core: fix race in handling TA panic

A TA context (struct tee_ta_ctx), can only be accessed and manipulated
if either locked or set to busy by the current thread, or if it has no
no other references.

core: fix race in handling TA panic

A TA context (struct tee_ta_ctx), can only be accessed and manipulated
if either locked or set to busy by the current thread, or if it has no
no other references.

Prior to this patch this wasn't followed by tee_ta_open_session(),
tee_ta_invoke_command(), and dump_ta_memstats(). Accesses were made to
the "panicked" field of struct tee_ta_ctx.
destroy_ta_ctx_from_session() was also manipulating sessions possibly
being used by other threads.

So fix this by only accessing the internals of the TA context while
holding the needed lock. destroy_ta_ctx_from_session() is removed, the
new ts_ops callback release_state() is used instead to free what can be
freed from a panicked TA context. The last session referencing the TA
context will free it.

Fixes: fd10f62b8210 ("core: keep alive TA context can be created after TA has panicked")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Tested-by: Wentao Sun <wentao.sun@amlogic.com>

show more ...

core: add release_state to struct ts_ops

Adds the optional function pointer release_state() to struct ts_ops.
This callback will be called when a TA has panicked and as many
resources as possible ne

core: add release_state to struct ts_ops

Adds the optional function pointer release_state() to struct ts_ops.
This callback will be called when a TA has panicked and as many
resources as possible need to be released early. release_state() is a
subset of the destroy() callback. When the destroy() is called
eventually it will free the entire state of the TA regardless if
release_state() has been called before or not. This allows freeing
resources while there are still open sessions to the TA.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: update ts_store API with user space buffer

Updates the read() function pointer in struct ts_store_ops to take an
user space buffer in addition to the previous core buffer. Core buffers
are nor

core: update ts_store API with user space buffer

Updates the read() function pointer in struct ts_store_ops to take an
user space buffer in addition to the previous core buffer. Core buffers
are normal secure memory while user space buffers should only be accessed
using the user_access.h functions.

The different TA storage implementations are updated accordingly.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: add BB_MEMDUP_USER() and BB_MEMDUP_USER_PRIVATE()

Adds BB_MEMDUP_USER() and BB_MEMDUP_USER_PRIVATE() wrapper macros to
allow non-void pointer destination.

Signed-off-by: Jens Wiklander <jens.

core: add BB_MEMDUP_USER() and BB_MEMDUP_USER_PRIVATE()

Adds BB_MEMDUP_USER() and BB_MEMDUP_USER_PRIVATE() wrapper macros to
allow non-void pointer destination.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: linker.h: replace __arm__ with ARM32

We use ARM32 and ARM64 throughout the core code, not __arm__ and
__aarch64__, so replace the occurrence of __arm__ that is in linker.h.

Signed-off-by: Jer

core: linker.h: replace __arm__ with ARM32

We use ARM32 and ARM64 throughout the core code, not __arm__ and
__aarch64__, so replace the occurrence of __arm__ that is in linker.h.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: allow redefinition of function huk_subkey_derive()

Set the function huk_subkey_derive() as weak to allow platform custom
implementation.
We add __huk_subkey_derive() with the implementation of

core: allow redefinition of function huk_subkey_derive()

Set the function huk_subkey_derive() as weak to allow platform custom
implementation.
We add __huk_subkey_derive() with the implementation of
HUK derivation so the default implementation is still accessible
when huk_subkey_derive() is overridden.
This is useful if the key derivation is implemented using hardware
discovered during intilization.
If the substem used to derive a key is disabled, the function
__huk_subkey_derive() can be used as a fallback.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: pta: add helper functions to support calls from TA when CFG_PAN=y

Introduce helper function to make it easier to use bounce buffers in a
PTA entry point to support calls with memrefs from user

core: pta: add helper functions to support calls from TA when CFG_PAN=y

Introduce helper function to make it easier to use bounce buffers in a
PTA entry point to support calls with memrefs from user space TAs when
PAN is enabled.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: drivers: ls_dspi: Make dspi_flush_fifo() static

Make dspi_flush_fifo() static as it gets exposed via ls_dspi_ops
structure.

