1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Functions for working with device tree overlays
4  *
5  * Copyright (C) 2012 Pantelis Antoniou <panto@antoniou-consulting.com>
6  * Copyright (C) 2012 Texas Instruments Inc.
7  */
8 
9 #define pr_fmt(fmt)	"OF: overlay: " fmt
10 
11 #include <linux/kernel.h>
12 #include <linux/module.h>
13 #include <linux/of.h>
14 #include <linux/of_device.h>
15 #include <linux/of_fdt.h>
16 #include <linux/string.h>
17 #include <linux/ctype.h>
18 #include <linux/errno.h>
19 #include <linux/slab.h>
20 #include <linux/libfdt.h>
21 #include <linux/err.h>
22 #include <linux/idr.h>
23 
24 #include "of_private.h"
25 
26 /**
27  * struct fragment - info about fragment nodes in overlay expanded device tree
28  * @target:	target of the overlay operation
29  * @overlay:	pointer to the __overlay__ node
30  */
31 struct fragment {
32 	struct device_node *target;
33 	struct device_node *overlay;
34 };
35 
36 /**
37  * struct overlay_changeset
38  * @id:			changeset identifier
39  * @ovcs_list:		list on which we are located
40  * @fdt:		FDT that was unflattened to create @overlay_tree
41  * @overlay_tree:	expanded device tree that contains the fragment nodes
42  * @count:		count of fragment structures
43  * @fragments:		fragment nodes in the overlay expanded device tree
44  * @symbols_fragment:	last element of @fragments[] is the  __symbols__ node
45  * @cset:		changeset to apply fragments to live device tree
46  */
47 struct overlay_changeset {
48 	int id;
49 	struct list_head ovcs_list;
50 	const void *fdt;
51 	struct device_node *overlay_tree;
52 	int count;
53 	struct fragment *fragments;
54 	bool symbols_fragment;
55 	struct of_changeset cset;
56 };
57 
58 /* flags are sticky - once set, do not reset */
59 static int devicetree_state_flags;
60 #define DTSF_APPLY_FAIL		0x01
61 #define DTSF_REVERT_FAIL	0x02
62 
63 /*
64  * If a changeset apply or revert encounters an error, an attempt will
65  * be made to undo partial changes, but may fail.  If the undo fails
66  * we do not know the state of the devicetree.
67  */
devicetree_corrupt(void)68 static int devicetree_corrupt(void)
69 {
70 	return devicetree_state_flags &
71 		(DTSF_APPLY_FAIL | DTSF_REVERT_FAIL);
72 }
73 
74 static int build_changeset_next_level(struct overlay_changeset *ovcs,
75 		struct device_node *target_node,
76 		const struct device_node *overlay_node);
77 
78 /*
79  * of_resolve_phandles() finds the largest phandle in the live tree.
80  * of_overlay_apply() may add a larger phandle to the live tree.
81  * Do not allow race between two overlays being applied simultaneously:
82  *    mutex_lock(&of_overlay_phandle_mutex)
83  *    of_resolve_phandles()
84  *    of_overlay_apply()
85  *    mutex_unlock(&of_overlay_phandle_mutex)
86  */
87 static DEFINE_MUTEX(of_overlay_phandle_mutex);
88 
of_overlay_mutex_lock(void)89 void of_overlay_mutex_lock(void)
90 {
91 	mutex_lock(&of_overlay_phandle_mutex);
92 }
93 
of_overlay_mutex_unlock(void)94 void of_overlay_mutex_unlock(void)
95 {
96 	mutex_unlock(&of_overlay_phandle_mutex);
97 }
98 
99 
100 static LIST_HEAD(ovcs_list);
101 static DEFINE_IDR(ovcs_idr);
102 
103 static BLOCKING_NOTIFIER_HEAD(overlay_notify_chain);
104 
105 /**
106  * of_overlay_notifier_register() - Register notifier for overlay operations
107  * @nb:		Notifier block to register
108  *
109  * Register for notification on overlay operations on device tree nodes. The
110  * reported actions definied by @of_reconfig_change. The notifier callback
111  * furthermore receives a pointer to the affected device tree node.
112  *
113  * Note that a notifier callback is not supposed to store pointers to a device
114  * tree node or its content beyond @OF_OVERLAY_POST_REMOVE corresponding to the
115  * respective node it received.
