core: use user-access functions in ldelf interaction

When interacting with LDELF, replace implicit user space accesses from
privileged mode using proper user-access functions.

Co-developed-by: Seon

core: use user-access functions in ldelf interaction

When interacting with LDELF, replace implicit user space accesses from
privileged mode using proper user-access functions.

Co-developed-by: Seonghyun Park <seonghp@amazon.com>
Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add bb_strndup_user()

Adds bb_strndup_user() to copy a user space string into a bounce buffer
large enough to hold the string.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Review

core: add bb_strndup_user()

Adds bb_strndup_user() to copy a user space string into a bounce buffer
large enough to hold the string.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add more user access functions

Add more user access functions: clear_user(), strnlen_user() and
bb_memdup_user(), which can be used to manipulate, check or duplicate
given user space buffers.

core: add more user access functions

Add more user access functions: clear_user(), strnlen_user() and
bb_memdup_user(), which can be used to manipulate, check or duplicate
given user space buffers.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add bounce buffer to user mode context

Adds a bounce buffer for user space buffer to be used during syscall
processing to avoid unchecked privileged access into user space memory.

bb_alloc(),

core: add bounce buffer to user mode context

Adds a bounce buffer for user space buffer to be used during syscall
processing to avoid unchecked privileged access into user space memory.

bb_alloc(), bb_free(), and bb_reset() are added to manage memory
allocation from the bounce buffer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: thread: Add support for canary value randomization

Currently hardcoded magic number is used as thread stack canary,
an attacker with full control over the overflow can embed the
hardcoded cana

core: thread: Add support for canary value randomization

Currently hardcoded magic number is used as thread stack canary,
an attacker with full control over the overflow can embed the
hardcoded canary value on the right location to bypass the overflow
detection.

To add extra layer of security, redefine the canary value as variable,
such that the canary can be initialized during runtime.

The canaries are initialized with static values from thread_init_canaries()
during the early boot stage. The plat_get_random_stack_canaries() is
refactored to support arbitrary-length random numbers, and a new function
called thread_update_canaries() is created to fetch the random values and
update the thread canaries. For CFG_NS_VIRTUALIZATION=y, the updated
function is disabled.

Signed-off-by: Vincent Chuang <Vincent.Chuang@mediatek.com>
Signed-off-by: Randy Hsu <Randy-CY.Hsu@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: interrupt: core controller uses irq_chip list head

Changes core interrupt controller API function (from interrupt.c) to
use the handlers list head added in struct itr_handler instead of
local

core: interrupt: core controller uses irq_chip list head

Changes core interrupt controller API function (from interrupt.c) to
use the handlers list head added in struct itr_handler instead of
local list head. With this change, main itr_chip is managed as a
standard itr_chip and its interrupts can be fetched from the irq_chip
handler functions.

CPU primary interrupt handler itr_handle() function now calls
generic interrupt controller interrupt_call_handlers().

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: interrupt: interrupt chip framework

Extends itr_chip framework to allow interrupt controllers to register
as interrupt chip and other interrupt management methods it their
owns interrupt consu

core: interrupt: interrupt chip framework

Extends itr_chip framework to allow interrupt controllers to register
as interrupt chip and other interrupt management methods it their
owns interrupt consumer through the interrupt_xxx() API function.

This change does not modify the existing interrupt API function that
allow a driver to get an interrupt from the CPU main interrupt controller.
A later change will remove these old API functions.

This changes adds fields in existing structures defined in interrupt.h:
- itr_handler::chip back references the interrupt controller
- itr_chip::handlers is a list head for controller registered handlers
- itr_chip::name for debug trace purpose
- itr_ops::mask and itr_ops::unmask to mask/unmask an interrupt

The new API functions exposed to interrupt consumers are:
- interrupt_add_configure_handler(), interrupt_remove_handler() and
helper functions interrupt_add_handler() and
interrupt_add_handler_with_chip();
- interrupt_alloc_add_handler() and interrupt_remove_free_handler();
- interrupt_configure(), interrupt_enable(), interrupt_disable(),
interrupt_mask() and interrupt_unmask();

Interrupt controllers shall call generic API function
interrupt_call_handlers() to have their registered consumer handlers
called upon their related interrupt occurrences.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: swap TEE_result and retrieved device reference

Changes dt_driver callback function to return a TEE_Result value
and pass retrieved device reference by a output argument rather
than

core: dt_driver: swap TEE_result and retrieved device reference

Changes dt_driver callback function to return a TEE_Result value
and pass retrieved device reference by a output argument rather
than the opposite.

