xref: /linux/drivers/of/overlay.c (revision ff8ee11e778520c5716b7f165d2c7ce14d6a068b)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Functions for working with device tree overlays
4  *
5  * Copyright (C) 2012 Pantelis Antoniou <panto@antoniou-consulting.com>
6  * Copyright (C) 2012 Texas Instruments Inc.
7  */
8 
9 #define pr_fmt(fmt)	"OF: overlay: " fmt
10 
11 #include <linux/kernel.h>
12 #include <linux/module.h>
13 #include <linux/of.h>
14 #include <linux/of_device.h>
15 #include <linux/of_fdt.h>
16 #include <linux/string.h>
17 #include <linux/ctype.h>
18 #include <linux/errno.h>
19 #include <linux/slab.h>
20 #include <linux/libfdt.h>
21 #include <linux/err.h>
22 #include <linux/idr.h>
23 
24 #include "of_private.h"
25 
26 /**
27  * struct target - info about current target node as recursing through overlay
28  * @np:			node where current level of overlay will be applied
29  * @in_livetree:	@np is a node in the live devicetree
30  *
31  * Used in the algorithm to create the portion of a changeset that describes
32  * an overlay fragment, which is a devicetree subtree.  Initially @np is a node
33  * in the live devicetree where the overlay subtree is targeted to be grafted
34  * into.  When recursing to the next level of the overlay subtree, the target
35  * also recurses to the next level of the live devicetree, as long as overlay
36  * subtree node also exists in the live devicetree.  When a node in the overlay
37  * subtree does not exist at the same level in the live devicetree, target->np
38  * points to a newly allocated node, and all subsequent targets in the subtree
39  * will be newly allocated nodes.
40  */
41 struct target {
42 	struct device_node *np;
43 	bool in_livetree;
44 };
45 
46 /**
47  * struct fragment - info about fragment nodes in overlay expanded device tree
48  * @overlay:	pointer to the __overlay__ node
49  * @target:	target of the overlay operation
50  */
51 struct fragment {
52 	struct device_node *overlay;
53 	struct device_node *target;
54 };
55 
56 /**
57  * struct overlay_changeset
58  * @id:			changeset identifier
59  * @ovcs_list:		list on which we are located
60  * @new_fdt:		Memory allocated to hold unflattened aligned FDT
61  * @overlay_mem:	the memory chunk that contains @overlay_root
62  * @overlay_root:	expanded device tree that contains the fragment nodes
63  * @notify_state:	most recent notify action used on overlay
64  * @count:		count of fragment structures
65  * @fragments:		fragment nodes in the overlay expanded device tree
66  * @symbols_fragment:	last element of @fragments[] is the  __symbols__ node
67  * @cset:		changeset to apply fragments to live device tree
68  */
69 struct overlay_changeset {
70 	int id;
71 	struct list_head ovcs_list;
72 	const void *new_fdt;
73 	const void *overlay_mem;
74 	struct device_node *overlay_root;
75 	enum of_overlay_notify_action notify_state;
76 	int count;
77 	struct fragment *fragments;
78 	bool symbols_fragment;
79 	struct of_changeset cset;
80 };
81 
82 /* flags are sticky - once set, do not reset */
83 static int devicetree_state_flags;
84 #define DTSF_APPLY_FAIL		0x01
85 #define DTSF_REVERT_FAIL	0x02
86 
87 /*
88  * If a changeset apply or revert encounters an error, an attempt will
89  * be made to undo partial changes, but may fail.  If the undo fails
90  * we do not know the state of the devicetree.
91  */
92 static int devicetree_corrupt(void)
93 {
94 	return devicetree_state_flags &
95 		(DTSF_APPLY_FAIL | DTSF_REVERT_FAIL);
96 }
97 
98 static int build_changeset_next_level(struct overlay_changeset *ovcs,
99 		struct target *target, const struct device_node *overlay_node);
100 
101 /*
102  * of_resolve_phandles() finds the largest phandle in the live tree.
103  * of_overlay_apply() may add a larger phandle to the live tree.
104  * Do not allow race between two overlays being applied simultaneously:
105  *    mutex_lock(&of_overlay_phandle_mutex)
106  *    of_resolve_phandles()
107  *    of_overlay_apply()
108  *    mutex_unlock(&of_overlay_phandle_mutex)
109  */
110 static DEFINE_MUTEX(of_overlay_phandle_mutex);
111 
112 void of_overlay_mutex_lock(void)
113 {
114 	mutex_lock(&of_overlay_phandle_mutex);
115 }
116 
117 void of_overlay_mutex_unlock(void)
118 {
119 	mutex_unlock(&of_overlay_phandle_mutex);
120 }
121 
122 static LIST_HEAD(ovcs_list);
123 static DEFINE_IDR(ovcs_idr);
124 
125 static BLOCKING_NOTIFIER_HEAD(overlay_notify_chain);
126 
127 /**
128  * of_overlay_notifier_register() - Register notifier for overlay operations
129  * @nb:		Notifier block to register
130  *
131  * Register for notification on overlay operations on device tree nodes. The
132  * reported actions definied by @of_reconfig_change. The notifier callback
133  * furthermore receives a pointer to the affected device tree node.
134  *
135  * Note that a notifier callback is not supposed to store pointers to a device
136  * tree node or its content beyond @OF_OVERLAY_POST_REMOVE corresponding to the
137  * respective node it received.
