core: maintain the panicked TAs with instanceKeepCrashed property

TA context lists should retain panicked TAs (those with the
TA_FLAG_SINGLE_INSTANCE, TA_FLAG_INSTANCE_KEEP_ALIVE, and
TA_FLAG_INSTAN

core: maintain the panicked TAs with instanceKeepCrashed property

TA context lists should retain panicked TAs (those with the
TA_FLAG_SINGLE_INSTANCE, TA_FLAG_INSTANCE_KEEP_ALIVE, and
TA_FLAG_INSTANCE_KEEP_CRASHED flags) to maintain their panicked state and
prevent respawning.

Fixes: 941a58d78c99 ("Add optee.ta.instanceKeepCrashed property")
Signed-off-by: Joseph Lo <josephl@nvidia.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Add optee.ta.instanceKeepCrashed property

Add the optee.ta.instanceKeepCrashed property to prevent a TA with
gpd.ta.instanceKeepAlive=true to be restarted. This prevents unexpected
resetting of the

Add optee.ta.instanceKeepCrashed property

Add the optee.ta.instanceKeepCrashed property to prevent a TA with
gpd.ta.instanceKeepAlive=true to be restarted. This prevents unexpected
resetting of the state of the TA.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Alex Lewontin <alex.lewontin@canonical.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: fix race condition on TA/PTA/StMM context loading

Fix race condition on creation of a context for single instance TAs,
PTAs or StMM application. Such race condition could occur and lead to
dup

core: fix race condition on TA/PTA/StMM context loading

Fix race condition on creation of a context for single instance TAs,
PTAs or StMM application. Such race condition could occur and lead to
duplicated contexts if connected close enough that they are created
after tee_ta_init_session() calls tee_ta_init_session_with_context()
and before the context are added in the centralized context list.

This is realized by keeping tee_ta_mutex held while tee_ctxes list is
looked up for matching a context or a new context is added into that
list with its .is_initializing field activated. For that purpose
user TA and StMM application initialization function are split in
2 functions, the 2nd one used to finalizes the context creation
started in the 1st function.

By the way, add inline description comments and fix indentation issues
in uaer_ta.h and remove the inline comment in pseudo_ta.c that refers
to TA loading whereas the function relates to PTA contexts creation.

Closes: https://github.com/OP-TEE/optee_os/issues/6801
Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: make is_initializing field a generic service context

Replace fields is_initializing from struct user_mode_ctx and
struct stmm_ctx with a common new field is_initialing in generic
struct tee_ta

core: make is_initializing field a generic service context

Replace fields is_initializing from struct user_mode_ctx and
struct stmm_ctx with a common new field is_initialing in generic
struct tee_ta_ctx so that it can be used in generic context loading
functions for contexts which initialization is done with tee_ta_mutex
released.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander

core: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

tree wide: clarify PTA ABI

Explicitly describe the statistics PTA ABI using dedicated inline
comments and moving struct pta_stats_ta and struct pta_stats_alloc
from respectively tee_ta_manager.c and

tree wide: clarify PTA ABI

Explicitly describe the statistics PTA ABI using dedicated inline
comments and moving struct pta_stats_ta and struct pta_stats_alloc
from respectively tee_ta_manager.c and malloc.h to pta_stats.h
header file.

For that purpose, define ALLOC_ID_* macros to identify each allocator
one can query information from through the statistics PTA API.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: rename struct tee_ta_dump_stats

Rename struct tee_ta_dump_stats to struct pta_stats_ta to prepare
the creation of pta_stats.h header file that will define the
whole statistics PTA API and ABI,

core: rename struct tee_ta_dump_stats

Rename struct tee_ta_dump_stats to struct pta_stats_ta to prepare
the creation of pta_stats.h header file that will define the
whole statistics PTA API and ABI, located in libutee/include/
as already done for all other PTAs.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

tree wide: rename struct malloc_stats

Rename struct malloc_stats to struct pta_stats_alloc to prepare
the creation of pta_stats.h header file that will define the
whole statistics PTA API and ABI, l

tree wide: rename struct malloc_stats

Rename struct malloc_stats to struct pta_stats_alloc to prepare
the creation of pta_stats.h header file that will define the
whole statistics PTA API and ABI, located in libutee/include/
as already done for all other PTAs.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: tee_ta_manager.c: add uuid in open session error trace

Adds the TA UUID in open session error trace to allow to identify
witch TA cause the issue when debug trace are not acitvated.