This change updates dt_driver.c, dt_driver.h and all drivers
implementing related dt_driver callback function.

As a consequence, this change removes all type definition related
to device specific callback handler function types which are useless
as all these now comply with type dt_driver_probe_func defined in
dt_driver.h.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: dt_driver: add helper for old fashion interrupt bindings

Adds a helper function dt_driver_device_from_node_idx_prop_phandle()
in device tree driver probing framework for when a DT node propert

core: dt_driver: add helper for old fashion interrupt bindings

Adds a helper function dt_driver_device_from_node_idx_prop_phandle()
in device tree driver probing framework for when a DT node property
contains a resource references but not the related device phandle as
first property cell, as for property "interrupts" which should get the
interrupt controller phandle from property "interrupt-parent". This
change aims at supporting "interrupts" property DT bindings.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: define interrupt controller drivers identifier

Defines identifier DT_DRIVER_INTERRUPT in dt_driver_type enumerated type
for interrupt controller drivers.

Acked-by: Jens Wiklander <

core: dt_driver: define interrupt controller drivers identifier

Defines identifier DT_DRIVER_INTERRUPT in dt_driver_type enumerated type
for interrupt controller drivers.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: interrupt: rename internal itr_chip to itr_main_chip

Renames local variable itr_chip into itr_main_chip to emphasize it is
the CPU main interrupt controller.

Reviewed-by: Jens Wiklander <jens

core: interrupt: rename internal itr_chip to itr_main_chip

Renames local variable itr_chip into itr_main_chip to emphasize it is
the CPU main interrupt controller.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: interrupt: interrupt_get_main_chip() returns main controller

Adds helper function interrupt_get_main_chip() to get the struct itr_chip
reference of the CPU main interrupt controller (e.g. the

core: interrupt: interrupt_get_main_chip() returns main controller

Adds helper function interrupt_get_main_chip() to get the struct itr_chip
reference of the CPU main interrupt controller (e.g. the GIC). This
function helps adapting a generic interrupt controller framework to
consider CPU main interrupt controller specific reference.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: rename dt_driver_phandle_args to dt_pargs

Renames struct dt_driver_phandle_args to struct dt_pargs to
shorten the label and prevent ugly line breaks in function
signatures.

Acked-by: Jens Wik

core: rename dt_driver_phandle_args to dt_pargs

Renames struct dt_driver_phandle_args to struct dt_pargs to
shorten the label and prevent ugly line breaks in function
signatures.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver_test: move source file to core/pta/test/

Moves dt_driver_test.c from core/kernel/ to core/pta/test/ where most
embedded tests implementation are located. This is legitimate as the
te

core: dt_driver_test: move source file to core/pta/test/

Moves dt_driver_test.c from core/kernel/ to core/pta/test/ where most
embedded tests implementation are located. This is legitimate as the
test results are retrieved from the Invoke PTA interface, even if the
test is not effectively run from an invocation command of that PTA.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver_test: fix test failure status

Before this change, failing clock/reset/gpios tests do print a
"not run" status message because related status dt_test_state.probe_xxx
remains to DEFAUL

core: dt_driver_test: fix test failure status

Before this change, failing clock/reset/gpios tests do print a
"not run" status message because related status dt_test_state.probe_xxx
remains to DEFAULT value and are never set to FAILED. Fix this and
move each test to a specific local function to ease error cases
management using 'goto' instructions.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver_test: clarify "not run" status message

Changes trace message from "not passed" to "not run" when a test
is not run.

Suggested-by: Jerome Forissier <jerome.forissier@linaro.org>
Acke

core: dt_driver_test: clarify "not run" status message

Changes trace message from "not passed" to "not run" when a test
is not run.

Suggested-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: interrupt: rename itr_init()

Renames itr_init() to interrupt_main_init() as a later
change will modify interrupt chip API functions using interrupt_
as prefix.

