On 10/27/19 4:47 PM, Simon Glass wrote:
For better or worse libfdt recent grew a lot of code that checks the validity of the device tree in great detail. When using unsigned or unverified data this makes things safer, but it does add to code size.
Add some controls to select the trade-off between safety and code size.
Signed-off-by: Simon Glass sjg@chromium.org
lib/Kconfig | 33 +++++++++++++++++++++++++++++++++ lib/libfdt/Makefile | 3 ++- 2 files changed, 35 insertions(+), 1 deletion(-)
diff --git a/lib/Kconfig b/lib/Kconfig index 135f0b372b..b8a8509d72 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -464,6 +464,17 @@ config OF_LIBFDT particular compatible nodes. The library operates on a flattened version of the device tree.
+config OF_LIBFDT_ASSUME_MASK
- hex "Mask of conditions to assume for libfdt"
- depends on OF_LIBFDT || FIT
- default 0
- help
Use this to change the assumptions made by libfdt about thedevice tree it is working with. A value of 0 means that no assumptionsare made, and libfdt is able to deal with malicious data. A value of
What do you mean by malicious here?
The checks in libfdt are about inconsistent FDT files. But they would not discover malicious settings like a destructive voltage or frequency.
Would FDT_ASSUME_SANE match what we have been checking up to now? Why not use 1 as the default here to reduce the code size of U-Boot?
0xff means all assumptions are made and any invalid data may causeunsafe execution. See FDT_ASSUME_PERFECT, etc. in libfdt_internal.h- config OF_LIBFDT_OVERLAY bool "Enable the FDT library overlay support" depends on OF_LIBFDT
@@ -481,6 +492,17 @@ config SPL_OF_LIBFDT particular compatible nodes. The library operates on a flattened version of the device tree.
+config SPL_OF_LIBFDT_ASSUME_MASK
- hex "Mask of conditions to assume for libfdt"
- depends on SPL_OF_LIBFDT || FIT
- default 0xff
On some devices the device tree is provided by the device (e.g. QEMU). Is it wise to set FDT_ASSUME_LATEST in this case?
Best regards
Heinrich
- help
Use this to change the assumptions made by libfdt in SPL about thedevice tree it is working with. A value of 0 means that no assumptionsare made, and libfdt is able to deal with malicious data. A value of0xff means all assumptions are made and any invalid data may causeunsafe execution. See FDT_ASSUME_PERFECT, etc. in libfdt_internal.h- config TPL_OF_LIBFDT bool "Enable the FDT library for TPL" default y if TPL_OF_CONTROL
@@ -491,6 +513,17 @@ config TPL_OF_LIBFDT particular compatible nodes. The library operates on a flattened version of the device tree.
+config TPL_OF_LIBFDT_ASSUME_MASK
- hex "Mask of conditions to assume for libfdt"
- depends on TPL_OF_LIBFDT || FIT
- default 0xff
- help
Use this to change the assumptions made by libfdt in TPL about thedevice tree it is working with. A value of 0 means that no assumptionsare made, and libfdt is able to deal with malicious data. A value of0xff means all assumptions are made and any invalid data may causeunsafe execution. See FDT_ASSUME_PERFECT, etc. in libfdt_internal.h- config FDT_FIXUP_PARTITIONS bool "overwrite MTD partitions in DTS through defined in 'mtdparts'" depends on OF_LIBFDT
diff --git a/lib/libfdt/Makefile b/lib/libfdt/Makefile index ef5b6e29d4..5d3ae4e2f1 100644 --- a/lib/libfdt/Makefile +++ b/lib/libfdt/Makefile @@ -22,4 +22,5 @@ obj-y += fdt_ro.o # U-Boot own file obj-y += fdt_region.o
-ccflags-y := -I$(srctree)/scripts/dtc/libfdt +ccflags-y := -I$(srctree)/scripts/dtc/libfdt \
- -DFDT_ASSUME_MASK=$(CONFIG_$(SPL_TPL_)OF_LIBFDT_ASSUME_MASK)