Re: [RFC/PATCH] of: Mark property::value as const
From: Frank Rowand
Date: Thu Feb 23 2017 - 14:57:04 EST
On 02/13/17 18:50, Stephen Boyd wrote:
> The 'blob' we pass into populate_properties() is marked as const,
> but we cast that const away when we assign the result of
> fdt_getprop_by_offset() to pp->value. Let's mark value as const
> instead, so that code can't mistakenly write to the value of the
> property that we've so far advertised as const.
>
> Unfortunately, this exposes a problem with the fdt resolver code,
> where we overwrite the value member of properties of phandles to
> update them with their final value. Add a comment for now to
> indicate where we're potentially writing over const data.
The resolver should not be over writing anything in the FDT. I'll
look at what is going on there.
The FDT we expose to user space should be the FDT we booted with,
not something later modified.
-Frank
>
> You can see the problem here by loading an overlay dtb into
> the kernel via the request firmware helper method (not direct
> loading) and then passing that tree to the resolver on an arm64
> device. In this case, the firmware data is vmapped with KERNEL_PAGE_RO
> and the code crashes when attempting to write to the blob to update
> the phandle properties.
>
> Signed-off-by: Stephen Boyd <stephen.boyd@xxxxxxxxxx>
> ---
>
> I was thinking perhaps it would work to store another __be32 variant
> of the phandle in each device node, but then we still have a problem
> with properties that have phandles inside them at some offset that we
> need to update. I guess the only real solution is to deep copy the
> property in that case and then save around some info to free the
> duplicated property later on?
>
> drivers/of/base.c | 2 +-
> drivers/of/fdt.c | 12 ++++++------
> drivers/of/resolver.c | 3 +++
> include/linux/of.h | 2 +-
> 4 files changed, 11 insertions(+), 8 deletions(-)
< snip >