core: htree: fix meta inclusion in root hash

Prior to this patch was the size of the meta data supplied as the size
of the pointer to meta data. With this patch the size is corrected to be
the size

core: htree: fix meta inclusion in root hash

Prior to this patch was the size of the meta data supplied as the size
of the pointer to meta data. With this patch the size is corrected to be
the size of meta data itself.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/2330
Fixes: 94a72998bc1d ("core: fs_htree: include meta in root hash")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove license notice from STMicroelectronics files

Since a while the source files license info are defined by SPDX
identifiers. We can safely remove the verbose license text from the
files that are

Remove license notice from STMicroelectronics files

Since a while the source files license info are defined by SPDX
identifiers. We can safely remove the verbose license text from the
files that are owned by either only STMicroelectronics or only both
Linaro and STMicroelectronics.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix OOM handling in tee_svc_storage_read_head()

Fixes out of memory handling error in tee_svc_storage_read_head(). Prior
to this all errors from fops->read() was reported as
TEE_ERROR_CORRUPT_

core: fix OOM handling in tee_svc_storage_read_head()

Fixes out of memory handling error in tee_svc_storage_read_head(). Prior
to this all errors from fops->read() was reported as
TEE_ERROR_CORRUPT_OBJECT leading to removal of the object even when the
real problem was temporary memory shortage. This patch reports
TEE_ERROR_OUT_OF_MEMORY from fops->read() correctly while translating
all other errors to TEE_ERROR_CORRUPT_OBJECT.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: syscall_open_ta_session(): make sure user context is set

There is no guarantee that the current user context is preserved
after tee_ta_open_session(). Therefore, set it again before copying
da

core: syscall_open_ta_session(): make sure user context is set

There is no guarantee that the current user context is preserved
after tee_ta_open_session(). Therefore, set it again before copying
data to user space.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: minor cleanup related to pseudo TAs

tee_kta_trace.h is unused and useless.
Reword "static TA" into "pseudo TA" in comments.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Revie

core: minor cleanup related to pseudo TAs

tee_kta_trace.h is unused and useless.
Reword "static TA" into "pseudo TA" in comments.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: crypto: enable 4096-bit RSA keys

RSA key size can be allowed to be as large as CFG_CORE_BIGNUM_MAX_BITS
(4096 by default).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Review

core: crypto: enable 4096-bit RSA keys

RSA key size can be allowed to be as large as CFG_CORE_BIGNUM_MAX_BITS
(4096 by default).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: REE FS: temporary block allocation

Large memory allocations with malloc() can fail due to a fragmented
heap. This is especially a problem when configured with pager as the
heap is kept as smal

core: REE FS: temporary block allocation

Large memory allocations with malloc() can fail due to a fragmented
heap. This is especially a problem when configured with pager as the
heap is kept as small as possible in that configuration for obvious
reasons.

This patch allocates the temporary block needed for reading and writing
in REE FS tee_pager_alloc() instead when the pager is enabled.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee_tadb_ta_read(): reduce tmp buffer

Large memory allocations with malloc() can fail due to a fragmented
heap. The easiest way to avoid such failures is obviously to allocate
smaller buffers.

core: tee_tadb_ta_read(): reduce tmp buffer

Large memory allocations with malloc() can fail due to a fragmented
heap. The easiest way to avoid such failures is obviously to allocate
smaller buffers.

Reduces the size of the temporary buffer used in tee_tadb_ta_read() when
skipping over bytes in the payload. Instead of max 4k use 256 bytes.
Impact on performance should be minimal as not much data are skipped in
the payload.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: syscall_authenc_enc_final() initialize tlen

Fixes problem with possibly leaking uninitialized stack content via
tlen.

Fixes: https://github.com/OP-TEE/optee_os/issues/2214
Reviewed-by: Jerome

core: syscall_authenc_enc_final() initialize tlen

Fixes problem with possibly leaking uninitialized stack content via
tlen.

Fixes: https://github.com/OP-TEE/optee_os/issues/2214
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: FS: storage: don't allow the object_id to reside in shared memory

According to the GP spec V1.1, the object_id in create/open/rename
functions is not allowed to reside in the share memory, thi

core: FS: storage: don't allow the object_id to reside in shared memory

According to the GP spec V1.1, the object_id in create/open/rename
functions is not allowed to reside in the share memory, this patch
simply removes the TEE_MEMORY_ACCESS_ANY_OWNER flag to limit the
object_id to TA private memory space.

Signed-off-by: Zeng Tao <prime.zeng@hisilicon.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: bugfix tee_tadb_ta_read()

When tee_tadb_ta_read() has advanced through the entire binary it should
call crypto_authenc_dec_final() to check that the computed tag matches
expected tag. Before t

core: bugfix tee_tadb_ta_read()

When tee_tadb_ta_read() has advanced through the entire binary it should
call crypto_authenc_dec_final() to check that the computed tag matches
expected tag. Before this commit that wasn't done.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fs_htree: fix authenc_init() error path

- Add missing crypto_authenc_free_ctx()
- Do not call crypto_authenc_final() if crypto_authenc_init() was not
successful

Signed-off-by: Jerome Forissie

core: fs_htree: fix authenc_init() error path

- Add missing crypto_authenc_free_ctx()
- Do not call crypto_authenc_final() if crypto_authenc_init() was not
successful

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Summer Qin <summer.qin@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: hkdf_expand(): call crypto_mac_free_ctx() instead of free()

A context allocated via crypto_mac_alloc_ctx() has to be freed using
crypto_mac_free_ctx(). While the default implementation just

crypto: hkdf_expand(): call crypto_mac_free_ctx() instead of free()

A context allocated via crypto_mac_alloc_ctx() has to be freed using
crypto_mac_free_ctx(). While the default implementation just ends up
calling free(), other implementations may not.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Summer Qin <summer.qin@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fs_htree: include meta in root hash

Includes the meta data when calculating the hash of the root node to
detect changes in file length while number of blocks is unchanged.

