core: fix race condition on TA/PTA/StMM context loading

Fix race condition on creation of a context for single instance TAs,
PTAs or StMM application. Such race condition could occur and lead to
dup

core: fix race condition on TA/PTA/StMM context loading

Fix race condition on creation of a context for single instance TAs,
PTAs or StMM application. Such race condition could occur and lead to
duplicated contexts if connected close enough that they are created
after tee_ta_init_session() calls tee_ta_init_session_with_context()
and before the context are added in the centralized context list.

This is realized by keeping tee_ta_mutex held while tee_ctxes list is
looked up for matching a context or a new context is added into that
list with its .is_initializing field activated. For that purpose
user TA and StMM application initialization function are split in
2 functions, the 2nd one used to finalizes the context creation
started in the 1st function.

By the way, add inline description comments and fix indentation issues
in uaer_ta.h and remove the inline comment in pseudo_ta.c that refers
to TA loading whereas the function relates to PTA contexts creation.

Closes: https://github.com/OP-TEE/optee_os/issues/6801
Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add mutex_is_locked() helper function

Add mutex_is_locked() helper function to return whether a mutex is
locked or not. This helper function must be use with care since it
does not guarantee t

core: add mutex_is_locked() helper function

Add mutex_is_locked() helper function to return whether a mutex is
locked or not. This helper function must be use with care since it
does not guarantee that the mutex is held by the executing thread.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: make is_initializing field a generic service context

Replace fields is_initializing from struct user_mode_ctx and
struct stmm_ctx with a common new field is_initialing in generic
struct tee_ta

core: make is_initializing field a generic service context

Replace fields is_initializing from struct user_mode_ctx and
struct stmm_ctx with a common new field is_initialing in generic
struct tee_ta_ctx so that it can be used in generic context loading
functions for contexts which initialization is done with tee_ta_mutex
released.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: change DT getters to use manifest DT

This change get_dt() and get_secure_dt() to use manifest DT
as an alternative if there is no embedded DT or external DT.

Signed-off-by: Sungbae Yo

core: kernel: change DT getters to use manifest DT

This change get_dt() and get_secure_dt() to use manifest DT
as an alternative if there is no embedded DT or external DT.

Signed-off-by: Sungbae Yoo <sungbaey@nvidia.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: move manifest DT functions to dt.c

This moves functions to handle manifest DT, used as a SP (secure partition)
manifest via FF-A interface, to core/kernel/dt.c and their definitions
to

core: kernel: move manifest DT functions to dt.c

This moves functions to handle manifest DT, used as a SP (secure partition)
manifest via FF-A interface, to core/kernel/dt.c and their definitions
to dt.h.
manifest DT is dependent with CORE_FFA that depends on CFG_DT, as the same
as dt.c.

Signed-off-by: Sungbae Yoo <sungbaey@nvidia.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: factor out shared memory boot-time helpers

The static and dynamic shared memory helpers used for boot-time
reservation/registration are non-architecture-specific. Moving
them into the

core: kernel: factor out shared memory boot-time helpers

The static and dynamic shared memory helpers used for boot-time
reservation/registration are non-architecture-specific. Moving
them into the generic boot.c file will help avoid duplicated code
and improve maintainability.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: kernel: Remove unused ta_time_offs in user_ta_ctx

It seems that "ta_time_offs" member is unused now. Thus, remove it from
user_ta_ctx structure.

Signed-off-by: Alvin Chang <alvinga@andestech.

core: kernel: Remove unused ta_time_offs in user_ta_ctx

It seems that "ta_time_offs" member is unused now. Thus, remove it from
user_ta_ctx structure.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: firewall: add firewall framework

Add a generic firewall controller framework. The goal of this framework
is to offer access control and configuration APIs, that are implemented
in the firewall

core: firewall: add firewall framework

Add a generic firewall controller framework. The goal of this framework
is to offer access control and configuration APIs, that are implemented
in the firewall controllers drivers, to the firewall consumers. This
framework requires an embedded device tree.

A firewall controller is an access controller [1]. It should register
itself as a provider to the framework. Firewall controllers have the
possibility to populate their bus according to defined firewall accesses
defined in the "access-controllers" property in each of the device's
node.

Any device that consumes one or more firewall should refer it/them in
their "access-controllers" property. Arguments can be passed along with
the phandle of the firewall controller(s).

