1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Functions for working with device tree overlays
4 *
5 * Copyright (C) 2012 Pantelis Antoniou <panto@antoniou-consulting.com>
6 * Copyright (C) 2012 Texas Instruments Inc.
7 */
8
9 #define pr_fmt(fmt) "OF: overlay: " fmt
10
11 #include <linux/kernel.h>
12 #include <linux/module.h>
13 #include <linux/of.h>
14 #include <linux/of_device.h>
15 #include <linux/of_fdt.h>
16 #include <linux/string.h>
17 #include <linux/ctype.h>
18 #include <linux/errno.h>
19 #include <linux/slab.h>
20 #include <linux/libfdt.h>
21 #include <linux/err.h>
22 #include <linux/idr.h>
23
24 #include "of_private.h"
25
26 /**
27 * struct target - info about current target node as recursing through overlay
28 * @np: node where current level of overlay will be applied
29 * @in_livetree: @np is a node in the live devicetree
30 *
31 * Used in the algorithm to create the portion of a changeset that describes
32 * an overlay fragment, which is a devicetree subtree. Initially @np is a node
33 * in the live devicetree where the overlay subtree is targeted to be grafted
34 * into. When recursing to the next level of the overlay subtree, the target
35 * also recurses to the next level of the live devicetree, as long as overlay
36 * subtree node also exists in the live devicetree. When a node in the overlay
37 * subtree does not exist at the same level in the live devicetree, target->np
38 * points to a newly allocated node, and all subsequent targets in the subtree
39 * will be newly allocated nodes.
40 */
41 struct target {
42 struct device_node *np;
43 bool in_livetree;
44 };
45
46 /**
47 * struct fragment - info about fragment nodes in overlay expanded device tree
48 * @overlay: pointer to the __overlay__ node
49 * @target: target of the overlay operation
50 */
51 struct fragment {
52 struct device_node *overlay;
53 struct device_node *target;
54 };
55
56 /**
57 * struct overlay_changeset
58 * @id: changeset identifier
59 * @ovcs_list: list on which we are located
60 * @new_fdt: Memory allocated to hold unflattened aligned FDT
61 * @overlay_mem: the memory chunk that contains @overlay_root
62 * @overlay_root: expanded device tree that contains the fragment nodes
63 * @notify_state: most recent notify action used on overlay
64 * @count: count of fragment structures
65 * @fragments: fragment nodes in the overlay expanded device tree
66 * @symbols_fragment: last element of @fragments[] is the __symbols__ node
67 * @cset: changeset to apply fragments to live device tree
68 */
69 struct overlay_changeset {
70 int id;
71 struct list_head ovcs_list;
72 const void *new_fdt;
73 const void *overlay_mem;
74 struct device_node *overlay_root;
75 enum of_overlay_notify_action notify_state;
76 int count;
77 struct fragment *fragments;
78 bool symbols_fragment;
79 struct of_changeset cset;
80 };
81
82 /* flags are sticky - once set, do not reset */
83 static int devicetree_state_flags;
84 #define DTSF_APPLY_FAIL 0x01
85 #define DTSF_REVERT_FAIL 0x02
86
87 /*
88 * If a changeset apply or revert encounters an error, an attempt will
89 * be made to undo partial changes, but may fail. If the undo fails
90 * we do not know the state of the devicetree.
91 */
devicetree_corrupt(void)92 static int devicetree_corrupt(void)
93 {
94 return devicetree_state_flags &
95 (DTSF_APPLY_FAIL | DTSF_REVERT_FAIL);
96 }
97
98 static int build_changeset_next_level(struct overlay_changeset *ovcs,
99 struct target *target, const struct device_node *overlay_node);
100
101 /*
102 * of_resolve_phandles() finds the largest phandle in the live tree.
103 * of_overlay_apply() may add a larger phandle to the live tree.
104 * Do not allow race between two overlays being applied simultaneously:
105 * mutex_lock(&of_overlay_phandle_mutex)
106 * of_resolve_phandles()
107 * of_overlay_apply()
108 * mutex_unlock(&of_overlay_phandle_mutex)
109 */
110 static DEFINE_MUTEX(of_overlay_phandle_mutex);
111
of_overlay_mutex_lock(void)112 void of_overlay_mutex_lock(void)
113 {
114 mutex_lock(&of_overlay_phandle_mutex);
115 }
116
of_overlay_mutex_unlock(void)117 void of_overlay_mutex_unlock(void)
118 {
119 mutex_unlock(&of_overlay_phandle_mutex);
120 }
121
122 static LIST_HEAD(ovcs_list);
123 static DEFINE_IDR(ovcs_idr);
124
125 static BLOCKING_NOTIFIER_HEAD(overlay_notify_chain);
126
127 /**
128 * of_overlay_notifier_register() - Register notifier for overlay operations
129 * @nb: Notifier block to register
130 *
131 * Register for notification on overlay operations on device tree nodes. The
132 * reported actions definied by @of_reconfig_change. The notifier callback
133 * furthermore receives a pointer to the affected device tree node.
134 *
135 * Note that a notifier callback is not supposed to store pointers to a device
136 * tree node or its content beyond @OF_OVERLAY_POST_REMOVE corresponding to the
137 * respective node it received.
