core: arm32: update core local flags in native_intr_handler

The AArch32 version of the native_intr_handler() macro has until now
called C function without updating the core local flags to indicate

core: arm32: update core local flags in native_intr_handler

The AArch32 version of the native_intr_handler() macro has until now
called C function without updating the core local flags to indicate that
the temporary stack is in use. This can lead to errors with
CFG_CORE_DEBUG_CHECK_STACKS=y so fix this by setting THREAD_CLF_TMP and
THREAD_CLF_FIQ or THREAD_CLF_IRQ as needed.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: interrupt: rename itr_core_handler()

Renames itr_core_handler() to interrupt_main_handler() as a later
change will modify interrupt chip API functions using interrupt_
as prefix.

Reviewed-by:

core: interrupt: rename itr_core_handler()

Renames itr_core_handler() to interrupt_main_handler() as a later
change will modify interrupt chip API functions using interrupt_
as prefix.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: add CFG_CORE_IRQ_IS_NATIVE_INTR

Adds CFG_CORE_IRQ_IS_NATIVE_INTR to configure how native and foreign are
signalled.
Selects if IRQ is used to signal native interrupt
if CFG_CORE_IRQ_IS_NATIVE_

core: add CFG_CORE_IRQ_IS_NATIVE_INTR

Adds CFG_CORE_IRQ_IS_NATIVE_INTR to configure how native and foreign are
signalled.
Selects if IRQ is used to signal native interrupt
if CFG_CORE_IRQ_IS_NATIVE_INTR == y:
IRQ signals a native interrupt pending
FIQ signals a foreign non-secure interrupt or a managed exit pending
else: (vice versa)
IRQ signals a foreign non-secure interrupt or a managed exit pending
FIQ signals a native interrupt pending

CFG_CORE_IRQ_IS_NATIVE_INTR replaces the places in the code where
CFG_ARM_GICV3 was used to configure how FIQ and IRQ was treated.

CFG_CORE_IRQ_IS_NATIVE_INTR is automatically configured according to
CFG_ARM_GICV3 if CFG_GIC == y. This prepares for other interrupt
controllers where it doesn't make sense to use CFG_ARM_GICV3.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: add thread_hvc()

Adds thread_hvc() which is the same as thread_smc() except that it uses
the HVC instruction instead of the SMC instruction. This is useful where
an SPMC at S-EL2 expects

core: arm: add thread_hvc()

Adds thread_hvc() which is the same as thread_smc() except that it uses
the HVC instruction instead of the SMC instruction. This is useful where
an SPMC at S-EL2 expects and HVC instead of SMC for certain functions.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce scall layer from svc parts

Introduces a scall layer by renaming various thread_svc* names and
_*handle_svc() functions and function pointers as a first step in doing
architecture neu

core: introduce scall layer from svc parts

Introduces a scall layer by renaming various thread_svc* names and
_*handle_svc() functions and function pointers as a first step in doing
architecture neutral syscall processing.

The name scall is used instead of syscall since the syscall_ prefix is
reserved for the functions implementing the actual syscall. While scall
is the infrastructure used to reach the syscall functions.

No files are renamed and removed at this stage. This patch doesn't
change any behaviour.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: thread: 32bit helpers thread_get_usr_lr()/thread_set_usr_lr()

Adds helper function thread_get_usr_lr() and thread_set_usr_lr() to
read and write CPU USR_LR banked register.

Reviewed-by:

core: arm: thread: 32bit helpers thread_get_usr_lr()/thread_set_usr_lr()

Adds helper function thread_get_usr_lr() and thread_set_usr_lr() to
read and write CPU USR_LR banked register.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: refactor spectre-v2 workarounds

Refactors the Spectre-V2 workarounds to make room for further workarounds.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wikl

core: refactor spectre-v2 workarounds

Refactors the Spectre-V2 workarounds to make room for further workarounds.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move thread_defs.h into thread.h

Moves the defines in core/arch/arm/include/kernel/thread_defs.h into
core/include/kernel/thread.h.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-

core: move thread_defs.h into thread.h

Moves the defines in core/arch/arm/include/kernel/thread_defs.h into
core/include/kernel/thread.h.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move thread_private.h to an include directory

Moves core/arch/arm/kernel/thread_private.h to a include directory to be
included as <kernel/thread_private.h>.

