core: generic boot: tag paging access

When pager is enabled tag needed ranges accordingly.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@

core: generic boot: tag paging access

When pager is enabled tag needed ranges accordingly.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: generic boot: move init_asan()

Moves the section covered by #ifdef CFG_CORE_SANITIZE_KADDRESS to above
the #ifdef CFG_WITH_PAGER section to be able to later initialize address
sanitizer with p

core: generic boot: move init_asan()

Moves the section covered by #ifdef CFG_CORE_SANITIZE_KADDRESS to above
the #ifdef CFG_WITH_PAGER section to be able to later initialize address
sanitizer with pager enabled.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: thread: asan tag paged stacks

Tags paged stacks as accessible.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: pager: carve out asan shadow range

Carves out address sanitizer range used for bookkeeping.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wik

core: pager: carve out asan shadow range

Carves out address sanitizer range used for bookkeeping.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: asan adoptions

Tag temporary or allocated memory ranges to allow new accesses.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander

core: pager: asan adoptions

Tag temporary or allocated memory ranges to allow new accesses.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: kern.ld.S: put constructors in init

Makes sure that constructor functions are in the init section to be
available during initialization of OP-TEE.

Acked-by: Etienne Carriere <etienne.car

core: arm: kern.ld.S: put constructors in init

Makes sure that constructor functions are in the init section to be
available during initialization of OP-TEE.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core; add MEM_AREA_TEE_ASAN

Adds MEM_AREA_TEE_ASAN which is used when pager is enabled to map the
memory used by the address sanitizer if enabled.

Currently this only works in configurations with t

core; add MEM_AREA_TEE_ASAN

Adds MEM_AREA_TEE_ASAN which is used when pager is enabled to map the
memory used by the address sanitizer if enabled.

Currently this only works in configurations with the pager where
emulated SRAM is used.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: bugfix set_alias_area()

Fixes set_alias_area() to only take the supplied area, prior to this
the final page would have been included too.

Reviewed-by: Etienne Carriere <etienne.carrier

core: pager: bugfix set_alias_area()

Fixes set_alias_area() to only take the supplied area, prior to this
the final page would have been included too.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace struct prng_ops with function interface

Adds crypto_rng_add_entropy() and crypto_rng_read() replacing
struct prng_ops in crypto_ops.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.o

Replace struct prng_ops with function interface

Adds crypto_rng_add_entropy() and crypto_rng_read() replacing
struct prng_ops in crypto_ops.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: reset_secondary() set reset vector

Sets reset vector in reset_secondary() to trap unexpected exceptions.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wik

core: arm32: reset_secondary() set reset vector

Sets reset vector in reset_secondary() to trap unexpected exceptions.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU v7/v8)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: replace _start with reset() function

Renames _start to reset_vect_table and renames reset() to _start() in
order to avoid pulling in too much unpaged code via
reset_secondary()/cpu_on_h

core: arm32: replace _start with reset() function

Renames _start to reset_vect_table and renames reset() to _start() in
order to avoid pulling in too much unpaged code via
reset_secondary()/cpu_on_handler().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Keep assembly functions in separate sections

To get a more fine grained selection of which area (init, paged,
unpaged) an assembly function is assigned do the equivalent of
-ffunction-sections but i

Keep assembly functions in separate sections

To get a more fine grained selection of which area (init, paged,
unpaged) an assembly function is assigned do the equivalent of
-ffunction-sections but in assembly.

Some functions has to be in specific places in the binary for a
successful boot, link script is updated accordingly.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: thread_set_und_sp(): correct end tag

Sets correct end tag for thread_set_und_sp()

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklan

core: arm32: thread_set_und_sp(): correct end tag

Sets correct end tag for thread_set_und_sp()

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: psci: pass nsec ctx to system_suspend

In the commit 732fc43(core: arm: psci: pass nsec ctx to psci), we have
done the job, but we forgot to follow it in the later commit 1d40eb8
(core: ar

core: arm: psci: pass nsec ctx to system_suspend

In the commit 732fc43(core: arm: psci: pass nsec ctx to psci), we have
done the job, but we forgot to follow it in the later commit 1d40eb8
(core: arm: sm: add PSCI system suspend), fix it in this patch.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Zeng Tao <prime.zeng@hisilicon.com>

show more ...

pta: change DMSG to FMSG for invoke in pta/SDP

When running the default configuration SDP spams a lot:
DEBUG: [0x0] TEE-CORE:invoke_command:338: command entry point
for pseudo t

pta: change DMSG to FMSG for invoke in pta/SDP

When running the default configuration SDP spams a lot:
DEBUG: [0x0] TEE-CORE:invoke_command:338: command entry point
for pseudo ta "invoke_tests.pta"
...