138 */
of_overlay_notifier_register(struct notifier_block * nb)139 int of_overlay_notifier_register(struct notifier_block *nb)
140 {
141 return blocking_notifier_chain_register(&overlay_notify_chain, nb);
142 }
143 EXPORT_SYMBOL_GPL(of_overlay_notifier_register);
144
145 /**
146 * of_overlay_notifier_unregister() - Unregister notifier for overlay operations
147 * @nb: Notifier block to unregister
148 */
of_overlay_notifier_unregister(struct notifier_block * nb)149 int of_overlay_notifier_unregister(struct notifier_block *nb)
150 {
151 return blocking_notifier_chain_unregister(&overlay_notify_chain, nb);
152 }
153 EXPORT_SYMBOL_GPL(of_overlay_notifier_unregister);
154
overlay_notify(struct overlay_changeset * ovcs,enum of_overlay_notify_action action)155 static int overlay_notify(struct overlay_changeset *ovcs,
156 enum of_overlay_notify_action action)
157 {
158 struct of_overlay_notify_data nd;
159 int i, ret;
160
161 ovcs->notify_state = action;
162
163 for (i = 0; i < ovcs->count; i++) {
164 struct fragment *fragment = &ovcs->fragments[i];
165
166 nd.target = fragment->target;
167 nd.overlay = fragment->overlay;
168
169 ret = blocking_notifier_call_chain(&overlay_notify_chain,
170 action, &nd);
171 if (notifier_to_errno(ret)) {
172 ret = notifier_to_errno(ret);
173 pr_err("overlay changeset %s notifier error %d, target: %pOF\n",
174 of_overlay_action_name(action), ret, nd.target);
175 return ret;
176 }
177 }
178
179 return 0;
180 }
181
182 /*
183 * The values of properties in the "/__symbols__" node are paths in
184 * the ovcs->overlay_root. When duplicating the properties, the paths
185 * need to be adjusted to be the correct path for the live device tree.
186 *
187 * The paths refer to a node in the subtree of a fragment node's "__overlay__"
188 * node, for example "/fragment@0/__overlay__/symbol_path_tail",
189 * where symbol_path_tail can be a single node or it may be a multi-node path.
190 *
191 * The duplicated property value will be modified by replacing the
192 * "/fragment_name/__overlay/" portion of the value with the target
193 * path from the fragment node.
194 */
dup_and_fixup_symbol_prop(struct overlay_changeset * ovcs,const struct property * prop)195 static struct property *dup_and_fixup_symbol_prop(
196 struct overlay_changeset *ovcs, const struct property *prop)
197 {
198 struct fragment *fragment;
199 struct property *new_prop;
200 struct device_node *fragment_node;
201 struct device_node *overlay_node;
202 const char *path;
203 const char *path_tail;
204 const char *target_path;
205 int k;
206 int overlay_name_len;
207 int path_len;
208 int path_tail_len;
209 int target_path_len;
210
211 if (!prop->value)
212 return NULL;
213 if (strnlen(prop->value, prop->length) >= prop->length)
214 return NULL;
215 path = prop->value;
216 path_len = strlen(path);
217
218 if (path_len < 1)
219 return NULL;
220 fragment_node = __of_find_node_by_path(ovcs->overlay_root, path + 1);
221 overlay_node = __of_find_node_by_path(fragment_node, "__overlay__/");
222 of_node_put(fragment_node);
223 of_node_put(overlay_node);
224
225 for (k = 0; k < ovcs->count; k++) {
226 fragment = &ovcs->fragments[k];
227 if (fragment->overlay == overlay_node)
228 break;
229 }
230 if (k >= ovcs->count)
231 return NULL;
232
233 overlay_name_len = snprintf(NULL, 0, "%pOF", fragment->overlay);
234
235 if (overlay_name_len > path_len)
236 return NULL;
237 path_tail = path + overlay_name_len;
238 path_tail_len = strlen(path_tail);
239
240 target_path = kasprintf(GFP_KERNEL, "%pOF", fragment->target);
241 if (!target_path)
242 return NULL;
243 target_path_len = strlen(target_path);
244
245 new_prop = kzalloc(sizeof(*new_prop), GFP_KERNEL);
246 if (!new_prop)
247 goto err_free_target_path;
248
249 new_prop->name = kstrdup(prop->name, GFP_KERNEL);
250 new_prop->length = target_path_len + path_tail_len + 1;
251 new_prop->value = kzalloc(new_prop->length, GFP_KERNEL);
252 if (!new_prop->name || !new_prop->value)
253 goto err_free_new_prop;
254
255 strcpy(new_prop->value, target_path);
256 strcpy(new_prop->value + target_path_len, path_tail);
257
258 of_property_set_flag(new_prop, OF_DYNAMIC);
259
260 kfree(target_path);
261
262 return new_prop;
263
264 err_free_new_prop:
265 __of_prop_free(new_prop);
266 err_free_target_path:
267 kfree(target_path);
268
269 return NULL;
270 }
271
272 /**
273 * add_changeset_property() - add @overlay_prop to overlay changeset
274 * @ovcs: overlay changeset
275 * @target: where @overlay_prop will be placed
276 * @overlay_prop: property to add or update, from overlay tree
277 * @is_symbols_prop: 1 if @overlay_prop is from node "/__symbols__"
278 *
279 * If @overlay_prop does not already exist in live devicetree, add changeset
280 * entry to add @overlay_prop in @target, else add changeset entry to update
281 * value of @overlay_prop.
282 *
283 * @target may be either in the live devicetree or in a new subtree that
284 * is contained in the changeset.
285 *
286 * Some special properties are not added or updated (no error returned):
287 * "name", "phandle", "linux,phandle".
288 *
289 * Properties "#address-cells" and "#size-cells" are not updated if they
290 * are already in the live tree, but if present in the live tree, the values
291 * in the overlay must match the values in the live tree.
292 *
293 * Update of property in symbols node is not allowed.
294 *
295 * Return: 0 on success, -ENOMEM if memory allocation failure, or -EINVAL if
296 * invalid @overlay.