Reviewed-by: Jerome Forissier <je

core: move thread_private.h to an include directory

Moves core/arch/arm/kernel/thread_private.h to a include directory to be
included as <kernel/thread_private.h>.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: lpae: use "base table" naming instead of "l1 table"

This is a preparation for supporting base table
which is not level 1 (i.e. support level 0).
Tries not to change anything functional, but
ra

core: lpae: use "base table" naming instead of "l1 table"

This is a preparation for supporting base table
which is not level 1 (i.e. support level 0).
Tries not to change anything functional, but
rather just a renaming.
"base table" terminology is referenced from TF-A
Renamed CORE_MMU_L1_TBL_OFFSET -> CORE_MMU_BASE_TABLE_OFFSET
Added CORE_MMU_BASE_TABLE_LEVEL instead of hard-coded "1"
Added CORE_MMU_BASE_TABLE_SHIFT instead of hard-coded "30"
Few new defines were copied from TF-A xlat_tables_def.h,
like the existing XLAT related defines.

Signed-off-by: Izik Dubnov <izik@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: arm32: update thread_smc() for SMCCC v1.2

SMC Calling Convention v1.2 allows returning result in r4-r7 in addition
to the already used r0-r3. In thread_smc() we're not using r4-r7 to
return a

core: arm32: update thread_smc() for SMCCC v1.2

SMC Calling Convention v1.2 allows returning result in r4-r7 in addition
to the already used r0-r3. In thread_smc() we're not using r4-r7 to
return a result, but the normal function calling convention requires
r4-r7 to be preserved so save and restore them.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add thread_smccc()

Adds the assembly function thread_smccc() which loads the first 8
registers with the argument and executes an SMC or HVC instruction as
appropriate. The result in the first

core: add thread_smccc()

Adds the assembly function thread_smccc() which loads the first 8
registers with the argument and executes an SMC or HVC instruction as
appropriate. The result in the first 8 registers is then saved in
the argument struct.

With the new flag CFG_CORE_SEL2_SPMC configures OP-TEE to work with a
SPMC at S-EL2 instead of the dispatcher at EL3. The SMC instruction
should not be used when working with a SPMC, OP-TEE should instead use
the HVC instruction in such a configuration.

Without a SPMC at S-EL2 OP-TEE works with the dispatcher at EL3 with no
changes.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix icache_inv_user_range()

Prior to this patch with CFG_WITH_PAGER=y, CFG_WITH_LPAE=y and
CFG_CORE_UNMAP_CORE_AT_EL0=n icache_inv_user_range() crashes with a
prefetch abort due to TTBR0 being

core: fix icache_inv_user_range()

Prior to this patch with CFG_WITH_PAGER=y, CFG_WITH_LPAE=y and
CFG_CORE_UNMAP_CORE_AT_EL0=n icache_inv_user_range() crashes with a
prefetch abort due to TTBR0 being configured with an invalid value.
This happens due to an error in the ifdef logic using an uninitialized
register.

Fix this by using the correct register.

Fixes: c4a57390edef ("core: pager: use icache_inv_user_range()")
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: helper function to read 32bit usr_sp banked register

Helper function thread_get_usr_sp() allows Core threaded execution
to read usr_sp CPU register. This is needed as part of the secure
p

core: arm: helper function to read 32bit usr_sp banked register

Helper function thread_get_usr_sp() allows Core threaded execution
to read usr_sp CPU register. This is needed as part of the secure
partition execution context when a secure partition execution is
about to return to normal world.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: replace assembly directive .align with .balign

The assembly directive .align is replaced by .balign to harmonize with
the recently added align parameter of FUNC() and LOCAL_FUNC().

