Since v1.4.6 libfdt has gained a number of checks for incorrect device-tree input and incorrect parameters. These are valuable and should be enabled by default. Some are basic sanity checks and some are designed to avoid security risks with carefully crafted device-tree input. However the checks have added to code size to such an extent that many U-Boot boards can no-longer build/boot in SPL. This has prevented recent versions of libfdt from being used by U-Boot. U-Boot SPL generally reads a device tree which has been set up by the build system and is known to be correct (e.g. it may be cryptographically signed by the build system). Therefore santiy checks in SPL should never fail, and just contribute to longer run-time and larger code size. During review of those patches[1] the code-size impact was discussed and a possible solution was suggested. This series adds a new CHECK_MASK option, which allows for some control over the checks used in libfdt. With no checks enabled, libfdt assumes that the input data and parameters are all correct and that internal errors cannot happen. This allows U-Boot SPL to continue to use later versions of libfdt. Within the code, inline functions are used which resolve to true or false to control the use of checks in the code. This seems better than using ensures that all code is compiled regardless of which checks are enabled (useful for build coverage). This series reduces the size of libfdt by about 3KB on 64-bit x86 (about 6%) when all sanity checks are disabled. Future work could probably reduce this further, but this is a good start. Note: libfdt includes a number of assignments in conditional statements. I have only changed these where necessary. It might be desirable to remove them all, to reduce the output from checkpatch.pl. Series available at https://github.com/sglass68/dtc/tree/small2 [1] https://www.spinics.net/lists/devicetree-compiler/msg02166.html Changes in v2: - Add a comment to fdt_find_add_string_() - Add an fdt_ prefix to avoid namespace conflicts - Correct inverted version checks in a few cases - Drop optimised code path in fdt_nodename_eq_() - Update to use new check functions - Use fdt_chk_base() in fdt_blocks_misordered_() - Use symbolic names for _check functions and drop leading underscores Simon Glass (6): Add a way to control the level of checks in the code libfdt: Allow control of checks in fdt.c libfdt: Allow control of checks in fdt_ro.c libfdt: Allow control of checks in fdt_rw.c libfdt: Allow control of checks in fdt_sw.c libfdt: Allow control of FDT_RO_PROBE Makefile | 6 ++- libfdt/fdt.c | 91 +++++++++++++++++++++++----------------- libfdt/fdt_ro.c | 84 ++++++++++++++++++++++--------------- libfdt/fdt_rw.c | 30 +++++++++---- libfdt/fdt_sw.c | 27 +++++++----- libfdt/libfdt.h | 50 +++++++++++++++++++++- libfdt/libfdt_internal.h | 7 +++- 7 files changed, 203 insertions(+), 92 deletions(-) -- 2.22.0.770.g0f2c4a37fd-goog