B

core: kernel: tee_ta_manager.c: add uuid in open session error trace

Adds the TA UUID in open session error trace to allow to identify
witch TA cause the issue when debug trace are not acitvated.

By the way, fix specifier for res argument that is a uint32_t.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: fix data abort during ftrace

With commit c10e3fa93d24 ("core: fix race in handling TA panic") the
resources of a panicked TAs are released as early as possible, including
the user space mapped

core: fix data abort during ftrace

With commit c10e3fa93d24 ("core: fix race in handling TA panic") the
resources of a panicked TAs are released as early as possible, including
the user space mapped ftrace buffer. However, the pointer to the ftrace
buffer is stored in the ts_session for quick and easy access. The ftrace
buffer is always retrieved with get_fbuf() that already have a few other
checks to see if the buffer is currently available. So add a check to
see that the TA hasn't panicked also.

Fixes: c10e3fa93d24 ("core: fix race in handling TA panic")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)

show more ...

core: fix race in handling TA panic

A TA context (struct tee_ta_ctx), can only be accessed and manipulated
if either locked or set to busy by the current thread, or if it has no
no other references.

core: fix race in handling TA panic

A TA context (struct tee_ta_ctx), can only be accessed and manipulated
if either locked or set to busy by the current thread, or if it has no
no other references.

Prior to this patch this wasn't followed by tee_ta_open_session(),
tee_ta_invoke_command(), and dump_ta_memstats(). Accesses were made to
the "panicked" field of struct tee_ta_ctx.
destroy_ta_ctx_from_session() was also manipulating sessions possibly
being used by other threads.

So fix this by only accessing the internals of the TA context while
holding the needed lock. destroy_ta_ctx_from_session() is removed, the
new ts_ops callback release_state() is used instead to free what can be
freed from a panicked TA context. The last session referencing the TA
context will free it.

Fixes: fd10f62b8210 ("core: keep alive TA context can be created after TA has panicked")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Tested-by: Wentao Sun <wentao.sun@amlogic.com>

show more ...

pta: stats: fix compilation incompatible pointer warning

To reproduce the issue:
$ make PLATFORM=imx-mx8mmevk CFG_WITH_STATS=y CFG_TA_STATS=y

core/pta/stats.c: In function ‘get_user_ta_stats’:
core

pta: stats: fix compilation incompatible pointer warning

To reproduce the issue:
$ make PLATFORM=imx-mx8mmevk CFG_WITH_STATS=y CFG_TA_STATS=y

core/pta/stats.c: In function ‘get_user_ta_stats’:
core/pta/stats.c:169:37: warning: passing argument 2 of ‘tee_ta_instance_stats’ from incompatible pointer type [-Wincompatible-pointer-types]
169 | &p[0].memref.size);
| ^~~~~~~~~~~~~~~~~
| |
| size_t * {aka long unsigned int *}
In file included from core/include/kernel/pseudo_ta.h:10,
from core/pta/stats.c:8:
core/include/kernel/tee_ta_manager.h:171:56: note: expected ‘uint32_t *’ {aka ‘unsigned int *’} but argument is of type ‘size_t *’ {aka ‘long unsigned int *’}
171 | TEE_Result tee_ta_instance_stats(void *buff, uint32_t *buff_size);
| ~~~~~~~~~~^~~~~~~~~
core/pta/stats.c: At top level:
cc1: note: unrecognized command-line option ‘-Wno-c2x-extensions’ may have been intended to silence earlier diagnostics

