[U-Boot] [PATCH v3 10/12] libfdt: Add overlay application function

[Maxime Ripard <maxime.ripard@free-electrons.com>]

Hi David,

On Mon, Jun 27, 2016 at 03:26:07PM +1000, David Gibson wrote:
> > +static uint32_t overlay_get_target_phandle(const void *fdto, int fragment)
> > +{
> > +	const uint32_t *val;
> > +	int len;
> > +
> > +	val = fdt_getprop(fdto, fragment, "target", &len);
> > +	if (!val || (*val == 0xffffffff) || (len != sizeof(*val)))
> > +		return 0;
> 
> This doesn't distinguish between a missing property (which may
> indicate a valid overlay using a target-path or some other method)
> and a badly formatted 'target' property, which is definitely an error
> in the overlay.
> 
> I think those should be treated differently.

AFAIK, phandles can have any 32 bits values but 0xffffffff. In order
to cover the two cases, we would need to have some error code, but
that doesn't really work with returning a uint32_t.

Or maybe we can simply remove all the checks but the missing property,
and let fdt_node_offset_by_phandle deal with the improper values?

> 
> > +	return fdt32_to_cpu(*val);
> > +}
> > +
> > +static int overlay_get_target(const void *fdt, const void *fdto,
> > +			      int fragment)
> > +{
> > +	uint32_t phandle;
> > +	const char *path;
> > +
> > +	/* Try first to do a phandle based lookup */
> > +	phandle = overlay_get_target_phandle(fdto, fragment);
> > +	if (phandle)
> > +		return fdt_node_offset_by_phandle(fdt, phandle);
> > +
> > +	/* And then a path based lookup */
> > +	path = fdt_getprop(fdto, fragment, "target-path", NULL);
> > +	if (!path)
> > +		return -FDT_ERR_NOTFOUND;
> > +
> > +	return fdt_path_offset(fdt, path);
> > +}
> > +
> > +static int overlay_phandle_add_offset(void *fdt, int node,
> > +				      const char *name, uint32_t delta)
> > +{
> > +	const uint32_t *val;
> > +	uint32_t adj_val;
> > +	int len;
> > +
> > +	val = fdt_getprop(fdt, node, name, &len);
> > +	if (!val)
> > +		return len;
> > +
> > +	if (len != sizeof(*val))
> > +		return -FDT_ERR_BADSTRUCTURE;
> > +
> > +	adj_val = fdt32_to_cpu(*val);
> > +	adj_val += delta;
> 
> You should probably check for overflow here.
> 
> > +
> > +	return fdt_setprop_inplace_u32(fdt, node, name, adj_val);
> > +}
> > +
> > +static int overlay_adjust_node_phandles(void *fdto, int node,
> > +					uint32_t delta)
> > +{
> > +	bool found = false;
> > +	int child;
> > +	int ret;
> > +
> > +	ret = overlay_phandle_add_offset(fdto, node, "phandle", delta);
> > +	if (ret && ret != -FDT_ERR_NOTFOUND)
> > +		return ret;
> > +
> > +	if (!ret)
> > +		found = true;
> > +
> > +	ret = overlay_phandle_add_offset(fdto, node, "linux,phandle", delta);
> > +	if (ret && ret != -FDT_ERR_NOTFOUND)
> > +		return ret;
> 
> I think the check for phandle vs. linux,phandle should be folded into
> overlay_phandle_add_offset().

I created overlay_phandle_add_offset to avoid duplicating the getprop,
offset, setprop, pattern which I don't think is a good idea.

And we'll have to have that kind of errors construct anyway to know if
we modified any of the two, which is a success, or none, which is a
failure.

> > +	/*
> > +	 * If neither phandle nor linux,phandle have been found return
> > +	 * an error.
> > +	 */
> > +	if (!found && !ret)
> > +		return ret;
> > +
> > +	fdt_for_each_subnode(fdto, child, node)
> > +		overlay_adjust_node_phandles(fdto, child, delta);
> > +
> > +	return 0;
> > +}
> > +
> > +static int overlay_adjust_local_phandles(void *fdto, uint32_t delta)
> > +{
> > +	/*
> > +	 * Start adjusting the phandles from the overlay root
> > +	 */
> > +	return overlay_adjust_node_phandles(fdto, 0, delta);
> > +}
> > +
> > +static int overlay_update_local_node_references(void *fdto,
> > +						int tree_node,
> > +						int fixup_node,
> > +						uint32_t delta)
> > +{
> > +	int fixup_prop;
> > +	int fixup_child;
> > +	int ret;
> > +
> > +	fdt_for_each_property_offset(fixup_prop, fdto, fixup_node) {
> > +		const uint32_t *val = NULL;
> > +		uint32_t adj_val, index;
> > +		const char *name;
> > +		int fixup_len;
> > +		int tree_len;
> > +
> > +		val = fdt_getprop_by_offset(fdto, fixup_prop,
> > +					    &name, &fixup_len);
> > +		if (!val)
> > +			return fixup_len;
> > +		index = fdt32_to_cpu(*val);
> 
> This still doesn't handle the case of multiple fixups within the same
> property.  That would be entirely plausible for something like an
> interrupt-map property.

