From patchwork Tue Feb 14 02:50:40 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephen Boyd X-Patchwork-Id: 93915 Delivered-To: patch@linaro.org Received: by 10.182.3.34 with SMTP id 2csp1204556obz; Mon, 13 Feb 2017 18:50:45 -0800 (PST) X-Received: by 10.84.232.67 with SMTP id f3mr33447483pln.55.1487040645570; Mon, 13 Feb 2017 18:50:45 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y6si11680966pgc.350.2017.02.13.18.50.45; Mon, 13 Feb 2017 18:50:45 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of devicetree-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of devicetree-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=devicetree-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751480AbdBNCuo (ORCPT + 7 others); Mon, 13 Feb 2017 21:50:44 -0500 Received: from mail-it0-f53.google.com ([209.85.214.53]:37215 "EHLO mail-it0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750943AbdBNCun (ORCPT ); Mon, 13 Feb 2017 21:50:43 -0500 Received: by mail-it0-f53.google.com with SMTP id x75so15072318itb.0 for ; Mon, 13 Feb 2017 18:50:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=8YEYE9GuWehgGHTCsiHy8OjujOmJCm5b3ZKOuIIdZWM=; b=WRIz+kcQghFEUor2nZA/VlRbEuS1k8Z5wUgP1llNTJe8psbXsT4PYgNN24M32Nmwpj fhU6B2qN7oiJ+zOO56PnMHczTG0FtlogIb55Qad6r1B4N6qqlIdQS7wJqsgTPYm8/vva dOZnboB/Ga50fgHE2L2zbPBDA9ndO6dZwj7sU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=8YEYE9GuWehgGHTCsiHy8OjujOmJCm5b3ZKOuIIdZWM=; b=NAmhj76RAo90Tz8Y7vyWa8Ui5p7x9OlnqIzb/IlGp/mZNUi46wL3dT1BNz0EDbv2U4 CO5z/vr1+t5gvA33/kdGx/LnZyNI6tzdTufU6l+hYv8lY4gMw3z7Sq7BpmSMeY8ZdXIJ 3TfFGzuAQvryowkv1ER22Ow00CoV1d6rCV/k6cajPRRpiJ16nPwRm+4GTi/pRCiD9THn fmiUGaIpvZopeYaeUt7maFhEj0Sx6o1bwN0Mq3dTcPt7jmdjVgtDnhy6CNVuBR8Z/Sv+ W1Da0aZ/hzC8f0S4SQcecPPPbkAuEMxbb+smox08RWI/or3t91DKOjpVqyXRU4sTKwJA Jw/Q== X-Gm-Message-State: AMke39mcJH6hD+KiBceD8QmTMSF60dEf77zRtb26/BrHqUJwUG7j9jBOLzM1DC4l7V4prgU3 X-Received: by 10.84.141.164 with SMTP id 33mr33613038plv.86.1487040642242; Mon, 13 Feb 2017 18:50:42 -0800 (PST) Received: from localhost.localdomain (i-global254.qualcomm.com. [199.106.103.254]) by smtp.gmail.com with ESMTPSA id r78sm23264183pfe.55.2017.02.13.18.50.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 13 Feb 2017 18:50:41 -0800 (PST) From: Stephen Boyd To: Rob Herring , Frank Rowand Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, devicetree@vger.kernel.org Subject: [RFC/PATCH] of: Mark property::value as const Date: Mon, 13 Feb 2017 18:50:40 -0800 Message-Id: <20170214025040.23955-1-stephen.boyd@linaro.org> X-Mailer: git-send-email 2.10.0.297.gf6727b0 Sender: devicetree-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: devicetree@vger.kernel.org The 'blob' we pass into populate_properties() is marked as const, but we cast that const away when we assign the result of fdt_getprop_by_offset() to pp->value. Let's mark value as const instead, so that code can't mistakenly write to the value of the property that we've so far advertised as const. Unfortunately, this exposes a problem with the fdt resolver code, where we overwrite the value member of properties of phandles to update them with their final value. Add a comment for now to indicate where we're potentially writing over const data. You can see the problem here by loading an overlay dtb into the kernel via the request firmware helper method (not direct loading) and then passing that tree to the resolver on an arm64 device. In this case, the firmware data is vmapped with KERNEL_PAGE_RO and the code crashes when attempting to