arm: virtualization: don't allow hypervisor to issue std calls

There is standing issue with having two versions of OP-TEE binary:
with virtualization enabled and without it. Correct variant needs to

arm: virtualization: don't allow hypervisor to issue std calls

There is standing issue with having two versions of OP-TEE binary:
with virtualization enabled and without it. Correct variant needs to
be present on board before booting rest of the system.

If non-virtualized variant is present and user tries to boot a
hypervisor, hypervisor can (and should) detect that OP-TEE does not
provide OPTEE_SMC_SEC_CAP_VIRTUALIZATION capability and fail
gracefully.

On other hand, when virtualized variant of OP-TEE is booted, but user
then boots directly into Linux (or any other OS), OP-TEE crashes:

E/TC:0 0 0 Core data-abort at address 0xffffffffffffffa0 (translation fault)
E/TC:0 0 0 esr 0x96000044 ttbr0 0x4418d000 ttbr1 0x00000000 cidr 0x0
E/TC:0 0 0 cpu #0 cpsr 0x00000184
E/TC:0 0 0 x0 0000000032000004 x1 0000000000000004
E/TC:0 0 0 x2 000000008183c000 x3 0000000000000000
E/TC:0 0 0 x4 0000000000000000 x5 0000000000000000
E/TC:0 0 0 x6 0000000000000000 x7 0000000000000000
E/TC:0 0 0 x8 0000000000000000 x9 0000000000000000
E/TC:0 0 0 x10 0000000000000000 x11 0000000000000000
E/TC:0 0 0 x12 0000000000000000 x13 0000000000000000
E/TC:0 0 0 x14 0000000000000000 x15 0000000000000000
E/TC:0 0 0 x16 0000000000000000 x17 0000000000000000
E/TC:0 0 0 x18 0000000000000000 x19 0000000000000000
E/TC:0 0 0 x20 0000000000000000 x21 0000000000000000
E/TC:0 0 0 x22 0000000000000000 x23 0000000000000000
E/TC:0 0 0 x24 0000000000000000 x25 0000000000000000
E/TC:0 0 0 x26 0000000000000000 x27 0000000000000000
E/TC:0 0 0 x28 0000000000000000 x29 0000000000000000
E/TC:0 0 0 x30 0000000044103ce4 elr 0000000044106314
E/TC:0 0 0 sp_el0 0000000000000000
E/TC:0 0 0 TEE load address @ 0x44100000
E/TC:0 0 0 Call stack:
E/TC:0 0 0 0x44106314 thread_handle_std_smc at core/arch/arm/kernel/thread_optee_smc.c:62
E/TC:0 0 0 Panic 'unhandled pageable abort' at core/arch/arm/kernel/abort.c:584 <abort_handler>
E/TC:0 0 0 TEE load address @ 0x44100000
E/TC:0 0 0 Call stack:
E/TC:0 0 0 0x44107e14 print_kernel_stack at core/arch/arm/kernel/unwind_arm64.c:89
E/TC:0 0 0 0x44114ffc __do_panic at core/kernel/panic.c:73
E/TC:0 0 0 0x44107050 get_fault_type at core/arch/arm/kernel/abort.c:500

This crash happens because virtualization code has special case for
guest_id == HYP_CLNT_ID. This case is needed to allow hypervisor to
call fast SMCs, so it can check OP-TEE version, capabilities and ask
OP-TEE to create/destroy guest partitions. Problem is that
thread_handle_std_smc() assumes that virt_set_guest() really sets the
guest partition, which does not happen in this special case.

This patch removes this special case from virt_set_guest(). Instead
thread_handle_fast_smc() function checks for HYP_CLNT_ID explicitly.

If hypervisor really want to be able to issue STD calls, it should
create a partition for itself using OPTEE_SMC_VM_CREATED call.