On the arm

core: replace assembly directive .align with .balign

The assembly directive .align is replaced by .balign to harmonize with
the recently added align parameter of FUNC() and LOCAL_FUNC().

On the arm architecture .align is number of low-order bits location
counter must have after advancement. While .balign always is advancement
to the next multiple of this number.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: correct alignment for exception vectors

The FUNC and LOCAL_FUNC macros changes section so specifying alignment
before the function will be lost. This may break for instance usage of
sm_vect_ta

core: correct alignment for exception vectors

The FUNC and LOCAL_FUNC macros changes section so specifying alignment
before the function will be lost. This may break for instance usage of
sm_vect_table, depending on configuration. Fix this by passing required
alignment as a parameter to the macro.

Fixes: a31e8303cf2e ("Remove '.section .text.<name>' and use function macros instead")
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm32: fold UNWIND(.fnstart/.fnend) into the FUNC macros

This change applies to arm32 assembler sources.

Instead of using UNWIND(.fnstart) after FUNC or LOCAL_FUNC and
UNWIND(.fnend) before END_FUN

arm32: fold UNWIND(.fnstart/.fnend) into the FUNC macros

This change applies to arm32 assembler sources.

Instead of using UNWIND(.fnstart) after FUNC or LOCAL_FUNC and
UNWIND(.fnend) before END_FUNC, let's fold these statements into the
FUNC macros.

The .fnstart/.fnend directives mark the start and end of a function
with an unwind table entry (.ARM.exidx) and therefore a function
without them has no entry and cannot be unwound. This means that a
stack dump (on abort or panic) would stop when reaching such a
function.

As a result of this patch, a small number of functions now have an
entry in the unwind table when they had none before (the functions
which were using FUNC or LOCAL_FUNC but had no .fnstart/.fnend). It was
almost always a bug and this pacth only increases the size of the
.ARM.exidx section by a few bytes (tested on QEMU).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

arm32: move the UNWIND() macro to <asm.S>

All the users of the UNWIND() macro include <asm.S> already, which is
therefore a good place to define this macro. Let's move it from
<kernel/unwind.h> to <

arm32: move the UNWIND() macro to <asm.S>

All the users of the UNWIND() macro include <asm.S> already, which is
therefore a good place to define this macro. Let's move it from
<kernel/unwind.h> to <asm.S>, remove a couple of duplicates in
assembler files, and drop the useless includes.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: simplify setting of THREAD_CLF_TMP

Simplifies the manipulation of THREAD_CLF_TMP in the per-core
structure thread_core_local:

- thread_clr_thread_core_local() sets the flag for all cores so t

core: simplify setting of THREAD_CLF_TMP

Simplifies the manipulation of THREAD_CLF_TMP in the per-core
structure thread_core_local:

- thread_clr_thread_core_local() sets the flag for all cores so that
init_secondary_helper() doesn't have to. It is renamed to
thread_init_thread_core_local().
- The flag remains set upon return to normal world, ready for the next
entry into secure world.
- The foreign_intr_handler macro sets the flag since it uses the
temporary stack.
- thread_core_local_set_tmp_stack_flag() is now unused and can be
removed.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutee, ldelf: add leading underscore to syscall wrappers

libutee defines assembler wrapper functions for each OP-TEE system call.
These wrappers have a utee_ prefix. This commit adds a leading
und

libutee, ldelf: add leading underscore to syscall wrappers

libutee defines assembler wrapper functions for each OP-TEE system call.
These wrappers have a utee_ prefix. This commit adds a leading
underscore so that the names cannot clash with user-defined symbols.
Doing so is common practice for "system" libraries, as defined by the C
standard in a set of requirements that can be summarized as follows
(excerpt from the GNU libc documentation [1]):

[R]eserved names include all external identifiers (global functions
and variables) that begin with an underscore (‘_’) and all identifiers
regardless of use that begin with either two underscores or an
underscore followed by a capital letter are reserved names. This is so
that the library and header files can define functions, variables, and
macros for internal purposes without risk of conflict with names in
user programs.

