link.mk: generate version.o in link-out-dir

When source code is piped to compiler, then the
current working directory is left into debug
data. If the working directory is not the output
directory, t

link.mk: generate version.o in link-out-dir

When source code is piped to compiler, then the
current working directory is left into debug
data. If the working directory is not the output
directory, then mappings which strip absolute output
directory paths don't work.

Removes absolute build time paths from version.o
debug info.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>

show more ...

link.mk: use CFLAGS with version.o

Should be used by all compilations.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>

core: riscv: Translate to PA when allocating PGT with MMU enabled

If MMU is enabled, core_mmu_pgt_alloc() returns virtual address of PGT
instead of physical address. Thus, it leads to some errors wh

core: riscv: Translate to PA when allocating PGT with MMU enabled

If MMU is enabled, core_mmu_pgt_alloc() returns virtual address of PGT
instead of physical address. Thus, it leads to some errors when we
invoke pa_to_ppn() with returned PGT which is actually the virtual
address of that PGT.

Fix it by checking whether MMU is enabled or not. If MMU is enabled, we
translate the returned PGT to its physical address.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: make generic notifications virtualization-aware

Makes the generic notification handling aware of virtualization. Atomic
events are delivered with a guest_id parameter and asynchronous
notifica

core: make generic notifications virtualization-aware

Makes the generic notification handling aware of virtualization. Atomic
events are delivered with a guest_id parameter and asynchronous
notifications are started per guest_id.

struct notif_data is added as guest specific data to be able to track if
notifications are started for a guest.

While this patch compiles it doesn't work as intended without patches
handling the ABI specific side of things.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: Improve the trap handler

In current RISC-V trap handler, we always save the context into struct
thread_trap_regs first, and copy the saved context into another specific
structure to han

core: riscv: Improve the trap handler

In current RISC-V trap handler, we always save the context into struct
thread_trap_regs first, and copy the saved context into another specific
structure to handle that trap. For example, thread_user_ecall_handler()
copies the struct thread_trap_regs to be struct thread_scall_regs before
handling this system call. In fact, such copies may drop the performance
and they should be eliminated.

In this commit, the specific data structure used to save the context is
determined early in the trap handler by checking the type of the trap
from CSR XCAUSE. Thus, the copies between context structures are
eliminated.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Tested-by: Yu Chien Peter Lin <peterlin@andestech.com>
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: fix race condition on TA/PTA/StMM context loading

Fix race condition on creation of a context for single instance TAs,
PTAs or StMM application. Such race condition could occur and lead to
dup

core: fix race condition on TA/PTA/StMM context loading

Fix race condition on creation of a context for single instance TAs,
PTAs or StMM application. Such race condition could occur and lead to
duplicated contexts if connected close enough that they are created
after tee_ta_init_session() calls tee_ta_init_session_with_context()
and before the context are added in the centralized context list.

This is realized by keeping tee_ta_mutex held while tee_ctxes list is
looked up for matching a context or a new context is added into that
list with its .is_initializing field activated. For that purpose
user TA and StMM application initialization function are split in
2 functions, the 2nd one used to finalizes the context creation
started in the 1st function.

By the way, add inline description comments and fix indentation issues
in uaer_ta.h and remove the inline comment in pseudo_ta.c that refers
to TA loading whereas the function relates to PTA contexts creation.

Closes: https://github.com/OP-TEE/optee_os/issues/6801
Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

riscv: plat-virt: switch to dynamic shared memory

Enable dynamic shared memory for QEMU virt machine.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@an

riscv: plat-virt: switch to dynamic shared memory

Enable dynamic shared memory for QEMU virt machine.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: Add a reserved-memory node for static shared memory

To prevent Linux from using static shared memory, include the
dedicated reserved-memory node in the device tree.

Signed-off-by: Alvi

core: riscv: Add a reserved-memory node for static shared memory

To prevent Linux from using static shared memory, include the
dedicated reserved-memory node in the device tree.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: Fix store 32-bit thread_core_local flags

The thread_core_local flags is a 32-bit variable. Thus, we must
explicitly use "sw" instruction, which means store 32-bit value into
specific me

core: riscv: Fix store 32-bit thread_core_local flags

The thread_core_local flags is a 32-bit variable. Thus, we must
explicitly use "sw" instruction, which means store 32-bit value into
specific memory address, to operate the thread_core_local flags.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

riscv: plat-virt: Enable CFG_HWRNG_PTA

Enable CFG_HWRNG_PTA with the implementation of the RISC-V
Zkr driver which provides the hardware entropy source.

