core: arm: get DDR range from embedded DTB

Find main memory (DDR) physical range(s) from the secure embedded DTB
if not found from the external DT.

Signed-off-by: Etienne Carriere <etienne.carriere

core: arm: get DDR range from embedded DTB

Find main memory (DDR) physical range(s) from the secure embedded DTB
if not found from the external DT.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Valentin Caron <valentin.caron@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: kernel: Remove CFG_BOOT_INIT_CURRENT_THREAD_CORE_LOCAL

Now both ARM and RISC-V architectures support initialize
thread_core_local[current_core_pos] before calling C code. Thus, we can
deprecat

core: kernel: Remove CFG_BOOT_INIT_CURRENT_THREAD_CORE_LOCAL

Now both ARM and RISC-V architectures support initialize
thread_core_local[current_core_pos] before calling C code. Thus, we can
deprecate CFG_BOOT_INIT_CURRENT_THREAD_CORE_LOCAL and corresponding
code.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>

show more ...

core: dynamic allocation of threads and their stacks

With CFG_DYN_CONFIG enabled, use dynamic allocation of threads and their
stacks.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Revie

core: dynamic allocation of threads and their stacks

With CFG_DYN_CONFIG enabled, use dynamic allocation of threads and their
stacks.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add thread_count to thread_init_threads()

Add a thread_count parameter to thread_init_threads(). This must currently
always be equal to CFG_NUM_THREADS, but may become a dynamic configuration

core: add thread_count to thread_init_threads()

Add a thread_count parameter to thread_init_threads(). This must currently
always be equal to CFG_NUM_THREADS, but may become a dynamic configuration
parameter with CFG_DYN_CONFIG=y in later patches.

The array threads[] is changed into a pointer to allow dynamic
allocation in later patches. The assembly code is updated accordingly to
handle a pointer instead of an array.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Tested-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: dynamic allocation of thread_core_local and its stacks

With CFG_DYN_CONFIG enabled, use dynamic allocation of thread_core_local
and the two stacks, tmp_stack and abt_stack, recorded in it.

Si

core: dynamic allocation of thread_core_local and its stacks

With CFG_DYN_CONFIG enabled, use dynamic allocation of thread_core_local
and the two stacks, tmp_stack and abt_stack, recorded in it.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: add core_count to thread_init_thread_core_local()

Add a core_count parameter to thread_init_thread_core_local() to enable
dynamic configuration of the number of supported cores when configured

core: add core_count to thread_init_thread_core_local()

Add a core_count parameter to thread_init_thread_core_local() to enable
dynamic configuration of the number of supported cores when configured
with CFG_DYN_STACK_CONFIG=y, or it must be equal to
CFG_TEE_CORE_NB_CORE. This is needed in later patches where the number
of cores is configured dynamically.

The array thread_core_local[] is changed into a pointer to allow dynamic
allocation in later patches. The assembly code is updated accordingly to
handle a pointer instead of an array.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: remove the last appended void transfer entry

transfer_list_set_data_size() appends a void entry for the following
entries to meet the alignment requirement even when it is the last
one

core: kernel: remove the last appended void transfer entry

transfer_list_set_data_size() appends a void entry for the following
entries to meet the alignment requirement even when it is the last
one, thus add a check before appending.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: kernel: fix bug in transfer_list_add()

Fix the missing cast on the target address when doing memmove.
Get the address of entry data via transfer_list_entry_data()
instead of adding offset.

Fi

core: kernel: fix bug in transfer_list_add()

Fix the missing cast on the target address when doing memmove.
Get the address of entry data via transfer_list_entry_data()
instead of adding offset.

Fixes: a12225022bd5 ("core: add transfer list API")
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: reserve physical nexus memory for manifest

In reinit_manifest_dt() when reserving physical memory for the manifest,
allocate from physical nexus memory instead to support ns-virtualizatio

core: ffa: reserve physical nexus memory for manifest

In reinit_manifest_dt() when reserving physical memory for the manifest,
allocate from physical nexus memory instead to support ns-virtualization.