Reviewed-by: Jens Wiklander <je

core: interrupt: rename itr_init()

Renames itr_init() to interrupt_main_init() as a later
change will modify interrupt chip API functions using interrupt_
as prefix.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: interrupt: rename itr_core_handler()

Renames itr_core_handler() to interrupt_main_handler() as a later
change will modify interrupt chip API functions using interrupt_
as prefix.

Reviewed-by:

core: interrupt: rename itr_core_handler()

Renames itr_core_handler() to interrupt_main_handler() as a later
change will modify interrupt chip API functions using interrupt_
as prefix.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: add support for DT_DRIVER_PINCTRL

In order to handle pinctrl the same way that other driver are handled by
DT driver support, modify node parsing to refer to the parent node in case

core: dt_driver: add support for DT_DRIVER_PINCTRL

In order to handle pinctrl the same way that other driver are handled by
DT driver support, modify node parsing to refer to the parent node in case
we are handling a pinctrl request.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>

show more ...

dt_driver_test: add tests for gpio controller framework

Add various tests for the GPIO dt controller framework much like what was
done for the rstclr system.

Signed-off-by: Clément Léger <clement.l

dt_driver_test: add tests for gpio controller framework

Add various tests for the GPIO dt controller framework much like what was
done for the rstclr system.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: gpio: add device-tree based gpio controller framework

Build a small gpio framework based on the device-tree infrastructure and
on top of the existing gpio.h content. This framework allows t

drivers: gpio: add device-tree based gpio controller framework

Build a small gpio framework based on the device-tree infrastructure and
on top of the existing gpio.h content. This framework allows to register
gpio controllers and to retrieve gpio struct based on a "<name>-gpios"
properties.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: add dt_getprop_as_number()

Adds dt_getprop_as_number() to read a property and parse it as a number
returned as a uint64_t. The size of the property determines if it's read
as an unsigned 32-bi

core: add dt_getprop_as_number()

Adds dt_getprop_as_number() to read a property and parse it as a number
returned as a uint64_t. The size of the property determines if it's read
as an unsigned 32-bit or 64-bit integer.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

driver: tpm2: remove TPM2 driver

Remove TPM2 driver from OP-TEE core. OP-TEE will instead rely on a
remote REE TPM2 driver allowing REE OS to embed TPM2 software stack
and leverage TPM2 features.

A

driver: tpm2: remove TPM2 driver

Remove TPM2 driver from OP-TEE core. OP-TEE will instead rely on a
remote REE TPM2 driver allowing REE OS to embed TPM2 software stack
and leverage TPM2 features.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: ftrace: mark thread_get_tsd() and thread_get_id() as __noprof

When CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y, the following call stack
happens (QEMUv8):

_mcount()
ftrace_enter()
get_fbu

core: ftrace: mark thread_get_tsd() and thread_get_id() as __noprof

When CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y, the following call stack
happens (QEMUv8):

_mcount()
ftrace_enter()
get_fbuf()
thread_get_tsd()
thread_get_id()

Therefore thread_get_tsd() and thread_get_id() must be tagged with
__noprof, otherwise a recursive call to _mcount() is triggered leading
to infinite recursion, stack overflow and a lockup of the TEE core.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

core: mark thread_init_core_local_stacks() as __nostackcheck

As its name implies, thread_init_core_local_stacks() performs stack
initializations therefore it should not invoke the stack-checking hoo

core: mark thread_init_core_local_stacks() as __nostackcheck

As its name implies, thread_init_core_local_stacks() performs stack
initializations therefore it should not invoke the stack-checking hooks
which are enabled when CFG_CORE_DEBUG_CHECK_STACKS=y. This is done by
adding the __nostackcheck qualifier to the function. Without it, the
boot hangs early and nothing is printed on the secure console.

Note that this also fixes similar symptoms with syscall profiling
(CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y) because the _mcount()/
__gnu_mcount_nc() hooks need the stack. Both __nostackcheck and
__noprof expand to __attribute__((no_instrument_function)).

Fixes: ca8258906949 ("core: split core/arch/arm/kernel/thread.c")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

show more ...