Signed-off-by: Alvin Chang <alvinga@andestec

riscv: plat-virt: Enable CFG_HWRNG_PTA

Enable CFG_HWRNG_PTA with the implementation of the RISC-V
Zkr driver which provides the hardware entropy source.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Add seed CSR detection helper

Any attempted access to unimplemented or restricted CSRs will
raise an illegal instruction, so we can set up a temporary
trap handler to validate if the us

core: riscv: Add seed CSR detection helper

Any attempted access to unimplemented or restricted CSRs will
raise an illegal instruction, so we can set up a temporary
trap handler to validate if the use of CSRs is allowed in
the privileged mode where OP-TEE OS is running. Add a helper
for this specific purpose.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Prepare SATP for each hart

To support multiple harts environment, we have allocated root page table
for each hart. Further more, we need to prepare value of CSR SATP, which
holds the ph

core: riscv: Prepare SATP for each hart

To support multiple harts environment, we have allocated root page table
for each hart. Further more, we need to prepare value of CSR SATP, which
holds the physical page number (PPN) of the root page table, for each
hart.

This commit enlarges the "struct core_mmu_config" for RISC-V
architecture to hold the value of CSR SATP for all the harts. In early
boot stage, each hart should initialize its CSR SATP from "struct
core_mmu_config".

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: Allocate root page table for each hart

To support multiple hart environment, each hart must have its dedicated
root page table. This commit enlarges the root page table. Also, when
the

core: riscv: Allocate root page table for each hart

To support multiple hart environment, each hart must have its dedicated
root page table. This commit enlarges the root page table. Also, when
the primary hart initializes the page table, we also copy the contents
of its root page table to the secondary harts' root page tables.
Therefore, all the harts have initial page tables at the boot time.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: replace REGISTER_TIME_SOURCE()

Remove REGISTER_TIME_SOURCE() and implement tee_time_get_sys_time() and
tee_time_get_sys_time_protection_level() directly in the file where
REGISTER_TIME_SOURCE(

core: replace REGISTER_TIME_SOURCE()

Remove REGISTER_TIME_SOURCE() and implement tee_time_get_sys_time() and
tee_time_get_sys_time_protection_level() directly in the file where
REGISTER_TIME_SOURCE() was used previously.

By avoiding indirect calls the linker can optimize the dependency tree
properly and we can remove the DECLARE_KEEP_PAGER() directive needed for
arm_cntpct_time_source.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: Apply SM-based boot flow for secondary harts

When the system adopts M-mode secure monitor based solution, the
secondary harts need to hand over the control back to the secure
monitor af

core: riscv: Apply SM-based boot flow for secondary harts

When the system adopts M-mode secure monitor based solution, the
secondary harts need to hand over the control back to the secure
monitor after the initial boot sequence. Add related code for this
purpose.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Do not restrict primary hart to hart ID 0 only

The ID of primary hart should not be restricted to zero. Thus,
determining primary hart and secondart harts by zero hart ID is not
feasibl

core: riscv: Do not restrict primary hart to hart ID 0 only

The ID of primary hart should not be restricted to zero. Thus,
determining primary hart and secondart harts by zero hart ID is not
feasible.

We refer to RISC-V linux kernel [1] to fix this issue, by adding a
"hart_lottery" variable. The first hart who enters OP-TEE will win the
lottery, atomically increment this variable, and be the primary hart.
Other harts enter OP-TEE later won't win the lottery, so they execute
the secondary boot sequence.

[1]:
https://github.com/torvalds/linux/blob/v6.7/arch/riscv/kernel/head.S#L244

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Change the condition of communication with untrusted domain

Use CFG_RISCV_WITH_M_MODE_SM to determine if OP-TEE uses M-mode secure
monitor based solution to communicate with the untruse

core: riscv: Change the condition of communication with untrusted domain

Use CFG_RISCV_WITH_M_MODE_SM to determine if OP-TEE uses M-mode secure
monitor based solution to communicate with the untrusetd domain.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

riscv: plat-virt: Set CFG_RISCV_WITH_M_MODE_SM as 'y'

In RISC-V QEMU virtual platform, OP-TEE OS uses M-mode secure monitor
based solution to communicate with the untrusted domain. Therefore, set
CF

riscv: plat-virt: Set CFG_RISCV_WITH_M_MODE_SM as 'y'

In RISC-V QEMU virtual platform, OP-TEE OS uses M-mode secure monitor
based solution to communicate with the untrusted domain. Therefore, set
CFG_RISCV_WITH_M_MODE_SM to 'y' in its configuration file.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Add CFG_RISCV_WITH_M_MODE_SM and dependency checking

OP-TEE may communicate with the untrusted domain by different solutions,
such as M-mode secure monitor based solution, or direct mes

core: riscv: Add CFG_RISCV_WITH_M_MODE_SM and dependency checking

OP-TEE may communicate with the untrusted domain by different solutions,
such as M-mode secure monitor based solution, or direct messaging based
solution. This commit adds CFG_RISCV_WITH_M_MODE_SM to indicate that
OP-TEE uses M-mode secure monitor based solution for the communication.

