lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAL_Jsq+NkV1-yrWKrP+OAChekMV81h2hk12xADkeGUvmwi9DgQ@mail.gmail.com>
Date:   Wed, 20 Jan 2021 09:47:32 -0600
From:   Rob Herring <robh+dt@...nel.org>
To:     Frank Rowand <frowand.list@...il.com>
Cc:     Viresh Kumar <viresh.kumar@...aro.org>,
        Pantelis Antoniou <pantelis.antoniou@...sulko.com>,
        devicetree@...r.kernel.org,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
        Vincent Guittot <vincent.guittot@...aro.org>,
        Bill Mills <bill.mills@...aro.org>,
        Anmar Oueja <anmar.oueja@...aro.org>,
        Masahiro Yamada <masahiroy@...nel.org>
Subject: Re: [PATCH V4 2/3] scripts: dtc: Build fdtoverlay tool

On Tue, Jan 19, 2021 at 12:28 PM Frank Rowand <frowand.list@...il.com> wrote:
>
> Hi Viresh,
>
> I made these comments in the v2 patch series.  I am copying them here since
> this is the current version.
>
> On 1/12/21 2:29 AM, Viresh Kumar wrote:
> > We will start building overlays for platforms soon in the kernel and
> > would need fdtoverlay going forward. Lets start building it.
> >
> > The fdtoverlay program applies (or merges) one ore more overlay dtb
> > blobs to a base dtb blob. The kernel build system would later use
> > fdtoverlay to generate the overlaid blobs based on platform specific
> > configurations.
> >
> > Signed-off-by: Viresh Kumar <viresh.kumar@...aro.org>
> > ---
> >  scripts/dtc/Makefile | 6 +++++-
> >  1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/scripts/dtc/Makefile b/scripts/dtc/Makefile
> > index 4852bf44e913..5f19386a49eb 100644
> > --- a/scripts/dtc/Makefile
> > +++ b/scripts/dtc/Makefile
> > @@ -1,13 +1,17 @@
> >  # SPDX-License-Identifier: GPL-2.0
> >  # scripts/dtc makefile
> >
> > -hostprogs-always-$(CONFIG_DTC)               += dtc
> > +hostprogs-always-$(CONFIG_DTC)               += dtc fdtoverlay
> >  hostprogs-always-$(CHECK_DT_BINDING) += dtc
> >
> >  dtc-objs     := dtc.o flattree.o fstree.o data.o livetree.o treesource.o \
> >                  srcpos.o checks.o util.o
> >  dtc-objs     += dtc-lexer.lex.o dtc-parser.tab.o
> >
>
> # The upstream project builds libfdt as a separate library.  We are choosing to
> # instead directly link the libfdt object files into fdtoverly
>
> > +libfdt-objs  := fdt.o fdt_ro.o fdt_wip.o fdt_sw.o fdt_rw.o fdt_strerror.o fdt_empty_tree.o fdt_addresses.o fdt_overlay.o
> > +libfdt               = $(addprefix libfdt/,$(libfdt-objs))
> > +fdtoverlay-objs      := $(libfdt) fdtoverlay.o util.o
> > +
> >  # Source files need to get at the userspace version of libfdt_env.h to compile
> >  HOST_EXTRACFLAGS += -I $(srctree)/$(src)/libfdt
> >
> >
>
> In general, I am a proponent of using shared libraries (which the upstream project
> builds by default) because if a security bug in the library is fixed, it is fixed
> for all users of the library.
>
> In this specific case, I actually prefer the implementation that the patch provides
> (directly linking the library object files into fdtoverlay, which uses the library)
> because it is the only user of the library _and_ fdtoverlay will not inadvertently
> use the system wide libfdt if it happens to be installed (as it is on my system).
>
> Any thoughts on this Rob?

I agree. No point in complicating the build to do a library.

Rob

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