116  */
of_overlay_notifier_register(struct notifier_block * nb)117 int of_overlay_notifier_register(struct notifier_block *nb)
118 {
119 	return blocking_notifier_chain_register(&overlay_notify_chain, nb);
120 }
121 EXPORT_SYMBOL_GPL(of_overlay_notifier_register);
122 
123 /**
124  * of_overlay_notifier_register() - Unregister notifier for overlay operations
125  * @nb:		Notifier block to unregister
126  */
of_overlay_notifier_unregister(struct notifier_block * nb)127 int of_overlay_notifier_unregister(struct notifier_block *nb)
128 {
129 	return blocking_notifier_chain_unregister(&overlay_notify_chain, nb);
130 }
131 EXPORT_SYMBOL_GPL(of_overlay_notifier_unregister);
132 
133 static char *of_overlay_action_name[] = {
134 	"pre-apply",
135 	"post-apply",
136 	"pre-remove",
137 	"post-remove",
138 };
139 
overlay_notify(struct overlay_changeset * ovcs,enum of_overlay_notify_action action)140 static int overlay_notify(struct overlay_changeset *ovcs,
141 		enum of_overlay_notify_action action)
142 {
143 	struct of_overlay_notify_data nd;
144 	int i, ret;
145 
146 	for (i = 0; i < ovcs->count; i++) {
147 		struct fragment *fragment = &ovcs->fragments[i];
148 
149 		nd.target = fragment->target;
150 		nd.overlay = fragment->overlay;
151 
152 		ret = blocking_notifier_call_chain(&overlay_notify_chain,
153 						   action, &nd);
154 		if (ret == NOTIFY_OK || ret == NOTIFY_STOP)
155 			return 0;
156 		if (ret) {
157 			ret = notifier_to_errno(ret);
158 			pr_err("overlay changeset %s notifier error %d, target: %pOF\n",
159 			       of_overlay_action_name[action], ret, nd.target);
160 			return ret;
161 		}
162 	}
163 
164 	return 0;
165 }
166 
167 /*
168  * The values of properties in the "/__symbols__" node are paths in
169  * the ovcs->overlay_tree.  When duplicating the properties, the paths
170  * need to be adjusted to be the correct path for the live device tree.
171  *
172  * The paths refer to a node in the subtree of a fragment node's "__overlay__"
173  * node, for example "/fragment@0/__overlay__/symbol_path_tail",
174  * where symbol_path_tail can be a single node or it may be a multi-node path.
175  *
176  * The duplicated property value will be modified by replacing the
177  * "/fragment_name/__overlay/" portion of the value  with the target
178  * path from the fragment node.
179  */
dup_and_fixup_symbol_prop(struct overlay_changeset * ovcs,const struct property * prop)180 static struct property *dup_and_fixup_symbol_prop(
181 		struct overlay_changeset *ovcs, const struct property *prop)
182 {
183 	struct fragment *fragment;
184 	struct property *new_prop;
185 	struct device_node *fragment_node;
186 	struct device_node *overlay_node;
187 	const char *path;
188 	const char *path_tail;
189 	const char *target_path;
190 	int k;
191 	int overlay_name_len;
192 	int path_len;
193 	int path_tail_len;
194 	int target_path_len;
195 
196 	if (!prop->value)
197 		return NULL;
198 	if (strnlen(prop->value, prop->length) >= prop->length)
199 		return NULL;
200 	path = prop->value;
201 	path_len = strlen(path);
202 
203 	if (path_len < 1)
204 		return NULL;
205 	fragment_node = __of_find_node_by_path(ovcs->overlay_tree, path + 1);
206 	overlay_node = __of_find_node_by_path(fragment_node, "__overlay__/");
207 	of_node_put(fragment_node);
208 	of_node_put(overlay_node);
209 
210 	for (k = 0; k < ovcs->count; k++) {
211 		fragment = &ovcs->fragments[k];
212 		if (fragment->overlay == overlay_node)
213 			break;
214 	}
215 	if (k >= ovcs->count)
216 		return NULL;
217 
218 	overlay_name_len = snprintf(NULL, 0, "%pOF", fragment->overlay);
219 
220 	if (overlay_name_len > path_len)
221 		return NULL;
222 	path_tail = path + overlay_name_len;
223 	path_tail_len = strlen(path_tail);
224 
225 	target_path = kasprintf(GFP_KERNEL, "%pOF", fragment->target);
226 	if (!target_path)
227 		return NULL;
228 	target_path_len = strlen(target_path);
229 
230 	new_prop = kzalloc(sizeof(*new_prop), GFP_KERNEL);
231 	if (!new_prop)
232 		goto err_free_target_path;
233 
234 	new_prop->name = kstrdup(prop->name, GFP_KERNEL);
235 	new_prop->length = target_path_len + path_tail_len + 1;
236 	new_prop->value = kzalloc(new_prop->length, GFP_KERNEL);
237 	if (!new_prop->name || !new_prop->value)
238 		goto err_free_new_prop;
239 
240 	strcpy(new_prop->value, target_path);
241 	strcpy(new_prop->value + target_path_len, path_tail);
242 
243 	of_property_set_flag(new_prop, OF_DYNAMIC);
244 
245 	return new_prop;
246 
247 err_free_new_prop:
248 	kfree(new_prop->name);
249 	kfree(new_prop->value);
250 	kfree(new_prop);
251 err_free_target_path:
252 	kfree(target_path);
253 
254 	return NULL;
255 }
256 
257 /**
258  * add_changeset_property() - add @overlay_prop to overlay changeset
259  * @ovcs:		overlay changeset
260  * @target_node:	where to place @overlay_prop in live tree
261  * @overlay_prop:	property to add or update, from overlay tree
262  * @is_symbols_prop:	1 if @overlay_prop is from node "/__symbols__"
263  *
264  * If @overlay_prop does not already exist in @target_node, add changeset entry
265  * to add @overlay_prop in @target_node, else add changeset entry to update
266  * value of @overlay_prop.
267  *
268  * Some special properties are not updated (no error returned).
269  *
270  * Update of property in symbols node is not allowed.
271  *
272  * Returns 0 on success, -ENOMEM if memory allocation failure, or -EINVAL if
273  * invalid @overlay.