Signed-off-by: Sriram Sriram <sriramsriram@microsoft.com>
Acked-by:

core: drivers: ls_dspi: Make dspi_flush_fifo() static

Make dspi_flush_fifo() static as it gets exposed via ls_dspi_ops
structure.

Signed-off-by: Sriram Sriram <sriramsriram@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

core: drivers: ls_dspi: Move SPI mode flag defines to header file

SPI mode flags are used by NXP SoC specific functions for MS PTA.

Signed-off-by: Sriram Sriram <sriramsriram@microsoft.com>
Acked-b

core: drivers: ls_dspi: Move SPI mode flag defines to header file

SPI mode flags are used by NXP SoC specific functions for MS PTA.

Signed-off-by: Sriram Sriram <sriramsriram@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

core: update FS storage API with user space buffer

Updates the create(), read(), and write() function pointers in struct
ts_store_ops to take a user space buffer in addition to the previous
core buf

core: update FS storage API with user space buffer

Updates the create(), read(), and write() function pointers in struct
ts_store_ops to take a user space buffer in addition to the previous
core buffer. Core buffers are normal secure memory while user space
buffers should only be accessed using the user_access.h functions.

The different FS storage implementations are updated accordingly.

Note that the RPMB FS storage implementation resorts to using
enter_user_access() and exit_user_access() due to internal complexities.

Fixes: 4e154320e47c ("core: Apply finer-grained PAN")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: add user buffer to tee_invoke_supp_plugin_rpc()

Adds a user buffer to tee_invoke_supp_plugin_rpc() so direct user memory
access can be used when called with a buffer in user memory instead of

core: add user buffer to tee_invoke_supp_plugin_rpc()

Adds a user buffer to tee_invoke_supp_plugin_rpc() so direct user memory
access can be used when called with a buffer in user memory instead of
core memory. tee_invoke_supp_plugin_rpc() can still take a core memory
buffer as an argument if needed.

PTA_SYSTEM_SUPP_PLUGIN_INVOKE in the system PTA is updated to pass the
memref as a user memory buffer instead of a core memory buffer.

This fixes a direct privileged memory access to user space memory.

Fixes: 4e154320e47c ("core: Apply finer-grained PAN")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: add default copy_to_user{,_private}()

Adds default implementations for copy_to_user_private() and
copy_to_user() when CFG_WITH_USER_TA=n.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.

core: add default copy_to_user{,_private}()

Adds default implementations for copy_to_user_private() and
copy_to_user() when CFG_WITH_USER_TA=n.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: add check_user_access() helper function

Adds check_user_access() to simplify checking if a user mode memory
buffer may be accessed as expected.

Signed-off-by: Jens Wiklander <jens.wiklander@l

core: add check_user_access() helper function

Adds check_user_access() to simplify checking if a user mode memory
buffer may be accessed as expected.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

crypto: add X448 support

Refer to the X25519 algorithm, add the X448 algorithm framework code.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.o

crypto: add X448 support

Refer to the X25519 algorithm, add the X448 algorithm framework code.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: rename struct x25519_keypair

Since X25519 and X448 have the same key pair structure,
so we rename struct x25519_keypair as struct montgomery_keypair.

Signed-off-by: loubaihui <loubaihui1@hu

crypto: rename struct x25519_keypair

Since X25519 and X448 have the same key pair structure,
so we rename struct x25519_keypair as struct montgomery_keypair.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: Rename primary_init_intc() to boot_primary_init_intc()

Since interrupt controllers are usually initialized in boot stage,
rename primary_init_intc() to boot_primary_init_intc().

Signed-o

core: arm: Rename primary_init_intc() to boot_primary_init_intc()

Since interrupt controllers are usually initialized in boot stage,
rename primary_init_intc() to boot_primary_init_intc().