297 */
add_changeset_property(struct overlay_changeset * ovcs,struct target * target,struct property * overlay_prop,bool is_symbols_prop)298 static int add_changeset_property(struct overlay_changeset *ovcs,
299 struct target *target, struct property *overlay_prop,
300 bool is_symbols_prop)
301 {
302 struct property *new_prop = NULL, *prop;
303 int ret = 0;
304
305 if (target->in_livetree)
306 if (!of_prop_cmp(overlay_prop->name, "name") ||
307 !of_prop_cmp(overlay_prop->name, "phandle") ||
308 !of_prop_cmp(overlay_prop->name, "linux,phandle"))
309 return 0;
310
311 if (target->in_livetree)
312 prop = of_find_property(target->np, overlay_prop->name, NULL);
313 else
314 prop = NULL;
315
316 if (prop) {
317 if (!of_prop_cmp(prop->name, "#address-cells")) {
318 if (!of_prop_val_eq(prop, overlay_prop)) {
319 pr_err("ERROR: changing value of #address-cells is not allowed in %pOF\n",
320 target->np);
321 ret = -EINVAL;
322 }
323 return ret;
324
325 } else if (!of_prop_cmp(prop->name, "#size-cells")) {
326 if (!of_prop_val_eq(prop, overlay_prop)) {
327 pr_err("ERROR: changing value of #size-cells is not allowed in %pOF\n",
328 target->np);
329 ret = -EINVAL;
330 }
331 return ret;
332 }
333 }
334
335 if (is_symbols_prop) {
336 if (prop)
337 return -EINVAL;
338 new_prop = dup_and_fixup_symbol_prop(ovcs, overlay_prop);
339 } else {
340 new_prop = __of_prop_dup(overlay_prop, GFP_KERNEL);
341 }
342
343 if (!new_prop)
344 return -ENOMEM;
345
346 if (!prop) {
347 if (!target->in_livetree) {
348 new_prop->next = target->np->deadprops;
349 target->np->deadprops = new_prop;
350 }
351 ret = of_changeset_add_property(&ovcs->cset, target->np,
352 new_prop);
353 } else {
354 ret = of_changeset_update_property(&ovcs->cset, target->np,
355 new_prop);
356 }
357
358 if (!of_node_check_flag(target->np, OF_OVERLAY))
359 pr_err("WARNING: memory leak will occur if overlay removed, property: %pOF/%s\n",
360 target->np, new_prop->name);
361
362 if (ret)
363 __of_prop_free(new_prop);
364 return ret;
365 }
366
367 /**
368 * add_changeset_node() - add @node (and children) to overlay changeset
369 * @ovcs: overlay changeset
370 * @target: where @node will be placed in live tree or changeset
371 * @node: node from within overlay device tree fragment
372 *
373 * If @node does not already exist in @target, add changeset entry
374 * to add @node in @target.
375 *
376 * If @node already exists in @target, and the existing node has
377 * a phandle, the overlay node is not allowed to have a phandle.
378 *
379 * If @node has child nodes, add the children recursively via
380 * build_changeset_next_level().
381 *
382 * NOTE_1: A live devicetree created from a flattened device tree (FDT) will
383 * not contain the full path in node->full_name. Thus an overlay
384 * created from an FDT also will not contain the full path in
385 * node->full_name. However, a live devicetree created from Open
386 * Firmware may have the full path in node->full_name.
387 *
388 * add_changeset_node() follows the FDT convention and does not include
389 * the full path in node->full_name. Even though it expects the overlay
390 * to not contain the full path, it uses kbasename() to remove the
391 * full path should it exist. It also uses kbasename() in comparisons
392 * to nodes in the live devicetree so that it can apply an overlay to
393 * a live devicetree created from Open Firmware.
394 *
395 * NOTE_2: Multiple mods of created nodes not supported.
396 *
397 * Return: 0 on success, -ENOMEM if memory allocation failure, or -EINVAL if
398 * invalid @overlay.
399 */
add_changeset_node(struct overlay_changeset * ovcs,struct target * target,struct device_node * node)400 static int add_changeset_node(struct overlay_changeset *ovcs,
401 struct target *target, struct device_node *node)
402 {
403 const char *node_kbasename;
404 const __be32 *phandle;
405 struct device_node *tchild;
406 struct target target_child;
407 int ret = 0, size;
408
409 node_kbasename = kbasename(node->full_name);
410
411 for_each_child_of_node(target->np, tchild)
412 if (!of_node_cmp(node_kbasename, kbasename(tchild->full_name)))
413 break;
414
415 if (!tchild) {
416 tchild = __of_node_dup(NULL, node_kbasename);
417 if (!tchild)
418 return -ENOMEM;
419
420 tchild->parent = target->np;
421 tchild->name = __of_get_property(node, "name", NULL);
422
423 if (!tchild->name)
424 tchild->name = "<NULL>";
425
426 /* ignore obsolete "linux,phandle" */
427 phandle = __of_get_property(node, "phandle", &size);
428 if (phandle && (size == 4))
429 tchild->phandle = be32_to_cpup(phandle);
430
431 of_node_set_flag(tchild, OF_OVERLAY);
432
433 ret = of_changeset_attach_node(&ovcs->cset, tchild);
434 if (ret)
435 return ret;
436
437 target_child.np = tchild;
438 target_child.in_livetree = false;
439
440 ret = build_changeset_next_level(ovcs, &target_child, node);
441 of_node_put(tchild);
442 return ret;
443 }
444
445 if (node->phandle && tchild->phandle) {
446 ret = -EINVAL;
447 } else {
448 target_child.np = tchild;
449 target_child.in_livetree = target->in_livetree;
450 ret = build_changeset_next_level(ovcs, &target_child, node);
451 }
452 of_node_put(tchild);
453
454 return ret;
455 }
456
457 /**
458 * build_changeset_next_level() - add level of overlay changeset
459 * @ovcs: overlay changeset
460 * @target: where to place @overlay_node in live tree
461 * @overlay_node: node from within an overlay device tree fragment
462 *
463 * Add the properties (if any) and nodes (if any) from @overlay_node to the
464 * @ovcs->cset changeset. If an added node has child nodes, they will
465 * be added recursively.
466 *
467 * Do not allow symbols node to have any children.
468 *
469 * Return: 0 on success, -ENOMEM if memory allocation failure, or -EINVAL if
470 * invalid @overlay_node.