274  */
add_changeset_property(struct overlay_changeset * ovcs,struct device_node * target_node,struct property * overlay_prop,bool is_symbols_prop)275 static int add_changeset_property(struct overlay_changeset *ovcs,
276 		struct device_node *target_node,
277 		struct property *overlay_prop,
278 		bool is_symbols_prop)
279 {
280 	struct property *new_prop = NULL, *prop;
281 	int ret = 0;
282 
283 	prop = of_find_property(target_node, overlay_prop->name, NULL);
284 
285 	if (!of_prop_cmp(overlay_prop->name, "name") ||
286 	    !of_prop_cmp(overlay_prop->name, "phandle") ||
287 	    !of_prop_cmp(overlay_prop->name, "linux,phandle"))
288 		return 0;
289 
290 	if (is_symbols_prop) {
291 		if (prop)
292 			return -EINVAL;
293 		new_prop = dup_and_fixup_symbol_prop(ovcs, overlay_prop);
294 	} else {
295 		new_prop = __of_prop_dup(overlay_prop, GFP_KERNEL);
296 	}
297 
298 	if (!new_prop)
299 		return -ENOMEM;
300 
301 	if (!prop)
302 		ret = of_changeset_add_property(&ovcs->cset, target_node,
303 						new_prop);
304 	else
305 		ret = of_changeset_update_property(&ovcs->cset, target_node,
306 						   new_prop);
307 
308 	if (ret) {
309 		kfree(new_prop->name);
310 		kfree(new_prop->value);
311 		kfree(new_prop);
312 	}
313 	return ret;
314 }
315 
316 /**
317  * add_changeset_node() - add @node (and children) to overlay changeset
318  * @ovcs:		overlay changeset
319  * @target_node:	where to place @node in live tree
320  * @node:		node from within overlay device tree fragment
321  *
322  * If @node does not already exist in @target_node, add changeset entry
323  * to add @node in @target_node.
324  *
325  * If @node already exists in @target_node, and the existing node has
326  * a phandle, the overlay node is not allowed to have a phandle.
327  *
328  * If @node has child nodes, add the children recursively via
329  * build_changeset_next_level().
330  *
331  * NOTE_1: A live devicetree created from a flattened device tree (FDT) will
332  *       not contain the full path in node->full_name.  Thus an overlay
333  *       created from an FDT also will not contain the full path in
334  *       node->full_name.  However, a live devicetree created from Open
335  *       Firmware may have the full path in node->full_name.
336  *
337  *       add_changeset_node() follows the FDT convention and does not include
338  *       the full path in node->full_name.  Even though it expects the overlay
339  *       to not contain the full path, it uses kbasename() to remove the
340  *       full path should it exist.  It also uses kbasename() in comparisons
341  *       to nodes in the live devicetree so that it can apply an overlay to
342  *       a live devicetree created from Open Firmware.
343  *
344  * NOTE_2: Multiple mods of created nodes not supported.
345  *       If more than one fragment contains a node that does not already exist
346  *       in the live tree, then for each fragment of_changeset_attach_node()
347  *       will add a changeset entry to add the node.  When the changeset is
348  *       applied, __of_attach_node() will attach the node twice (once for
349  *       each fragment).  At this point the device tree will be corrupted.
350  *
351  *       TODO: add integrity check to ensure that multiple fragments do not
352  *             create the same node.
353  *
354  * Returns 0 on success, -ENOMEM if memory allocation failure, or -EINVAL if
355  * invalid @overlay.
356  */
add_changeset_node(struct overlay_changeset * ovcs,struct device_node * target_node,struct device_node * node)357 static int add_changeset_node(struct overlay_changeset *ovcs,
358 		struct device_node *target_node, struct device_node *node)
359 {
360 	const char *node_kbasename;
361 	struct device_node *tchild;
362 	int ret = 0;
363 
364 	node_kbasename = kbasename(node->full_name);
365 
366 	for_each_child_of_node(target_node, tchild)
367 		if (!of_node_cmp(node_kbasename, kbasename(tchild->full_name)))
368 			break;
369 
370 	if (!tchild) {
371 		tchild = __of_node_dup(node, node_kbasename);
372 		if (!tchild)
373 			return -ENOMEM;
374 
375 		tchild->parent = target_node;
376 
377 		ret = of_changeset_attach_node(&ovcs->cset, tchild);
378 		if (ret)
379 			return ret;
380 
381 		return build_changeset_next_level(ovcs, tchild, node);
382 	}
383 
384 	if (node->phandle && tchild->phandle)
385 		ret = -EINVAL;
386 	else
387 		ret = build_changeset_next_level(ovcs, tchild, node);
388 	of_node_put(tchild);
389 
390 	return ret;
391 }
392 
393 /**
394  * build_changeset_next_level() - add level of overlay changeset
395  * @ovcs:		overlay changeset
396  * @target_node:	where to place @overlay_node in live tree
397  * @overlay_node:	node from within an overlay device tree fragment
398  *
399  * Add the properties (if any) and nodes (if any) from @overlay_node to the
400  * @ovcs->cset changeset.  If an added node has child nodes, they will
401  * be added recursively.
402  *
403  * Do not allow symbols node to have any children.