Signed-off-by: Jens

core: fs_htree: include meta in root hash

Includes the meta data when calculating the hash of the root node to
detect changes in file length while number of blocks is unchanged.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/2094
Reported-by: Kevin Peng <kevinp@marvell.com>
Tested-by: Kevin Peng <kevinp@marvell.com>
[jf: add Fixes:, Reported-by: and Tested-by: tags]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: REE FS: ree_fs_truncate() commit dirh writes

To commit the changes done by ree_fs_truncate() in the dirfile, call
commit_dirh_writes() before closing the dirh.

Signed-off-by: Jens Wiklander <

core: REE FS: ree_fs_truncate() commit dirh writes

To commit the changes done by ree_fs_truncate() in the dirfile, call
commit_dirh_writes() before closing the dirh.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: REE FS: make sure dirty flag is set when object is truncated

When an object is truncated but the number of blocks is unchanged, only
the metadata's length field is modified. The hash tree laye

core: REE FS: make sure dirty flag is set when object is truncated

When an object is truncated but the number of blocks is unchanged, only
the metadata's length field is modified. The hash tree layer has to be
notified so that it knows it has to flush the data before closing the
object, otherwise the truncation is lost.
Add a function for that purpose: tee_fs_htree_meta_set_dirty(), and
call it whenever meta->length is updated.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: REE FS: ree_fs_truncate(): fix reversed error checks

Reported-by: Kevin Peng <kevinp@marvell.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jen

core: REE FS: ree_fs_truncate(): fix reversed error checks

Reported-by: Kevin Peng <kevinp@marvell.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix handling of NULL memory references by Internal Client API

GlobalPlatform TEE Internal Core API v1.1.2 section 4.9.4 states that
parameters of type *_MEMREF_* can have memref.buffer == NULL

core: fix handling of NULL memory references by Internal Client API

GlobalPlatform TEE Internal Core API v1.1.2 section 4.9.4 states that
parameters of type *_MEMREF_* can have memref.buffer == NULL, provided
that memref.size is zero.

The corresponding test in tee_svc_copy_param() is backwards, so reverse
it.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Kevin Peng <kevinp@marvell.com>
Link: https://github.com/OP-TEE/optee_os/issues/2105
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU)
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Tested-by: Kevin Peng <kevinp@marvell.com>

show more ...

core: fix reference counting in tee_tadb_open()

Fixes reference counting error in tee_tadb_open() that was exposed by
commit 99f969dd6c99 ("core: fine grained tee_ta_mutex locking")

Fixes: 5baee69a

core: fix reference counting in tee_tadb_open()

Fixes reference counting error in tee_tadb_open() that was exposed by
commit 99f969dd6c99 ("core: fine grained tee_ta_mutex locking")

Fixes: 5baee69a0140 ("core: add tadb")
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU v7)
Reported-by: Andrew Davis <andrew.davis@linaro.org>
Tested-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee_svc.c: stop using tee_ta_mutex

A MOBJ handles serialization internally so there's no need to acquire
tee_ta_mutex before freeing or allocating a MOBJ.

Acked-by: Jerome Forissier <jerome.f

core: tee_svc.c: stop using tee_ta_mutex

A MOBJ handles serialization internally so there's no need to acquire
tee_ta_mutex before freeing or allocating a MOBJ.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee_svc_cryp.c: remove final ctx management

Removes the final remains of the crypo ctx management in tee_svc_cryp.c.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by:

core: tee_svc_cryp.c: remove final ctx management

Removes the final remains of the crypo ctx management in tee_svc_cryp.c.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto.h manages authenc context memory

To ease integration with other crypto libraries change the authenc context
interface in crypto.h to manage the memory used for the authenc context.

Rev

core: crypto.h manages authenc context memory

To ease integration with other crypto libraries change the authenc context
interface in crypto.h to manage the memory used for the authenc context.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto.h manages cipher context memory

To ease integration with other crypto libraries change the cipher context
interface in crypto.h to manage the memory used for the cipher context.

Review

core: crypto.h manages cipher context memory

To ease integration with other crypto libraries change the cipher context
interface in crypto.h to manage the memory used for the cipher context.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto.h manages mac context memory

To ease integration with other crypto libraries change the mac context
interface in crypto.h to manage the memory used for the mac context.

Reviewed-by: Je

core: crypto.h manages mac context memory

To ease integration with other crypto libraries change the mac context
interface in crypto.h to manage the memory used for the mac context.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto.h manages hash context memory

To ease integration with other crypto libraries change the hash context
interface in crypto.h to manage the memory used for the hash context.

Reviewed-by:

core: crypto.h manages hash context memory

To ease integration with other crypto libraries change the hash context
interface in crypto.h to manage the memory used for the hash context.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...