| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Aug 2017 11:15:43 -0700
From: Frank Rowand <frowand.list@...il.com>
To: Tom Rini <trini@...sulko.com>
Cc: devicetree@...r.kernel.org, Tero Kristo <t-kristo@...com>,
Nishanth Menon <nm@...com>,
Tomi Valkeinen <tomi.valkeinen@...com>,
Sekhar Nori <nsekhar@...com>, Rob Herring <robh+dt@...nel.org>,
Masahiro Yamada <yamada.masahiro@...ionext.com>,
Michal Marek <mmarek@...e.com>,
Pantelis Antoniou <pantelis.antoniou@...sulko.com>,
linux-kernel@...r.kernel.org, linux-kbuild@...r.kernel.org
Subject: Re: [PATCH] devicetree: Enable generation of __symbols__ in all dtb
files
On 08/16/17 08:09, Tom Rini wrote:
> On Tue, Aug 15, 2017 at 08:22:01PM -0700, Frank Rowand wrote:
>> On 08/15/17 17:42, Tom Rini wrote:
>>> On Tue, Aug 15, 2017 at 04:50:40PM -0700, Frank Rowand wrote:
>>>> On 08/15/17 14:15, Tom Rini wrote:
>>>>> With support for stacked overlays being part of libfdt it is now
>>>>> possible and likely that overlays which require __symbols__ will be
>>>>> applied to the dtb files generated by the kernel. This is done by
>>>>> passing -@ to dtc. This does increase the filesize (and resident memory
>>>>> usage) based on the number of __symbol__ entries added to match the
>>>>> contents of the dts.
>>>>>
>>>>> Cc: Rob Herring <robh+dt@...nel.org>
>>>>> Cc: Frank Rowand <frowand.list@...il.com>
>>>>> Cc: Masahiro Yamada <yamada.masahiro@...ionext.com>
>>>>> Cc: Michal Marek <mmarek@...e.com>
>>>>> Cc: Pantelis Antoniou <pantelis.antoniou@...sulko.com>
>>>>> Cc: devicetree@...r.kernel.org
>>>>> Cc: linux-kernel@...r.kernel.org
>>>>> CC: linux-kbuild@...r.kernel.org
>>>>> Signed-off-by: Tom Rini <trini@...sulko.com>
>>>>> ---
>>>>> In order for a dtb file to be useful with all types of overlays, it
>>>>> needs to be generated with the -@ flag passed to dtc so that __symbols__
>>>>> are generated. This however is not free, and increases the resulting
>>>>> dtb file by up to approximately 50% today. In the current worst case
>>>>> this is moving from 88KiB to 133KiB. In talking with Frank about this,
>>>>> he outlined 3 possible ways (with the 4th option of something else
>>>>> entirely).
>>>>>
>>>>> 1. Make passing -@ to dtc be dependent upon some CONFIG symbol.
>>>>> 2. In the kernel, if the kernel does not have overlay support, discard
>>>>> the __symbols__ information that we've been passed.
>>>>> 3. Have the bootloader pass in, or not, __symbols__ information.
>>>>
>>>> I also was hoping that other people might have ideas for additional
>>>> approaches.
>>>
>>> Yes, please.
>>>
>>>>> This patch is an attempt to implement something between the 3rd option
>>>>> and a different, 4th option. Frank was thinking that we might introduce
>>>>> a new symbol to control generation of __symbol__ information for option
>>>>> 1. I think this gets the usage backwards and will lead to confusion
>>>>> among users and developers.
>>>>>
>>>>> My proposal is that we do not want __symbols__ existence to be dependent
>>>>> on some part of the kernel configuration for a number of reasons.
>>>>> First, this is out of step with the rest of how dtbs are created today
>>>>> and more importantly, thought about. Today, all dtb content is
>>>>> independent of CONFIG options. If you build a dtb from a given kernel
>>>>> tree, everyone will agree on the result. This is part of the "contract"
>>>>> on passing old kernels and new dtb files even.
>>>>
>>>> I hope that dtb contents are independent of CONFIG options, but I don't
>>>> feel confident is stating that there is not such dependency. (Of course,
>>>> whether to build a dtb can be dependent on a CONFIG option in the Makefile,
>>>> but that is not the same concept.)
>>>>
>>>> The only existing rule that I am aware of that helps avoid a dts dependency
>>>> on kernel CONFIG options is that included files can not be from general kernel
>>>> header files; they must be in include/dt-bindings/.
>>>
>>> I'm fairly certain for in-kernel stuff at least, the assumption is
>>> correct.
>>>
>>>> Should we add text to Documentation/devicetree/bindings/submitting-patches.txt
>>>> that explicitly states that dts files are not allowed to contain any
>>>> dependency on kernel CONFIG options?
