mmu: add locking for OP-TEE address space manipulation

core_mmu_(un)map_pages() functions can be called in multiple threads
simultaneously and there is no protection against races.

This patch adds

mmu: add locking for OP-TEE address space manipulation

core_mmu_(un)map_pages() functions can be called in multiple threads
simultaneously and there is no protection against races.

This patch adds spinlock that ensures that only one core will alter
pagetables at a time.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-ls: move to generic RAM layout

Move default secure and non-secure Optee memory locations from
platform_config.h to conf.mk using header generic_ram_layout.h.

ls1021atwr:
- Secure RAM [bc00.000

plat-ls: move to generic RAM layout

Move default secure and non-secure Optee memory locations from
platform_config.h to conf.mk using header generic_ram_layout.h.

ls1021atwr:
- Secure RAM [bc00.0000 bfe0.0000[ configurable.
- Static SHM [bfe0.0000 bff0.0000[ configurable.

ls1021aqds:
- Secure RAM [fc00.0000 ffe0.0000[ configurable.
- Static SHM [ffe0.0000 ffff.ffff] configurable.

ls1012ardb:
- Secure RAM [bc00.0000 bfe0.0000[ configurable.
- Static SHM [bfe0.0000 c000.0000[ configurable.

ls1043ardb:
- Secure RAM [fc00.0000 ffe0.0000[ configurable.
- Static SHM [bfe0.0000 c000.0000[ configurable.

ls1046ardb:
- Secure RAM [fc00.0000 ffe0.0000[ configurable.
- Static SHM [bfe0.0000 c000.0000[ configurable.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

core: add ELF identifier after memory region when dumping TA state

Update the TA exception/panic dump to add an identifier after each memory
region used to map an ELF section. Here is an example wit

core: add ELF identifier after memory region when dumping TA state

Update the TA exception/panic dump to add an identifier after each memory
region used to map an ELF section. Here is an example with a TA linked
against two dynamic libraries ("E/TC:0" prefix removed):

TA panicked with code 0x0
Status of TA 93038f64-871d-4773-b1f5-878697745eee (0xe17fe00) (active)
arch: arm load address: 0x103000 ctx-idr: 2
stack: 0x102000 4096
region 0: va 0x100000 pa 0xe100000 size 0x1000 flags ---R-X
region 1: va 0x102000 pa 0xe318000 size 0x1000 flags rw-RW-
region 2: va 0x103000 pa 0xe300000 size 0xd000 flags r-x--- [0]
region 3: va 0x110000 pa 0xe30d000 size 0xb000 flags rw---- [0]
region 4: va 0x11b000 pa 0xe319000 size 0x1000 flags r-x--- [1]
region 5: va 0x12b000 pa 0xe329000 size 0x1000 flags rw---- [1]
region 6: va 0x12c000 pa 0xe32a000 size 0x1000 flags r-x--- [2]
region 7: va 0x13c000 pa 0xe33a000 size 0x1000 flags rw---- [2]
region 8: va 0x13d000 pa 0xe33b000 size 0x1000 flags r-----
[0] 93038f64-871d-4773-b1f5-878697745eee @ 0x103000
[1] 7814a949-e967-421c-8838-04f7ee1c5744 @ 0x11b000
[2] 14c7f8d4-0202-4bfe-b4ca-ab6eca303169 @ 0x12c000
Call stack:
0x00103628
0x00109591
0x0011b36d
0x00103041
0x00103245
0x0010334d
0x0010348b
0x001035df

Index [0] points to the main executable while higher values identify
libraries.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: map consolidated EXIDX table after libraries

The ELF loader may leave some unused VA space between segments. It is a
consequence of the alignment constraints in the ELF file.
When mappi

core: arm32: map consolidated EXIDX table after libraries

The ELF loader may leave some unused VA space between segments. It is a
consequence of the alignment constraints in the ELF file.
When mapping the consolidated EXIDX table, we do not specify an address
and let vm_map() choose the first available space instead. As a result,
EXIDX may be inserted into the (unused) VA space of a library.
While this seems to be valid, it may be a bit misleading.

This patch moves the new EXIDX table after the ELF binaries.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dynamically linked TAs: fix segment mapping

The way each library segment is assigned a virtual address is incorrect.
It results in interleaved segments. In other words, we may find in
ascendin

core: dynamically linked TAs: fix segment mapping

The way each library segment is assigned a virtual address is incorrect.
It results in interleaved segments. In other words, we may find in
ascending VA order: one segment belonging to library A, then one segment
from library B, then again one segment from library A.
In that context, the concept of a "library load address" is quite
meaningless, which will cause problems when running tools such as
addr2line.

Fix the issue by deriving the load address of a new ELF from the highest
VA in the previous ELF.

