core: add stack overflow detection

This commit introduces CFG_CORE_DEBUG_CHECK_STACKS to check the stack
limits using compiler instrumentation (-finstrument-functions). When
enabled, the C compiler

core: add stack overflow detection

This commit introduces CFG_CORE_DEBUG_CHECK_STACKS to check the stack
limits using compiler instrumentation (-finstrument-functions). When
enabled, the C compiler will insert entry and exit hooks in all
functions in the TEE core. On entry, the stack pointer is checked and
if an overflow is detected, panic() is called.

How is this helpful since we have stack canaries already?
1. When a dead canary is found, the call stack will give no indication
of the root cause of the corruption which may have happened quite some
time before. Running the test case again with a debugger attached and a
watchpoint on the canary is not always an option.
2. The system may corrupt the stack and hang in an exception handler
before the first canary check, for instance, during boot when the
temporary stack is used. This code will likely catch such issues, too.

The downside is increased stack usage and a significant runtime overhead
which is why this feature should be enabled only for troubleshooting.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, QEMUv8)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Remove license notice from STMicroelectronics files

Since a while the source files license info are defined by SPDX
identifiers. We can safely remove the verbose license text from the
files that are

Remove license notice from STMicroelectronics files

Since a while the source files license info are defined by SPDX
identifiers. We can safely remove the verbose license text from the
files that are owned by either only STMicroelectronics or only both
Linaro and STMicroelectronics.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] wa

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] was used to double check the license matching
code in the Python script. All the licenses detected by scancode are
either detected by spdxify.py, or have no SPDX identifier, or are false
matches.

Link: [1] https://spdx.org/licenses/
Link: [2] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Link: [3] https://github.com/nexB/scancode-toolkit
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core debug: cleanup CFG_TEE_CORE_DEBUG

Fix inconsistencies in CFG_TEE_CORE_DEBUG. This change proposes to
define CFG_TEE_CORE_DEBUG as a y/n directive.

This change also fixes the comment describing

core debug: cleanup CFG_TEE_CORE_DEBUG

Fix inconsistencies in CFG_TEE_CORE_DEBUG. This change proposes to
define CFG_TEE_CORE_DEBUG as a y/n directive.

This change also fixes the comment describing DEBUG directive.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemu_v7/v8)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: review assert and panic traces

Replace few "{ EMSG(...); panic(); }" with "panic(...);".

Disable file/line/func debug traces in panic() logs when
CFG_TEE_CORE_DEBUG is disable.

Change __asse

core: review assert and panic traces

Replace few "{ EMSG(...); panic(); }" with "panic(...);".

Disable file/line/func debug traces in panic() logs when
CFG_TEE_CORE_DEBUG is disable.

Change __assert_log() uses EMSG_RAW() to no pollute trace with
__assert_log() internals (duplicated file/line/func traces).

Change assert() to use a low/high verbosity mode upon
CFG_TEE_CORE_DEBUG as panic() does.

Change assert() to also trace the C function where assertion failed.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jen.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (QEMU)

show more ...

assert/panic: fix misuse of assert/panic

Currently implementation of macro assert() does not expand to a
no-op when NDEBUG is defined. This will be done in a later change.
Before that, fix misuses o

assert/panic: fix misuse of assert/panic

Currently implementation of macro assert() does not expand to a
no-op when NDEBUG is defined. This will be done in a later change.
Before that, fix misuses of assert() and TEE_ASSERT():
- Correct misplaced assert() that should panic() whatever NDEBUG.
- Correct misplaced TEE_ASSERT() that should simply assert().

Also cleanup many inclusions of "assert.h" and few calls of assert().

Signed-off-by: Jens Wiklander <jen.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (QEMU)

show more ...

core: mask interrupts at assert or panic()

Masks interrupts at assert or panic() to keep the cpu pinned.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklan

core: mask interrupts at assert or panic()

Masks interrupts at assert or panic() to keep the cpu pinned.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Adding noreturn in _assert_break() definition

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.c

Adding noreturn in _assert_break() definition

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

Merge tee_{core,uta}_trace.h into libutil

Merges tee_core_trace.h and tee_uta_trace.h into a common trace.h
in libutil. Since the trace functions now resides libutil they have
to rely on core and li

Merge tee_{core,uta}_trace.h into libutil

Merges tee_core_trace.h and tee_uta_trace.h into a common trace.h
in libutil. Since the trace functions now resides libutil they have
to rely on core and libutee to provide functions to print to the
log device.

* Keeps compatible interface from tee_kta_trace.h
* Adds TAMSG() and TAMSG_RAW() to log TA related events
* Removes the TRACE_ALWAYS level

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU virt platform)
Reviewed-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

Reenable warnings for all non-3rd party code

* Reenables warnings for all non-3rd party code
* Renames dprintf macro to dprintf_level

Cleanup

Open-source the TEE Core

Signed-off-by: Pascal Brand <pascal.brand@st.com>