core: tee: initialize dirfile|tadb_entry objects

Coverity reports many errors where dirfile_entry{} and tadb_entry{}
objects are used un-initialized.
Resolve these errors by setting these objects to

core: tee: initialize dirfile|tadb_entry objects

Coverity reports many errors where dirfile_entry{} and tadb_entry{}
objects are used un-initialized.
Resolve these errors by setting these objects to zero on declaration.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander

core: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: update ts_store API with user space buffer

Updates the read() function pointer in struct ts_store_ops to take an
user space buffer in addition to the previous core buffer. Core buffers
are nor

core: update ts_store API with user space buffer

Updates the read() function pointer in struct ts_store_ops to take an
user space buffer in addition to the previous core buffer. Core buffers
are normal secure memory while user space buffers should only be accessed
using the user_access.h functions.

The different TA storage implementations are updated accordingly.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: tee: initialize dirfile_entry objects

Coverity reports many errors where dirfile_entry{} is used
un-initialized.
Resolve these errors by setting these objects to zero on declaration.

Signed-o

core: tee: initialize dirfile_entry objects

Coverity reports many errors where dirfile_entry{} is used
un-initialized.
Resolve these errors by setting these objects to zero on declaration.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: update FS storage API with user space buffer

Updates the create(), read(), and write() function pointers in struct
ts_store_ops to take a user space buffer in addition to the previous
core buf

core: update FS storage API with user space buffer

Updates the create(), read(), and write() function pointers in struct
ts_store_ops to take a user space buffer in addition to the previous
core buffer. Core buffers are normal secure memory while user space
buffers should only be accessed using the user_access.h functions.

The different FS storage implementations are updated accordingly.

Note that the RPMB FS storage implementation resorts to using
enter_user_access() and exit_user_access() due to internal complexities.

Fixes: 4e154320e47c ("core: Apply finer-grained PAN")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: make mobj_get_va() more secure

Adds a length parameter to allow mobj_get_va() to check that the entire
va range requested is available.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.

core: make mobj_get_va() more secure

Adds a length parameter to allow mobj_get_va() to check that the entire
va range requested is available.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Fix warnings in core/tee/tadb.c

Fixes -Wdeclaration-after-statement warnings in core/tee/tadb.c:
core/tee/tadb.c:111:2: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-

core: Fix warnings in core/tee/tadb.c

Fixes -Wdeclaration-after-statement warnings in core/tee/tadb.c:
core/tee/tadb.c:111:2: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
struct thread_param params[] = {
^~~~~~
core/tee/tadb.c: In function ‘ta_operation_remove’:
core/tee/tadb.c:137:2: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
struct thread_param params[] = {
^~~~~~
core/tee/tadb.c: In function ‘ta_load’:
core/tee/tadb.c:712:2: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
struct thread_param params[] = {
^~~~~~

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: assure the reader that clear_file(), test_file() are safe

tee_tadb_dir always has files when nbits is greater than 0.
Point that out in clear_file() and test_file().

Reviewed-by: Jens Wikland

core: assure the reader that clear_file(), test_file() are safe

tee_tadb_dir always has files when nbits is greater than 0.
Point that out in clear_file() and test_file().

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru>

show more ...

core: fix populate_files() coverity warning

In populate_files() db->files is checked to be not NULL leading but at
another place db->nbits is checked instead before accessing db->files.
Both checks

core: fix populate_files() coverity warning

In populate_files() db->files is checked to be not NULL leading but at
another place db->nbits is checked instead before accessing db->files.
Both checks are OK since db->files mustn't be NULL if db->nbits is
larger than 0.

This confuses coverity to emit a warning, so change the function to
check db->nbits instead.

This fixes coverity scan:
CID 1501793 (#1 of 1): Dereference after null check (FORWARD_NULL)

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: assert result in file_num_to_str()

Adds an assert() that snprintf() succeeds in file_num_to_str().

This fixes coverity scan:
CID 1501823 (#1 of 1): Unchecked return value (CHECKED_RETURN)

R

core: assert result in file_num_to_str()

Adds an assert() that snprintf() succeeds in file_num_to_str().

This fixes coverity scan:
CID 1501823 (#1 of 1): Unchecked return value (CHECKED_RETURN)

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add user parameter thread_rpc_shm_cache_alloc()

Adds a user parameter to thread_rpc_shm_cache_alloc() to make sure that
different callers of thread_rpc_shm_cache_alloc() doesn't interfere with

core: add user parameter thread_rpc_shm_cache_alloc()

Adds a user parameter to thread_rpc_shm_cache_alloc() to make sure that
different callers of thread_rpc_shm_cache_alloc() doesn't interfere with
each other. The FS allocation could perhaps be intertwined with I2C
allocations if crypto operations are done over I2C.

