On 12/05/17 11:55, Alan Tull wrote: > On Thu, Nov 30, 2017 at 6:18 AM, Frank Rowand <frowand.list@xxxxxxxxx> wrote: >> On 11/29/17 08:31, Rob Herring wrote: >>> On Wed, Nov 29, 2017 at 3:20 AM, Frank Rowand <frowand.list@xxxxxxxxx> wrote: >>>> On 11/27/17 15:58, Alan Tull wrote: >>>>> Here's a proposal for a whitelist to lock down the dynamic device tree. >>>>> >>>>> For an overlay to be accepted, all of its targets are required to be >>>>> on a target node whitelist. >>>>> >>>>> Currently the only way I have to get on the whitelist is calling a >>>>> function to add a node. That works for fpga regions, but I think >>>>> other uses will need a way of having adding specific nodes from the >>>>> base device tree, such as by adding a property like 'allow-overlay;' >>>>> or 'allow-overlay = "okay";' If that is acceptable, I could use some >>>>> advice on where that particular code should go. >>>>> >>>>> Alan >>>>> >>>>> Alan Tull (2): >>>>> of: overlay: add whitelist >>>>> fpga: of region: add of-fpga-region to whitelist >>>>> >>>>> drivers/fpga/of-fpga-region.c | 9 ++++++ >>>>> drivers/of/overlay.c | 73 +++++++++++++++++++++++++++++++++++++++++++ >>>>> include/linux/of.h | 12 +++++++ >>>>> 3 files changed, 94 insertions(+) >>>>> >>>> >>>> The plan was to use connectors to restrict where an overlay could be applied. >>>> I would prefer not to have multiple methods for accomplishing the same thing >>>> unless there is a compelling reason to do so. >>> >>> Connector nodes need a mechanism to enable themselves, too. I don't >>> think connector nodes are going to solve every usecase. >>> >>> Rob >>> >> >> The overlay code related to connectors does not exist yet, so my comment >> is going to be theoretical. >> >> I would expect the overlay code to check that the target of the overlay >> fragment is a connector node, so there is no need to explicitly "enable" >> applying an overlay to a connector node. > > This will depend on how connectors are implemented. My proposal in v1 > is that device nodes can have a flag bit. If its not set, then an > overlay that contains fragments that target that node can't be > applied. There's probably other ways a connector node could be marked > as different from other nodes, but a flag bit seems simple. The > advantage to this scheme is that it gives me something I can use while > connectors don't exist yet and it will still will be useful later for > the implementation of connectors (giving connector drivers a way of > marking their device nodes as valid targets). I think it is premature to add this code to the kernel when we don't have an agreed upon architecture for what we are trying to achieve. > >> >> -Frank > -- To unsubscribe from this list: send the line "unsubscribe devicetree" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