The CFG_RISCV_WITH_M_MODE_SM should depend on CFG_RISCV_S_MODE and
CFG_RISCV_SBI, since we are using "ecall" to trap into M-mode secure
monitor.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Apply mask/unmask exceptions when operating page table

Add missing thread_{mask/unmask}_exceptions() when we operate the page
table. This is referenced from ARM architecture.

Signed-of

core: riscv: Apply mask/unmask exceptions when operating page table

Add missing thread_{mask/unmask}_exceptions() when we operate the page
table. This is referenced from ARM architecture.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Apply STATUS helper for RPC resume

Since RPC resume is a kind of exception return, we invoke
xstatus_for_xret() to prepare the CSR STATUS for exception return. But
the actual value of S

core: riscv: Apply STATUS helper for RPC resume

Since RPC resume is a kind of exception return, we invoke
xstatus_for_xret() to prepare the CSR STATUS for exception return. But
the actual value of STATUS when calling thread_rpc() is still saved in
stack. This is to unify the behavior between RPC suspend and resume.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Apply exception return to handle_user_mode_panic()

Now thread_exit_user_mode() executes exception return to kernel mode.
Invoke xstatus_for_xret() helper function to prepare CSR STATUS

core: riscv: Apply exception return to handle_user_mode_panic()

Now thread_exit_user_mode() executes exception return to kernel mode.
Invoke xstatus_for_xret() helper function to prepare CSR STATUS for
exception return.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Refine thread trap handler

In order to support SMP, we made change on CSR SCRATCH from kernel stack
pointer to be kernel TP(thread_core_local). So that we can get TP from
SCRATCH easily

core: riscv: Refine thread trap handler

In order to support SMP, we made change on CSR SCRATCH from kernel stack
pointer to be kernel TP(thread_core_local). So that we can get TP from
SCRATCH easily in trap handler when the thread is in user mode. We also
save/restore CSR IE, kernel GP and SP so that we can handle task
migration to another hart.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Refine thread enter/exit user mode

Now when thread is in user mode, the kernel TP is saved into CSR SCRATCH
instead of into kernel stack. The IE is also considered since it
contains mas

core: riscv: Refine thread enter/exit user mode

Now when thread is in user mode, the kernel TP is saved into CSR SCRATCH
instead of into kernel stack. The IE is also considered since it
contains masks of different exceptions.

Apply exception return to thread_exit_user_mode() to let hart correctly
back to kernel mode from exception.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Apply exception return to resume thread

In current implementation, the thread is resumed by function return. It
is not suitable for all scenarios, especially when the thread should be
r

core: riscv: Apply exception return to resume thread

In current implementation, the thread is resumed by function return. It
is not suitable for all scenarios, especially when the thread should be
resumed to user mode. The kernel mode can not return to user mode by
pure function return.

This commit applies exception return to resume the thread. The EPC and
IE are added into thread context. The xstatus_for_xret() helper function
is added to prepare the value of CSR STATUS for exception return.
Currently we only consider PIE(previous interrupt-enable) and
PP(previous privilege mode) for exception return.

We clear thread context when the context is reinitialized, enable native
interrupt, and setup kernel GP/TP. The thread_resume() now takes care of
restoring CSR EPC, STATUS, IE, SCRATCH and all general-purpose
registers. Finally it executes exception return to target privilege mode
encoded in CSR STATUS. The registers GP and TP are also restored since
user mode may use them.

This commit also modify the usage of CSR SCRATCH. In current
implementation the SCRATCH is used to save kernel stack pointer when the
thread is in user mode. The value of TP, which stores thread_core_local
structure, is saved into kernel stack before entering user mode. The
trap handler can then get TP(thread_core_local) from kernel stack. This
is not suitable for SMP system, since the thread might be resumed to
another core, and that core gets wrong TP from kernel stack. Fix it by
directly storing TP into CSR SCRATCH.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...