404  *
405  * Returns 0 on success, -ENOMEM if memory allocation failure, or -EINVAL if
406  * invalid @overlay_node.
407  */
build_changeset_next_level(struct overlay_changeset * ovcs,struct device_node * target_node,const struct device_node * overlay_node)408 static int build_changeset_next_level(struct overlay_changeset *ovcs,
409 		struct device_node *target_node,
410 		const struct device_node *overlay_node)
411 {
412 	struct device_node *child;
413 	struct property *prop;
414 	int ret;
415 
416 	for_each_property_of_node(overlay_node, prop) {
417 		ret = add_changeset_property(ovcs, target_node, prop, 0);
418 		if (ret) {
419 			pr_debug("Failed to apply prop @%pOF/%s, err=%d\n",
420 				 target_node, prop->name, ret);
421 			return ret;
422 		}
423 	}
424 
425 	for_each_child_of_node(overlay_node, child) {
426 		ret = add_changeset_node(ovcs, target_node, child);
427 		if (ret) {
428 			pr_debug("Failed to apply node @%pOF/%s, err=%d\n",
429 				 target_node, child->name, ret);
430 			of_node_put(child);
431 			return ret;
432 		}
433 	}
434 
435 	return 0;
436 }
437 
438 /*
439  * Add the properties from __overlay__ node to the @ovcs->cset changeset.
440  */
build_changeset_symbols_node(struct overlay_changeset * ovcs,struct device_node * target_node,const struct device_node * overlay_symbols_node)441 static int build_changeset_symbols_node(struct overlay_changeset *ovcs,
442 		struct device_node *target_node,
443 		const struct device_node *overlay_symbols_node)
444 {
445 	struct property *prop;
446 	int ret;
447 
448 	for_each_property_of_node(overlay_symbols_node, prop) {
449 		ret = add_changeset_property(ovcs, target_node, prop, 1);
450 		if (ret) {
451 			pr_debug("Failed to apply prop @%pOF/%s, err=%d\n",
452 				 target_node, prop->name, ret);
453 			return ret;
454 		}
455 	}
456 
457 	return 0;
458 }
459 
460 /**
461  * build_changeset() - populate overlay changeset in @ovcs from @ovcs->fragments
462  * @ovcs:	Overlay changeset
463  *
464  * Create changeset @ovcs->cset to contain the nodes and properties of the
465  * overlay device tree fragments in @ovcs->fragments[].  If an error occurs,
466  * any portions of the changeset that were successfully created will remain
467  * in @ovcs->cset.
468  *
469  * Returns 0 on success, -ENOMEM if memory allocation failure, or -EINVAL if
470  * invalid overlay in @ovcs->fragments[].
471  */
build_changeset(struct overlay_changeset * ovcs)472 static int build_changeset(struct overlay_changeset *ovcs)
473 {
474 	struct fragment *fragment;
475 	int fragments_count, i, ret;
476 
477 	/*
478 	 * if there is a symbols fragment in ovcs->fragments[i] it is
479 	 * the final element in the array
480 	 */
481 	if (ovcs->symbols_fragment)
482 		fragments_count = ovcs->count - 1;
483 	else
484 		fragments_count = ovcs->count;
485 
486 	for (i = 0; i < fragments_count; i++) {
487 		fragment = &ovcs->fragments[i];
488 
489 		ret = build_changeset_next_level(ovcs, fragment->target,
490 						 fragment->overlay);
491 		if (ret) {
492 			pr_debug("apply failed '%pOF'\n", fragment->target);
493 			return ret;
494 		}
495 	}
496 
497 	if (ovcs->symbols_fragment) {
498 		fragment = &ovcs->fragments[ovcs->count - 1];
499 		ret = build_changeset_symbols_node(ovcs, fragment->target,
500 						   fragment->overlay);
501 		if (ret) {
502 			pr_debug("apply failed '%pOF'\n", fragment->target);
503 			return ret;
504 		}
505 	}
506 
507 	return 0;
508 }
509 
510 /*
511  * Find the target node using a number of different strategies
512  * in order of preference:
513  *
514  * 1) "target" property containing the phandle of the target
515  * 2) "target-path" property containing the path of the target
516  */
find_target_node(struct device_node * info_node)517 static struct device_node *find_target_node(struct device_node *info_node)
518 {
519 	struct device_node *node;
520 	const char *path;
521 	u32 val;
522 	int ret;
523 
524 	ret = of_property_read_u32(info_node, "target", &val);
525 	if (!ret) {
526 		node = of_find_node_by_phandle(val);
527 		if (!node)
528 			pr_err("find target, node: %pOF, phandle 0x%x not found\n",
529 			       info_node, val);
530 		return node;
531 	}
532 
533 	ret = of_property_read_string(info_node, "target-path", &path);
534 	if (!ret) {
535 		node =  of_find_node_by_path(path);
536 		if (!node)
537 			pr_err("find target, node: %pOF, path '%s' not found\n",
538 			       info_node, path);
539 		return node;
540 	}
541 
542 	pr_err("find target, node: %pOF, no target property\n", info_node);
543 
544 	return NULL;
545 }
546 
547 /**
548  * init_overlay_changeset() - initialize overlay changeset from overlay tree
549  * @ovcs:	Overlay changeset to build
550  * @fdt:	the FDT that was unflattened to create @tree
551  * @tree:	Contains all the overlay fragments and overlay fixup nodes
552  *
553  * Initialize @ovcs.  Populate @ovcs->fragments with node information from
554  * the top level of @tree.  The relevant top level nodes are the fragment
555  * nodes and the __symbols__ node.  Any other top level node will be ignored.