138  */
139 int of_overlay_notifier_register(struct notifier_block *nb)
140 {
141 	return blocking_notifier_chain_register(&overlay_notify_chain, nb);
142 }
143 EXPORT_SYMBOL_GPL(of_overlay_notifier_register);
144 
145 /**
146  * of_overlay_notifier_unregister() - Unregister notifier for overlay operations
147  * @nb:		Notifier block to unregister
148  */
149 int of_overlay_notifier_unregister(struct notifier_block *nb)
150 {
151 	return blocking_notifier_chain_unregister(&overlay_notify_chain, nb);
152 }
153 EXPORT_SYMBOL_GPL(of_overlay_notifier_unregister);
154 
155 static int overlay_notify(struct overlay_changeset *ovcs,
156 		enum of_overlay_notify_action action)
157 {
158 	struct of_overlay_notify_data nd;
159 	int i, ret;
160 
161 	ovcs->notify_state = action;
162 
163 	for (i = 0; i < ovcs->count; i++) {
164 		struct fragment *fragment = &ovcs->fragments[i];
165 
166 		nd.target = fragment->target;
167 		nd.overlay = fragment->overlay;
168 
169 		ret = blocking_notifier_call_chain(&overlay_notify_chain,
170 						   action, &nd);
171 		if (notifier_to_errno(ret)) {
172 			ret = notifier_to_errno(ret);
173 			pr_err("overlay changeset %s notifier error %d, target: %pOF\n",
174 			       of_overlay_action_name(action), ret, nd.target);
175 			return ret;
176 		}
177 	}
178 
179 	return 0;
180 }
181 
182 /*
183  * The values of properties in the "/__symbols__" node are paths in
184  * the ovcs->overlay_root.  When duplicating the properties, the paths
185  * need to be adjusted to be the correct path for the live device tree.
186  *
187  * The paths refer to a node in the subtree of a fragment node's "__overlay__"
188  * node, for example "/fragment@0/__overlay__/symbol_path_tail",
189  * where symbol_path_tail can be a single node or it may be a multi-node path.
190  *
191  * The duplicated property value will be modified by replacing the
192  * "/fragment_name/__overlay/" portion of the value  with the target
193  * path from the fragment node.
194  */
195 static struct property *dup_and_fixup_symbol_prop(
196 		struct overlay_changeset *ovcs, const struct property *prop)
197 {
198 	struct fragment *fragment;
199 	struct property *new_prop;
200 	struct device_node *fragment_node;
201 	struct device_node *overlay_node;
202 	const char *path;
203 	const char *path_tail;
204 	const char *target_path;
205 	int k;
206 	int overlay_name_len;
207 	int path_len;
208 	int path_tail_len;
209 	int target_path_len;
210 
211 	if (!prop->value)
212 		return NULL;
213 	if (strnlen(prop->value, prop->length) >= prop->length)
214 		return NULL;
215 	path = prop->value;
216 	path_len = strlen(path);
217 
218 	if (path_len < 1)
219 		return NULL;
220 	fragment_node = __of_find_node_by_path(ovcs->overlay_root, path + 1);
221 	overlay_node = __of_find_node_by_path(fragment_node, "__overlay__/");
222 	of_node_put(fragment_node);
223 	of_node_put(overlay_node);
224 
225 	for (k = 0; k < ovcs->count; k++) {
226 		fragment = &ovcs->fragments[k];
227 		if (fragment->overlay == overlay_node)
228 			break;
229 	}
230 	if (k >= ovcs->count)
231 		return NULL;
232 
233 	overlay_name_len = snprintf(NULL, 0, "%pOF", fragment->overlay);
234 
235 	if (overlay_name_len > path_len)
236 		return NULL;
237 	path_tail = path + overlay_name_len;
238 	path_tail_len = strlen(path_tail);
239 
240 	target_path = kasprintf(GFP_KERNEL, "%pOF", fragment->target);
241 	if (!target_path)
242 		return NULL;
243 	target_path_len = strlen(target_path);
244 
245 	new_prop = kzalloc(sizeof(*new_prop), GFP_KERNEL);
246 	if (!new_prop)
247 		goto err_free_target_path;
248 
249 	new_prop->name = kstrdup(prop->name, GFP_KERNEL);
250 	new_prop->length = target_path_len + path_tail_len + 1;
251 	new_prop->value = kzalloc(new_prop->length, GFP_KERNEL);
252 	if (!new_prop->name || !new_prop->value)
253 		goto err_free_new_prop;
254 
255 	strcpy(new_prop->value, target_path);
256 	strcpy(new_prop->value + target_path_len, path_tail);
257 
258 	of_property_set_flag(new_prop, OF_DYNAMIC);
259 
260 	kfree(target_path);
261 
262 	return new_prop;
263 
264 err_free_new_prop:
265 	__of_prop_free(new_prop);
266 err_free_target_path:
267 	kfree(target_path);
268 
269 	return NULL;
270 }
271 
272 /**
273  * add_changeset_property() - add @overlay_prop to overlay changeset
274  * @ovcs:		overlay changeset
275  * @target:		where @overlay_prop will be placed
276  * @overlay_prop:	property to add or update, from overlay tree
277  * @is_symbols_prop:	1 if @overlay_prop is from node "/__symbols__"
278  *
279  * If @overlay_prop does not already exist in live devicetree, add changeset
280  * entry to add @overlay_prop in @target, else add changeset entry to update
281  * value of @overlay_prop.
282  *
283  * @target may be either in the live devicetree or in a new subtree that
284  * is contained in the changeset.
285  *
286  * Some special properties are not added or updated (no error returned):
287  * "name", "phandle", "linux,phandle".
288  *
289  * Properties "#address-cells" and "#size-cells" are not updated if they
290  * are already in the live tree, but if present in the live tree, the values
291  * in the overlay must match the values in the live tree.
292  *
293  * Update of property in symbols node is not allowed.
294  *
295  * Return: 0 on success, -ENOMEM if memory allocation failure, or -EINVAL if
296  * invalid @overlay.
