core: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander

core: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: pta: system: use bb_free_wipe() in system_derive_ta_unique_key()

Use the recently introduced function bb_free_wipe() to wipe bounce
buffers of sensitive data when freeing then. Also updates to

core: pta: system: use bb_free_wipe() in system_derive_ta_unique_key()

Use the recently introduced function bb_free_wipe() to wipe bounce
buffers of sensitive data when freeing then. Also updates to use a
bouncer buffer instead of the heap to hold user supplied data when
deriving the TA unique key now that we have bb_free_wipe().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add user buffer to tee_invoke_supp_plugin_rpc()

Adds a user buffer to tee_invoke_supp_plugin_rpc() so direct user memory
access can be used when called with a buffer in user memory instead of

core: add user buffer to tee_invoke_supp_plugin_rpc()

Adds a user buffer to tee_invoke_supp_plugin_rpc() so direct user memory
access can be used when called with a buffer in user memory instead of
core memory. tee_invoke_supp_plugin_rpc() can still take a core memory
buffer as an argument if needed.

PTA_SYSTEM_SUPP_PLUGIN_INVOKE in the system PTA is updated to pass the
memref as a user memory buffer instead of a core memory buffer.

This fixes a direct privileged memory access to user space memory.

Fixes: 4e154320e47c ("core: Apply finer-grained PAN")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: use user-access functions in system PTA

When user TAs call into the system PTA, allocate bounce buffers and
copy data from the user buffers to the bounce buffers, which can be
accessed by the

core: use user-access functions in system PTA

When user TAs call into the system PTA, allocate bounce buffers and
copy data from the user buffers to the bounce buffers, which can be
accessed by the core kernel functions.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: use user-access functions in ldelf interaction

When interacting with LDELF, replace implicit user space accesses from
privileged mode using proper user-access functions.

Co-developed-by: Seon

core: use user-access functions in ldelf interaction

When interacting with LDELF, replace implicit user space accesses from
privileged mode using proper user-access functions.

Co-developed-by: Seonghyun Park <seonghp@amazon.com>
Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: map TA memory using TEE_MATTR_MEM_TYPE_TAGGED

Maps TA memory using the TEE_MATTR_MEM_TYPE_TAGGED which results in
tagged cached memory if the system has it enabled.

Acked-by: Etienne Carriere

core: map TA memory using TEE_MATTR_MEM_TYPE_TAGGED

Maps TA memory using the TEE_MATTR_MEM_TYPE_TAGGED which results in
tagged cached memory if the system has it enabled.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add NULL check in system_dlsym()

system_dlsym() takes a uuid in one of the memref parameters. Prior to
this patch that memref wasn't checked correctly in all cases.
system_dlsym() passes the u

core: add NULL check in system_dlsym()

system_dlsym() takes a uuid in one of the memref parameters. Prior to
this patch that memref wasn't checked correctly in all cases.
system_dlsym() passes the uuid to ldelf_dlsym() which uses this uuid so
the pointer must be valid and of the expected size. Fix this by checking
that the pointer is non-NULL and of the correct size.

This fixes coverity scan:
CID 1501812 (#1 of 1): Dereference after null check (FORWARD_NULL)

Fixes: ebef121c1f5c ("core, ldelf: add support for runtime loading of shared libraries")
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: add a new API to interact with plugins from TA

This patch adds a new API to libutee to interact
with tee-supplicant plugins from TEE userspace.

Every user TA can use 'tee_invoke_supp_plugi

libutee: add a new API to interact with plugins from TA

This patch adds a new API to libutee to interact
with tee-supplicant plugins from TEE userspace.

Every user TA can use 'tee_invoke_supp_plugin()' to send any commands
to a plugin. The commands are predefined by the plugin developer.

See the https://github.com/linaro-swg/optee_examples
repo for an example of using plugins.