write to the blob to update the phandle properties. Signed-off-by: Stephen Boyd --- I was thinking perhaps it would work to store another __be32 variant of the phandle in each device node, but then we still have a problem with properties that have phandles inside them at some offset that we need to update. I guess the only real solution is to deep copy the property in that case and then save around some info to free the duplicated property later on? drivers/of/base.c | 2 +- drivers/of/fdt.c | 12 ++++++------ drivers/of/resolver.c | 3 +++ include/linux/of.h | 2 +- 4 files changed, 11 insertions(+), 8 deletions(-) -- 2.10.0.297.gf6727b0 -- To unsubscribe from this list: send the line "unsubscribe devicetree" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Signed-off-by: Stephen Boyd diff --git a/drivers/of/base.c b/drivers/of/base.c index fb6bb855714e..8e5f29b814c9 100644 --- a/drivers/of/base.c +++ b/drivers/of/base.c @@ -1156,7 +1156,7 @@ EXPORT_SYMBOL_GPL(of_property_count_elems_of_size); * property data is too small or too large. * */ -static void *of_find_property_value_of_size(const struct device_node *np, +static const void *of_find_property_value_of_size(const struct device_node *np, const char *propname, u32 min, u32 max, size_t *len) { struct property *prop = of_find_property(np, propname, NULL); diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c index c9b5cac03b36..0635ef5dabf3 100644 --- a/drivers/of/fdt.c +++ b/drivers/of/fdt.c @@ -222,7 +222,7 @@ static void populate_properties(const void *blob, pp->name = (char *)pname; pp->length = sz; - pp->value = (__be32 *)val; + pp->value = val; *pprev = pp; pprev = &pp->next; } @@ -232,6 +232,7 @@ static void populate_properties(const void *blob, */ if (!has_name) { const char *p = nodename, *ps = p, *pa = NULL; + char *b; int len; while (*p) { @@ -250,13 +251,12 @@ static void populate_properties(const void *blob, if (!dryrun) { pp->name = "name"; pp->length = len; - pp->value = pp + 1; + pp->value = b = (char *)(pp + 1); *pprev = pp; pprev = &pp->next; - memcpy(pp->value, ps, len - 1); - ((char *)pp->value)[len - 1] = 0; - pr_debug("fixed up name for %s -> %s\n", - nodename, (char *)pp->value); + memcpy(b, ps, len - 1); + b[len - 1] = 0; + pr_debug("fixed up name for %s -> %s\n", nodename, b); } } diff --git a/drivers/of/resolver.c b/drivers/of/resolver.c index 8bf12e904fd2..6d88f8100318 100644 --- a/drivers/of/resolver.c +++ b/drivers/of/resolver.c @@ -93,6 +93,7 @@ static void adjust_overlay_phandles(struct device_node *overlay, if (phandle == OF_PHANDLE_ILLEGAL) continue; + /* This is bad because we cast away const */ *(uint32_t *)prop->value = cpu_to_be32(overlay->phandle); } @@ -154,6 +155,7 @@ static int update_usages_of_a_phandle_reference(struct device_node *overlay, goto err_fail; } + /* This is bad because we cast away const */ *(__be32 *)(prop->value + offset) = cpu_to_be32(phandle); } @@ -222,6 +224,7 @@ static int adjust_local_phandle_references(struct device_node *local_fixups, phandle = be32_to_cpu(*(__be32 *)(prop->value + off)); phandle += phandle_delta; + /* This is bad because we cast away const */ *(__be32 *)(prop->value + off) = cpu_to_be32(phandle); } } diff --git a/include/linux/of.h b/include/linux/of.h index f22d4a83ca07..b0253886ef46 100644 --- a/include/linux/of.h +++ b/include/linux/of.h @@ -35,7 +35,7 @@ typedef u32 ihandle; struct property { char *name; int length; - void *value; + const void *value; struct property *next; unsigned long _flags; unsigned int unique_id;