297  */
298 static int add_changeset_property(struct overlay_changeset *ovcs,
299 		struct target *target, struct property *overlay_prop,
300 		bool is_symbols_prop)
301 {
302 	struct property *new_prop = NULL, *prop;
303 	int ret = 0;
304 
305 	if (target->in_livetree)
306 		if (!of_prop_cmp(overlay_prop->name, "name") ||
307 		    !of_prop_cmp(overlay_prop->name, "phandle") ||
308 		    !of_prop_cmp(overlay_prop->name, "linux,phandle"))
309 			return 0;
310 
311 	if (target->in_livetree)
312 		prop = of_find_property(target->np, overlay_prop->name, NULL);
313 	else
314 		prop = NULL;
315 
316 	if (prop) {
317 		if (!of_prop_cmp(prop->name, "#address-cells")) {
318 			if (!of_prop_val_eq(prop, overlay_prop)) {
319 				pr_err("ERROR: changing value of #address-cells is not allowed in %pOF\n",
320 				       target->np);
321 				ret = -EINVAL;
322 			}
323 			return ret;
324 
325 		} else if (!of_prop_cmp(prop->name, "#size-cells")) {
326 			if (!of_prop_val_eq(prop, overlay_prop)) {
327 				pr_err("ERROR: changing value of #size-cells is not allowed in %pOF\n",
328 				       target->np);
329 				ret = -EINVAL;
330 			}
331 			return ret;
332 		}
333 	}
334 
335 	if (is_symbols_prop) {
336 		if (prop)
337 			return -EINVAL;
338 		new_prop = dup_and_fixup_symbol_prop(ovcs, overlay_prop);
339 	} else {
340 		new_prop = __of_prop_dup(overlay_prop, GFP_KERNEL);
341 	}
342 
343 	if (!new_prop)
344 		return -ENOMEM;
345 
346 	if (!prop) {
347 		if (!target->in_livetree) {
348 			new_prop->next = target->np->deadprops;
349 			target->np->deadprops = new_prop;
350 		}
351 		ret = of_changeset_add_property(&ovcs->cset, target->np,
352 						new_prop);
353 	} else {
354 		ret = of_changeset_update_property(&ovcs->cset, target->np,
355 						   new_prop);
356 	}
357 
358 	if (!of_node_check_flag(target->np, OF_OVERLAY))
359 		pr_err("WARNING: memory leak will occur if overlay removed, property: %pOF/%s\n",
360 		       target->np, new_prop->name);
361 
362 	if (ret)
363 		__of_prop_free(new_prop);
364 	return ret;
365 }
366 
367 /**
368  * add_changeset_node() - add @node (and children) to overlay changeset
369  * @ovcs:	overlay changeset
370  * @target:	where @node will be placed in live tree or changeset
371  * @node:	node from within overlay device tree fragment
372  *
373  * If @node does not already exist in @target, add changeset entry
374  * to add @node in @target.
375  *
376  * If @node already exists in @target, and the existing node has
377  * a phandle, the overlay node is not allowed to have a phandle.
378  *
379  * If @node has child nodes, add the children recursively via
380  * build_changeset_next_level().
381  *
382  * NOTE_1: A live devicetree created from a flattened device tree (FDT) will
383  *       not contain the full path in node->full_name.  Thus an overlay
384  *       created from an FDT also will not contain the full path in
385  *       node->full_name.  However, a live devicetree created from Open
386  *       Firmware may have the full path in node->full_name.
387  *
388  *       add_changeset_node() follows the FDT convention and does not include
389  *       the full path in node->full_name.  Even though it expects the overlay
390  *       to not contain the full path, it uses kbasename() to remove the
391  *       full path should it exist.  It also uses kbasename() in comparisons
392  *       to nodes in the live devicetree so that it can apply an overlay to
393  *       a live devicetree created from Open Firmware.
394  *
395  * NOTE_2: Multiple mods of created nodes not supported.
396  *
397  * Return: 0 on success, -ENOMEM if memory allocation failure, or -EINVAL if
398  * invalid @overlay.
399  */
400 static int add_changeset_node(struct overlay_changeset *ovcs,
401 		struct target *target, struct device_node *node)
402 {
403 	const char *node_kbasename;
404 	const __be32 *phandle;
405 	struct device_node *tchild;
406 	struct target target_child;
407 	int ret = 0, size;
408 
409 	node_kbasename = kbasename(node->full_name);
410 
411 	for_each_child_of_node(target->np, tchild)
412 		if (!of_node_cmp(node_kbasename, kbasename(tchild->full_name)))
413 			break;
414 
415 	if (!tchild) {
416 		tchild = __of_node_dup(NULL, node_kbasename);
417 		if (!tchild)
418 			return -ENOMEM;
419 
420 		tchild->parent = target->np;
421 		tchild->name = __of_get_property(node, "name", NULL);
422 
423 		if (!tchild->name)
424 			tchild->name = "<NULL>";
425 
426 		/* ignore obsolete "linux,phandle" */
427 		phandle = __of_get_property(node, "phandle", &size);
428 		if (phandle && (size == 4))
429 			tchild->phandle = be32_to_cpup(phandle);
430 
431 		of_node_set_flag(tchild, OF_OVERLAY);
432 
433 		ret = of_changeset_attach_node(&ovcs->cset, tchild);
434 		if (ret)
435 			return ret;
436 
437 		target_child.np = tchild;
438 		target_child.in_livetree = false;
439 
440 		ret = build_changeset_next_level(ovcs, &target_child, node);
441 		of_node_put(tchild);
442 		return ret;
443 	}
444 
445 	if (node->phandle && tchild->phandle) {
446 		ret = -EINVAL;
447 	} else {
448 		target_child.np = tchild;
449 		target_child.in_livetree = target->in_livetree;
450 		ret = build_changeset_next_level(ovcs, &target_child, node);
451 	}
452 	of_node_put(tchild);
453 
454 	return ret;
455 }
456 
457 /**
458  * build_changeset_next_level() - add level of overlay changeset
459  * @ovcs:		overlay changeset
460  * @target:		where to place @overlay_node in live tree
461  * @overlay_node:	node from within an overlay device tree fragment
462  *
463  * Add the properties (if any) and nodes (if any) from @overlay_node to the
464  * @ovcs->cset changeset.  If an added node has child nodes, they will
465  * be added recursively.
466  *
467  * Do not allow symbols node to have any children.
468  *
469  * Return: 0 on success, -ENOMEM if memory allocation failure, or -EINVAL if
470  * invalid @overlay_node.
