lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <102ca277-d404-902d-3254-e3ff787c232c@gmail.com>
Date:   Tue, 19 Jan 2021 10:34:59 -0600
From:   Frank Rowand <frowand.list@...il.com>
To:     Viresh Kumar <viresh.kumar@...aro.org>,
        Pantelis Antoniou <pantelis.antoniou@...sulko.com>,
        Rob Herring <robh+dt@...nel.org>
Cc:     devicetree@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-kbuild@...r.kernel.org,
        Vincent Guittot <vincent.guittot@...aro.org>,
        Bill Mills <bill.mills@...aro.org>, anmar.oueja@...aro.org
Subject: Re: [PATCH V2 2/2] scripts: dtc: Build fdtoverlay and fdtdump tools

On 1/19/21 10:28 AM, Frank Rowand wrote:
> On 1/6/21 11:15 PM, Viresh Kumar wrote:
>> We will start building overlays for platforms soon in the kernel and
>> would need these tools going forward. Lets start building them.
>>
>> Signed-off-by: Viresh Kumar <viresh.kumar@...aro.org>
>> ---
>>  scripts/dtc/Makefile | 8 +++++++-
>>  1 file changed, 7 insertions(+), 1 deletion(-)
>>
>> diff --git a/scripts/dtc/Makefile b/scripts/dtc/Makefile
>> index 4852bf44e913..c607980a5c17 100644
>> --- a/scripts/dtc/Makefile
>> +++ b/scripts/dtc/Makefile
>> @@ -1,12 +1,18 @@
>>  # SPDX-License-Identifier: GPL-2.0
>>  # scripts/dtc makefile
>>  
>> -hostprogs-always-$(CONFIG_DTC)		+= dtc
>> +hostprogs-always-$(CONFIG_DTC)		+= dtc fdtdump fdtoverlay
>>  hostprogs-always-$(CHECK_DT_BINDING)	+= dtc
>>  
>>  dtc-objs	:= dtc.o flattree.o fstree.o data.o livetree.o treesource.o \
>>  		   srcpos.o checks.o util.o
>>  dtc-objs	+= dtc-lexer.lex.o dtc-parser.tab.o
>> +fdtdump-objs	:= fdtdump.o util.o
>> +
> 
> # The upstream project builds libfdt as a separate library.  We are choosing to
> # instead directly link the libfdt object files into fdtoverly
> 
>> +libfdt_dir	= libfdt
>> +libfdt-objs	:= fdt.o fdt_ro.o fdt_wip.o fdt_sw.o fdt_rw.o fdt_strerror.o fdt_empty_tree.o fdt_addresses.o fdt_overlay.o
>> +libfdt		= $(addprefix $(libfdt_dir)/,$(libfdt-objs))
>> +fdtoverlay-objs	:= $(libfdt) fdtoverlay.o util.o
>>  
>>  # Source files need to get at the userspace version of libfdt_env.h to compile
>>  HOST_EXTRACFLAGS += -I $(srctree)/$(src)/libfdt
>>
> 
> In general, I am a proponent of using shared libraries (which the upstream project
> builds by default) because if a security bug in the library is fixed, it is fixed
> for all users of the library.
> 
> In this specific case, I actually prefer the implementation that the patch provides
> (directly linking the library object files into fdtoverlay, which uses the library)
> because it is the only user of the library _and_ fdtoverlay will not inadvertently
> use the system wide libfdt if it happens to be installed (as it is on my system).
> 
> Any thoughts on this Rob?

I see that this patch series is up to v4, so I commented in the wrong place.
I will repeat this comment in the v4 series.

> 
> -Frank
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