>>>
>>> Certainly can't hurt.
>>>
>>>>> Second, I think this is out of step with how a lot of overlay usage will
>>>>> occur. My thinking is that with maximally useful overlays being
>>>>> available in mainline, lots of use-cases that we have today that result
>>>>> in a number of DTS files being included can become just overlays. This
>>>>
>>>> I disagree with this. My _opinion_ is that overlays should be the exception,
>>>> not the common case. Overlays require extra complexity in the various
>>>> subsystems that interact with device trees. For an overlay to work, these
>>>> subsystems must be able to react to changes made to the device tree by
>>>> an overlay. The current mechanism is via notifiers, which only exist
>>>> for a few subsystems.
>>>
>>> Ah. Now, I can't blame you for thinking with your kernel hat on, but,
>>> you're thinking with your kernel hat on :) (And taking mine off for a
>>> minute is why I changed my mind between when we talked on IRC, and what
>>> I posted). Kernel run-time apply an overlay has various use cases that
>>> I don't want to discount, but don't want to try and go in detail on
>>> either.
>>>
>>> At heart, one of the issues here is that the Linux kernel is the
>>> authoritative source of dts and dtb files. Assembling a dtb and N
>>> overlays at some point prior to booting Linux, in order to give it a
>>> complete and valid system is going to be a common case. Even setting
>>
>> Yes. When discussing overlay issues and technologies we should be very
>> clear about whether the context is post-boot run time loading of an
>> overlay or using overlays applied on top of a base dtb to create a
>> dtb to be fed to the kernel for booting. These are very different
>> domains.
>>
>> For the case of constructing a boot time dtb from a base dtb and one
>> or more overlays my primary concerns are related to the complexity
>> (and again fragility) of the approach. It is already quite difficult
>> to read source dts files and dts include files and determine what the
>> final dtb will contain. This has been the motivation for several of
>> my debugging tools. Adding overlays to the mix will increase the
>> complexity of understanding the final product (dtb), where the
>> individual items originated, and what component to modify to result
>> in a change to the final product. It will add the further challenge
>> that applying overlays in different orders may result in different
>> final dtbs (depending on how strict the rules for applying an overlay
>> are). I agree that this technology has some valuable upsides and
>> use cases, but I also fear the negative impacts. The trick lies
>> in finding a way to meet the technology needs in a manner that
>> successfully balances the costs and the benefits.
>>
>> I mentioned my concerns about the robustness of overlays applied to
>> a running Linux system in another reply. It seems to me that
>> applying overlays pre-boot is more robust as far as the driver and
>> subsystem initialization is concerned, because the normal boot
>> path will be used to process the resulting dtb instead of using
>> an overlay loading path in the kernel.
>>
>>
>>> aside all of the hobbyist board families out there, SoMs are a big
>>> thing. Eval modules are a big thing. This turns not just enabling
>>> these as a vendor but using them as a developer into a much less error
>>> prone system.
>>
>> If I understand the eval modules concept, then using overlays to
>> develop and test device tree changes is somewhat analogous to using
>> kernel modules to develop and test drivers. Yes, this may make
>> some device tree source development more efficient. And in other
>> cases may actually make it less efficient. I don't see the impact
>> as being very large one direction or the other.
>>
>>
>>> To try and re-state my rational, if the Linux kernel needs some
>>> safe-guards or other mechanisms to restrict what can be done on top of
>>> OF_OVERLAY (which is not widely enabled in mainline), OK, that's
>>> certainly a discussion to have and think about implications of. But,
>>> the Linux kernel is the producer of most dtbs that will be consumed by a
>>> variety of platforms. I feel it needs to generate the dtb that can be
>>> used for all consumers, since it is the source of these resources.
>>
>> This has gone far off topic from the original issue you brought up,
>> which is how, in the context of the Linux kernel build environment, to
>> enable building a base dtb that contains the symbols that are needed to
>> load an overlay. Can we return to the base topic? And if anyone wants
>> to discuss the other issues start a new thread?
>
> Well, how about this? There certainly should be some discussion about
> how in the context of the Linux kernel run-time, the various impacts of
> overlays need to be handled. But for out of kernel pre-boot cases, I
> believe __symbols__ always is the only answer that won't bring everyone
> more pain down the line. What needs to happen before we can get to that
> point, since the Linux kernel is the gate-keeper to how dtbs are built?
And I believe the opposite. Symbols should only be included in a dtb if
there is an expectation they will be useful for that specific dtb. I
see overlays as being useful in a minority of cases, not the majority.
Powered by blists - more mailing lists