471  */
472 static int build_changeset_next_level(struct overlay_changeset *ovcs,
473 		struct target *target, const struct device_node *overlay_node)
474 {
475 	struct property *prop;
476 	int ret;
477 
478 	for_each_property_of_node(overlay_node, prop) {
479 		ret = add_changeset_property(ovcs, target, prop, 0);
480 		if (ret) {
481 			pr_debug("Failed to apply prop @%pOF/%s, err=%d\n",
482 				 target->np, prop->name, ret);
483 			return ret;
484 		}
485 	}
486 
487 	for_each_child_of_node_scoped(overlay_node, child) {
488 		ret = add_changeset_node(ovcs, target, child);
489 		if (ret) {
490 			pr_debug("Failed to apply node @%pOF/%pOFn, err=%d\n",
491 				 target->np, child, ret);
492 			return ret;
493 		}
494 	}
495 
496 	return 0;
497 }
498 
499 /*
500  * Add the properties from __overlay__ node to the @ovcs->cset changeset.
501  */
502 static int build_changeset_symbols_node(struct overlay_changeset *ovcs,
503 		struct target *target,
504 		const struct device_node *overlay_symbols_node)
505 {
506 	struct property *prop;
507 	int ret;
508 
509 	for_each_property_of_node(overlay_symbols_node, prop) {
510 		ret = add_changeset_property(ovcs, target, prop, 1);
511 		if (ret) {
512 			pr_debug("Failed to apply symbols prop @%pOF/%s, err=%d\n",
513 				 target->np, prop->name, ret);
514 			return ret;
515 		}
516 	}
517 
518 	return 0;
519 }
520 
521 static int find_dup_cset_node_entry(struct overlay_changeset *ovcs,
522 		struct of_changeset_entry *ce_1)
523 {
524 	struct of_changeset_entry *ce_2;
525 	char *fn_1, *fn_2;
526 	int node_path_match;
527 
528 	if (ce_1->action != OF_RECONFIG_ATTACH_NODE &&
529 	    ce_1->action != OF_RECONFIG_DETACH_NODE)
530 		return 0;
531 
532 	ce_2 = ce_1;
533 	list_for_each_entry_continue(ce_2, &ovcs->cset.entries, node) {
534 		if ((ce_2->action != OF_RECONFIG_ATTACH_NODE &&
535 		     ce_2->action != OF_RECONFIG_DETACH_NODE) ||
536 		    of_node_cmp(ce_1->np->full_name, ce_2->np->full_name))
537 			continue;
538 
539 		fn_1 = kasprintf(GFP_KERNEL, "%pOF", ce_1->np);
540 		fn_2 = kasprintf(GFP_KERNEL, "%pOF", ce_2->np);
541 		node_path_match = !fn_1 || !fn_2 || !strcmp(fn_1, fn_2);
542 		kfree(fn_1);
543 		kfree(fn_2);
544 		if (node_path_match) {
545 			pr_err("ERROR: multiple fragments add and/or delete node %pOF\n",
546 			       ce_1->np);
547 			return -EINVAL;
548 		}
549 	}
550 
551 	return 0;
552 }
553 
554 static int find_dup_cset_prop(struct overlay_changeset *ovcs,
555 		struct of_changeset_entry *ce_1)
556 {
557 	struct of_changeset_entry *ce_2;
558 	char *fn_1, *fn_2;
559 	int node_path_match;
560 
561 	if (ce_1->action != OF_RECONFIG_ADD_PROPERTY &&
562 	    ce_1->action != OF_RECONFIG_REMOVE_PROPERTY &&
563 	    ce_1->action != OF_RECONFIG_UPDATE_PROPERTY)
564 		return 0;
565 
566 	ce_2 = ce_1;
567 	list_for_each_entry_continue(ce_2, &ovcs->cset.entries, node) {
568 		if ((ce_2->action != OF_RECONFIG_ADD_PROPERTY &&
569 		     ce_2->action != OF_RECONFIG_REMOVE_PROPERTY &&
570 		     ce_2->action != OF_RECONFIG_UPDATE_PROPERTY) ||
571 		    of_node_cmp(ce_1->np->full_name, ce_2->np->full_name))
572 			continue;
573 
574 		fn_1 = kasprintf(GFP_KERNEL, "%pOF", ce_1->np);
575 		fn_2 = kasprintf(GFP_KERNEL, "%pOF", ce_2->np);
576 		node_path_match = !fn_1 || !fn_2 || !strcmp(fn_1, fn_2);
577 		kfree(fn_1);
578 		kfree(fn_2);
579 		if (node_path_match &&
580 		    !of_prop_cmp(ce_1->prop->name, ce_2->prop->name)) {
581 			pr_err("ERROR: multiple fragments add, update, and/or delete property %pOF/%s\n",
582 			       ce_1->np, ce_1->prop->name);
583 			return -EINVAL;
584 		}
585 	}
586 
587 	return 0;
588 }
589 
590 /**
591  * changeset_dup_entry_check() - check for duplicate entries
592  * @ovcs:	Overlay changeset
593  *
594  * Check changeset @ovcs->cset for multiple {add or delete} node entries for
595  * the same node or duplicate {add, delete, or update} properties entries
596  * for the same property.
597  *
598  * Return: 0 on success, or -EINVAL if duplicate changeset entry found.
599  */
600 static int changeset_dup_entry_check(struct overlay_changeset *ovcs)
601 {
602 	struct of_changeset_entry *ce_1;
603 	int dup_entry = 0;
604 
605 	list_for_each_entry(ce_1, &ovcs->cset.entries, node) {
606 		dup_entry |= find_dup_cset_node_entry(ovcs, ce_1);
607 		dup_entry |= find_dup_cset_prop(ovcs, ce_1);
608 	}
609 
610 	return dup_entry ? -EINVAL : 0;
611 }
612 
613 /**
614  * build_changeset() - populate overlay changeset in @ovcs from @ovcs->fragments
615  * @ovcs:	Overlay changeset
616  *
617  * Create changeset @ovcs->cset to contain the nodes and properties of the
618  * overlay device tree fragments in @ovcs->fragments[].  If an error occurs,
619  * any portions of the changeset that were successfully created will remain
620  * in @ovcs->cset.
621  *
622  * Return: 0 on success, -ENOMEM if memory allocation failure, or -EINVAL if
623  * invalid overlay in @ovcs->fragments[].
