kernel/linux.git/drivers/of/overlay.c, branch v4.17.1

of: overlay: Stop leaking resources on overlay removal

2018-04-27T02:18:13+00:00

Only the overlay notifier callbacks have a chance to potentially get hold of references to those two resources, but they are not supposed to store them beyond OF_OVERLAY_POST_REMOVE. Document the overlay notifier API, its constraint regarding pointer lifetime, and then remove intentional leaks of ovcs->overlay_tree and ovcs->fdt from free_overlay_changeset. See also https://lkml.org/lkml/2018/4/23/1063 and following. Signed-off-by: Jan Kiszka Reviewed-by: Frank Rowand Signed-off-by: Rob Herring

of: overlay: Fix forgotten reference to of_overlay_apply()

2018-03-17T23:18:38+00:00

While technically the ovcs_id is still returned by of_overlay_apply(), this is an internal function. All public callers of of_overlay_remove() pass an ovcs_id returned by the public function of_overlay_fdt_apply(). Fixes: 39a751a4cb7e4798 ("of: change overlay apply input data from unflattened to FDT") Signed-off-by: Geert Uytterhoeven Signed-off-by: Rob Herring

of: overlay: do not include path in full_name of added nodes

2018-03-05T21:38:34+00:00

Struct device_node full_name no longer includes the full path name when the devicetree is created from a flattened device tree (FDT). The overlay node creation code was not modified to reflect this change. Fix the node full_name generated by overlay code to contain only the basename. Unittests call an overlay internal function to create new nodes. Fix up these calls to provide basename only instead of the full path. Fixes: a7e4cfb0a7ca ("of/fdt: only store the device node basename in full_name") Signed-off-by: Frank Rowand Signed-off-by: Rob Herring

of: improve reporting invalid overlay target path

2018-03-04T08:29:40+00:00

Errors while developing the patch to create of_overlay_fdt_apply() exposed inadequate error messages to debug problems when overlay devicetree fragment nodes contain an invalid target path. Improve the messages in find_target_node() to remedy this. Signed-off-by: Frank Rowand

of: change overlay apply input data from unflattened to FDT

2018-03-04T08:29:24+00:00

Move duplicating and unflattening of an overlay flattened devicetree (FDT) into the overlay application code. To accomplish this, of_overlay_apply() is replaced by of_overlay_fdt_apply(). The copy of the FDT (aka "duplicate FDT") now belongs to devicetree code, which is thus responsible for freeing the duplicate FDT. The caller of of_overlay_fdt_apply() remains responsible for freeing the original FDT. The unflattened devicetree now belongs to devicetree code, which is thus responsible for freeing the unflattened devicetree. These ownership changes prevent early freeing of the duplicated FDT or the unflattened devicetree, which could result in use after free errors. of_overlay_fdt_apply() is a private function for the anticipated overlay loader. Update unittest.c to use of_overlay_fdt_apply() instead of of_overlay_apply(). Move overlay fragments from artificial locations in drivers/of/unittest-data/tests-overlay.dtsi into one devicetree source file per overlay. This led to changes in drivers/of/unitest-data/Makefile and drivers/of/unitest.c. - Add overlay directives to the overlay devicetree source files so that dtc will compile them as true overlays into one FDT data chunk per overlay. - Set CFLAGS for drivers/of/unittest-data/testcases.dts so that symbols will be generated for overlay resolution of overlays that are no longer artificially contained in testcases.dts - Unflatten and apply each unittest overlay FDT using of_overlay_fdt_apply(). - Enable the of_resolve_phandles() check for whether the unflattened overlay is detached. This check was previously disabled because the overlays from tests-overlay.dtsi were not unflattened into detached trees. - Other changes to unittest.c infrastructure to manage multiple test FDTs built into the kernel image (access by name instead of arbitrary number). - of_unittest_overlay_high_level(): previously unused code to add properties from the overlay_base devicetree to the live tree was triggered by the restructuring of tests-overlay.dtsi and thus testcases.dts. This exposed two bugs: (1) the need to dup a property before adding it, and (2) property 'name' is auto-generated in the unflatten code and thus will be a duplicate in the __symbols__ node - do not treat this duplicate as an error. Signed-off-by: Frank Rowand

of: Use SPDX license tag for DT files

2018-01-08T14:22:45+00:00

Convert remaining DT files to use SPDX-License-Identifier tags. Cc: Benjamin Herrenschmidt Cc: Guennadi Liakhovetski Cc: Paul Mackerras Cc: Pantelis Antoniou Reviewed-by: Frank Rowand Reviewed-by: Philippe Ombredanne Signed-off-by: Rob Herring

of: overlay: Make node skipping in init_overlay_changeset() clearer

2017-12-08T15:32:18+00:00

Make it more clear that nodes without "__overlay__" subnodes are skipped, by reverting the logic and using continue. This also reduces indentation level. Signed-off-by: Geert Uytterhoeven Signed-off-by: Rob Herring

of: overlay: Fix out-of-bounds write in init_overlay_changeset()

2017-12-08T15:32:10+00:00

If an overlay has no "__symbols__" node, but it has nodes without "__overlay__" subnodes at the end (e.g. a "__fixups__" node), after filling in all fragments for nodes with "__overlay__" subnodes, "fragment = &fragments[cnt]" will point beyond the end of the allocated array. Hence writing to "fragment->overlay" will overwrite unallocated memory, which may lead to a crash later. Fix this by deferring both the assignment to "fragment" and the offending write afterwards until we know for sure the node has an "__overlay__" subnode, and thus a valid entry in "fragments[]". Fixes: 61b4de4e0b384f4a ("of: overlay: minor restructuring") Signed-off-by: Geert Uytterhoeven Signed-off-by: Rob Herring

of: overlay: Fix (un)locking in of_overlay_apply()

2017-12-06T22:08:30+00:00

The special overlay mutex is taken first, hence it should be released last in the error path. of_resolve_phandles() must be called with of_mutex held. Without it, a node and new phandle could be added via of_attach_node(), making the max phandle wrong. free_overlay_changeset() must be called with of_mutex held, if any non-trivial cleanup is to be done. Hence move "mutex_lock(&of_mutex)" up, as suggested by Frank, and merge the two tail statements of the success and error paths, now they became identical. Note that while the two mutexes are adjacent, we still need both: __of_changeset_apply_notify(), which is called by __of_changeset_apply() unlocks of_mutex, then does notifications then locks of_mutex. So the mutex get released in the middle of of_overlay_apply() Fixes: f948d6d8b792bb90 ("of: overlay: avoid race condition between applying multiple overlays") Signed-off-by: Geert Uytterhoeven Reviewed-by: Frank Rowand Signed-off-by: Rob Herring

of: overlay: Fix memory leak in of_overlay_apply() error path

2017-12-06T22:04:36+00:00

If of_resolve_phandles() fails, free_overlay_changeset() is called in the error path. However, that function returns early if the list hasn't been initialized yet, before freeing the object. Explicitly calling kfree() instead would solve that issue. However, that complicates matter, by having to consider which of two different methods to use to dispose of the same object. Hence make free_overlay_changeset() consider initialization state of the different parts of the object, making it always safe to call (once!) to dispose of a (partially) initialized overlay_changeset: - Only destroy the changeset if the list was initialized, - Make init_overlay_changeset() store the ID in ovcs->id on success, to avoid calling idr_remove() with an error value or an already released ID. Reported-by: Colin King Fixes: f948d6d8b792bb90 ("of: overlay: avoid race condition between applying multiple overlays") Signed-off-by: Geert Uytterhoeven Reviewed-by: Frank Rowand Signed-off-by: Rob Herring