With this patch applied, virtualized variant of OP-TEE does not crash
anymore when users tries to boot into a baremetal setup.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: sam: use header file "platform_config.h" instead of "sama5d2.h"

As "sama5d2.h" is included in "platform_config.h" it's better to use
"#include <platform_config.h>" for support more devices

drivers: sam: use header file "platform_config.h" instead of "sama5d2.h"

As "sama5d2.h" is included in "platform_config.h" it's better to use
"#include <platform_config.h>" for support more devices later.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: atmel_rtc: update to compatible with sama7g5

Add the compatible string to device match table for sama7g5.
As RTC is always secure for sama7g5 no need to configure
its security through matri

drivers: atmel_rtc: update to compatible with sama7g5

Add the compatible string to device match table for sama7g5.
As RTC is always secure for sama7g5 no need to configure
its security through matrix.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Akshay Bhat <akshay.bhat@timesys.com>

show more ...

drivers: atmel_rstc: update to compatible with sama7g5

Add the compatible string to device match table for sama7g5.
As RSTC is always secure for sama7g5 no need to configure
its security through mat

drivers: atmel_rstc: update to compatible with sama7g5

Add the compatible string to device match table for sama7g5.
As RSTC is always secure for sama7g5 no need to configure
its security through matrix.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Akshay Bhat <akshay.bhat@timesys.com>

show more ...

drivers: atmel_trng: update to compatible with sama7g5

Add the compatible string to device match table for sama7g5.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jens Wiklander <jens.w

drivers: atmel_trng: update to compatible with sama7g5

Add the compatible string to device match table for sama7g5.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Akshay Bhat <akshay.bhat@timesys.com>

show more ...

drivers: atmel_piobu: update compatible with sama7g5

The number of tamper pins and some offsets of the registers are different
for sama7g5 and sama5d2.

Signed-off-by: Tony Han <tony.han@microchip.c

drivers: atmel_piobu: update compatible with sama7g5

The number of tamper pins and some offsets of the registers are different
for sama7g5 and sama5d2.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Akshay Bhat <akshay.bhat@timesys.com>

show more ...

core: msg_param: remove recursion in included headers

kernel/msg_param.h includes itself.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.s

core: msg_param: remove recursion in included headers

kernel/msg_param.h includes itself.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: tee: initialize dirfile|tadb_entry objects

Coverity reports many errors where dirfile_entry{} and tadb_entry{}
objects are used un-initialized.
Resolve these errors by setting these objects to

core: tee: initialize dirfile|tadb_entry objects

Coverity reports many errors where dirfile_entry{} and tadb_entry{}
objects are used un-initialized.
Resolve these errors by setting these objects to zero on declaration.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: check if binary to bignum conversion succeed

Check return value of crypto_bignum_bin2bn().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier

core: check if binary to bignum conversion succeed

Check return value of crypto_bignum_bin2bn().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mmu: assert pointer to manifest device tree

Assert pointer to manifest device tree before using it in
fdt_node_offset_by_compatible().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Rev

core: mmu: assert pointer to manifest device tree

Assert pointer to manifest device tree before using it in
fdt_node_offset_by_compatible().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: kernel: dt: check return values from snprintf()

Check return values from snprintf() function.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.foriss

core: kernel: dt: check return values from snprintf()

Check return values from snprintf() function.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: fix dead code when ARM32 is not defined

Remove dead code warning when ARM32=n.
When ARM32=n, ret is always equal to TEE_ERROR_NOT_SUPPORTED. It makes
the following if() else if () useless

core: arm: fix dead code when ARM32 is not defined

Remove dead code warning when ARM32=n.
When ARM32=n, ret is always equal to TEE_ERROR_NOT_SUPPORTED. It makes
the following if() else if () useless.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: check device tree property pointer

Assert `prop` pointer before using it in fdt32_to_cpu().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.

core: kernel: check device tree property pointer

Assert `prop` pointer before using it in fdt32_to_cpu().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander

core: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-vexpress: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens

plat-vexpress: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

riscv: mm: Set A/D bits of PTE(page table entry) by default

According to RISC-V privileged ISA manual:
Each leaf PTE contains an accessed (A) and dirty (D) bit. The A bit
indicates the virtual page

riscv: mm: Set A/D bits of PTE(page table entry) by default

According to RISC-V privileged ISA manual:
Each leaf PTE contains an accessed (A) and dirty (D) bit. The A bit
indicates the virtual page has been read, written, or fetched from since
the last time the A bit was cleared. The D bit indicates the virtual
page has been written since the last time the D bit was cleared.
When a virtual page is accessed and the A bit is clear, or is written
and the D bit is clear, a page-fault exception is raised.