556  *
557  * Returns 0 on success, -ENOMEM if memory allocation failure, -EINVAL if error
558  * detected in @tree, or -ENOSPC if idr_alloc() error.
559  */
init_overlay_changeset(struct overlay_changeset * ovcs,const void * fdt,struct device_node * tree)560 static int init_overlay_changeset(struct overlay_changeset *ovcs,
561 		const void *fdt, struct device_node *tree)
562 {
563 	struct device_node *node, *overlay_node;
564 	struct fragment *fragment;
565 	struct fragment *fragments;
566 	int cnt, id, ret;
567 
568 	/*
569 	 * Warn for some issues.  Can not return -EINVAL for these until
570 	 * of_unittest_apply_overlay() is fixed to pass these checks.
571 	 */
572 	if (!of_node_check_flag(tree, OF_DYNAMIC))
573 		pr_debug("%s() tree is not dynamic\n", __func__);
574 
575 	if (!of_node_check_flag(tree, OF_DETACHED))
576 		pr_debug("%s() tree is not detached\n", __func__);
577 
578 	if (!of_node_is_root(tree))
579 		pr_debug("%s() tree is not root\n", __func__);
580 
581 	ovcs->overlay_tree = tree;
582 	ovcs->fdt = fdt;
583 
584 	INIT_LIST_HEAD(&ovcs->ovcs_list);
585 
586 	of_changeset_init(&ovcs->cset);
587 
588 	id = idr_alloc(&ovcs_idr, ovcs, 1, 0, GFP_KERNEL);
589 	if (id <= 0)
590 		return id;
591 
592 	cnt = 0;
593 
594 	/* fragment nodes */
595 	for_each_child_of_node(tree, node) {
596 		overlay_node = of_get_child_by_name(node, "__overlay__");
597 		if (overlay_node) {
598 			cnt++;
599 			of_node_put(overlay_node);
600 		}
601 	}
602 
603 	node = of_get_child_by_name(tree, "__symbols__");
604 	if (node) {
605 		cnt++;
606 		of_node_put(node);
607 	}
608 
609 	fragments = kcalloc(cnt, sizeof(*fragments), GFP_KERNEL);
610 	if (!fragments) {
611 		ret = -ENOMEM;
612 		goto err_free_idr;
613 	}
614 
615 	cnt = 0;
616 	for_each_child_of_node(tree, node) {
617 		overlay_node = of_get_child_by_name(node, "__overlay__");
618 		if (!overlay_node)
619 			continue;
620 
621 		fragment = &fragments[cnt];
622 		fragment->overlay = overlay_node;
623 		fragment->target = find_target_node(node);
624 		if (!fragment->target) {
625 			of_node_put(fragment->overlay);
626 			ret = -EINVAL;
627 			goto err_free_fragments;
628 		}
629 
630 		cnt++;
631 	}
632 
633 	/*
634 	 * if there is a symbols fragment in ovcs->fragments[i] it is
635 	 * the final element in the array
636 	 */
637 	node = of_get_child_by_name(tree, "__symbols__");
638 	if (node) {
639 		ovcs->symbols_fragment = 1;
640 		fragment = &fragments[cnt];
641 		fragment->overlay = node;
642 		fragment->target = of_find_node_by_path("/__symbols__");
643 
644 		if (!fragment->target) {
645 			pr_err("symbols in overlay, but not in live tree\n");
646 			ret = -EINVAL;
647 			goto err_free_fragments;
648 		}
649 
650 		cnt++;
651 	}
652 
653 	if (!cnt) {
654 		pr_err("no fragments or symbols in overlay\n");
655 		ret = -EINVAL;
656 		goto err_free_fragments;
657 	}
658 
659 	ovcs->id = id;
660 	ovcs->count = cnt;
661 	ovcs->fragments = fragments;
662 
663 	return 0;
664 
665 err_free_fragments:
666 	kfree(fragments);
667 err_free_idr:
668 	idr_remove(&ovcs_idr, id);
669 
670 	pr_err("%s() failed, ret = %d\n", __func__, ret);
671 
672 	return ret;
673 }
674 
free_overlay_changeset(struct overlay_changeset * ovcs)675 static void free_overlay_changeset(struct overlay_changeset *ovcs)
676 {
677 	int i;
678 
679 	if (ovcs->cset.entries.next)
680 		of_changeset_destroy(&ovcs->cset);
681 
682 	if (ovcs->id)
683 		idr_remove(&ovcs_idr, ovcs->id);
684 
685 	for (i = 0; i < ovcs->count; i++) {
686 		of_node_put(ovcs->fragments[i].target);
687 		of_node_put(ovcs->fragments[i].overlay);
688 	}
689 	kfree(ovcs->fragments);
690 	/*
691 	 * There should be no live pointers into ovcs->overlay_tree and
692 	 * ovcs->fdt due to the policy that overlay notifiers are not allowed
693 	 * to retain pointers into the overlay devicetree.
