core: make is_initializing field a generic service context

Replace fields is_initializing from struct user_mode_ctx and
struct stmm_ctx with a common new field is_initialing in generic
struct tee_ta

core: make is_initializing field a generic service context

Replace fields is_initializing from struct user_mode_ctx and
struct stmm_ctx with a common new field is_initialing in generic
struct tee_ta_ctx so that it can be used in generic context loading
functions for contexts which initialization is done with tee_ta_mutex
released.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: fix header file guard names

Fixes header file guards macro name prefix (mostly missing occurrences)
that should reflect the file base directory sub-path where applicable.

Reviewed-by: Jens Wi

core: fix header file guard names

Fixes header file guards macro name prefix (mostly missing occurrences)
that should reflect the file base directory sub-path where applicable.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: fix data abort during ftrace

With commit c10e3fa93d24 ("core: fix race in handling TA panic") the
resources of a panicked TAs are released as early as possible, including
the user space mapped

core: fix data abort during ftrace

With commit c10e3fa93d24 ("core: fix race in handling TA panic") the
resources of a panicked TAs are released as early as possible, including
the user space mapped ftrace buffer. However, the pointer to the ftrace
buffer is stored in the ts_session for quick and easy access. The ftrace
buffer is always retrieved with get_fbuf() that already have a few other
checks to see if the buffer is currently available. So add a check to
see that the TA hasn't panicked also.

Fixes: c10e3fa93d24 ("core: fix race in handling TA panic")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)

show more ...

core: fix race in handling TA panic

A TA context (struct tee_ta_ctx), can only be accessed and manipulated
if either locked or set to busy by the current thread, or if it has no
no other references.

core: fix race in handling TA panic

A TA context (struct tee_ta_ctx), can only be accessed and manipulated
if either locked or set to busy by the current thread, or if it has no
no other references.

Prior to this patch this wasn't followed by tee_ta_open_session(),
tee_ta_invoke_command(), and dump_ta_memstats(). Accesses were made to
the "panicked" field of struct tee_ta_ctx.
destroy_ta_ctx_from_session() was also manipulating sessions possibly
being used by other threads.

So fix this by only accessing the internals of the TA context while
holding the needed lock. destroy_ta_ctx_from_session() is removed, the
new ts_ops callback release_state() is used instead to free what can be
freed from a panicked TA context. The last session referencing the TA
context will free it.

Fixes: fd10f62b8210 ("core: keep alive TA context can be created after TA has panicked")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Tested-by: Wentao Sun <wentao.sun@amlogic.com>

show more ...

pta: stats: fix compilation incompatible pointer warning

To reproduce the issue:
$ make PLATFORM=imx-mx8mmevk CFG_WITH_STATS=y CFG_TA_STATS=y

core/pta/stats.c: In function ‘get_user_ta_stats’:
core

pta: stats: fix compilation incompatible pointer warning

To reproduce the issue:
$ make PLATFORM=imx-mx8mmevk CFG_WITH_STATS=y CFG_TA_STATS=y

core/pta/stats.c: In function ‘get_user_ta_stats’:
core/pta/stats.c:169:37: warning: passing argument 2 of ‘tee_ta_instance_stats’ from incompatible pointer type [-Wincompatible-pointer-types]
169 | &p[0].memref.size);
| ^~~~~~~~~~~~~~~~~
| |
| size_t * {aka long unsigned int *}
In file included from core/include/kernel/pseudo_ta.h:10,
from core/pta/stats.c:8:
core/include/kernel/tee_ta_manager.h:171:56: note: expected ‘uint32_t *’ {aka ‘unsigned int *’} but argument is of type ‘size_t *’ {aka ‘long unsigned int *’}
171 | TEE_Result tee_ta_instance_stats(void *buff, uint32_t *buff_size);
| ~~~~~~~~~~^~~~~~~~~
core/pta/stats.c: At top level:
cc1: note: unrecognized command-line option ‘-Wno-c2x-extensions’ may have been intended to silence earlier diagnostics

Fixes: 7509620b8b95 ("GP131: Update TEE_Param")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: implement a method to dump user TA runtime status

This patch is to dump user TA runtime status for debug purposes.
The change includes:
1. Add new command (STATS_CMD_TA_STATS) in the stats PTA

core: implement a method to dump user TA runtime status

This patch is to dump user TA runtime status for debug purposes.
The change includes:
1. Add new command (STATS_CMD_TA_STATS) in the stats PTA.
2. Add tee_ta_dump_stats() to scan all ongoing TA instance and sessions
and snapshot their status.
3. Add new function: entry_dump_memstats() to __utee_entry() to get TA
heap statistics.
4. Add new compile option (CFG_TA_STATS, default n) to enable this
feature.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>
[jf: edit commit message]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: fix wrong conditional expression in tee_ta_clear_busy()

When a ctx of a single instance user TA is first created,
lock_single_instance() is called in tee_ta_try_set_busy().
However, unlock_sin

core: fix wrong conditional expression in tee_ta_clear_busy()

When a ctx of a single instance user TA is first created,
lock_single_instance() is called in tee_ta_try_set_busy().
However, unlock_single_instance() is not called in
tee_ta_clear_busy() since ctx->initializing is still false.
It results that tee_ta_single_instance_thread is not reset
when CFG_CONCURRENT_SINGLE_INSTANCE_TA is not enabled.
So remove the wrong conditional expression and remove
"initializing" from tee_ta_ctx since it's no longer used.

