core: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander

core: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ldelf: apply finer-grained PAN

Prior to this commit, PAN was disabled when executing ldelf syscalls.
With the new user buffer aware ts_store API we can now enable
finer-grained PAN in ldelf sy

core: ldelf: apply finer-grained PAN

Prior to this commit, PAN was disabled when executing ldelf syscalls.
With the new user buffer aware ts_store API we can now enable
finer-grained PAN in ldelf syscalls.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: Apply finer-grained PAN

Prior to this commit, the PAN was disabled for most of the time,
within the thread scall handler. After resolving all outstanding
missing unprivileged access functions,

core: Apply finer-grained PAN

Prior to this commit, the PAN was disabled for most of the time,
within the thread scall handler. After resolving all outstanding
missing unprivileged access functions, we can now enable finer-
grained PAN, where the unprivileged access is only allowed inside
handful of special user-access functions.

There are some exceptions where we toggle PAN to allow the OP-TEE
core to access user memory, instead of using user-access functions
or bounce buffers. Those are crypto services and ldelf syscall
handlers. Those are chosen to avoid potential large bounce buffer
allocations.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add bounce buffer to user mode context

Adds a bounce buffer for user space buffer to be used during syscall
processing to avoid unchecked privileged access into user space memory.

bb_alloc(),

core: add bounce buffer to user mode context

Adds a bounce buffer for user space buffer to be used during syscall
processing to avoid unchecked privileged access into user space memory.

bb_alloc(), bb_free(), and bb_reset() are added to manage memory
allocation from the bounce buffer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: finalize scall layer

Finalizes the new scall layer by renaming remaining files so the generic
scall layer resides in core/include/kernel/scall.h and
core/kernel/scall.c.

New architectures are

core: finalize scall layer

Finalizes the new scall layer by renaming remaining files so the generic
scall layer resides in core/include/kernel/scall.h and
core/kernel/scall.c.

New architectures are expected to provide a
core/arch/arm/include/kernel/arch_scall.h with functions needed to deal
with the architecture specific struct thread_scall_regs usage in
core/kernel/scall.c.

New architectures are also expected to provide an implementation of
scall_save_panic_stack() called from scall_sys_return_helper().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...