And the manual also suggests:
If the supervisor software does not rely on accessed and/or dirty bits,
it should always set them to 1 in the PTE to improve performance.

Since OP-TEE does not rely on A/D bits, we by default set them to 1 to
avoid unnecessary page-fault exceptions when OP-TEE touches those pages.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Rename thread_return_to_ree() to thread_return_to_udomain()

The terminology "udomain", which means untrusted domain, is more precise
terminology for RISC-V architecture, where "domain"

core: riscv: Rename thread_return_to_ree() to thread_return_to_udomain()

The terminology "udomain", which means untrusted domain, is more precise
terminology for RISC-V architecture, where "domain" has already been
defined in RISC-V CoVE and Smmtt specifications.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: ffa: Read FF-A version from the SP manifest

Read the SP's FF-A version from the ffa-version property of the SP
manifest. This property is mandatory according to the FF-A
specification.
SPs are

core: ffa: Read FF-A version from the SP manifest

Read the SP's FF-A version from the ffa-version property of the SP
manifest. This property is mandatory according to the FF-A
specification.
SPs are still able to do runtime version negotiation via the FFA_VERSION
interface.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

pta: scmi: remove noisy info level message on message process

Remove useless trace message emitted each time SCP-firmware
successfully processes an SCMI message.

Reviewed-by: Jens Wiklander <jens.w

pta: scmi: remove noisy info level message on message process

Remove useless trace message emitted each time SCP-firmware
successfully processes an SCMI message.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: scmi_msg: fix size_t trace format

Fix format specifier for size_t type argument.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@f

drivers: scmi_msg: fix size_t trace format

Fix format specifier for size_t type argument.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_i2c: fix header file inclusion order

Fix the order of header file inclusions.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carrier

drivers: stm32_i2c: fix header file inclusion order

Fix the order of header file inclusions.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: i2c: add missing __unused in stubbed function

Fix statc inline stub implementation of i2c_dt_get_dev() that
lacks a __unused attribute on an unused argument.

Fixes: b357d34fe91f ("core: dt

drivers: i2c: add missing __unused in stubbed function

Fix statc inline stub implementation of i2c_dt_get_dev() that
lacks a __unused attribute on an unused argument.

Fixes: b357d34fe91f ("core: dt_driver: swap TEE_result and retrieved device reference")
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: get DDR range from embedded DTB

Find main memory (DDR) physical range(s) from the secure embedded DTB
if not found from the external DDR.

Reviewed-by: Jens Wiklander <jens.wiklander@lina

core: arm: get DDR range from embedded DTB

Find main memory (DDR) physical range(s) from the secure embedded DTB
if not found from the external DDR.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

driver: i2c: stm32_i2c: fix call to stm32_i2c_init()

Fix call to stm32_i2c_init() that returns an int value, not a TEE_Result
code.

Fixes: 5bc9f8e5618b ("drivers: stm32_i2c: register a DT_DRIVER_I2

driver: i2c: stm32_i2c: fix call to stm32_i2c_init()

Fix call to stm32_i2c_init() that returns an int value, not a TEE_Result
code.

Fixes: 5bc9f8e5618b ("drivers: stm32_i2c: register a DT_DRIVER_I2C driver")
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_i2c: apply pinctrl config at init

Add missing load of stm32_i2c pinctrl state at driver init.

Fixes: 73ba32eb0f6c ("drivers: stm32_i2c: support CFG_DRIVERS_PINCTRL")
Reviewed-by: Gat

drivers: stm32_i2c: apply pinctrl config at init

Add missing load of stm32_i2c pinctrl state at driver init.

Fixes: 73ba32eb0f6c ("drivers: stm32_i2c: support CFG_DRIVERS_PINCTRL")
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...