624  */
625 static int build_changeset(struct overlay_changeset *ovcs)
626 {
627 	struct fragment *fragment;
628 	struct target target;
629 	int fragments_count, i, ret;
630 
631 	/*
632 	 * if there is a symbols fragment in ovcs->fragments[i] it is
633 	 * the final element in the array
634 	 */
635 	if (ovcs->symbols_fragment)
636 		fragments_count = ovcs->count - 1;
637 	else
638 		fragments_count = ovcs->count;
639 
640 	for (i = 0; i < fragments_count; i++) {
641 		fragment = &ovcs->fragments[i];
642 
643 		target.np = fragment->target;
644 		target.in_livetree = true;
645 		ret = build_changeset_next_level(ovcs, &target,
646 						 fragment->overlay);
647 		if (ret) {
648 			pr_debug("fragment apply failed '%pOF'\n",
649 				 fragment->target);
650 			return ret;
651 		}
652 	}
653 
654 	if (ovcs->symbols_fragment) {
655 		fragment = &ovcs->fragments[ovcs->count - 1];
656 
657 		target.np = fragment->target;
658 		target.in_livetree = true;
659 		ret = build_changeset_symbols_node(ovcs, &target,
660 						   fragment->overlay);
661 		if (ret) {
662 			pr_debug("symbols fragment apply failed '%pOF'\n",
663 				 fragment->target);
664 			return ret;
665 		}
666 	}
667 
668 	return changeset_dup_entry_check(ovcs);
669 }
670 
671 /*
672  * Find the target node using a number of different strategies
673  * in order of preference:
674  *
675  * 1) "target" property containing the phandle of the target
676  * 2) "target-path" property containing the path of the target
677  */
678 static struct device_node *find_target(struct device_node *info_node,
679 				       struct device_node *target_base)
680 {
681 	struct device_node *node;
682 	char *target_path;
683 	const char *path;
684 	u32 val;
685 	int ret;
686 
687 	ret = of_property_read_u32(info_node, "target", &val);
688 	if (!ret) {
689 		node = of_find_node_by_phandle(val);
690 		if (!node)
691 			pr_err("find target, node: %pOF, phandle 0x%x not found\n",
692 			       info_node, val);
693 		return node;
694 	}
695 
696 	ret = of_property_read_string(info_node, "target-path", &path);
697 	if (!ret) {
698 		if (target_base) {
699 			target_path = kasprintf(GFP_KERNEL, "%pOF%s", target_base, path);
700 			if (!target_path)
701 				return NULL;
702 			node = of_find_node_by_path(target_path);
703 			if (!node) {
704 				pr_err("find target, node: %pOF, path '%s' not found\n",
705 				       info_node, target_path);
706 			}
707 			kfree(target_path);
708 		} else {
709 			node =  of_find_node_by_path(path);
710 			if (!node) {
711 				pr_err("find target, node: %pOF, path '%s' not found\n",
712 				       info_node, path);
713 			}
714 		}
715 		return node;
716 	}
717 
718 	pr_err("find target, node: %pOF, no target property\n", info_node);
719 
720 	return NULL;
721 }
722 
723 /**
724  * init_overlay_changeset() - initialize overlay changeset from overlay tree
725  * @ovcs:		Overlay changeset to build
726  * @target_base:	Point to the target node to apply overlay
727  *
728  * Initialize @ovcs.  Populate @ovcs->fragments with node information from
729  * the top level of @overlay_root.  The relevant top level nodes are the
730  * fragment nodes and the __symbols__ node.  Any other top level node will
731  * be ignored.  Populate other @ovcs fields.
732  *
733  * Return: 0 on success, -ENOMEM if memory allocation failure, -EINVAL if error
734  * detected in @overlay_root.  On error return, the caller of
735  * init_overlay_changeset() must call free_overlay_changeset().
736  */
737 static int init_overlay_changeset(struct overlay_changeset *ovcs,
738 				  struct device_node *target_base)
739 {
740 	struct device_node *node, *overlay_node;
741 	struct fragment *fragment;
742 	struct fragment *fragments;
743 	int cnt, ret;
744 
745 	/*
746 	 * None of the resources allocated by this function will be freed in
747 	 * the error paths.  Instead the caller of this function is required
748 	 * to call free_overlay_changeset() (which will free the resources)
749 	 * if error return.
750 	 */
751 
752 	/*
753 	 * Warn for some issues.  Can not return -EINVAL for these until
754 	 * of_unittest_apply_overlay() is fixed to pass these checks.