Fixes: c27907e1bc5a ("core: arm32: add support for dynamically linked TAs")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove user_ta_elf::is_main

The 'is_main' boolean in struct user_ta_elf is used in a single
function: load_elf_from_store(). At this point we have another way of
determining if the ELF we're l

core: remove user_ta_elf::is_main

The 'is_main' boolean in struct user_ta_elf is used in a single
function: load_elf_from_store(). At this point we have another way of
determining if the ELF we're loading is the main executable or not.
Therefore, user_ta_elf::is_main is not really needed. Remove it.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove license notice from STMicroelectronics files

Since a while the source files license info are defined by SPDX
identifiers. We can safely remove the verbose license text from the
files that are

Remove license notice from STMicroelectronics files

Since a while the source files license info are defined by SPDX
identifiers. We can safely remove the verbose license text from the
files that are owned by either only STMicroelectronics or only both
Linaro and STMicroelectronics.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core_self_tests.c: add more SUB_OVERFLOW() tests

Adds more SUB_OVERFLOW() tests involving larger than 32-bit types and
mixed types.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed

core_self_tests.c: add more SUB_OVERFLOW() tests

Adds more SUB_OVERFLOW() tests involving larger than 32-bit types and
mixed types.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core_self_tests.c: add more ADD_OVERFLOW() tests

Adds more ADD_OVERFLOW() tests involving larger than 32-bit types and
mixed types.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed

core_self_tests.c: add more ADD_OVERFLOW() tests

Adds more ADD_OVERFLOW() tests involving larger than 32-bit types and
mixed types.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-mediatek: support generic RAM layout

Move default secure and non-secure Optee memory locations from
platform_config.h to conf.mk using the generic_ram_layout.

Signed-off-by: Etienne Carriere <

plat-mediatek: support generic RAM layout

Move default secure and non-secure Optee memory locations from
platform_config.h to conf.mk using the generic_ram_layout.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

plat-hikey: support generic RAM layout

Move default secure and non-secure Optee memory locations from
platform_config.h to conf.mk using the generic_ram_layout.

Signed-off-by: Etienne Carriere <eti

plat-hikey: support generic RAM layout

Move default secure and non-secure Optee memory locations from
platform_config.h to conf.mk using the generic_ram_layout.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)

show more ...

plat-d02: support generic RAM layout

Move default secure and non-secure Optee memory locations from
platform_config.h to conf.mk using the generic_ram_layout.

Signed-off-by: Etienne Carriere <etien

plat-d02: support generic RAM layout

Move default secure and non-secure Optee memory locations from
platform_config.h to conf.mk using the generic_ram_layout.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (D02)

show more ...

plat-stm: support generic RAM layout

Legacy stm platforms build env set CFG_DDR_TEETZ_RESERVED_START/_SIZE
and CFG_CORE_TZSRAM_EMUL_START/_SIZE. This change converts these into
CFG_TZxRAM_START/_SIZ

plat-stm: support generic RAM layout

Legacy stm platforms build env set CFG_DDR_TEETZ_RESERVED_START/_SIZE
and CFG_CORE_TZSRAM_EMUL_START/_SIZE. This change converts these into
CFG_TZxRAM_START/_SIZE and CFG_SHMEM_START/_SIZE from the platform
conf.mk.

Introduce stm platform specific configuration directive
CFG_STM_RSV_DRAM_STARTBYTES to carve out reserved bottom DDR from
REE main memory. Remove CFG_DDR_SECURE_BASE which is no more required.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2120, b2260)

show more ...

core: generic RAM layout

Include mm/generic_ram_layout.h at top of platform_config.h to
to get the TEE_RAM_*, TEE_TA_*, TEE_SHMEM_*, etc... defined from
generic configuration directives.

See descri

core: generic RAM layout

Include mm/generic_ram_layout.h at top of platform_config.h to
to get the TEE_RAM_*, TEE_TA_*, TEE_SHMEM_*, etc... defined from
generic configuration directives.

See description from generic_ram_layout.h head comments.

Suggested-by: Jordan Rhee <jordanrh@microsoft.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

arm32: stack unwinding for dynamically linked TAs

Update the ELF loader so that TAs that contain multiple ELF binaries
have a valid exception index table (EXIDX). This table is the entry
point for t

arm32: stack unwinding for dynamically linked TAs

Update the ELF loader so that TAs that contain multiple ELF binaries
have a valid exception index table (EXIDX). This table is the entry
point for the call stack unwinding code. When a TA uses shared
libraries, we create a new EXIDX table by joining all the tables found
in each ELF and patching them to account for the new table address.
Information about the ARM unwind tables can be found in [1].

Link: [1] https://wiki.linaro.org/KenWerner/Sandbox/libunwind?action=AttachFile&do=get&target=libunwind-LDS.pdf
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-imx: implement PL310 SMC protocol

When Windows runs in normal world, it expects the PL310 to be initially
disabled, and then invokes SMCs to enable it.
When CFG_PL310_SIP_PROTOCOL=y, the L2 cac

plat-imx: implement PL310 SMC protocol

When Windows runs in normal world, it expects the PL310 to be initially
disabled, and then invokes SMCs to enable it.
When CFG_PL310_SIP_PROTOCOL=y, the L2 cache will be left untouched until
the OS enables it.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Jordan Rhee <jordanrh@microsoft.com>
Tested-by: Jordan Rhee <jordanrh@microsoft.com>

show more ...