471 */
build_changeset_next_level(struct overlay_changeset * ovcs,struct target * target,const struct device_node * overlay_node)472 static int build_changeset_next_level(struct overlay_changeset *ovcs,
473 struct target *target, const struct device_node *overlay_node)
474 {
475 struct property *prop;
476 int ret;
477
478 for_each_property_of_node(overlay_node, prop) {
479 ret = add_changeset_property(ovcs, target, prop, 0);
480 if (ret) {
481 pr_debug("Failed to apply prop @%pOF/%s, err=%d\n",
482 target->np, prop->name, ret);
483 return ret;
484 }
485 }
486
487 for_each_child_of_node_scoped(overlay_node, child) {
488 ret = add_changeset_node(ovcs, target, child);
489 if (ret) {
490 pr_debug("Failed to apply node @%pOF/%pOFn, err=%d\n",
491 target->np, child, ret);
492 return ret;
493 }
494 }
495
496 return 0;
497 }
498
499 /*
500 * Add the properties from __overlay__ node to the @ovcs->cset changeset.
501 */
build_changeset_symbols_node(struct overlay_changeset * ovcs,struct target * target,const struct device_node * overlay_symbols_node)502 static int build_changeset_symbols_node(struct overlay_changeset *ovcs,
503 struct target *target,
504 const struct device_node *overlay_symbols_node)
505 {
506 struct property *prop;
507 int ret;
508
509 for_each_property_of_node(overlay_symbols_node, prop) {
510 ret = add_changeset_property(ovcs, target, prop, 1);
511 if (ret) {
512 pr_debug("Failed to apply symbols prop @%pOF/%s, err=%d\n",
513 target->np, prop->name, ret);
514 return ret;
515 }
516 }
517
518 return 0;
519 }
520
find_dup_cset_node_entry(struct overlay_changeset * ovcs,struct of_changeset_entry * ce_1)521 static int find_dup_cset_node_entry(struct overlay_changeset *ovcs,
522 struct of_changeset_entry *ce_1)
523 {
524 struct of_changeset_entry *ce_2;
525 char *fn_1, *fn_2;
526 int node_path_match;
527
528 if (ce_1->action != OF_RECONFIG_ATTACH_NODE &&
529 ce_1->action != OF_RECONFIG_DETACH_NODE)
530 return 0;
531
532 ce_2 = ce_1;
533 list_for_each_entry_continue(ce_2, &ovcs->cset.entries, node) {
534 if ((ce_2->action != OF_RECONFIG_ATTACH_NODE &&
535 ce_2->action != OF_RECONFIG_DETACH_NODE) ||
536 of_node_cmp(ce_1->np->full_name, ce_2->np->full_name))
537 continue;
538
539 fn_1 = kasprintf(GFP_KERNEL, "%pOF", ce_1->np);
540 fn_2 = kasprintf(GFP_KERNEL, "%pOF", ce_2->np);
541 node_path_match = !fn_1 || !fn_2 || !strcmp(fn_1, fn_2);
542 kfree(fn_1);
543 kfree(fn_2);
544 if (node_path_match) {
545 pr_err("ERROR: multiple fragments add and/or delete node %pOF\n",
546 ce_1->np);
547 return -EINVAL;
548 }
549 }
550
551 return 0;
552 }
553
find_dup_cset_prop(struct overlay_changeset * ovcs,struct of_changeset_entry * ce_1)554 static int find_dup_cset_prop(struct overlay_changeset *ovcs,
555 struct of_changeset_entry *ce_1)
556 {
557 struct of_changeset_entry *ce_2;
558 char *fn_1, *fn_2;
559 int node_path_match;
560
561 if (ce_1->action != OF_RECONFIG_ADD_PROPERTY &&
562 ce_1->action != OF_RECONFIG_REMOVE_PROPERTY &&
563 ce_1->action != OF_RECONFIG_UPDATE_PROPERTY)
564 return 0;
565
566 ce_2 = ce_1;
567 list_for_each_entry_continue(ce_2, &ovcs->cset.entries, node) {
568 if ((ce_2->action != OF_RECONFIG_ADD_PROPERTY &&
569 ce_2->action != OF_RECONFIG_REMOVE_PROPERTY &&
570 ce_2->action != OF_RECONFIG_UPDATE_PROPERTY) ||
571 of_node_cmp(ce_1->np->full_name, ce_2->np->full_name))
572 continue;
573
574 fn_1 = kasprintf(GFP_KERNEL, "%pOF", ce_1->np);
575 fn_2 = kasprintf(GFP_KERNEL, "%pOF", ce_2->np);
576 node_path_match = !fn_1 || !fn_2 || !strcmp(fn_1, fn_2);
577 kfree(fn_1);
578 kfree(fn_2);
579 if (node_path_match &&
580 !of_prop_cmp(ce_1->prop->name, ce_2->prop->name)) {
581 pr_err("ERROR: multiple fragments add, update, and/or delete property %pOF/%s\n",
582 ce_1->np, ce_1->prop->name);
583 return -EINVAL;
584 }
585 }
586
587 return 0;
588 }
589
590 /**
591 * changeset_dup_entry_check() - check for duplicate entries
592 * @ovcs: Overlay changeset
593 *
594 * Check changeset @ovcs->cset for multiple {add or delete} node entries for
595 * the same node or duplicate {add, delete, or update} properties entries
596 * for the same property.
597 *
598 * Return: 0 on success, or -EINVAL if duplicate changeset entry found.
599 */
changeset_dup_entry_check(struct overlay_changeset * ovcs)600 static int changeset_dup_entry_check(struct overlay_changeset *ovcs)
601 {
602 struct of_changeset_entry *ce_1;
603 int dup_entry = 0;
604
605 list_for_each_entry(ce_1, &ovcs->cset.entries, node) {
606 dup_entry |= find_dup_cset_node_entry(ovcs, ce_1);
607 dup_entry |= find_dup_cset_prop(ovcs, ce_1);
608 }
609
610 return dup_entry ? -EINVAL : 0;
611 }
612
613 /**
614 * build_changeset() - populate overlay changeset in @ovcs from @ovcs->fragments
615 * @ovcs: Overlay changeset
616 *
617 * Create changeset @ovcs->cset to contain the nodes and properties of the
618 * overlay device tree fragments in @ovcs->fragments[]. If an error occurs,
619 * any portions of the changeset that were successfully created will remain
620 * in @ovcs->cset.
