't expect to forward port, post and it will be > > accepted. Below is minimally one of the issues that needs to be > > addressed. > >=20 > >>> The issue remains that the kernel is not really setup to deal with any > >>> random property or node to be changed at any point in run-time. I > >>> think there needs to be some restrictions around what the overlays can > >>> touch. We can't have it be wide open and then lock things down later > >>> and break users. One example of what you could do is you can only add > >>> sub-trees to whitelisted nodes. That's probably acceptable for your > >>> usecase. > >>>=20 > >>=20 > >> Defining what can and what cannot be changed is not as trivial as a > >> list of white-listed nodes. > >=20 > > No, but we have to start somewhere and we are not starting with any > > change allowed anywhere at anytime. If that is what people want, then > > they are going to get to maintain that out of tree. > >=20 >=20 > I am still not sold on this =E2=80=98dangerous=E2=80=99 idea. No-one is c= razy enough to > suggest overlays to be loadable by an unprivileged user. It=E2=80=99s exa= ctly the > same =E2=80=98danger=E2=80=99 as loading a kernel module, while is sure c= apable of much > greater mischief. Agreed. >=20 > >> In some cases there is a whole node hierarchy being inserted (like in > >> a FPGA). > >=20 > > Yes, so you'd have a target fpga region. That sounds fine to me. Maybe > > its not a static whitelist, but drivers have to register target > > nodes/paths. > >=20 > >> In others, it's merely changing a status property to "okay" and > >> a few device parameters. > >=20 > > That seems fine too. Disabled nodes could be allowed. But what if you > > add/change properties on a node that is not disabled? Once a node is > > enabled, who is responsible for registering the device? > >=20 > > What about changing a node from enabled to disabled? The kernel would > > need to handle that or not allow it. > >=20 >=20 > So it seems a simple whitelist won=E2=80=99t cut it. We=E2=80=99re alread= y talking about > special casing for this or that property. >=20 > My argument is that this kind of validation is not part of the core-devic= e tree, > but instead is a policy decision different for each board. > =20 > >> The real issue is that the kernel has no way to verify that a given > >> device tree, either at boot time or at overlay application time, is > >> correct. > >>=20 > >> When the tree is wrong at boot-time you'll hang (if you're lucky). > >> If the tree is wrong at run-time you'll get some into some unidentified > >> funky state. > >=20 > > Or have some security hole or a mechanism for userspace to crash the sy= stem. > >=20 >=20 > User-space as in regular users should never have enough privileges to app= ly an > overlay, same as in loading a kernel module. >=20 > >> Finally what is, and what is not 'correct' is not for the kernel to > >> decide arbitrarily, it's a matter of policy, different for each > >> use-case. > >=20 > > It is if the kernel will break doing so. > >=20 >=20 > I still haven=E2=80=99t seen a real example of the kernel breaking. >=20 > I have seen a lot of cases where the kernel is crashing due to the device > removal path being broken, but those are kernel bugs to fix, not something > to use to hold back functionality that people want to use. We also have plenty of code that is just not aware of overlays, and assumes certain parts of the tree to stay static. I ran into that issue when I tried to add thermal zones via an overlay, I've been investigating how to fix the thermal framework to work with overlays since then and have some partially working code. Currently the thermal framework parses the thermal-zones node at boot, and assumes this stays static. This breaks with overlays. I agree we eventually need to fix the parts that break when we use overlays. >=20 > > Rob >=20 > Regards >=20 > =E2=80=94 Pantelis >=20 > -- > To unsubscribe from this list: send the line "unsubscribe linux-fpga" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html Cheers, Moritz --uAKRQypu60I7Lcqm Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEowQ4eJSlIZpNWnl2UVwKRFcJcNgFAlnpBbMACgkQUVwKRFcJ cNgqPAf+LcnQKAR+wfdFByQ/Ngd7Xldy1sSFL9m5jgq3wqtK0cXXYXa7fm37Png9 W/bhUg+5ySiU2jdT6m7RviGyDzXA4e4kxGTfkGFrpCOYm3UuwkN2jL5AT6AasaSh USnG/vu2ZsulZ7QJTpHvwyCDaGe4yXaqZfvmyo55/3WjMFe6UBUXhWNdGpAgs4uu LeWnQDrwm8dkGNEhfUXX2u4rNudfgOPHDVaRcqqxb6vW5YFjQNZT17QiijxGZm1W eCRFL8ypuGptZjTJyAgxVtF81ijASU6GOGW0nfCDswhnZQ/KdLaBO5THUVKgXoiv SJl15SO8ZsfvaJvlHkA8BzA/raLr+w== =uxFu -----END PGP SIGNATURE----- --uAKRQypu60I7Lcqm-- From 1581680251492923438@xxx Thu Oct 19 10:10:32 +0000 2017 X-GM-THRID: 1576354368386704057 X-Gmail-Labels: Inbox,Category Forums