755 	 */
756 	if (!of_node_check_flag(ovcs->overlay_root, OF_DYNAMIC))
757 		pr_debug("%s() ovcs->overlay_root is not dynamic\n", __func__);
758 
759 	if (!of_node_check_flag(ovcs->overlay_root, OF_DETACHED))
760 		pr_debug("%s() ovcs->overlay_root is not detached\n", __func__);
761 
762 	if (!of_node_is_root(ovcs->overlay_root))
763 		pr_debug("%s() ovcs->overlay_root is not root\n", __func__);
764 
765 	cnt = 0;
766 
767 	/* fragment nodes */
768 	for_each_child_of_node(ovcs->overlay_root, node) {
769 		overlay_node = of_get_child_by_name(node, "__overlay__");
770 		if (overlay_node) {
771 			cnt++;
772 			of_node_put(overlay_node);
773 		}
774 	}
775 
776 	node = of_get_child_by_name(ovcs->overlay_root, "__symbols__");
777 	if (node) {
778 		cnt++;
779 		of_node_put(node);
780 	}
781 
782 	fragments = kcalloc(cnt, sizeof(*fragments), GFP_KERNEL);
783 	if (!fragments) {
784 		ret = -ENOMEM;
785 		goto err_out;
786 	}
787 	ovcs->fragments = fragments;
788 
789 	cnt = 0;
790 	for_each_child_of_node(ovcs->overlay_root, node) {
791 		overlay_node = of_get_child_by_name(node, "__overlay__");
792 		if (!overlay_node)
793 			continue;
794 
795 		fragment = &fragments[cnt];
796 		fragment->overlay = overlay_node;
797 		fragment->target = find_target(node, target_base);
798 		if (!fragment->target) {
799 			of_node_put(fragment->overlay);
800 			ret = -EINVAL;
801 			of_node_put(node);
802 			goto err_out;
803 		}
804 
805 		cnt++;
806 	}
807 
808 	/*
809 	 * if there is a symbols fragment in ovcs->fragments[i] it is
810 	 * the final element in the array
811 	 */
812 	node = of_get_child_by_name(ovcs->overlay_root, "__symbols__");
813 	if (node) {
814 		ovcs->symbols_fragment = 1;
815 		fragment = &fragments[cnt];
816 		fragment->overlay = node;
817 		fragment->target = of_find_node_by_path("/__symbols__");
818 
819 		if (!fragment->target) {
820 			pr_err("symbols in overlay, but not in live tree\n");
821 			ret = -EINVAL;
822 			of_node_put(node);
823 			goto err_out;
824 		}
825 
826 		cnt++;
827 	}
828 
829 	if (!cnt) {
830 		pr_err("no fragments or symbols in overlay\n");
831 		ret = -EINVAL;
832 		goto err_out;
833 	}
834 
835 	ovcs->count = cnt;
836 
837 	return 0;
838 
839 err_out:
840 	pr_err("%s() failed, ret = %d\n", __func__, ret);
841 
842 	return ret;
843 }
844 
845 static void free_overlay_changeset(struct overlay_changeset *ovcs)
846 {
847 	int i;
848 
849 	if (ovcs->cset.entries.next)
850 		of_changeset_destroy(&ovcs->cset);
851 
852 	if (ovcs->id) {
853 		idr_remove(&ovcs_idr, ovcs->id);
854 		list_del(&ovcs->ovcs_list);
855 		ovcs->id = 0;
856 	}
857 
858 
859 	for (i = 0; i < ovcs->count; i++) {
860 		of_node_put(ovcs->fragments[i].target);
861 		of_node_put(ovcs->fragments[i].overlay);
862 	}
863 	kfree(ovcs->fragments);
864 
865 	/*
866 	 * There should be no live pointers into ovcs->overlay_mem and
867 	 * ovcs->new_fdt due to the policy that overlay notifiers are not
868 	 * allowed to retain pointers into the overlay devicetree other
869 	 * than during the window from OF_OVERLAY_PRE_APPLY overlay
870 	 * notifiers until the OF_OVERLAY_POST_REMOVE overlay notifiers.
871 	 *
872 	 * A memory leak will occur here if within the window.
873 	 */
874 
875 	if (ovcs->notify_state == OF_OVERLAY_INIT ||
876 	    ovcs->notify_state == OF_OVERLAY_POST_REMOVE) {
877 		kfree(ovcs->overlay_mem);
878 		kfree(ovcs->new_fdt);
879 	}
880 	kfree(ovcs);
881 }
882 
883 /*
884  * internal documentation
885  *
886  * of_overlay_apply() - Create and apply an overlay changeset
887  * @ovcs:	overlay changeset
888  * @base:	point to the target node to apply overlay
889  *
890  * Creates and applies an overlay changeset.
891  *
892  * If an error is returned by an overlay changeset pre-apply notifier
893  * then no further overlay changeset pre-apply notifier will be called.
894  *
895  * If an error is returned by an overlay changeset post-apply notifier
896  * then no further overlay changeset post-apply notifier will be called.
897  *
898  * If more than one notifier returns an error, then the last notifier
899  * error to occur is returned.
900  *
901  * If an error occurred while applying the overlay changeset, then an
902  * attempt is made to revert any changes that were made to the
903  * device tree.  If there were any errors during the revert attempt
904  * then the state of the device tree can not be determined, and any
905  * following attempt to apply or remove an overlay changeset will be
906  * refused.
907  *
908  * Returns 0 on success, or a negative error number.  On error return,
909  * the caller of of_overlay_apply() must call free_overlay_changeset().
910  */
911 
912 static int of_overlay_apply(struct overlay_changeset *ovcs,
913 			    struct device_node *base)
914 {
915 	int ret = 0, ret_revert, ret_tmp;
916 
917 	ret = of_resolve_phandles(ovcs->overlay_root);
918 	if (ret)
919 		goto out;
920 
921 	ret = init_overlay_changeset(ovcs, base);
922 	if (ret)
923 		goto out;
924 
925 	ret = overlay_notify(ovcs, OF_OVERLAY_PRE_APPLY);
926 	if (ret)
927 		goto out;
928 
929 	ret = build_changeset(ovcs);
930 	if (ret)
931 		goto out;
932 
933 	ret_revert = 0;
934 	ret = __of_changeset_apply_entries(&ovcs->cset, &ret_revert);
935 	if (ret) {
936 		if (ret_revert) {
937 			pr_debug("overlay changeset revert error %d\n",
938 				 ret_revert);
939 			devicetree_state_flags |= DTSF_APPLY_FAIL;
940 		}
941 		goto out;
942 	}
943 
944 	ret = __of_changeset_apply_notify(&ovcs->cset);
945 	if (ret)
946 		pr_err("overlay apply changeset entry notify error %d\n", ret);
947 	/* notify failure is not fatal, continue */
948 
949 	ret_tmp = overlay_notify(ovcs, OF_OVERLAY_POST_APPLY);
950 	if (ret_tmp)
951 		if (!ret)
952 			ret = ret_tmp;
953 
954 out:
955 	pr_debug("%s() err=%d\n", __func__, ret);
956 
957 	return ret;
958 }
959 
960 /**
961  * of_overlay_fdt_apply() - Create and apply an overlay changeset
962  * @overlay_fdt:	pointer to overlay FDT
963  * @overlay_fdt_size:	number of bytes in @overlay_fdt
964  * @ret_ovcs_id:	pointer for returning created changeset id
965  * @base:		pointer for the target node to apply overlay
966  *
967  * Creates and applies an overlay changeset.
968  *
969  * See of_overlay_apply() for important behavior information.
970  *
971  * Return: 0 on success, or a negative error number.  *@ret_ovcs_id is set to
972  * the value of overlay changeset id, which can be passed to of_overlay_remove()
973  * to remove the overlay.