Link: https://patchwork.kernel.org/project/linux-media/patch/20240105130404.301172-2-gatien.chevallier@foss.st.com/ [1]
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: interrupts: fix inline comment typo on DT property name

Fix DT property named "interrupts-extended", mistakenly named
"extended-interrupts" in interrupt API function inline description
comment

core: interrupts: fix inline comment typo on DT property name

Fix DT property named "interrupts-extended", mistakenly named
"extended-interrupts" in interrupt API function inline description
comments.

Fixes: 33a0c8350ac1 ("core: interrupt: registering interrupt providers")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kernel: use explicit unsigned int type in condvar

Replace unsigned with unsigned int as type of struct condvar::spin_lock.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Revie

core: kernel: use explicit unsigned int type in condvar

Replace unsigned with unsigned int as type of struct condvar::spin_lock.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kernel: fix include order in spinlock.h

Fix order of #include directives in spinlock.h.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.fo

core: kernel: fix include order in spinlock.h

Fix order of #include directives in spinlock.h.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mutex: add support timeout condvar

Add support timeout condvar based on timeout notify

Signed-off-by: Gavin Liu <gavin.liu@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org

core: mutex: add support timeout condvar

Add support timeout condvar based on timeout notify

Signed-off-by: Gavin Liu <gavin.liu@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: notif: add support timeout notify

Add support timeout notification, allowing to
avoid waiting indefinitely for the completion of an event

Signed-off-by: Gavin Liu <gavin.liu@mediatek.com>
Rev

core: notif: add support timeout notify

Add support timeout notification, allowing to
avoid waiting indefinitely for the completion of an event

Signed-off-by: Gavin Liu <gavin.liu@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: mutex compliant with PM sequences

Add mutex_pm_aware_*() functions for mutex used on resources accessed
at runtime using a conventional mutex and also during low power
sequences that e

core: kernel: mutex compliant with PM sequences

Add mutex_pm_aware_*() functions for mutex used on resources accessed
at runtime using a conventional mutex and also during low power
sequences that execute in a non-thread context.

This change defines MUTEX_PM_AWARE_INITIALIZER macro from a new
header file (mutex_pm_aware.h) instead of existing mutex.h to prevent
a circular dependency between spinlock.h (requires thread.h), thread.h
(indirectly includes mutex.h) and mutex.h (that would depend on
spinlock.h for definition of the SPINLOCK_UNLOCK macro ).

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: thread spin locking

Add thread_spin_lock() and thread_spin_unlock() for active spinning
locks in situation where we need an exclusive lock in a thread and
interruptible context even at

core: kernel: thread spin locking

Add thread_spin_lock() and thread_spin_unlock() for active spinning
locks in situation where we need an exclusive lock in a thread and
interruptible context even at the cost of a high CPU usage.

These function are intended to be used in thread context hence
they assert being executed in such a context. This is to prevent
on mistakenly spin in an atomic context which potentially leads
to a deadlock situation.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: replace REGISTER_TIME_SOURCE()

Remove REGISTER_TIME_SOURCE() and implement tee_time_get_sys_time() and
tee_time_get_sys_time_protection_level() directly in the file where
REGISTER_TIME_SOURCE(

core: replace REGISTER_TIME_SOURCE()

Remove REGISTER_TIME_SOURCE() and implement tee_time_get_sys_time() and
tee_time_get_sys_time_protection_level() directly in the file where
REGISTER_TIME_SOURCE() was used previously.

By avoiding indirect calls the linker can optimize the dependency tree
properly and we can remove the DECLARE_KEEP_PAGER() directive needed for
arm_cntpct_time_source.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: boot: fix memtag init sequence

Based on following observations on FVP:
With boot_init_memtag called before MMU enable, DC GZA hits an alignment
fault. This is because all accesses are of devic

core: boot: fix memtag init sequence

Based on following observations on FVP:
With boot_init_memtag called before MMU enable, DC GZA hits an alignment
fault. This is because all accesses are of device type when MMU is off.
Arm ARM states for DC GZA: "If the memory region being modified is any
type of Device memory, this instruction can give an alignment fault."
Moving boot_init_memtag after MMU enable, DC GZA hits a permission
fault, this is because the range returned by core_mmu_get_secure_memory
consists of pages mapped RO (text sections) and then RW (data sections)
consecutively. DC GZA is a write instruction executed towards an RO page
leading to a fault.