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm: Rename main_secondary_init_intc() to boot_secondary_init_intc()

main_secondary_*() is an ambiguous name since it conveys no meaning
relative to the purpose of the function. Fix it by rena

core: arm: Rename main_secondary_init_intc() to boot_secondary_init_intc()

main_secondary_*() is an ambiguous name since it conveys no meaning
relative to the purpose of the function. Fix it by renameing to
boot_secondary_init_intc(), since interrupt controllers are always
initialized in boot stage.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: stm32_gpio: move definitions to source file

Moves macros and structures definitions from stm32_gpio.h header file
to the driver source file as these definition do not need to be
visible fro

drivers: stm32_gpio: move definitions to source file

Moves macros and structures definitions from stm32_gpio.h header file
to the driver source file as these definition do not need to be
visible from other drivers thank to pin control abstraction.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_i2c: remove cases when CFG_DRIVERS_PINCTRL is disabled

Removes implementation when CFG_DRIVERS_PINCTRL is disables as stm32mp1
platform configuration enforces the switch is enabled.

drivers: stm32_i2c: remove cases when CFG_DRIVERS_PINCTRL is disabled

Removes implementation when CFG_DRIVERS_PINCTRL is disables as stm32mp1
platform configuration enforces the switch is enabled.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_uart: remove cases when CFG_DRIVERS_PINCTRL is disabled

Removes implementation when CFG_DRIVERS_PINCTRL is disables as stm32mp1
platform configuration enforces the switch is enabled.

drivers: stm32_uart: remove cases when CFG_DRIVERS_PINCTRL is disabled

Removes implementation when CFG_DRIVERS_PINCTRL is disables as stm32mp1
platform configuration enforces the switch is enabled.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_gpio: remove cases when CFG_DRIVERS_PINCTRL is disabled

Removes implementation when CFG_DRIVERS_PINCTRL is disables as stm32mp1
platform configuration enforces the switch is enabled.

drivers: stm32_gpio: remove cases when CFG_DRIVERS_PINCTRL is disabled

Removes implementation when CFG_DRIVERS_PINCTRL is disables as stm32mp1
platform configuration enforces the switch is enabled.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_i2c: support CFG_DRIVERS_PINCTRL

Updates stm32_i2c driver for when CFG_DRIVERS_PINCTRL is enabled making
I2C driver to get pin control configuration using the generic pin
control fram

drivers: stm32_i2c: support CFG_DRIVERS_PINCTRL

Updates stm32_i2c driver for when CFG_DRIVERS_PINCTRL is enabled making
I2C driver to get pin control configuration using the generic pin
control framework. When enabled, stm32_i2c driver get the active and
sleep pin control configuration from the device tree. Sleep pinctrl
configuration is optional.

SE050 and STM32MP1 PMIC drivers that use the stm32_i2c bus are both
updated accordingly.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_uart: support CFG_DRIVERS_PINCTRL

Updates stm32_uart driver for when CFG_DRIVERS_PINCTRL is enabled making
UART driver to get pin control configuration using the generic pin
control f

drivers: stm32_uart: support CFG_DRIVERS_PINCTRL

Updates stm32_uart driver for when CFG_DRIVERS_PINCTRL is enabled making
UART driver to get pin control configuration using the generic pin
control framework.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_gpio: add helper function stm32_pinctrl_set_secure_cfg()

Adds helper function stm32_pinctrl_set_secure_cfg() to set the
GPIO pin secure state (secure or non-secure) for each pin refer

drivers: stm32_gpio: add helper function stm32_pinctrl_set_secure_cfg()

Adds helper function stm32_pinctrl_set_secure_cfg() to set the
GPIO pin secure state (secure or non-secure) for each pin referenced
by a pin control state.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_gpio: add helper function stm32_gpio_pinctrl_bank_pin()

Adds helper function stm32_gpio_pinctrl_bank_pin() to get an array
of bank and pin IDs related to a pin control state.

Acked-b

drivers: stm32_gpio: add helper function stm32_gpio_pinctrl_bank_pin()

Adds helper function stm32_gpio_pinctrl_bank_pin() to get an array
of bank and pin IDs related to a pin control state.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...