Fixes: 9bee8f2a5af7 ("core: add generic rpc shared memory buffer caching")
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add generic rpc shared memory buffer caching

Replaces tee_fs_rpc_cache_alloc() with thread_rpc_shm_alloc() which also
takes a shared memory type as argument. This allows allocating an kernel
p

core: add generic rpc shared memory buffer caching

Replaces tee_fs_rpc_cache_alloc() with thread_rpc_shm_alloc() which also
takes a shared memory type as argument. This allows allocating an kernel
private RPC buffer when needed.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove unreachable code from tee_tadb_ta_open()

Prior to this patch tee_tadb_ta_open() had some unreachable code. With
this patch remove that code, but retain the behaviour of
tee_tadb_ta_open

core: remove unreachable code from tee_tadb_ta_open()

Prior to this patch tee_tadb_ta_open() had some unreachable code. With
this patch remove that code, but retain the behaviour of
tee_tadb_ta_open().

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add description of struct tadb_entry

Adds description of the fields in struct tadb_entry.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@li

core: add description of struct tadb_entry

Adds description of the fields in struct tadb_entry.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove algo from crypto_authenc_*()

Removes the algo parameters from all crypto_authenc_*() functions except
crypto_authenc_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro

core: remove algo from crypto_authenc_*()

Removes the algo parameters from all crypto_authenc_*() functions except
crypto_authenc_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tadb.c: get rid of atomic reference counting

This commit changes the way the tadb_db global variable is protected
against concurrent access on creation and deletion. Instead of using an
atomic

core: tadb.c: get rid of atomic reference counting

This commit changes the way the tadb_db global variable is protected
against concurrent access on creation and deletion. Instead of using an
atomic reference counter (struct refcount) and a mutex, only the mutex
is used and taken unconditionally. The reference count becomes a global
integer protected by the same mutex.

Using a struct refcount was apparently an optimization to avoid taking
the lock unless actual creation or deletion of the tadb_db was needed.
Unfortunately this implementation was causing occasional crashes of the
TEE core (easily reproducible on HiKey running 'xtest 1013' in a loop).
The new implementation is simpler and appears to be rock solid with no
measurable difference in performance.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add get_tag() to struct user_ta_store_ops

Adds get_tag() method to struct user_ta_store_ops.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wi

core: add get_tag() to struct user_ta_store_ops

Adds get_tag() method to struct user_ta_store_ops.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add tee_tadb_get_tag()

Adds the function tee_tadb_get_tag() which returns a tag that uniquely
identifies a TA.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens

core: add tee_tadb_get_tag()

Adds the function tee_tadb_get_tag() which returns a tag that uniquely
identifies a TA.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce generic optee_rpc_cmd.h

Replaces the OPTEE_MSG RPC command protocol descriptions in optee_msg.h
and optee_msg_supplicant with a generic optee_rpc_cmd.h. Defined names
are also refact

core: introduce generic optee_rpc_cmd.h

Replaces the OPTEE_MSG RPC command protocol descriptions in optee_msg.h
and optee_msg_supplicant with a generic optee_rpc_cmd.h. Defined names
are also refactored to mirror the new structure.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tadb.c: get rid of init_memparam()

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wikl

core: tadb.c: get rid of init_memparam()

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: use struct thread_param for RPC

Use struct thread_param as an abstraction of the parameters used for
RPC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <

core: use struct thread_param for RPC

Use struct thread_param as an abstraction of the parameters used for
RPC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: simplify shm cookie handling

Simplifies SHM cookie handling by storing the cookie in the mobj instead
of putting the burden on the caller. The cookie parameter is dropped
from the thread_rpc_*

core: simplify shm cookie handling

Simplifies SHM cookie handling by storing the cookie in the mobj instead
of putting the burden on the caller. The cookie parameter is dropped
from the thread_rpc_*_payload() functions. All callers of those
functions are also updated and unused cookie members of related structs
are removed too.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix tee_tadb_ta_create() panic

Fixes a panic triggered in tee_tadb_ta_create(). Before this patch
tee_tadb_ta_create() was calling tadb_put() if tee_tadb_open() failed.
This is incorrect as th

core: fix tee_tadb_ta_create() panic

Fixes a panic triggered in tee_tadb_ta_create(). Before this patch
tee_tadb_ta_create() was calling tadb_put() if tee_tadb_open() failed.
This is incorrect as the reference counter hasn't been increased then.
This patch fixes that by only calling tadb_put() once tee_tadb_open()
has succeeded.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee_tadb_ta_read(): reduce tmp buffer

Large memory allocations with malloc() can fail due to a fragmented
heap. The easiest way to avoid such failures is obviously to allocate
smaller buffers.

core: tee_tadb_ta_read(): reduce tmp buffer

Large memory allocations with malloc() can fail due to a fragmented
heap. The easiest way to avoid such failures is obviously to allocate
smaller buffers.

Reduces the size of the temporary buffer used in tee_tadb_ta_read() when
skipping over bytes in the payload. Instead of max 4k use 256 bytes.
Impact on performance should be minimal as not much data are skipped in
the payload.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: bugfix tee_tadb_ta_read()

When tee_tadb_ta_read() has advanced through the entire binary it should
call crypto_authenc_dec_final() to check that the computed tag matches
expected tag. Before t

core: bugfix tee_tadb_ta_read()

When tee_tadb_ta_read() has advanced through the entire binary it should
call crypto_authenc_dec_final() to check that the computed tag matches
expected tag. Before this commit that wasn't done.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...