Signed-off-by: RueiAnHu <Rayan.Hu@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: move user_ctx field to struct ts_session

The user_ctx field in struct tee_ta_session is used by PTAs to keep
track of session specific information. Move it to struct ts_session to
make it gene

core: move user_ctx field to struct ts_session

The user_ctx field in struct tee_ta_session is used by PTAs to keep
track of session specific information. Move it to struct ts_session to
make it generic and reachable for all sessions, not just TAs. This
enables extracting ldelf related code from system PTA.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: fix secure partition TA context

Fix secure partition invocation in tee_ta_manager.c. The TA context
instance is found in the secure partition context (as here *_stmm_ctx()),
instead of the tru

core: fix secure partition TA context

Fix secure partition invocation in tee_ta_manager.c. The TA context
instance is found in the secure partition context (as here *_stmm_ctx()),
instead of the trusted service context as for regular TAs and PTAs.

This change moves to_ta_session() from header file to source file
so that is_stmm_ctx() is visible and can be asserted.

Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: store TA params in session struct

Stores TA params and error origin in struct tee_ta_session instead of
passing them as parameters to enter_open_session() and
enter_invoke_cmd() in struct ts_o

core: store TA params in session struct

Stores TA params and error origin in struct tee_ta_session instead of
passing them as parameters to enter_open_session() and
enter_invoke_cmd() in struct ts_ops. This makes struct ts_ops less TA
specific.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add struct ts_ops

Adds struct ts_ops replacing the previous struct tee_ta_ops.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro

core: add struct ts_ops

Adds struct ts_ops replacing the previous struct tee_ta_ops.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add is_ta_ctx()

Adds is_ta_ctx() and calls it in to_ta_session() and to_ta_ctx() to help
debugging.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <

core: add is_ta_ctx()

Adds is_ta_ctx() and calls it in to_ta_session() and to_ta_ctx() to help
debugging.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add generic struct ts_ctx

Adds the generic struct ts_ctx to be used instead of struct tee_ta_ctx
where generic context operations are performed.

struct tee_ta_ctx adds a field with struct ts_

core: add generic struct ts_ctx

Adds the generic struct ts_ctx to be used instead of struct tee_ta_ctx
where generic context operations are performed.

struct tee_ta_ctx adds a field with struct ts_ctx for conversion to
struct ts_ctx where needed.

The struct ts_session is updated to keep a pointer to a struct ts_ctx
instead of the previous struct tee_ta_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add generic struct ts_session

As a step in making room for Secure Partitions (SPs) running at S-EL0
add a Trusted Service (TS) abstraction. Both TAs and SPs is a TS.

Adds the generic struct t

core: add generic struct ts_session

As a step in making room for Secure Partitions (SPs) running at S-EL0
add a Trusted Service (TS) abstraction. Both TAs and SPs is a TS.

Adds the generic struct ts_session. All future sessions structs
(currently only struct tee_ta_session exists) should add this struct to
allow generic session operations.

With this struct comes new functions replacing previous struct
tee_ta_session oriented functions. The following functions are replaced
as:
tee_ta_get_current_session() -> ts_get_current_session()
tee_ta_push_current_session() -> ts_push_current_session()
tee_ta_pop_current_session() -> ts_pop_current_session()
tee_ta_get_calling_session() -> ts_get_calling_session()

ts_get_current_session() is changed compared to its predecessor to
panic() in case of failure to return a valid pointer.

A new function ts_get_current_session_may_fail() is added to handle an
eventual case where a return NULL session may be handled.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: refactor locking during user TA load

tee_ta_init_user_ta_session() unlocks tee_ta_mutex while loading ldelf
and the user TA. This avoids a window where deadlock can occur in case
pgt_alloc() g

core: refactor locking during user TA load

tee_ta_init_user_ta_session() unlocks tee_ta_mutex while loading ldelf
and the user TA. This avoids a window where deadlock can occur in case
pgt_alloc() goes to sleep.

A new condition variable, tee_ta_init_cv, is added to signal that a TA
has changed state while initializing.

tee_ta_init_session_with_context waits for a TA context be fully
initialized before assigning it to another session.