plat-ls: consume CFG_SECONDARY_INIT_CNTFRQ

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Jordan Rhee <jordanrh@microsoft.com>

core: add CFG_SECONDARY_INIT_CNTFRQ

Add configuration option to initialize CNTFRQ on secondary cores
to the same value as the primary core.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
S

core: add CFG_SECONDARY_INIT_CNTFRQ

Add configuration option to initialize CNTFRQ on secondary cores
to the same value as the primary core.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Jordan Rhee <jordanrh@microsoft.com>

show more ...

core_self_tests:.c: add SUB_OVERFLOW() test

Add a test that fails with GCC 4.9.4 (Linaro GCC 4.9-2017.01) [1] with the
original overflow macros prior to commit 86ab9ffe82c6 ("util: fix fallback
SUB_

core_self_tests:.c: add SUB_OVERFLOW() test

Add a test that fails with GCC 4.9.4 (Linaro GCC 4.9-2017.01) [1] with the
original overflow macros prior to commit 86ab9ffe82c6 ("util: fix fallback
SUB_OVERFLOW() macro").

Link: [1] http://releases.linaro.org/components/toolchain/binaries/4.9-2017.01/arm-linux-gnueabihf/gcc-linaro-4.9.4-2017.01-x86_64_arm-linux-gnueabihf.tar.xz
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core_self_tests:.c: add ADD_OVERFLOW() test

Add a test that fails with GCC 4.9.4 (Linaro GCC 4.9-2017.01) [1] with the
original overflow macros prior to commit 2b30433772af ("util: fix fallback
ADD_

core_self_tests:.c: add ADD_OVERFLOW() test

Add a test that fails with GCC 4.9.4 (Linaro GCC 4.9-2017.01) [1] with the
original overflow macros prior to commit 2b30433772af ("util: fix fallback
ADD_OVERFLOW() macro").

Link: [1] http://releases.linaro.org/components/toolchain/binaries/4.9-2017.01/arm-linux-gnueabihf/gcc-linaro-4.9.4-2017.01-x86_64_arm-linux-gnueabihf.tar.xz
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: add support for dynamically linked TAs

This commit adds support for 32-bit dynamically linked Trusted
Applications. The config flag for this feature is CFG_TA_DYNLINK,
default enabled.

core: arm32: add support for dynamically linked TAs

This commit adds support for 32-bit dynamically linked Trusted
Applications. The config flag for this feature is CFG_TA_DYNLINK,
default enabled.

Why do this? Several reasons:

1. Save space in the TA storage area. The OP-TEE core libraries
(libutee, libutils, libmpa) could very well be provided as shared
objects (.so) rather than archive files (.a). They would be installed
only once in the TA storage, instead of being duplicated inside each TA.
2. Allow upgrade of some libraries without re-linking the TAs.
3. Pave the way to sharing code pages between TAs, thus potentially
reducing the memory footprint of the TEE.

The ELF loader is updated as follows:

- Locate the dynamic section in the program headers (PT_DYNAMIC entry).
- Find the required external libraries by looking for DT_NEEDED entries
in the dynamic section. Libraries are .so files signed like TAs and
identified by a UUID so that the TA stores can be re-used. Using a UUID
is also more flexible, because a new versions of a library may keep the
same UUID or use another one.
- Load all the libraries.
- Process the dynamic relocations of type R_ARM_GLOB_DAT and
R_ARM_JUMP_SLOT by resolving symbols by name, in breadth first order.
- Map the library code and data into the user VA space.

The stack unwinding code will be updated in a later commit. As a result
only the main executable may be unwound ; stack dumps will stop if the
call stack goes inside a shared library.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960 32/64)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: arm32: do not unwind TA stack if .ARM.exidx is not present

If a TA has no exception index table (.ARM.exidx section), it is not
rejected by the loader but it cannot be unwound. Therefore, the

core: arm32: do not unwind TA stack if .ARM.exidx is not present

If a TA has no exception index table (.ARM.exidx section), it is not
rejected by the loader but it cannot be unwound. Therefore, the unwind
code should detect this condition to avoid crashing a bit further down.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

plat-rockchip: move some CFG_'s from platform_config.h to conf.mk

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

core: move CFG_TEE_CORE_NB_CORE to conf.mk for various platforms

Update platforms d02, rcar, sam, hikey, mediatek, poplar, rpi3, sprd,
zynqmp and marvell.

These platforms no more defines CFG_ confi

core: move CFG_TEE_CORE_NB_CORE to conf.mk for various platforms

Update platforms d02, rcar, sam, hikey, mediatek, poplar, rpi3, sprd,
zynqmp and marvell.

These platforms no more defines CFG_ configuration directives as
NB_CORE was the last remaining one.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

plat-vexpress: move CFG_TEE_CORE_NB_CORE to platform conf.mk

Aggregate juno config.
Use same platform ordering in conf.mk and platform_config.h.

Signed-off-by: Etienne Carriere <etienne.carriere@li

plat-vexpress: move CFG_TEE_CORE_NB_CORE to platform conf.mk

Aggregate juno config.
Use same platform ordering in conf.mk and platform_config.h.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...