Fixes: 7509620b8b95 ("GP131: Update TEE_Param")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: tee_ta_instance_stats(): correct the allocation size of dump_ctx

Problem: Wrongly use sizeof(struct tee_ta_dump_stats) to calculate out
the allocation size of dump_ctx. This error causes buffe

core: tee_ta_instance_stats(): correct the allocation size of dump_ctx

Problem: Wrongly use sizeof(struct tee_ta_dump_stats) to calculate out
the allocation size of dump_ctx. This error causes buffer overflow when
iterating dump_ctx.

Solution: Correct the allocation size to
sizeof(struct tee_ta_dump_ctx) * ta_count.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>

show more ...

core: dump_ta_memstats(): check TA initialization completion before accessing it

Problem: In some concurrent cases, TA dump will try to
dump a TA which has not completed TA initialization and
the TA

core: dump_ta_memstats(): check TA initialization completion before accessing it

Problem: In some concurrent cases, TA dump will try to
dump a TA which has not completed TA initialization and
the TA stack pointer isn't set. That causes a data abort
when accessing its stack.

Solution: Check the user TA initialization is completed or not.
If it is still being initialized, return TEE_ERROR_BAD_STATE.
https://github.com/OP-TEE/optee_os/issues/5905

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>

show more ...

core: fix out-of-bounds access of dump_ctx

Problem: in the case of no UTA running, the buffer of dump_ctx will
be allocated with 0 size and passed to init_dump_ctx(). That causes
buffer overrunning.

core: fix out-of-bounds access of dump_ctx

Problem: in the case of no UTA running, the buffer of dump_ctx will
be allocated with 0 size and passed to init_dump_ctx(). That causes
buffer overrunning.

Solution: Check buffer size before allocate the buffer. If it's 0,
return TEE_ERROR_ITEM_NOT_FOUND.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>

show more ...

core: introduce scall layer from svc parts

Introduces a scall layer by renaming various thread_svc* names and
_*handle_svc() functions and function pointers as a first step in doing
architecture neu

core: introduce scall layer from svc parts

Introduces a scall layer by renaming various thread_svc* names and
_*handle_svc() functions and function pointers as a first step in doing
architecture neutral syscall processing.

The name scall is used instead of syscall since the syscall_ prefix is
reserved for the functions implementing the actual syscall. While scall
is the infrastructure used to reach the syscall functions.

No files are renamed and removed at this stage. This patch doesn't
change any behaviour.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: implement a method to dump user TA runtime status

This patch is to dump user TA runtime status for debug purposes.
The change includes:
1. Add new command (STATS_CMD_TA_STATS) in the stats PTA

core: implement a method to dump user TA runtime status

This patch is to dump user TA runtime status for debug purposes.
The change includes:
1. Add new command (STATS_CMD_TA_STATS) in the stats PTA.
2. Add tee_ta_dump_stats() to scan all ongoing TA instance and sessions
and snapshot their status.
3. Add new function: entry_dump_memstats() to __utee_entry() to get TA
heap statistics.
4. Add new compile option (CFG_TA_STATS, default n) to enable this
feature.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>
[jf: edit commit message]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: call pgt_flush_ctx() from vm_info_final()

Moves the call to pgt_flush_ctx() into vm_info_final() from
destroy_context() and tee_ta_init_user_ta_session().

Reviewed-by: Etienne Carriere <etien

core: call pgt_flush_ctx() from vm_info_final()

Moves the call to pgt_flush_ctx() into vm_info_final() from
destroy_context() and tee_ta_init_user_ta_session().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix use after free in tee_ta_open_session()

Fixes a use after free where the session pointer 's' was used after
tee_ta_close_session() while recovering from an error.

