On Thu, Feb 20, 2020 at 02:45:52PM -0700, Simon Glass wrote:
> Support ASSUME_VALID_DTB to disable some sanity checks
>
> If we assume that the DTB itself is valid then we can skip some checks and
> save code space. Add various conditions to handle this.
>
> Signed-off-by: Simon Glass <sjg@xxxxxxxxxxxx>
A couple of things to fix in followup:
> diff --git a/libfdt/fdt_ro.c b/libfdt/fdt_ro.c
> index a5c2797..4c26fbe 100644
> --- a/libfdt/fdt_ro.c
> +++ b/libfdt/fdt_ro.c
> @@ -388,7 +388,8 @@ static const struct fdt_property *fdt_get_property_namelen_(const void *fdt,
> (offset = fdt_next_property_offset(fdt, offset))) {
> const struct fdt_property *prop;
>
> - if (!(prop = fdt_get_property_by_offset_(fdt, offset, lenp))) {
> + prop = fdt_get_property_by_offset_(fdt, offset, lenp);
> + if (!can_assume(VALID_DTB) && !prop) {
Again, eliding checks that lead to FDT_ERR_INTERNAL could be split
out. Basically if they ever trip, we already have a libfdt bug.
We could maybe gate them under #ifndef NDEBUG, since they are
effectively assert()s?
> offset = -FDT_ERR_INTERNAL;
> break;
> }
> diff --git a/libfdt/fdt_rw.c b/libfdt/fdt_rw.c
> index 8795947..707c00a 100644
> --- a/libfdt/fdt_rw.c
> +++ b/libfdt/fdt_rw.c
> @@ -24,6 +24,8 @@ static int fdt_blocks_misordered_(const void *fdt,
>
> static int fdt_rw_probe_(void *fdt)
> {
> + if (can_assume(VALID_DTB))
> + return 0;
> FDT_RO_PROBE(fdt);
>
> if (fdt_version(fdt) < 17)
> diff --git a/libfdt/fdt_sw.c b/libfdt/fdt_sw.c
> index 76bea22..352193c 100644
> --- a/libfdt/fdt_sw.c
> +++ b/libfdt/fdt_sw.c
> @@ -12,10 +12,13 @@
>
> static int fdt_sw_probe_(void *fdt)
> {
> - if (fdt_magic(fdt) == FDT_MAGIC)
> - return -FDT_ERR_BADSTATE;
> - else if (fdt_magic(fdt) != FDT_SW_MAGIC)
> - return -FDT_ERR_BADMAGIC;
> + if (!can_assume(VALID_DTB)) {
> + if (fdt_magic(fdt) == FDT_MAGIC)
> + return -FDT_ERR_BADSTATE;
> + else if (fdt_magic(fdt) != FDT_SW_MAGIC)
> + return -FDT_ERR_BADMAGIC;
> + }
> +
> return 0;
> }
>
> @@ -38,7 +41,7 @@ static int fdt_sw_probe_memrsv_(void *fdt)
> if (err)
> return err;
>
> - if (fdt_off_dt_strings(fdt) != 0)
> + if (!can_assume(VALID_DTB) && fdt_off_dt_strings(fdt) != 0)
> return -FDT_ERR_BADSTATE;
Hrm. I think checks leading to FDT_ERR_BADSTATE should be moved under
VALID_INPUT rather than VALID_DTB. They're generally about using the
fdt_sw functions in the wrong order, so they're not really about the
initial dtb input we're working with. In fact with the sw functions,
there *isn't* an initial dt, since they're about building one from
scratch.
They're about "input" in the sense that they're about how the library
is invoked during an indivudual "session".
> return 0;
> }
> @@ -151,7 +154,8 @@ int fdt_resize(void *fdt, void *buf, int bufsize)
> headsize = fdt_off_dt_struct(fdt) + fdt_size_dt_struct(fdt);
> tailsize = fdt_size_dt_strings(fdt);
>
> - if ((headsize + tailsize) > fdt_totalsize(fdt))
> + if (!can_assume(VALID_DTB) &&
> + headsize + tailsize > fdt_totalsize(fdt))
> return -FDT_ERR_INTERNAL;
>
> if ((headsize + tailsize) > bufsize)
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
Attachment:
signature.asc
Description: PGP signature