Signed-off-by: Aleksandr Anisimov <a.anisimov@omprussia.ru>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ldelf: implement separate syscalls for ldelf

Implements a separate syscall handler for ldelf to decouple it from user
TAs and enable using it for all TSs. The calling convention is the same
as

core: ldelf: implement separate syscalls for ldelf

Implements a separate syscall handler for ldelf to decouple it from user
TAs and enable using it for all TSs. The calling convention is the same
as for utee_* syscalls. To distinguish between the different SVCs, the
syscall handler pointer is updated before entering ldelf and restored
after returning. The step of opening a system PTA session and invoking
the commands there is eliminated, the necessary functionality is
implemented in the ldelf syscall functions.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: extract ldelf related code from system PTA

Various functions in the system PTA are only used in conjunction with
ldelf. They either implement a system service needed only by ldelf
(system_open

core: extract ldelf related code from system PTA

Various functions in the system PTA are only used in conjunction with
ldelf. They either implement a system service needed only by ldelf
(system_open_ta_binary(), etc.) or they provide an interface for TAs to
invoke services implemented in user space by ldelf (call_ldelf_dlopen(),
call_ldelf_dlsym()). Extract these to a separate file as a first step
towards converting the PTA system_*() calls into proper ldelf-specific
syscalls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: prefer struct user_mode_ctx in system PTA

Most functions in system PTA have struct ts_session as parameter, but
only use it for getting the pointer to user_mode_ctx. This commit
simplifies the

core: prefer struct user_mode_ctx in system PTA

Most functions in system PTA have struct ts_session as parameter, but
only use it for getting the pointer to user_mode_ctx. This commit
simplifies the code by doing the casting in a single place and passing
user_mode_ctx as an argument instead.

This also eliminates casting to user_ta_ctx as an intermediate step. It
is a preparation step for extracting ldelf related functions from system
PTA to an ldelf specific syscall handler.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: move non TA specific fields from user_ta_ctx

Moves fields from user_ta_ctx to user_mode_ctx, which are not specific
to user TAs. This is needed to prepare for handling Secure Partitions,
user_

core: move non TA specific fields from user_ta_ctx

Moves fields from user_ta_ctx to user_mode_ctx, which are not specific
to user TAs. This is needed to prepare for handling Secure Partitions,
user_mode_ctx will be the common ground for the fields used by both TAs
and SPs.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: rename ta_store to ts_store

Rename the ta_store to the ts_store. We will need the stores to load
SPs (secure partitions). By renaming ta_store to ts_store
(trusted service) we indicate that th

core: rename ta_store to ts_store

Rename the ta_store to the ts_store. We will need the stores to load
SPs (secure partitions). By renaming ta_store to ts_store
(trusted service) we indicate that the stores are not only used by the
TAs but that they can also be used by SPs.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: replace tee_mmu prefix with vm

Replaces the tee_mmu prefix with vm. tee_mmu.h is renamed to vm.h and
core/arch/arm/mm/tee_mmu.c is moved to core/mm/vm.c. Public functions
belonging to these fi

core: replace tee_mmu prefix with vm

Replaces the tee_mmu prefix with vm. tee_mmu.h is renamed to vm.h and
core/arch/arm/mm/tee_mmu.c is moved to core/mm/vm.c. Public functions
belonging to these files are renamed with a vm prefix.

Introduces: vm_map_param(), vm_clean_param(),
vm_buf_is_inside_private(), vm_buf_intersects_private(),
vm_buf_to_mboj_offs(), vm_buf_is_inside_um_private(),
vm_buf_intersects_um_private(), vm_add_rwmem(), vm_rem_rwmem(),
vm_va2pa(), vm_pa2va(), vm_check_access_rights(), vm_set_ctx() replacing
their tee_mmu_*() counterpart.

Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add generic struct ts_session

As a step in making room for Secure Partitions (SPs) running at S-EL0
add a Trusted Service (TS) abstraction. Both TAs and SPs is a TS.

Adds the generic struct t

core: add generic struct ts_session

As a step in making room for Secure Partitions (SPs) running at S-EL0
add a Trusted Service (TS) abstraction. Both TAs and SPs is a TS.

Adds the generic struct ts_session. All future sessions structs
(currently only struct tee_ta_session exists) should add this struct to
allow generic session operations.