694 	 */
695 	kfree(ovcs->overlay_tree);
696 	kfree(ovcs->fdt);
697 	kfree(ovcs);
698 }
699 
700 /*
701  * internal documentation
702  *
703  * of_overlay_apply() - Create and apply an overlay changeset
704  * @fdt:	the FDT that was unflattened to create @tree
705  * @tree:	Expanded overlay device tree
706  * @ovcs_id:	Pointer to overlay changeset id
707  *
708  * Creates and applies an overlay changeset.
709  *
710  * If an error occurs in a pre-apply notifier, then no changes are made
711  * to the device tree.
712  *
713 
714  * A non-zero return value will not have created the changeset if error is from:
715  *   - parameter checks
716  *   - building the changeset
717  *   - overlay changeset pre-apply notifier
718  *
719  * If an error is returned by an overlay changeset pre-apply notifier
720  * then no further overlay changeset pre-apply notifier will be called.
721  *
722  * A non-zero return value will have created the changeset if error is from:
723  *   - overlay changeset entry notifier
724  *   - overlay changeset post-apply notifier
725  *
726  * If an error is returned by an overlay changeset post-apply notifier
727  * then no further overlay changeset post-apply notifier will be called.
728  *
729  * If more than one notifier returns an error, then the last notifier
730  * error to occur is returned.
731  *
732  * If an error occurred while applying the overlay changeset, then an
733  * attempt is made to revert any changes that were made to the
734  * device tree.  If there were any errors during the revert attempt
735  * then the state of the device tree can not be determined, and any
736  * following attempt to apply or remove an overlay changeset will be
737  * refused.
738  *
739  * Returns 0 on success, or a negative error number.  Overlay changeset
740  * id is returned to *ovcs_id.
741  */
742 
of_overlay_apply(const void * fdt,struct device_node * tree,int * ovcs_id)743 static int of_overlay_apply(const void *fdt, struct device_node *tree,
744 		int *ovcs_id)
745 {
746 	struct overlay_changeset *ovcs;
747 	int ret = 0, ret_revert, ret_tmp;
748 
749 	/*
750 	 * As of this point, fdt and tree belong to the overlay changeset.
751 	 * overlay changeset code is responsible for freeing them.
752 	 */
753 
754 	if (devicetree_corrupt()) {
755 		pr_err("devicetree state suspect, refuse to apply overlay\n");
756 		kfree(fdt);
757 		kfree(tree);
758 		ret = -EBUSY;
759 		goto out;
760 	}
761 
762 	ovcs = kzalloc(sizeof(*ovcs), GFP_KERNEL);
763 	if (!ovcs) {
764 		kfree(fdt);
765 		kfree(tree);
766 		ret = -ENOMEM;
767 		goto out;
768 	}
769 
770 	of_overlay_mutex_lock();
771 	mutex_lock(&of_mutex);
772 
773 	ret = of_resolve_phandles(tree);
774 	if (ret)
775 		goto err_free_tree;
776 
777 	ret = init_overlay_changeset(ovcs, fdt, tree);
778 	if (ret)
779 		goto err_free_tree;
780 
781 	/*
782 	 * after overlay_notify(), ovcs->overlay_tree related pointers may have
783 	 * leaked to drivers, so can not kfree() tree, aka ovcs->overlay_tree;
784 	 * and can not free fdt, aka ovcs->fdt
785 	 */
786 	ret = overlay_notify(ovcs, OF_OVERLAY_PRE_APPLY);
787 	if (ret) {
788 		pr_err("overlay changeset pre-apply notify error %d\n", ret);
789 		goto err_free_overlay_changeset;
790 	}
791 
792 	ret = build_changeset(ovcs);
793 	if (ret)
794 		goto err_free_overlay_changeset;
795 
796 	ret_revert = 0;
797 	ret = __of_changeset_apply_entries(&ovcs->cset, &ret_revert);
798 	if (ret) {
799 		if (ret_revert) {
800 			pr_debug("overlay changeset revert error %d\n",
801 				 ret_revert);
802 			devicetree_state_flags |= DTSF_APPLY_FAIL;
803 		}
804 		goto err_free_overlay_changeset;
805 	}
806 
807 	of_populate_phandle_cache();
808 
809 	ret = __of_changeset_apply_notify(&ovcs->cset);
810 	if (ret)
811 		pr_err("overlay changeset entry notify error %d\n", ret);
812 	/* notify failure is not fatal, continue */
813 
814 	list_add_tail(&ovcs->ovcs_list, &ovcs_list);
815 	*ovcs_id = ovcs->id;
816 
817 	ret_tmp = overlay_notify(ovcs, OF_OVERLAY_POST_APPLY);
818 	if (ret_tmp) {
819 		pr_err("overlay changeset post-apply notify error %d\n",
820 		       ret_tmp);
821 		if (!ret)
822 			ret = ret_tmp;
823 	}
824 
825 	goto out_unlock;
826 
827 err_free_tree:
828 	kfree(fdt);
829 	kfree(tree);
830 
831 err_free_overlay_changeset:
832 	free_overlay_changeset(ovcs);
833 
834 out_unlock:
835 	mutex_unlock(&of_mutex);
836 	of_overlay_mutex_unlock();
837 
838 out:
839 	pr_debug("%s() err=%d\n", __func__, ret);
840 
841 	return ret;
842 }
843 
of_overlay_fdt_apply(const void * overlay_fdt,u32 overlay_fdt_size,int * ovcs_id)844 int of_overlay_fdt_apply(const void *overlay_fdt, u32 overlay_fdt_size,
845 			 int *ovcs_id)
846 {
847 	const void *new_fdt;
848 	int ret;
849 	u32 size;
850 	struct device_node *overlay_root;
851 
852 	*ovcs_id = 0;
853 	ret = 0;
854 
855 	if (overlay_fdt_size < sizeof(struct fdt_header) ||
856 	    fdt_check_header(overlay_fdt)) {
857 		pr_err("Invalid overlay_fdt header\n");
858 		return -EINVAL;
859 	}
860 
861 	size = fdt_totalsize(overlay_fdt);
862 	if (overlay_fdt_size < size)
863 		return -EINVAL;
864 
865 	/*
866 	 * Must create permanent copy of FDT because of_fdt_unflatten_tree()
867 	 * will create pointers to the passed in FDT in the unflattened tree.