Good point, I'll fix that and add a test case for it.

> > +		val = fdt_getprop(fdto, tree_node, name, &tree_len);
> > +		if (!val)
> > +			return tree_len;
> > +
> > +		adj_val = fdt32_to_cpu(*(val + (index / sizeof(uint32_t))));
> 
> phandle values need not be aligned within the property containint them
> (e.g. properties which mix strings and integer values).  So you're
> going to need to work directly with a byte offset here.

I didn't even know it was something that was valid.

It would probably require a temporary variable and a memcpy though to
deal with architectures that cannot do unaligned accesses.

> 
> > +		adj_val += delta;
> > +		adj_val = cpu_to_fdt32(adj_val);
> > +
> > +		ret = fdt_setprop_inplace_namelen_by_index(fdto, tree_node,
> > +							   name, strlen(name),
> > +							   index, &adj_val,
> > +							   sizeof(adj_val));
> > +		if (ret)
> > +			return ret;
> > +	}
> > +
> > +	fdt_for_each_subnode(fdto, fixup_child, fixup_node) {
> > +		const char *fixup_child_name = fdt_get_name(fdto, fixup_child,
> > +							    NULL);
> > +		int tree_child;
> > +
> > +		tree_child = fdt_subnode_offset(fdto, tree_node,
> > +						fixup_child_name);
> > +		if (tree_child < 0)
> > +			return tree_child;
> > +
> > +		ret = overlay_update_local_node_references(fdto,
> > +							   tree_child,
> > +							   fixup_child,
> > +							   delta);
> > +		if (ret)
> > +			return ret;
> > +	}
> > +
> > +	return 0;
> > +}
> > +
> > +static int overlay_update_local_references(void *dto, uint32_t delta)
> > +{
> > +	int fixups;
> > +
> > +	fixups = fdt_path_offset(dto, "/__local_fixups__");
> > +	if (fixups < 0) {
> > +		/*
> > +		 * There's no local phandles to adjust, bail out
> > +		 */
> > +		if (fixups == -FDT_ERR_NOTFOUND)
> > +			return 0;
> > +
> > +		return fixups;
> > +	}
> > +
> > +	/*
> > +	 * Update our local references from the root of the tree
> > +	 */
> > +	return overlay_update_local_node_references(dto, 0, fixups,
> > +						    delta);
> > +}
> > +
> > +static int overlay_fixup_one_phandle(void *fdt, void *fdto,
> > +				     int symbols_off,
> > +				     const char *path, uint32_t path_len,
> > +				     const char *name, uint32_t name_len,
> > +				     int index, const char *label)
> > +{
> > +	const char *symbol_path;
> > +	uint32_t phandle;
> > +	int symbol_off, fixup_off;
> > +	int prop_len;
> > +
> > +	symbol_path = fdt_getprop(fdt, symbols_off, label,
> > +				  &prop_len);
> > +	if (!symbol_path)
> > +		return -FDT_ERR_NOTFOUND;
> > +
> > +	symbol_off = fdt_path_offset(fdt, symbol_path);
> > +	if (symbol_off < 0)
> > +		return symbol_off;
> > +
> > +	phandle = fdt_get_phandle(fdt, symbol_off);
> > +	if (!phandle)
> > +		return -FDT_ERR_NOTFOUND;
> > +
> > +	fixup_off = fdt_path_offset_namelen(fdto, path, path_len);
> > +	if (fixup_off < 0)
> > +		return fixup_off;
> > +
> > +	phandle = cpu_to_fdt32(phandle);
> > +	return fdt_setprop_inplace_namelen_by_index(fdto, fixup_off,
> > +						    name, name_len, index,
> > +						    &phandle, sizeof(phandle));
> 
> This will be broken on BE systems because fdt_get_phandle() byteswaps
> to native order, but setprop_inplace doesn't byteswap back (because
> it's input is a byte array, not a u32).

Hmmmm, so calling cpu_to_fdt32 is not enough? I'm not sure what the
proper fix for that would be.