With this struct comes new functions replacing previous struct
tee_ta_session oriented functions. The following functions are replaced
as:
tee_ta_get_current_session() -> ts_get_current_session()
tee_ta_push_current_session() -> ts_push_current_session()
tee_ta_pop_current_session() -> ts_pop_current_session()
tee_ta_get_calling_session() -> ts_get_calling_session()

ts_get_current_session() is changed compared to its predecessor to
panic() in case of failure to return a valid pointer.

A new function ts_get_current_session_may_fail() is added to handle an
eventual case where a return NULL session may be handled.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Add a parameter to vm_map_pad() to specify alignment requirement

There are cases where the virtual address returned for a requested
mapping needs to satisfy certain alignment requirements. All

core: Add a parameter to vm_map_pad() to specify alignment requirement

There are cases where the virtual address returned for a requested
mapping needs to satisfy certain alignment requirements. Allow the
calling functions to specify the required alignment as a parameter
to vm_map_pad().

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add overflow guard in system_unmap()

Adds an early overflow guard in system_unmap() against large va or sz
values.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Foriss

core: add overflow guard in system_unmap()

Adds an early overflow guard in system_unmap() against large va or sz
values.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: wipe user data in system_derive_ta_unique_key()

Before system_derive_ta_unique_key() returns wipe the supplied user data
from the heap as a precaution.

Reviewed-by: Joakim Bech <joakim.bech@l

core: wipe user data in system_derive_ta_unique_key()

Before system_derive_ta_unique_key() returns wipe the supplied user data
from the heap as a precaution.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add overflow guard in system_set_prot()

Adds an early overflow guard in system_set_prot() against large va or sz
values.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome

core: add overflow guard in system_set_prot()

Adds an early overflow guard in system_set_prot() against large va or sz
values.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix typo in system_set_prot()

Fixes a typo in system_set_prot() where a "," was used instead of a ";".
This fix should not change the behaviour of the function.

Reviewed-by: Joakim Bech <joak

core: fix typo in system_set_prot()

Fixes a typo in system_set_prot() where a "," was used instead of a ";".
This fix should not change the behaviour of the function.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix overflow in binh_copy_to()

Fixes overflows in binh_copy_to() when num_bytes or offs_bytes are very
large numbers.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome For

core: fix overflow in binh_copy_to()

Fixes overflows in binh_copy_to() when num_bytes or offs_bytes are very
large numbers.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix potential overflow in system_map_ta_binary()

Fixes potential overflows when calculating required sizes for mapping a
part of a fobj.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Revi

core: fix potential overflow in system_map_ta_binary()

Fixes potential overflows when calculating required sizes for mapping a
part of a fobj.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix handle return in system_open_ta_binary()

Prior to this patch system_open_ta_binary() was not updating the
params[0].value.a out parameter used to carry a handle of the opened
binary. Fix t

core: fix handle return in system_open_ta_binary()

Prior to this patch system_open_ta_binary() was not updating the
params[0].value.a out parameter used to carry a handle of the opened
binary. Fix this by assigning the value to the handle to
params[0].value.a.

Note that if only one binary is opened at a time the handle will be 0
and ldelf will still work even without this fix.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix potential overflow in system_map_zi()

Fixes a potential overflow when calculating required page size for a
fobj allocation. This is fixed by using the new ROUNDUP_DIV() macro
instead of ro

core: fix potential overflow in system_map_zi()

Fixes a potential overflow when calculating required page size for a
fobj allocation. This is fixed by using the new ROUNDUP_DIV() macro
instead of rounding up and the dividing.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: parameter check in system_rng_reseed()

Removes confusing comment in system_rng_reseed(). Removes the max limit
on input buffer size, that's handled inside crypto_rng_add_event(). Also
checks t

core: parameter check in system_rng_reseed()

Removes confusing comment in system_rng_reseed(). Removes the max limit
on input buffer size, that's handled inside crypto_rng_add_event(). Also
checks that the supplied buffer isn't NULL.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...