The utee_*() wrappers are internal to OP-TEE and are not supposed to be
called directly by TAs so this should not have any user-visible impact.

Link: [1] https://www.gnu.org/software/libc/manual/html_node/Reserved-Names.html
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: rename KEEP_INIT() and KEEP_PAGER()

The KEEP_INIT() and KEEP_PAGER() macros are quite often used in C files
immediately after the definition of a function or a structure without a
blank line i

core: rename KEEP_INIT() and KEEP_PAGER()

The KEEP_INIT() and KEEP_PAGER() macros are quite often used in C files
immediately after the definition of a function or a structure without a
blank line in between. This style mimics what the Linux kernel does for
a similar use cases: EXPORT_SYMBOL().

Unfortunately, the checkpatch.pl tool expects a blank line after
structure and function definitions, except for a few special cases such
as EXPORT_SYMBOL(). As a result we often get unwanted warnings when we
use KEEP_INIT() and KEEP_PAGER(). Among the exceptions are all words
starting with DECLARE_ or DEFINE_, so by renaming our macros we could
avoid the checkpatch warnings.

This commit renames KEEP_INIT() and KEEP_PAGER() to DECLARE_KEEP_INIT()
and DECLARE_KEEP_PAGER(), respectively. The assembler macros are also
renamed for consistency. No functional change is expected.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove '.section .text.<name>' and use function macros instead

Assembler functions are normally defined using the FUNC/LOCAL_FUNC
macros from <asm.S>. The macros takes care of several things, includ

Remove '.section .text.<name>' and use function macros instead

Assembler functions are normally defined using the FUNC/LOCAL_FUNC
macros from <asm.S>. The macros takes care of several things, including
putting the function in a specific section for later garbage collection
by the linker (--gc-sections).

A few files do not follow this convention, let's fix them. Two
functions in ghash-ce-core_a64.S (pmull_gcm_load_round_keys() and
pmull_gcm_aes_sub()) totally lack a .section directive, which I think
is a mistake. Fix them at the same time.

No functional change is expected.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: core_mmu_v7.c: set TTBCR_PD1 in reduced mappings

When using reduced mappings set TTBCR_PD1 in order to disable table
walks using TTBR1 which holds the OP-TEE Core mappings. This saves us
from

core: core_mmu_v7.c: set TTBCR_PD1 in reduced mappings

When using reduced mappings set TTBCR_PD1 in order to disable table
walks using TTBR1 which holds the OP-TEE Core mappings. This saves us
from keeping an empty L1 translation table (16 KiB) with
CFG_CORE_UNMAP_CORE_AT_EL0=y.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: get svc handler from the context of current session

Instead of a single global syscalls definition, get the syscall handler
function from the context of current active session.

An extra optio

core: get svc handler from the context of current session

Instead of a single global syscalls definition, get the syscall handler
function from the context of current active session.

An extra optional (mandatory for user mode TAs) function pointer is
added to struct tee_ta_ops, handle_svc, which handles the syscall.

tee_svc_handler() is split into a generic thread_svc_handler() which is
put in kernel/thread.c. The user TA specific part is put in
user_ta_handle_svc() which is kept in tee/arch_svc.c but made available
via the new .handle_svc function pointer of struct tee_ta_ops.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: thread_enter_user_mode(): avoid leaking register content

Prior to this patch not all registers passed to user mode where assigned
a new value. This allows user mode to see the value of some re

core: thread_enter_user_mode(): avoid leaking register content

Prior to this patch not all registers passed to user mode where assigned
a new value. This allows user mode to see the value of some registers
used by Core. With this patch all general purpose registers available in
user mode are either cleared or assigned a value.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...