621 *
622 * Return: 0 on success, -ENOMEM if memory allocation failure, or -EINVAL if
623 * invalid overlay in @ovcs->fragments[].
624 */
build_changeset(struct overlay_changeset * ovcs)625 static int build_changeset(struct overlay_changeset *ovcs)
626 {
627 struct fragment *fragment;
628 struct target target;
629 int fragments_count, i, ret;
630
631 /*
632 * if there is a symbols fragment in ovcs->fragments[i] it is
633 * the final element in the array
634 */
635 if (ovcs->symbols_fragment)
636 fragments_count = ovcs->count - 1;
637 else
638 fragments_count = ovcs->count;
639
640 for (i = 0; i < fragments_count; i++) {
641 fragment = &ovcs->fragments[i];
642
643 target.np = fragment->target;
644 target.in_livetree = true;
645 ret = build_changeset_next_level(ovcs, &target,
646 fragment->overlay);
647 if (ret) {
648 pr_debug("fragment apply failed '%pOF'\n",
649 fragment->target);
650 return ret;
651 }
652 }
653
654 if (ovcs->symbols_fragment) {
655 fragment = &ovcs->fragments[ovcs->count - 1];
656
657 target.np = fragment->target;
658 target.in_livetree = true;
659 ret = build_changeset_symbols_node(ovcs, &target,
660 fragment->overlay);
661 if (ret) {
662 pr_debug("symbols fragment apply failed '%pOF'\n",
663 fragment->target);
664 return ret;
665 }
666 }
667
668 return changeset_dup_entry_check(ovcs);
669 }
670
671 /*
672 * Find the target node using a number of different strategies
673 * in order of preference:
674 *
675 * 1) "target" property containing the phandle of the target
676 * 2) "target-path" property containing the path of the target
677 */
find_target(struct device_node * info_node,struct device_node * target_base)678 static struct device_node *find_target(struct device_node *info_node,
679 struct device_node *target_base)
680 {
681 struct device_node *node;
682 char *target_path;
683 const char *path;
684 u32 val;
685 int ret;
686
687 ret = of_property_read_u32(info_node, "target", &val);
688 if (!ret) {
689 node = of_find_node_by_phandle(val);
690 if (!node)
691 pr_err("find target, node: %pOF, phandle 0x%x not found\n",
692 info_node, val);
693 return node;
694 }
695
696 ret = of_property_read_string(info_node, "target-path", &path);
697 if (!ret) {
698 if (target_base) {
699 target_path = kasprintf(GFP_KERNEL, "%pOF%s", target_base, path);
700 if (!target_path)
701 return NULL;
702 node = of_find_node_by_path(target_path);
703 if (!node) {
704 pr_err("find target, node: %pOF, path '%s' not found\n",
705 info_node, target_path);
706 }
707 kfree(target_path);
708 } else {
709 node = of_find_node_by_path(path);
710 if (!node) {
711 pr_err("find target, node: %pOF, path '%s' not found\n",
712 info_node, path);
713 }
714 }
715 return node;
716 }
717
718 pr_err("find target, node: %pOF, no target property\n", info_node);
719
720 return NULL;
721 }
722
723 /**
724 * init_overlay_changeset() - initialize overlay changeset from overlay tree
725 * @ovcs: Overlay changeset to build
726 * @target_base: Point to the target node to apply overlay
727 *
728 * Initialize @ovcs. Populate @ovcs->fragments with node information from
729 * the top level of @overlay_root. The relevant top level nodes are the
730 * fragment nodes and the __symbols__ node. Any other top level node will
731 * be ignored. Populate other @ovcs fields.
732 *
733 * Return: 0 on success, -ENOMEM if memory allocation failure, -EINVAL if error
734 * detected in @overlay_root. On error return, the caller of
735 * init_overlay_changeset() must call free_overlay_changeset().
736 */
init_overlay_changeset(struct overlay_changeset * ovcs,struct device_node * target_base)737 static int init_overlay_changeset(struct overlay_changeset *ovcs,
738 struct device_node *target_base)
739 {
740 struct device_node *node, *overlay_node;
741 struct fragment *fragment;
742 struct fragment *fragments;
743 int cnt, ret;
744
745 /*
746 * None of the resources allocated by this function will be freed in
747 * the error paths. Instead the caller of this function is required
748 * to call free_overlay_changeset() (which will free the resources)
749 * if error return.
750 */
751
752 /*
753 * Warn for some issues. Can not return -EINVAL for these until
754 * of_unittest_apply_overlay() is fixed to pass these checks.