To fix this, split boot_init_memtag into two halves:
- Setup memtag operations before MMU is enabled such that MAIR_EL1 is
properly configured for normal tagged memory.
- Clear core TEE RW sections after MMU is enabled.

Closes: https://github.com/OP-TEE/optee_os/issues/6649
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
[jw rewrote boot_clear_memtag()]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: define generic callout service initializer

Add a generic timer_init_callout_service() to be implemented in
architecture or platform specific code. The function shall provide an
implementation

core: define generic callout service initializer

Add a generic timer_init_callout_service() to be implemented in
architecture or platform specific code. The function shall provide an
implementation of the abstract timer interface needed by the callout
service and register a timer interrupt callback to call
callout_service_cb().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add callout service

Add a callout service to call registered callback functions at a given
time from now. A callout is periodic or oneshot depending on how the
callback function returns. Callb

core: add callout service

Add a callout service to call registered callback functions at a given
time from now. A callout is periodic or oneshot depending on how the
callback function returns. Callback functions execute in nexus and
interrupt context.

The callout service is initialized with callout_service_init() and
depends on an abstract timer interface to manage the hardware timer.
callout_service_cb() needs to be called from the timer interrupt handler
to drive the callout service.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add __must_check attribute to cpu_spin_lock_xsave()

cpu_spin_lock_xsave() masks exceptions, takes the spinlock and returns
previous exception state to be restored by cpu_spin_unlock_xrestore()

core: add __must_check attribute to cpu_spin_lock_xsave()

cpu_spin_lock_xsave() masks exceptions, takes the spinlock and returns
previous exception state to be restored by cpu_spin_unlock_xrestore().
The previously returned exception state must always be supplied so add
the __must_check attribute to cpu_spin_lock_xsave() and its debug
variants.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: kernel: add timeout_elapsed_us()

Add API function timeout_elapsed_us() to measure to time since or until
an initialized timeout reference elapses.

This function relies on other timeout_*() AP

core: kernel: add timeout_elapsed_us()

Add API function timeout_elapsed_us() to measure to time since or until
an initialized timeout reference elapses.

This function relies on other timeout_*() API functions are therefore
depends on CFG_CORE_HAS_GENERIC_TIMER being enabled.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: factorize delay and timeout implementation

Factorize RISC-V and Arm architectures implementation of delay and
timeout API functions into generic core kernel source directory.

Architec

core: kernel: factorize delay and timeout implementation

Factorize RISC-V and Arm architectures implementation of delay and
timeout API functions into generic core kernel source directory.

Architecture or platform only need to implement timer tick count
read function delay_cnt_read() and timer tick frequency (in Hertz)
delay_cnt_freq() which is related to CFG_CORE_HAS_GENERIC_TIMER support.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: describe udelay()/mdelay()

Add inline description comment for udelay() and mdelay() for
consistency of OP-TEE OS source tree, even if the function names
are quite explicit and do not s

core: kernel: describe udelay()/mdelay()

Add inline description comment for udelay() and mdelay() for
consistency of OP-TEE OS source tree, even if the function names
are quite explicit and do not strictly need such descriptions.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: Add semihosting functions

Semihosting is a mechanism that enables target to communicate and use
I/O facilities on a host computer which is running a debugger, such as
GDB. The I/O faci

core: kernel: Add semihosting functions

Semihosting is a mechanism that enables target to communicate and use
I/O facilities on a host computer which is running a debugger, such as
GDB. The I/O facilities include character {read|write} {from|to} the
semihosting host side console or a file. In other words, OP-TEE OS can
output log to the host side console or the host side file, if there is a
semihosting host and OP-TEE OS requests the semihosting operations to
that host.

If CFG_SEMIHOSTING is enabled, some semihosting functions will be
compiled into OP-TEE kernel, including:
- semihosting_sys_readc()
- semihosting_sys_writec()
- semihosting_open()
- semihosting_read()
- semihosting_write()
- semihosting_close()

Note that the architectures which support semihosting should provide
their implementation of __do_semihosting(), which performs semihosting
instruction to raise the semihosting request.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pm: add macro for PM_HINT_STATE access

Add helper macros to read and test the power state hints provided by
the platform during power management state transitions.

Reviewed-by: Etienne Carrie

core: pm: add macro for PM_HINT_STATE access

Add helper macros to read and test the power state hints provided by
the platform during power management state transitions.

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>

show more ...