> > +};
> > +
> > +static int overlay_fixup_phandle(void *fdt, void *fdto, int symbols_off,
> > +				 int property)
> > +{
> > +	const char *value;
> > +	const char *label;
> > +	int len;
> > +
> > +	value = fdt_getprop_by_offset(fdto, property,
> > +				      &label, &len);
> > +	if (!value)
> > +		return len;
> > +
> > +	do {
> > +		const char *prop_string = value;
> > +		const char *path, *name;
> > +		uint32_t path_len, name_len;
> > +		char *sep, *endptr;
> > +		int index;
> > +		int ret;
> > +
> > +		path = prop_string;
> > +		sep = strchr(prop_string, ':');
> > +		path_len = sep - path;
> 
> You need to check for strchr() returning NULL (indicating a badly
> formatted fixup missing a separator).
> 
> Also... strchr() is not safe.  Again, if the fixup string is badly
> formatted and doesn't have a terminating \0, this could overrun, so
> you want memchr() instead.

Ok

> > +		name = sep + 1;
> > +		sep = strchr(name, ':');
> > +		name_len = sep - name;
> 
> And again.
> 
> > +		index = strtoul(sep + 1, &endptr, 10);
> > +		if (endptr <= (sep + 1))
> > +			return -FDT_ERR_BADSTRUCTURE;
> 
> IIRC the index value is supposed to go to the end of that portion of
> the fixup, so you should be able to check for *endptr == '\0'.
> 
> Except.. strtoul() could also overrun if the fixup property doesn't
> contain a \0 like it should.
> 
> So I think you'd be better off using a memchr() (or strnlen()) to
> search for the \0 before you attempt parsing the innards of a single
> fixup string.

Ok

> Ugh.  I hate that we're parsing text numbers in decimal here, but
> we're pretty much stuck with that format here.  Doubly so that it's a
> gratuitously different way of encoding the (node, property, offset)
> tuple from local_fixups.

I'm not sure to get what you're saying here. Is that a general remark
on the format used by the overlays, or an hint that my code should be
reworked to deal with this differently?

> 
> > +		index = strtoul(sep + 1, &endptr, 10);
> > +		if (endptr <= (sep + 1))
> > +			return -FDT_ERR_BADSTRUCTURE;
> > +
> > +		len -= strlen(prop_string) + 1;
> > +		value += strlen(prop_string) + 1;
> 
> Please don't double call strlen() on the same string - remember it's
> O(n) in C.

Ok

> > +
> > +		ret = overlay_fixup_one_phandle(fdt, fdto, symbols_off,
> > +						path, path_len, name, name_len,
> > +						index, label);
> > +		if (ret)
> > +			return ret;
> > +	} while (len > 0);
> > +
> > +	return 0;
> > +}
> > +
> > +static int overlay_fixup_phandles(void *dt, void *dto)
> > +{
> > +	int fixups_off, symbols_off;
> > +	int property;
> > +
> > +	symbols_off = fdt_path_offset(dt, "/__symbols__");
> > +	fixups_off = fdt_path_offset(dto, "/__fixups__");
> > +
> > +	fdt_for_each_property_offset(property, dto, fixups_off)
> > +		overlay_fixup_phandle(dt, dto, symbols_off, property);
> > +
> > +	return 0;
> > +}
> > +
> > +static int apply_overlay_node(void *dt, int target,
> > +			      void *dto, int overlay)
> 
> I think 'overlay' should be 'fragment' here for consistency?

Ok.

> > +{
> > +	int property;
> > +	int node;
> > +
> > +	fdt_for_each_property_offset(property, dto, overlay) {
> > +		const char *name;
> > +		const void *prop;
> > +		int prop_len;
> > +		int ret;
> > +
> > +		prop = fdt_getprop_by_offset(dto, property, &name,
> > +					     &prop_len);
> > +		if (!prop)
> > +			return -FDT_ERR_INTERNAL;
> 
> Actually, you probably should check the error code returned in
> prop_len.  Getting a NOTFOUND would indicate an internal error, but
> you could also get BADSTRUCTURE or similar errors which would indicate
> an error in input.

Ok.

> > +int fdt_overlay_apply(void *fdt, void *fdto)
> > +{
> > +	uint32_t delta = fdt_get_max_phandle(fdt) + 1;
> > +	int ret;
> > +
> > +	FDT_CHECK_HEADER(fdt);
> > +	FDT_CHECK_HEADER(fdto);
> > +
> > +	ret = overlay_adjust_local_phandles(fdto, delta);
> > +	if (ret)
> > +		goto err;
> > +
> > +	ret = overlay_update_local_references(fdto, delta);
> > +	if (ret)
> > +		goto err;
> > +
> > +	ret = overlay_fixup_phandles(fdt, fdto);
> > +	if (ret)
> > +		goto err;
> > +
> > +	ret = overlay_merge(fdt, fdto);
> > +	if (!ret)
> > +		goto out;
> > +
> > +err:
> 
> This is a confusing use of gotos - this looks like it is in the exit
> path for both success and failure cases, but it's not due to the
> easy-to-miss goto out above.

I know, but I couldn't really come up with something better to avoid
code duplication.

Or maybe it's too small to care?

Thanks a lot for your review,
Maxime



-- 
Maxime Ripard, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160627/9a2bda55/attachment.sig>