974  *
975  * On error return, the changeset may be partially applied.  This is especially
976  * likely if an OF_OVERLAY_POST_APPLY notifier returns an error.  In this case
977  * the caller should call of_overlay_remove() with the value in *@ret_ovcs_id.
978  */
979 
980 int of_overlay_fdt_apply(const void *overlay_fdt, u32 overlay_fdt_size,
981 			 int *ret_ovcs_id, struct device_node *base)
982 {
983 	void *new_fdt;
984 	void *new_fdt_align;
985 	void *overlay_mem;
986 	int ret;
987 	u32 size;
988 	struct overlay_changeset *ovcs;
989 
990 	*ret_ovcs_id = 0;
991 
992 	if (devicetree_corrupt()) {
993 		pr_err("devicetree state suspect, refuse to apply overlay\n");
994 		return -EBUSY;
995 	}
996 
997 	if (overlay_fdt_size < sizeof(struct fdt_header) ||
998 	    fdt_check_header(overlay_fdt)) {
999 		pr_err("Invalid overlay_fdt header\n");
1000 		return -EINVAL;
1001 	}
1002 
1003 	size = fdt_totalsize(overlay_fdt);
1004 	if (overlay_fdt_size < size)
1005 		return -EINVAL;
1006 
1007 	ovcs = kzalloc(sizeof(*ovcs), GFP_KERNEL);
1008 	if (!ovcs)
1009 		return -ENOMEM;
1010 
1011 	of_overlay_mutex_lock();
1012 	mutex_lock(&of_mutex);
1013 
1014 	/*
1015 	 * ovcs->notify_state must be set to OF_OVERLAY_INIT before allocating
1016 	 * ovcs resources, implicitly set by kzalloc() of ovcs
1017 	 */
1018 
1019 	ovcs->id = idr_alloc(&ovcs_idr, ovcs, 1, 0, GFP_KERNEL);
1020 	if (ovcs->id <= 0) {
1021 		ret = ovcs->id;
1022 		goto err_free_ovcs;
1023 	}
1024 
1025 	INIT_LIST_HEAD(&ovcs->ovcs_list);
1026 	list_add_tail(&ovcs->ovcs_list, &ovcs_list);
1027 	of_changeset_init(&ovcs->cset);
1028 
1029 	/*
1030 	 * Must create permanent copy of FDT because of_fdt_unflatten_tree()
1031 	 * will create pointers to the passed in FDT in the unflattened tree.
1032 	 */
1033 	new_fdt = kmalloc(size + FDT_ALIGN_SIZE, GFP_KERNEL);
1034 	if (!new_fdt) {
1035 		ret = -ENOMEM;
1036 		goto err_free_ovcs;
1037 	}
1038 	ovcs->new_fdt = new_fdt;
1039 
1040 	new_fdt_align = PTR_ALIGN(new_fdt, FDT_ALIGN_SIZE);
1041 	memcpy(new_fdt_align, overlay_fdt, size);
1042 
1043 	overlay_mem = of_fdt_unflatten_tree(new_fdt_align, NULL,
1044 					    &ovcs->overlay_root);
1045 	if (!overlay_mem) {
1046 		pr_err("unable to unflatten overlay_fdt\n");
1047 		ret = -EINVAL;
1048 		goto err_free_ovcs;
1049 	}
1050 	ovcs->overlay_mem = overlay_mem;
1051 
1052 	ret = of_overlay_apply(ovcs, base);
1053 	/*
1054 	 * If of_overlay_apply() error, calling free_overlay_changeset() may
1055 	 * result in a memory leak if the apply partly succeeded, so do NOT
1056 	 * goto err_free_ovcs.  Instead, the caller of of_overlay_fdt_apply()
1057 	 * can call of_overlay_remove();
1058 	 */
1059 	*ret_ovcs_id = ovcs->id;
1060 	goto out_unlock;
1061 
1062 err_free_ovcs:
1063 	free_overlay_changeset(ovcs);
1064 
1065 out_unlock:
1066 	mutex_unlock(&of_mutex);
1067 	of_overlay_mutex_unlock();
1068 	return ret;
1069 }
1070 EXPORT_SYMBOL_GPL(of_overlay_fdt_apply);
1071 
1072 /*
1073  * Find @np in @tree.
1074  *
1075  * Returns 1 if @np is @tree or is contained in @tree, else 0
1076  */
1077 static int find_node(struct device_node *tree, struct device_node *np)
1078 {
1079 	if (tree == np)
1080 		return 1;
1081 
1082 	for_each_child_of_node_scoped(tree, child) {
1083 		if (find_node(child, np))
1084 			return 1;
1085 	}
1086 
1087 	return 0;
1088 }
1089 
1090 /*
1091  * Is @remove_ce_node a child of, a parent of, or the same as any
1092  * node in an overlay changeset more topmost than @remove_ovcs?
1093  *
1094  * Returns 1 if found, else 0
1095  */
1096 static int node_overlaps_later_cs(struct overlay_changeset *remove_ovcs,
1097 		struct device_node *remove_ce_node)
1098 {
1099 	struct overlay_changeset *ovcs;
1100 	struct of_changeset_entry *ce;
1101 
1102 	list_for_each_entry_reverse(ovcs, &ovcs_list, ovcs_list) {
1103 		if (ovcs == remove_ovcs)
1104 			break;
1105 
1106 		list_for_each_entry(ce, &ovcs->cset.entries, node) {
1107 			if (find_node(ce->np, remove_ce_node)) {
1108 				pr_err("%s: #%d overlaps with #%d @%pOF\n",
1109 					__func__, remove_ovcs->id, ovcs->id,
1110 					remove_ce_node);
1111 				return 1;
1112 			}
1113 			if (find_node(remove_ce_node, ce->np)) {
1114 				pr_err("%s: #%d overlaps with #%d @%pOF\n",
1115 					__func__, remove_ovcs->id, ovcs->id,
1116 					remove_ce_node);
1117 				return 1;
1118 			}
1119 		}
1120 	}
1121 
1122 	return 0;
1123 }
1124 
1125 /*
1126  * We can safely remove the overlay only if it's the top-most one.