755 */
756 if (!of_node_check_flag(ovcs->overlay_root, OF_DYNAMIC))
757 pr_debug("%s() ovcs->overlay_root is not dynamic\n", __func__);
758
759 if (!of_node_check_flag(ovcs->overlay_root, OF_DETACHED))
760 pr_debug("%s() ovcs->overlay_root is not detached\n", __func__);
761
762 if (!of_node_is_root(ovcs->overlay_root))
763 pr_debug("%s() ovcs->overlay_root is not root\n", __func__);
764
765 cnt = 0;
766
767 /* fragment nodes */
768 for_each_child_of_node(ovcs->overlay_root, node) {
769 overlay_node = of_get_child_by_name(node, "__overlay__");
770 if (overlay_node) {
771 cnt++;
772 of_node_put(overlay_node);
773 }
774 }
775
776 node = of_get_child_by_name(ovcs->overlay_root, "__symbols__");
777 if (node) {
778 cnt++;
779 of_node_put(node);
780 }
781
782 fragments = kcalloc(cnt, sizeof(*fragments), GFP_KERNEL);
783 if (!fragments) {
784 ret = -ENOMEM;
785 goto err_out;
786 }
787 ovcs->fragments = fragments;
788
789 cnt = 0;
790 for_each_child_of_node(ovcs->overlay_root, node) {
791 overlay_node = of_get_child_by_name(node, "__overlay__");
792 if (!overlay_node)
793 continue;
794
795 fragment = &fragments[cnt];
796 fragment->overlay = overlay_node;
797 fragment->target = find_target(node, target_base);
798 if (!fragment->target) {
799 of_node_put(fragment->overlay);
800 ret = -EINVAL;
801 of_node_put(node);
802 goto err_out;
803 }
804
805 cnt++;
806 }
807
808 /*
809 * if there is a symbols fragment in ovcs->fragments[i] it is
810 * the final element in the array
811 */
812 node = of_get_child_by_name(ovcs->overlay_root, "__symbols__");
813 if (node) {
814 ovcs->symbols_fragment = 1;
815 fragment = &fragments[cnt];
816 fragment->overlay = node;
817 fragment->target = of_find_node_by_path("/__symbols__");
818
819 if (!fragment->target) {
820 pr_err("symbols in overlay, but not in live tree\n");
821 ret = -EINVAL;
822 of_node_put(node);
823 goto err_out;
824 }
825
826 cnt++;
827 }
828
829 if (!cnt) {
830 pr_err("no fragments or symbols in overlay\n");
831 ret = -EINVAL;
832 goto err_out;
833 }
834
835 ovcs->count = cnt;
836
837 return 0;
838
839 err_out:
840 pr_err("%s() failed, ret = %d\n", __func__, ret);
841
842 return ret;
843 }
844
free_overlay_changeset(struct overlay_changeset * ovcs)845 static void free_overlay_changeset(struct overlay_changeset *ovcs)
846 {
847 int i;
848
849 if (ovcs->cset.entries.next)
850 of_changeset_destroy(&ovcs->cset);
851
852 if (ovcs->id) {
853 idr_remove(&ovcs_idr, ovcs->id);
854 list_del(&ovcs->ovcs_list);
855 ovcs->id = 0;
856 }
857
858
859 for (i = 0; i < ovcs->count; i++) {
860 of_node_put(ovcs->fragments[i].target);
861 of_node_put(ovcs->fragments[i].overlay);
862 }
863 kfree(ovcs->fragments);
864
865 /*
866 * There should be no live pointers into ovcs->overlay_mem and
867 * ovcs->new_fdt due to the policy that overlay notifiers are not
868 * allowed to retain pointers into the overlay devicetree other
869 * than during the window from OF_OVERLAY_PRE_APPLY overlay
870 * notifiers until the OF_OVERLAY_POST_REMOVE overlay notifiers.
871 *
872 * A memory leak will occur here if within the window.
873 */
874
875 if (ovcs->notify_state == OF_OVERLAY_INIT ||
876 ovcs->notify_state == OF_OVERLAY_POST_REMOVE) {
877 kfree(ovcs->overlay_mem);
878 kfree(ovcs->new_fdt);
879 }
880 kfree(ovcs);
881 }
882
883 /*
884 * internal documentation
885 *
886 * of_overlay_apply() - Create and apply an overlay changeset
887 * @ovcs: overlay changeset
888 * @base: point to the target node to apply overlay
889 *
890 * Creates and applies an overlay changeset.
891 *
892 * If an error is returned by an overlay changeset pre-apply notifier
893 * then no further overlay changeset pre-apply notifier will be called.
894 *
895 * If an error is returned by an overlay changeset post-apply notifier
896 * then no further overlay changeset post-apply notifier will be called.
897 *
898 * If more than one notifier returns an error, then the last notifier
899 * error to occur is returned.
900 *
901 * If an error occurred while applying the overlay changeset, then an
902 * attempt is made to revert any changes that were made to the
903 * device tree. If there were any errors during the revert attempt
904 * then the state of the device tree can not be determined, and any
905 * following attempt to apply or remove an overlay changeset will be
906 * refused.
907 *
908 * Returns 0 on success, or a negative error number. On error return,
909 * the caller of of_overlay_apply() must call free_overlay_changeset().
910 */
911
of_overlay_apply(struct overlay_changeset * ovcs,struct device_node * base)912 static int of_overlay_apply(struct overlay_changeset *ovcs,
913 struct device_node *base)
914 {
915 int ret = 0, ret_revert, ret_tmp;
916
917 ret = of_resolve_phandles(ovcs->overlay_root);
918 if (ret)
919 goto out;
920
921 ret = init_overlay_changeset(ovcs, base);
922 if (ret)
923 goto out;
924
925 ret = overlay_notify(ovcs, OF_OVERLAY_PRE_APPLY);
926 if (ret)
927 goto out;
928
929 ret = build_changeset(ovcs);
930 if (ret)
931 goto out;
932
933 ret_revert = 0;
934 ret = __of_changeset_apply_entries(&ovcs->cset, &ret_revert);
935 if (ret) {
936 if (ret_revert) {
937 pr_debug("overlay changeset revert error %d\n",
938 ret_revert);
939 devicetree_state_flags |= DTSF_APPLY_FAIL;
940 }
941 goto out;
942 }
943
944 ret = __of_changeset_apply_notify(&ovcs->cset);
945 if (ret)
946 pr_err("overlay apply changeset entry notify error %d\n", ret);
947 /* notify failure is not fatal, continue */
948
949 ret_tmp = overlay_notify(ovcs, OF_OVERLAY_POST_APPLY);
950 if (ret_tmp)
951 if (!ret)
952 ret = ret_tmp;
953
954 out:
955 pr_debug("%s() err=%d\n", __func__, ret);
956
957 return ret;
958 }
959
960 /**
961 * of_overlay_fdt_apply() - Create and apply an overlay changeset
962 * @overlay_fdt: pointer to overlay FDT
963 * @overlay_fdt_size: number of bytes in @overlay_fdt
964 * @ret_ovcs_id: pointer for returning created changeset id
965 * @base: pointer for the target node to apply overlay
966 *
967 * Creates and applies an overlay changeset.
968 *
969 * See of_overlay_apply() for important behavior information.
970 *
971 * Return: 0 on success, or a negative error number. *@ret_ovcs_id is set to
972 * the value of overlay changeset id, which can be passed to of_overlay_remove()
973 * to remove the overlay.