By changing from DMSG to FMSG this will not flood the console anymore.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

entry_std.c: Initialize num_params to fix gcc warning

Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

thread.c: free rpc arg mobj during cache disabling

Mobj, containing memory for RPC arguments was not deleted
when client disabled argument cache. That would lead
to resource leak.

Signed-off-by: Vo

thread.c: free rpc arg mobj during cache disabling

Mobj, containing memory for RPC arguments was not deleted
when client disabled argument cache. That would lead
to resource leak.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

hikey, hikey960: enable dynamic shared memory

Enables dynamic shared memory by registering the non-secure memory
range in plat-hikey/main.c.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro

hikey, hikey960: enable dynamic shared memory

Enables dynamic shared memory by registering the non-secure memory
range in plat-hikey/main.c.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add v2p/p2v tests in embedded tests

Use the invocation test pseudo TA to test virt_to_phys and
phys_to_virt conversions over TA memory reference parameters.

Convert in MEM_AREA_TA_VASPACE mem

core: add v2p/p2v tests in embedded tests

Use the invocation test pseudo TA to test virt_to_phys and
phys_to_virt conversions over TA memory reference parameters.

Convert in MEM_AREA_TA_VASPACE memory when pTA client is a TA.
Otherwise if means pTA client is in the non-secure world and
the memref parameters are mapped straight to TEE core. Try in
the static SHM, SDP memory and in the dynamic SHM.

Several configuration aside pager can make phys_to_virt() failing
to find an existing valid virtual address. When so, do not report
an error to the client.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemus, b2260)

show more ...

core:mmu: privileged land pa2va is not supported in dynamic SHM

Implementation currently does not support finding a mapped virtual
memory address in the dynamic SHM range from a physical address.

T

core:mmu: privileged land pa2va is not supported in dynamic SHM

Implementation currently does not support finding a mapped virtual
memory address in the dynamic SHM range from a physical address.

This change prevents phys_to_virt() from producing a faulty
virtual address when dealing with dynamic SHM virtual address range.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core:debug: add verbosity when pa/va do not match

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

core:mmu: fix userland pa2va conversion

When dealing with a memory object that are physically granulated,
looking for a matching physical page requires to test each granule
of the memory object.

Si

core:mmu: fix userland pa2va conversion

When dealing with a memory object that are physically granulated,
looking for a matching physical page requires to test each granule
of the memory object.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core:mmu: fix userland va2pa conversion

This change takes care that the offset in granule of the target
address to be converted is not added twice when computing the
address physical page based on t

core:mmu: fix userland va2pa conversion

This change takes care that the offset in granule of the target
address to be converted is not added twice when computing the
address physical page based on the memory object reference.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core:unwind: check user context on stack print of panicked TAs

This change checks that the userland context pointer is valid before
reading its content.

Note that this change only lowers the chance

core:unwind: check user context on stack print of panicked TAs

This change checks that the userland context pointer is valid before
reading its content.

Note that this change only lowers the chance of malformed TA being
able to crash core or access core memory using crafted context
reference. The stack unwind process being executed from kernel land,
a real fix could require each stack unwind step to verify the memory
references before going further in the execution history.

Therefore this change does not fix the vulnerability of current
TA stack unwind process against core/TA isolation.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: map PTA registered shared memory late

Normal registered dynamic shared memory objects are not mapped into
OP-TEE OS memory space as that memory normally only is used in normal
(user) TAs.

If

core: map PTA registered shared memory late

Normal registered dynamic shared memory objects are not mapped into
OP-TEE OS memory space as that memory normally only is used in normal
(user) TAs.

If a Pseudo TA is invoked from a user TA it will use the mapping already
activated for the user TA and can easily access everything the user TA
can access, including buffers passed in parameters for the user TA.

However, if a Pseudo TA is invoked directly from a non-secure client
there is no user TA mapping to share, instead memory buffer passed
in parameters has to be mapped directly.

With this patch registered shared memory buffer passed from a non-secure
client are mapped if needed before invoking the Pseudo TA.

Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemu_virt/armv8, b2260)
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...