868 	 */
869 	new_fdt = kmemdup(overlay_fdt, size, GFP_KERNEL);
870 	if (!new_fdt)
871 		return -ENOMEM;
872 
873 	of_fdt_unflatten_tree(new_fdt, NULL, &overlay_root);
874 	if (!overlay_root) {
875 		pr_err("unable to unflatten overlay_fdt\n");
876 		ret = -EINVAL;
877 		goto out_free_new_fdt;
878 	}
879 
880 	ret = of_overlay_apply(new_fdt, overlay_root, ovcs_id);
881 	if (ret < 0) {
882 		/*
883 		 * new_fdt and overlay_root now belong to the overlay
884 		 * changeset.
885 		 * overlay changeset code is responsible for freeing them.
886 		 */
887 		goto out;
888 	}
889 
890 	return 0;
891 
892 
893 out_free_new_fdt:
894 	kfree(new_fdt);
895 
896 out:
897 	return ret;
898 }
899 EXPORT_SYMBOL_GPL(of_overlay_fdt_apply);
900 
901 /*
902  * Find @np in @tree.
903  *
904  * Returns 1 if @np is @tree or is contained in @tree, else 0
905  */
find_node(struct device_node * tree,struct device_node * np)906 static int find_node(struct device_node *tree, struct device_node *np)
907 {
908 	struct device_node *child;
909 
910 	if (tree == np)
911 		return 1;
912 
913 	for_each_child_of_node(tree, child) {
914 		if (find_node(child, np)) {
915 			of_node_put(child);
916 			return 1;
917 		}
918 	}
919 
920 	return 0;
921 }
922 
923 /*
924  * Is @remove_ce_node a child of, a parent of, or the same as any
925  * node in an overlay changeset more topmost than @remove_ovcs?
926  *
927  * Returns 1 if found, else 0
928  */
node_overlaps_later_cs(struct overlay_changeset * remove_ovcs,struct device_node * remove_ce_node)929 static int node_overlaps_later_cs(struct overlay_changeset *remove_ovcs,
930 		struct device_node *remove_ce_node)
931 {
932 	struct overlay_changeset *ovcs;
933 	struct of_changeset_entry *ce;
934 
935 	list_for_each_entry_reverse(ovcs, &ovcs_list, ovcs_list) {
936 		if (ovcs == remove_ovcs)
937 			break;
938 
939 		list_for_each_entry(ce, &ovcs->cset.entries, node) {
940 			if (find_node(ce->np, remove_ce_node)) {
941 				pr_err("%s: #%d overlaps with #%d @%pOF\n",
942 					__func__, remove_ovcs->id, ovcs->id,
943 					remove_ce_node);
944 				return 1;
945 			}
946 			if (find_node(remove_ce_node, ce->np)) {
947 				pr_err("%s: #%d overlaps with #%d @%pOF\n",
948 					__func__, remove_ovcs->id, ovcs->id,
949 					remove_ce_node);
950 				return 1;
951 			}
952 		}
953 	}
954 
955 	return 0;
956 }
957 
958 /*
959  * We can safely remove the overlay only if it's the top-most one.
960  * Newly applied overlays are inserted at the tail of the overlay list,
961  * so a top most overlay is the one that is closest to the tail.
962  *
963  * The topmost check is done by exploiting this property. For each
964  * affected device node in the log list we check if this overlay is
965  * the one closest to the tail. If another overlay has affected this
966  * device node and is closest to the tail, then removal is not permited.
967  */
overlay_removal_is_ok(struct overlay_changeset * remove_ovcs)968 static int overlay_removal_is_ok(struct overlay_changeset *remove_ovcs)
969 {
970 	struct of_changeset_entry *remove_ce;
971 
972 	list_for_each_entry(remove_ce, &remove_ovcs->cset.entries, node) {
973 		if (node_overlaps_later_cs(remove_ovcs, remove_ce->np)) {
974 			pr_err("overlay #%d is not topmost\n", remove_ovcs->id);
975 			return 0;
976 		}
977 	}
978 
979 	return 1;
980 }
981 
982 /**
983  * of_overlay_remove() - Revert and free an overlay changeset
984  * @ovcs_id:	Pointer to overlay changeset id
985  *
986  * Removes an overlay if it is permissible.  @ovcs_id was previously returned
987  * by of_overlay_fdt_apply().