974 *
975 * On error return, the changeset may be partially applied. This is especially
976 * likely if an OF_OVERLAY_POST_APPLY notifier returns an error. In this case
977 * the caller should call of_overlay_remove() with the value in *@ret_ovcs_id.
978 */
979
of_overlay_fdt_apply(const void * overlay_fdt,u32 overlay_fdt_size,int * ret_ovcs_id,struct device_node * base)980 int of_overlay_fdt_apply(const void *overlay_fdt, u32 overlay_fdt_size,
981 int *ret_ovcs_id, struct device_node *base)
982 {
983 void *new_fdt;
984 void *new_fdt_align;
985 void *overlay_mem;
986 int ret;
987 u32 size;
988 struct overlay_changeset *ovcs;
989
990 *ret_ovcs_id = 0;
991
992 if (devicetree_corrupt()) {
993 pr_err("devicetree state suspect, refuse to apply overlay\n");
994 return -EBUSY;
995 }
996
997 if (overlay_fdt_size < sizeof(struct fdt_header) ||
998 fdt_check_header(overlay_fdt)) {
999 pr_err("Invalid overlay_fdt header\n");
1000 return -EINVAL;
1001 }
1002
1003 size = fdt_totalsize(overlay_fdt);
1004 if (overlay_fdt_size < size)
1005 return -EINVAL;
1006
1007 ovcs = kzalloc(sizeof(*ovcs), GFP_KERNEL);
1008 if (!ovcs)
1009 return -ENOMEM;
1010
1011 of_overlay_mutex_lock();
1012 mutex_lock(&of_mutex);
1013
1014 /*
1015 * ovcs->notify_state must be set to OF_OVERLAY_INIT before allocating
1016 * ovcs resources, implicitly set by kzalloc() of ovcs
1017 */
1018
1019 ovcs->id = idr_alloc(&ovcs_idr, ovcs, 1, 0, GFP_KERNEL);
1020 if (ovcs->id <= 0) {
1021 ret = ovcs->id;
1022 goto err_free_ovcs;
1023 }
1024
1025 INIT_LIST_HEAD(&ovcs->ovcs_list);
1026 list_add_tail(&ovcs->ovcs_list, &ovcs_list);
1027 of_changeset_init(&ovcs->cset);
1028
1029 /*
1030 * Must create permanent copy of FDT because of_fdt_unflatten_tree()
1031 * will create pointers to the passed in FDT in the unflattened tree.
1032 */
1033 new_fdt = kmalloc(size + FDT_ALIGN_SIZE, GFP_KERNEL);
1034 if (!new_fdt) {
1035 ret = -ENOMEM;
1036 goto err_free_ovcs;
1037 }
1038 ovcs->new_fdt = new_fdt;
1039
1040 new_fdt_align = PTR_ALIGN(new_fdt, FDT_ALIGN_SIZE);
1041 memcpy(new_fdt_align, overlay_fdt, size);
1042
1043 overlay_mem = of_fdt_unflatten_tree(new_fdt_align, NULL,
1044 &ovcs->overlay_root);
1045 if (!overlay_mem) {
1046 pr_err("unable to unflatten overlay_fdt\n");
1047 ret = -EINVAL;
1048 goto err_free_ovcs;
1049 }
1050 ovcs->overlay_mem = overlay_mem;
1051
1052 ret = of_overlay_apply(ovcs, base);
1053 /*
1054 * If of_overlay_apply() error, calling free_overlay_changeset() may
1055 * result in a memory leak if the apply partly succeeded, so do NOT
1056 * goto err_free_ovcs. Instead, the caller of of_overlay_fdt_apply()
1057 * can call of_overlay_remove();
1058 */
1059 *ret_ovcs_id = ovcs->id;
1060 goto out_unlock;
1061
1062 err_free_ovcs:
1063 free_overlay_changeset(ovcs);
1064
1065 out_unlock:
1066 mutex_unlock(&of_mutex);
1067 of_overlay_mutex_unlock();
1068 return ret;
1069 }
1070 EXPORT_SYMBOL_GPL(of_overlay_fdt_apply);
1071
1072 /*
1073 * Find @np in @tree.
1074 *
1075 * Returns 1 if @np is @tree or is contained in @tree, else 0
1076 */
find_node(struct device_node * tree,struct device_node * np)1077 static int find_node(struct device_node *tree, struct device_node *np)
1078 {
1079 if (tree == np)
1080 return 1;
1081
1082 for_each_child_of_node_scoped(tree, child) {
1083 if (find_node(child, np))
1084 return 1;
1085 }
1086
1087 return 0;
1088 }
1089
1090 /*
1091 * Is @remove_ce_node a child of, a parent of, or the same as any
1092 * node in an overlay changeset more topmost than @remove_ovcs?
1093 *
1094 * Returns 1 if found, else 0
1095 */
node_overlaps_later_cs(struct overlay_changeset * remove_ovcs,struct device_node * remove_ce_node)1096 static int node_overlaps_later_cs(struct overlay_changeset *remove_ovcs,
1097 struct device_node *remove_ce_node)
1098 {
1099 struct overlay_changeset *ovcs;
1100 struct of_changeset_entry *ce;
1101
1102 list_for_each_entry_reverse(ovcs, &ovcs_list, ovcs_list) {
1103 if (ovcs == remove_ovcs)
1104 break;
1105
1106 list_for_each_entry(ce, &ovcs->cset.entries, node) {
1107 if (find_node(ce->np, remove_ce_node)) {
1108 pr_err("%s: #%d overlaps with #%d @%pOF\n",
1109 __func__, remove_ovcs->id, ovcs->id,
1110 remove_ce_node);
1111 return 1;
1112 }
1113 if (find_node(remove_ce_node, ce->np)) {
1114 pr_err("%s: #%d overlaps with #%d @%pOF\n",
1115 __func__, remove_ovcs->id, ovcs->id,
1116 remove_ce_node);
1117 return 1;
1118 }
1119 }
1120 }
1121
1122 return 0;
1123 }
1124
1125 /*
1126 * We can safely remove the overlay only if it's the top-most one.