This also simplifies tee_ta_try_set_busy() since it now doesn't have to
handle the case where it has to wait for a TA context to be fully
initialized.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Suggested-by: Opensource <opensource@sequiturlabs.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: make thread ID a short int

Changes thread_get_id() and thread_get_id_may_fail() to return 'short
int' instead of 'int'. That is, 16 bits instead of 32 on all supported
architectures which is m

core: make thread ID a short int

Changes thread_get_id() and thread_get_id_may_fail() to return 'short
int' instead of 'int'. That is, 16 bits instead of 32 on all supported
architectures which is more than enough since the largest thread ID
value is (CFG_NUM_THREADS - 1). Note, struct wait_queue_elem::handle
is already a short int.

trace_ext_get_thread_id() is not changed (still returns an int) because
it is part of the TA API and modifying it would needlessly introduce
incompatibilities.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: get svc handler from the context of current session

Instead of a single global syscalls definition, get the syscall handler
function from the context of current active session.

An extra optio

core: get svc handler from the context of current session

Instead of a single global syscalls definition, get the syscall handler
function from the context of current active session.

An extra optional (mandatory for user mode TAs) function pointer is
added to struct tee_ta_ops, handle_svc, which handles the syscall.

tee_svc_handler() is split into a generic thread_svc_handler() which is
put in kernel/thread.c. The user TA specific part is put in
user_ta_handle_svc() which is kept in tee/arch_svc.c but made available
via the new .handle_svc function pointer of struct tee_ta_ops.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add struct user_mode_ctx

Adds struct user_mode_ctx which replaces user mode specific fields used
for memory mapping.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Acked-by:

core: add struct user_mode_ctx

Adds struct user_mode_ctx which replaces user mode specific fields used
for memory mapping.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ftrace: Add support for syscall function tracer

This patch adds support for syscall tracing in TEE core. It complements
existing ftrace support for user TAs via adding trace for syscalls that
are in

ftrace: Add support for syscall function tracer

This patch adds support for syscall tracing in TEE core. It complements
existing ftrace support for user TAs via adding trace for syscalls that
are invoked by user TAs into the TEE core.

And after this patch ftrace will cover both TA and TEE core code. So lets
rename config option from CFG_TA_FTRACE_SUPPORT to CFG_FTRACE_SUPPORT.

It is optional to enable syscall trace via CFG_SYSCALL_FTRACE=y config
option in addition to CFG_FTRACE_SUPPORT=y config option.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

ftrace: exclude only foreign interrupt time

Current TA function execution time feature only reports user mode
execution time and exclude any non-user mode execution time. But in
case of syscalls whi

ftrace: exclude only foreign interrupt time

Current TA function execution time feature only reports user mode
execution time and exclude any non-user mode execution time. But in
case of syscalls which are essentially function invocations from TA
into the kernel, we shouldn't exclude syscall execution time in order
to account for actual function execution time. That means we only
exclude time that is spent serving foreign interrupts.

So changes in this patch allows to incorporate syscall execution time
in the function graph output.

Fixes: f5df167c2ffb ("ftrace: Add function execution time support")
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

ftrace: Add function execution time support

Add support to dump function execution time at corresponding function
exit points in output ftrace buffer.

To achieve proper function execution time we n

ftrace: Add function execution time support

Add support to dump function execution time at corresponding function
exit points in output ftrace buffer.

To achieve proper function execution time we need to exclude TA suspend
time from timestamps, so add corresponding support in TEE core.

Also user mapping must be active to access ftrace buffer, so do that
during TA resume.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dump ftrace data with ldelf

Uses ldelf to dump ftrace data from a TA.

Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerom

core: dump ftrace data with ldelf

Uses ldelf to dump ftrace data from a TA.

Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: load TAs using ldelf

Uses ldelf to load and relocate TAs instead of parsing and loading the
ELFs in TEE Core. TA abort dumps, ASLR and ftrace are temporarily
removed or disabled to be re-enabl

core: load TAs using ldelf

Uses ldelf to load and relocate TAs instead of parsing and loading the
ELFs in TEE Core. TA abort dumps, ASLR and ftrace are temporarily
removed or disabled to be re-enabled in following commits.

Loading dynamically linked TAs are from now on always supported and
cannot be disabled via configuration flags. CFG_TA_DYNLINK is also
removed as a configuration option.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove tee_ta_dump_current()

tee_ta_dump_current() is only called from abort_print_current_ta(), move
the trivial implementation into abort_print_current_ta() and remove
tee_ta_dump_current().

core: remove tee_ta_dump_current()

tee_ta_dump_current() is only called from abort_print_current_ta(), move
the trivial implementation into abort_print_current_ta() and remove
tee_ta_dump_current().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: enable ftrace for TAs built using shared libraries

To enable ftrace for TAs built with shared libraries, we need to dump
the TA state (include regions dump along with mapping to <uuid>.elf) in

core: enable ftrace for TAs built using shared libraries

To enable ftrace for TAs built with shared libraries, we need to dump
the TA state (include regions dump along with mapping to <uuid>.elf) in
corresponding ftrace buffer for symbolize.py script to map symbols to
particular shared libraries.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)

show more ...