988  *
989  * If an error occurred while attempting to revert the overlay changeset,
990  * then an attempt is made to re-apply any changeset entry that was
991  * reverted.  If an error occurs on re-apply then the state of the device
992  * tree can not be determined, and any following attempt to apply or remove
993  * an overlay changeset will be refused.
994  *
995  * A non-zero return value will not revert the changeset if error is from:
996  *   - parameter checks
997  *   - overlay changeset pre-remove notifier
998  *   - overlay changeset entry revert
999  *
1000  * If an error is returned by an overlay changeset pre-remove notifier
1001  * then no further overlay changeset pre-remove notifier will be called.
1002  *
1003  * If more than one notifier returns an error, then the last notifier
1004  * error to occur is returned.
1005  *
1006  * A non-zero return value will revert the changeset if error is from:
1007  *   - overlay changeset entry notifier
1008  *   - overlay changeset post-remove notifier
1009  *
1010  * If an error is returned by an overlay changeset post-remove notifier
1011  * then no further overlay changeset post-remove notifier will be called.
1012  *
1013  * Returns 0 on success, or a negative error number.  *ovcs_id is set to
1014  * zero after reverting the changeset, even if a subsequent error occurs.
1015  */
of_overlay_remove(int * ovcs_id)1016 int of_overlay_remove(int *ovcs_id)
1017 {
1018 	struct overlay_changeset *ovcs;
1019 	int ret, ret_apply, ret_tmp;
1020 
1021 	ret = 0;
1022 
1023 	if (devicetree_corrupt()) {
1024 		pr_err("suspect devicetree state, refuse to remove overlay\n");
1025 		ret = -EBUSY;
1026 		goto out;
1027 	}
1028 
1029 	mutex_lock(&of_mutex);
1030 
1031 	ovcs = idr_find(&ovcs_idr, *ovcs_id);
1032 	if (!ovcs) {
1033 		ret = -ENODEV;
1034 		pr_err("remove: Could not find overlay #%d\n", *ovcs_id);
1035 		goto out_unlock;
1036 	}
1037 
1038 	if (!overlay_removal_is_ok(ovcs)) {
1039 		ret = -EBUSY;
1040 		goto out_unlock;
1041 	}
1042 
1043 	ret = overlay_notify(ovcs, OF_OVERLAY_PRE_REMOVE);
1044 	if (ret) {
1045 		pr_err("overlay changeset pre-remove notify error %d\n", ret);
1046 		goto out_unlock;
1047 	}
1048 
1049 	list_del(&ovcs->ovcs_list);
1050 
1051 	/*
1052 	 * Disable phandle cache.  Avoids race condition that would arise
1053 	 * from removing cache entry when the associated node is deleted.
1054 	 */
1055 	of_free_phandle_cache();
1056 
1057 	ret_apply = 0;
1058 	ret = __of_changeset_revert_entries(&ovcs->cset, &ret_apply);
1059 
1060 	of_populate_phandle_cache();
1061 
1062 	if (ret) {
1063 		if (ret_apply)
1064 			devicetree_state_flags |= DTSF_REVERT_FAIL;
1065 		goto out_unlock;
1066 	}
1067 
1068 	ret = __of_changeset_revert_notify(&ovcs->cset);
1069 	if (ret)
1070 		pr_err("overlay changeset entry notify error %d\n", ret);
1071 	/* notify failure is not fatal, continue */
1072 
1073 	*ovcs_id = 0;
1074 
1075 	ret_tmp = overlay_notify(ovcs, OF_OVERLAY_POST_REMOVE);
1076 	if (ret_tmp) {
1077 		pr_err("overlay changeset post-remove notify error %d\n",
1078 		       ret_tmp);
1079 		if (!ret)
1080 			ret = ret_tmp;
1081 	}
1082 
1083 	free_overlay_changeset(ovcs);
1084 
1085 out_unlock:
1086 	mutex_unlock(&of_mutex);
1087 
1088 out:
1089 	pr_debug("%s() err=%d\n", __func__, ret);
1090 
1091 	return ret;
1092 }
1093 EXPORT_SYMBOL_GPL(of_overlay_remove);
1094 
1095 /**
1096  * of_overlay_remove_all() - Reverts and frees all overlay changesets
1097  *
1098  * Removes all overlays from the system in the correct order.
1099  *
1100  * Returns 0 on success, or a negative error number
1101  */
of_overlay_remove_all(void)1102 int of_overlay_remove_all(void)
1103 {
1104 	struct overlay_changeset *ovcs, *ovcs_n;
1105 	int ret;
1106 
1107 	/* the tail of list is guaranteed to be safe to remove */
1108 	list_for_each_entry_safe_reverse(ovcs, ovcs_n, &ovcs_list, ovcs_list) {
1109 		ret = of_overlay_remove(&ovcs->id);
1110 		if (ret)
1111 			return ret;
1112 	}
1113 
1114 	return 0;
1115 }
1116 EXPORT_SYMBOL_GPL(of_overlay_remove_all);
1117