Fixes: 414123ae8ca5 ("core: ffa: reserve physical memory for manifest")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: dt_driver: variable may be unused

Fix the following warning with Clang 18.6.1:

core/kernel/dt_driver.c:456:15: error: variable 'count' set but not used [-Werror,-Wunused-but-set-vari

core: kernel: dt_driver: variable may be unused

Fix the following warning with Clang 18.6.1:

core/kernel/dt_driver.c:456:15: error: variable 'count' set but not used [-Werror,-Wunused-but-set-variable]
456 | unsigned int count = 0;
| ^

Indeed, when CFG_TEE_CORE_LOG_LEVEL <= 2, the value of count is never
read.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

core: ffa: reserve physical memory for manifest

With CFG_CORE_SEL2_SPMC=y (Hafnium as SPMC at S-EL2), the FF-A manifest
passed to OP-TEE resides in the memory reserved for OP-TEE just before
the loa

core: ffa: reserve physical memory for manifest

With CFG_CORE_SEL2_SPMC=y (Hafnium as SPMC at S-EL2), the FF-A manifest
passed to OP-TEE resides in the memory reserved for OP-TEE just before
the load address. The physical memory pool is initialized with the entire
range of secure memory, with holes carved out for already used memory.

Temporarily allocate the physical memory used by the manifest until it's
not needed any longer and released by release_manifest_dt().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: fix crash during syscall ftrace

Syscall ftrace collects data during a syscall. get_fbuf() checks if
thread_get_id_may_fail() != -1 to see if a function is called under
normal thread execution.

core: fix crash during syscall ftrace

Syscall ftrace collects data during a syscall. get_fbuf() checks if
thread_get_id_may_fail() != -1 to see if a function is called under
normal thread execution. This can lead to an inconsistent state if a
native interrupt occur while ftrace_enter() or ftrace_return() is
recording data in the ftrace buffer. So fix this by using
thread_is_in_normal_mode() to exclude ftrace during interrupt
processing.

Reported-by: Jerome Forissier <jerome.forissier@linaro.org>
Closes: https://github.com/OP-TEE/optee_os/issues/7216
Fixes: 099918f6744c ("ftrace: Add support for syscall function tracer")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)

show more ...

core: move plat_get_random_stack_canaries() to common part

Other architectures (e.g. RISC-V) may want to call
plat_get_random_stack_canaries() for random stack
canaries. Move it from ARM architectur

core: move plat_get_random_stack_canaries() to common part

Other architectures (e.g. RISC-V) may want to call
plat_get_random_stack_canaries() for random stack
canaries. Move it from ARM architecture directory
to common part.

Signed-off-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Co-developed-by: Alvin Chang <alvinga@andestech.com>
Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: enable ubsan support

Ubsan support was previously limited to core code. This commit moves the
ubsan runtime implementation to libutils, making it available for ldelf
and trusted applications.

ldelf: enable ubsan support

Ubsan support was previously limited to core code. This commit moves the
ubsan runtime implementation to libutils, making it available for ldelf
and trusted applications.

As a result, ldelf will now be built with ubsan support when
CFG_CORE_SANITIZE_UNDEFINED is enabled.

Additionally, to avoid potential infinite recursion, ubsan
instrumentation is explicitly disabled for ubsan.c.

Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: fix CFG_BOOT_INIT_THREAD_CORE_LOCAL0

CFG_BOOT_INIT_THREAD_CORE_LOCAL0 is misleading since it's concerning the
core id of the boot CPU. So rename the configuration flag to
CFG_BOOT_INIT_CURRENT

core: fix CFG_BOOT_INIT_THREAD_CORE_LOCAL0

CFG_BOOT_INIT_THREAD_CORE_LOCAL0 is misleading since it's concerning the
core id of the boot CPU. So rename the configuration flag to
CFG_BOOT_INIT_CURRENT_THREAD_CORE_LOCAL and update the code as needed.
Only thread_init_thread_core_local() has a change of behaviour where the
boot CPU now can have any core id.

Fixes: b5ec8152f3e5 ("core: arm: refactor boot")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: Remove unused call_initcalls()

Remove call_initcalls() since there is no architecture calls it.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Jens Wiklander <jens.wi

core: kernel: Remove unused call_initcalls()

Remove call_initcalls() since there is no architecture calls it.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: interrupt: clarify inline comment in interrupt_create_handler()

Clarify inline comment in interrupt_create_handler() to explicit that
this function request add_configure_handler() to not confi

core: interrupt: clarify inline comment in interrupt_create_handler()

Clarify inline comment in interrupt_create_handler() to explicit that
this function request add_configure_handler() to not configure the
interrupt (since it's already configured from interrupt_dt_get_by_*()
API functions).