1127  * Newly applied overlays are inserted at the tail of the overlay list,
1128  * so a top most overlay is the one that is closest to the tail.
1129  *
1130  * The topmost check is done by exploiting this property. For each
1131  * affected device node in the log list we check if this overlay is
1132  * the one closest to the tail. If another overlay has affected this
1133  * device node and is closest to the tail, then removal is not permitted.
1134  */
1135 static int overlay_removal_is_ok(struct overlay_changeset *remove_ovcs)
1136 {
1137 	struct of_changeset_entry *remove_ce;
1138 
1139 	list_for_each_entry(remove_ce, &remove_ovcs->cset.entries, node) {
1140 		if (node_overlaps_later_cs(remove_ovcs, remove_ce->np)) {
1141 			pr_err("overlay #%d is not topmost\n", remove_ovcs->id);
1142 			return 0;
1143 		}
1144 	}
1145 
1146 	return 1;
1147 }
1148 
1149 /**
1150  * of_overlay_remove() - Revert and free an overlay changeset
1151  * @ovcs_id:	Pointer to overlay changeset id
1152  *
1153  * Removes an overlay if it is permissible.  @ovcs_id was previously returned
1154  * by of_overlay_fdt_apply().
1155  *
1156  * If an error occurred while attempting to revert the overlay changeset,
1157  * then an attempt is made to re-apply any changeset entry that was
1158  * reverted.  If an error occurs on re-apply then the state of the device
1159  * tree can not be determined, and any following attempt to apply or remove
1160  * an overlay changeset will be refused.
1161  *
1162  * A non-zero return value will not revert the changeset if error is from:
1163  *   - parameter checks
1164  *   - overlay changeset pre-remove notifier
1165  *   - overlay changeset entry revert
1166  *
1167  * If an error is returned by an overlay changeset pre-remove notifier
1168  * then no further overlay changeset pre-remove notifier will be called.
1169  *
1170  * If more than one notifier returns an error, then the last notifier
1171  * error to occur is returned.
1172  *
1173  * A non-zero return value will revert the changeset if error is from:
1174  *   - overlay changeset entry notifier
1175  *   - overlay changeset post-remove notifier
1176  *
1177  * If an error is returned by an overlay changeset post-remove notifier
1178  * then no further overlay changeset post-remove notifier will be called.
1179  *
1180  * Return: 0 on success, or a negative error number.  *@ovcs_id is set to
1181  * zero after reverting the changeset, even if a subsequent error occurs.
1182  */
1183 int of_overlay_remove(int *ovcs_id)
1184 {
1185 	struct overlay_changeset *ovcs;
1186 	int ret, ret_apply, ret_tmp;
1187 
1188 	if (devicetree_corrupt()) {
1189 		pr_err("suspect devicetree state, refuse to remove overlay\n");
1190 		ret = -EBUSY;
1191 		goto out;
1192 	}
1193 
1194 	mutex_lock(&of_mutex);
1195 
1196 	ovcs = idr_find(&ovcs_idr, *ovcs_id);
1197 	if (!ovcs) {
1198 		ret = -ENODEV;
1199 		pr_err("remove: Could not find overlay #%d\n", *ovcs_id);
1200 		goto err_unlock;
1201 	}
1202 
1203 	if (!overlay_removal_is_ok(ovcs)) {
1204 		ret = -EBUSY;
1205 		goto err_unlock;
1206 	}
1207 
1208 	ret = overlay_notify(ovcs, OF_OVERLAY_PRE_REMOVE);
1209 	if (ret)
1210 		goto err_unlock;
1211 
1212 	ret_apply = 0;
1213 	ret = __of_changeset_revert_entries(&ovcs->cset, &ret_apply);
1214 	if (ret) {
1215 		if (ret_apply)
1216 			devicetree_state_flags |= DTSF_REVERT_FAIL;
1217 		goto err_unlock;
1218 	}
1219 
1220 	ret = __of_changeset_revert_notify(&ovcs->cset);
1221 	if (ret)
1222 		pr_err("overlay remove changeset entry notify error %d\n", ret);
1223 	/* notify failure is not fatal, continue */
1224 
1225 	*ovcs_id = 0;
1226 
1227 	/*
1228 	 * Note that the overlay memory will be kfree()ed by
1229 	 * free_overlay_changeset() even if the notifier for
1230 	 * OF_OVERLAY_POST_REMOVE returns an error.
1231 	 */
1232 	ret_tmp = overlay_notify(ovcs, OF_OVERLAY_POST_REMOVE);
1233 	if (ret_tmp)
1234 		if (!ret)
1235 			ret = ret_tmp;
1236 
1237 	free_overlay_changeset(ovcs);
1238 
1239 err_unlock:
1240 	/*
1241 	 * If jumped over free_overlay_changeset(), then did not kfree()
1242 	 * overlay related memory.  This is a memory leak unless a subsequent
1243 	 * of_overlay_remove() of this overlay is successful.
1244 	 */
1245 	mutex_unlock(&of_mutex);
1246 
1247 out:
1248 	pr_debug("%s() err=%d\n", __func__, ret);
1249 
1250 	return ret;
1251 }
1252 EXPORT_SYMBOL_GPL(of_overlay_remove);
1253 
1254 /**
1255  * of_overlay_remove_all() - Reverts and frees all overlay changesets
1256  *
1257  * Removes all overlays from the system in the correct order.
1258  *
1259  * Return: 0 on success, or a negative error number
1260  */
1261 int of_overlay_remove_all(void)
1262 {
1263 	struct overlay_changeset *ovcs, *ovcs_n;
1264 	int ret;
1265 
1266 	/* the tail of list is guaranteed to be safe to remove */
1267 	list_for_each_entry_safe_reverse(ovcs, ovcs_n, &ovcs_list, ovcs_list) {
1268 		ret = of_overlay_remove(&ovcs->id);
1269 		if (ret)
1270 			return ret;
1271 	}
1272 
1273 	return 0;
1274 }
1275 EXPORT_SYMBOL_GPL(of_overlay_remove_all);
1276