1127 * Newly applied overlays are inserted at the tail of the overlay list,
1128 * so a top most overlay is the one that is closest to the tail.
1129 *
1130 * The topmost check is done by exploiting this property. For each
1131 * affected device node in the log list we check if this overlay is
1132 * the one closest to the tail. If another overlay has affected this
1133 * device node and is closest to the tail, then removal is not permitted.
1134 */
overlay_removal_is_ok(struct overlay_changeset * remove_ovcs)1135 static int overlay_removal_is_ok(struct overlay_changeset *remove_ovcs)
1136 {
1137 struct of_changeset_entry *remove_ce;
1138
1139 list_for_each_entry(remove_ce, &remove_ovcs->cset.entries, node) {
1140 if (node_overlaps_later_cs(remove_ovcs, remove_ce->np)) {
1141 pr_err("overlay #%d is not topmost\n", remove_ovcs->id);
1142 return 0;
1143 }
1144 }
1145
1146 return 1;
1147 }
1148
1149 /**
1150 * of_overlay_remove() - Revert and free an overlay changeset
1151 * @ovcs_id: Pointer to overlay changeset id
1152 *
1153 * Removes an overlay if it is permissible. @ovcs_id was previously returned
1154 * by of_overlay_fdt_apply().
1155 *
1156 * If an error occurred while attempting to revert the overlay changeset,
1157 * then an attempt is made to re-apply any changeset entry that was
1158 * reverted. If an error occurs on re-apply then the state of the device
1159 * tree can not be determined, and any following attempt to apply or remove
1160 * an overlay changeset will be refused.
1161 *
1162 * A non-zero return value will not revert the changeset if error is from:
1163 * - parameter checks
1164 * - overlay changeset pre-remove notifier
1165 * - overlay changeset entry revert
1166 *
1167 * If an error is returned by an overlay changeset pre-remove notifier
1168 * then no further overlay changeset pre-remove notifier will be called.
1169 *
1170 * If more than one notifier returns an error, then the last notifier
1171 * error to occur is returned.
1172 *
1173 * A non-zero return value will revert the changeset if error is from:
1174 * - overlay changeset entry notifier
1175 * - overlay changeset post-remove notifier
1176 *
1177 * If an error is returned by an overlay changeset post-remove notifier
1178 * then no further overlay changeset post-remove notifier will be called.
1179 *
1180 * Return: 0 on success, or a negative error number. *@ovcs_id is set to
1181 * zero after reverting the changeset, even if a subsequent error occurs.
1182 */
of_overlay_remove(int * ovcs_id)1183 int of_overlay_remove(int *ovcs_id)
1184 {
1185 struct overlay_changeset *ovcs;
1186 int ret, ret_apply, ret_tmp;
1187
1188 if (devicetree_corrupt()) {
1189 pr_err("suspect devicetree state, refuse to remove overlay\n");
1190 ret = -EBUSY;
1191 goto out;
1192 }
1193
1194 mutex_lock(&of_mutex);
1195
1196 ovcs = idr_find(&ovcs_idr, *ovcs_id);
1197 if (!ovcs) {
1198 ret = -ENODEV;
1199 pr_err("remove: Could not find overlay #%d\n", *ovcs_id);
1200 goto err_unlock;
1201 }
1202
1203 if (!overlay_removal_is_ok(ovcs)) {
1204 ret = -EBUSY;
1205 goto err_unlock;
1206 }
1207
1208 ret = overlay_notify(ovcs, OF_OVERLAY_PRE_REMOVE);
1209 if (ret)
1210 goto err_unlock;
1211
1212 ret_apply = 0;
1213 ret = __of_changeset_revert_entries(&ovcs->cset, &ret_apply);
1214 if (ret) {
1215 if (ret_apply)
1216 devicetree_state_flags |= DTSF_REVERT_FAIL;
1217 goto err_unlock;
1218 }
1219
1220 ret = __of_changeset_revert_notify(&ovcs->cset);
1221 if (ret)
1222 pr_err("overlay remove changeset entry notify error %d\n", ret);
1223 /* notify failure is not fatal, continue */
1224
1225 *ovcs_id = 0;
1226
1227 /*
1228 * Note that the overlay memory will be kfree()ed by
1229 * free_overlay_changeset() even if the notifier for
1230 * OF_OVERLAY_POST_REMOVE returns an error.
1231 */
1232 ret_tmp = overlay_notify(ovcs, OF_OVERLAY_POST_REMOVE);
1233 if (ret_tmp)
1234 if (!ret)
1235 ret = ret_tmp;
1236
1237 free_overlay_changeset(ovcs);
1238
1239 err_unlock:
1240 /*
1241 * If jumped over free_overlay_changeset(), then did not kfree()
1242 * overlay related memory. This is a memory leak unless a subsequent
1243 * of_overlay_remove() of this overlay is successful.
1244 */
1245 mutex_unlock(&of_mutex);
1246
1247 out:
1248 pr_debug("%s() err=%d\n", __func__, ret);
1249
1250 return ret;
1251 }
1252 EXPORT_SYMBOL_GPL(of_overlay_remove);
1253
1254 /**
1255 * of_overlay_remove_all() - Reverts and frees all overlay changesets
1256 *
1257 * Removes all overlays from the system in the correct order.
1258 *
1259 * Return: 0 on success, or a negative error number
1260 */
of_overlay_remove_all(void)1261 int of_overlay_remove_all(void)
1262 {
1263 struct overlay_changeset *ovcs, *ovcs_n;
1264 int ret;
1265
1266 /* the tail of list is guaranteed to be safe to remove */
1267 list_for_each_entry_safe_reverse(ovcs, ovcs_n, &ovcs_list, ovcs_list) {
1268 ret = of_overlay_remove(&ovcs->id);
1269 if (ret)
1270 return ret;
1271 }
1272
1273 return 0;
1274 }
1275 EXPORT_SYMBOL_GPL(of_overlay_remove_all);
1276