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: interrupt: itr_chip may not require configure handler

The configure handler in struct itr_ops is not required for interrupt
providers which consumers only use the DT to get and configure their

core: interrupt: itr_chip may not require configure handler

The configure handler in struct itr_ops is not required for interrupt
providers which consumers only use the DT to get and configure their
interrupts (with interrupt_dt_get_by_*() and interrupt_create_handler()).
Therefore change itr_chip_is_valid() to not enforce its support
but add back that constraint for the interrupt main controller.

Add an itr_chip_dt_only_init() helper function for interrupt
controllers which consumers only use the DT to configure their
interrupt, that is such controllers do not need a configure handler.

itr_chip_is_valid() is not called outside interrupt.c where it is
used in itr_chip_init() and itr_chip_dt_only_init() so make it a local
function.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: interrupt: rename .add handler to .configure

Rename field add of struct itr_ops to configure for consistency
since that handler is used the configure the interrupt. Update
existing interrupt d

core: interrupt: rename .add handler to .configure

Rename field add of struct itr_ops to configure for consistency
since that handler is used the configure the interrupt. Update
existing interrupt drivers accordingly.

By the way fix inline comment spelling typo (s/contrainsts/constraints/).

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: thread: initialize stack canaries from recorded end-va

Continue where "core: thread: get stacks from recorded end-va" left and
initialize the stack canaries based on the recorded end-va. This

core: thread: initialize stack canaries from recorded end-va

Continue where "core: thread: get stacks from recorded end-va" left and
initialize the stack canaries based on the recorded end-va. This is
needed in later patches where the stacks aren't statically allocated.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: thread: get stacks from recorded end-va

Each stack has its end-va or top recorded in either thread_core_local[]
or threads[] as tmp_stack_va_end, abt_stack_va_end, or stack_va_end.
This addres

core: thread: get stacks from recorded end-va

Each stack has its end-va or top recorded in either thread_core_local[]
or threads[] as tmp_stack_va_end, abt_stack_va_end, or stack_va_end.
This address together with the known size of the stack is enough to
calculate all the other needed stack related addresses:
- start and end canaries,
- top and bottom of the stacks.

Add and use new internal functions to calculate these addresses and
remove the now unused macros. This is needed in later patches where the
stacks aren't statically allocated.

INIT_CANARY(), GET_START_CANARY(), and GET_END_CANARY() are kept for now
to see that the addresses for the canaries are calculated correctly in
the new functions.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: refactor boot

Introduce CFG_BOOT_INIT_THREAD_CORE_LOCAL0 to indicate that
thread_core_local[0] is initialized before the boot_init_* functions are
called.

thread_init_core_local_stacks()

core: arm: refactor boot

Introduce CFG_BOOT_INIT_THREAD_CORE_LOCAL0 to indicate that
thread_core_local[0] is initialized before the boot_init_* functions are
called.

thread_init_core_local_stacks() and thread_init_thread_core_local() are
replaced by a new version of thread_init_thread_core_local() for
CFG_BOOT_INIT_THREAD_CORE_LOCAL0=y.

Move initialization of thread_core_local[] from very early to
boot_init_primary_late() where various DTBs containing run-time
configuration are available. This will be needed in later patches when
the number of configured cores can be read from DT or some other
run-time configuration.

Move the "OP-TEE version" print and following code from
boot_init_primary_late() to boot_init_primary_final()

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: fail build when CFG_INSECURE=n used with zero HUK

CFG_INSECURE=n indicates the build may be used for production. In this
environment using the zero HUK in inappropriate, so fail the build
in t

core: fail build when CFG_INSECURE=n used with zero HUK

CFG_INSECURE=n indicates the build may be used for production. In this
environment using the zero HUK in inappropriate, so fail the build
in this case.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: interrupt: enhance registered controller chips validity

Enhance assertion of interrupt chip validity using itr_chip_is_valid()
helper function instead of only testing the chip handle is not nu

core: interrupt: enhance registered controller chips validity

Enhance assertion of interrupt chip validity using itr_chip_is_valid()
helper function instead of only testing the chip handle is not null.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: interrupt: fix property count in dt_get_irq_type_prio()

Fix the number of properties passed by dt_get_irq_type_prio()
to dt_get_irq handler of the interrupt main chip. The fixed issue
was not

core: interrupt: fix property count in dt_get_irq_type_prio()

Fix the number of properties passed by dt_get_irq_type_prio()
to dt_get_irq handler of the interrupt main chip. The fixed issue
was not seen since existing registered dt_get_irq handlers (atmel_wdt.c,
gic.c and plic.c) do not really care when this count value is too high.

Fixes: 702fe5a74327 ("core: kernel: interrupt: add type and prio for interrupts")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...