Fixes: 82061b8d7b34 ("co

core: fix use after free in tee_ta_open_session()

Fixes a use after free where the session pointer 's' was used after
tee_ta_close_session() while recovering from an error.

Fixes: 82061b8d7b34 ("core: store TA params in session struct")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kernel: tee_ta_manager.c: remove arm.h from includes

Header file arm.h is not used in tee_ta_manager.c, remove it from includes
such that can reuse it with new architecture.

Signed-off-by: Ma

core: kernel: tee_ta_manager.c: remove arm.h from includes

Header file arm.h is not used in tee_ta_manager.c, remove it from includes
such that can reuse it with new architecture.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Rename to barrier_read_counter_timer()

Renames barrier_read_cntpct() to barrier_read_counter_timer() to use a
neutral name for the counter.

With SPMC at S-EL2 OP-TEE will be virtualized and must us

Rename to barrier_read_counter_timer()

Renames barrier_read_cntpct() to barrier_read_counter_timer() to use a
neutral name for the counter.

With SPMC at S-EL2 OP-TEE will be virtualized and must use CNTVCT
instead of CNTPCT while the old physical OP-TEE must continue to use
CNTPCT.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix wrong conditional expression in tee_ta_clear_busy()

When a ctx of a single instance user TA is first created,
lock_single_instance() is called in tee_ta_try_set_busy().
However, unlock_sin

core: fix wrong conditional expression in tee_ta_clear_busy()

When a ctx of a single instance user TA is first created,
lock_single_instance() is called in tee_ta_try_set_busy().
However, unlock_single_instance() is not called in
tee_ta_clear_busy() since ctx->initializing is still false.
It results that tee_ta_single_instance_thread is not reset
when CFG_CONCURRENT_SINGLE_INSTANCE_TA is not enabled.
So remove the wrong conditional expression and remove
"initializing" from tee_ta_ctx since it's no longer used.

Signed-off-by: RueiAnHu <Rayan.Hu@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

ftrace: fix regression causing panic in ftrace_update_times()

Commit 00b3b9a25e76 ("core: add generic struct ts_session") has
introduced a regression in the ftrace code by introducing a call to
ts_g

ftrace: fix regression causing panic in ftrace_update_times()

Commit 00b3b9a25e76 ("core: add generic struct ts_session") has
introduced a regression in the ftrace code by introducing a call to
ts_get_current_session() in ftrace_update_times() in replacement of
tee_ta_get_current_session(). At this point it can happen that no
current session exists, in which case the function should simply return.
Unfortunately ts_get_current_session() will call panic() is such a
situation. The proper function is ts_get_current_session_may_fail().

Fixes: 00b3b9a25e76 ("core: add generic struct ts_session")
Fixes: https://github.com/OP-TEE/optee_os/issues/4313
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: invoke SVC handler through struct ts_session

Store the current SVC handler function pointer in struct ts_session, and
invoke the handler through this. Enables changing the SVC handler for a
se

core: invoke SVC handler through struct ts_session

Store the current SVC handler function pointer in struct ts_session, and
invoke the handler through this. Enables changing the SVC handler for a
session without modifying the ts_ops defined in the session context.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

Use barrier_read_cntpct() to read CNTPCT

Arm ARM quite clearly mentions [1] [2] that such reads must be preceded
by an ISB to forbid re-ordering.

[1] https://developer.arm.com/documentation/ddi0487

Use barrier_read_cntpct() to read CNTPCT

Arm ARM quite clearly mentions [1] [2] that such reads must be preceded
by an ISB to forbid re-ordering.

[1] https://developer.arm.com/documentation/ddi0487/fc/ page D13-2863
"Synchronization requirements for AArch64 System registers" and page
G8-6146 "Ordering of reads of System registers".
[2] https://developer.arm.com/documentation/ddi0406/cd/ page B3-1441
"Ordering of reads of system control registers"

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Olivier Deprez <Olivier.Deprez@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...