core: pta: check struct alignment in RTC PTA API

Check buffer alignment against its pretended type before assignation.

Fixes: cea1eb0bc90e ("pta: add PTA for RTC")
Signed-off-by: Clément Le Goffic

core: pta: check struct alignment in RTC PTA API

Check buffer alignment against its pretended type before assignation.

Fixes: cea1eb0bc90e ("pta: add PTA for RTC")
Signed-off-by: Clément Le Goffic <clement.legoffic@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: rtc: add support of alarm in RTC API

Add set_alarm and read_alarm to the RTC API to set and read an alarm.

In parallel three others functions are added:
- `enable_alarm()`: Enable or not t

drivers: rtc: add support of alarm in RTC API

Add set_alarm and read_alarm to the RTC API to set and read an alarm.

In parallel three others functions are added:
- `enable_alarm()`: Enable or not the alarm
- `wait_alarm()`: This function is called by the non-secure world and waits
until an alarm happens. The wait alarm caller is blocked until an
asynchronous notification arrives.
- `set_alarm_wakeup_status()`: Allow to disable or not the wakeup
capability of the alarm in low power mode

Signed-off-by: Clément Le Goffic <clement.legoffic@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

core: asan: fix check_access()

The previous implementation of check_access() was not fully
correct and could fail to detect out-of-bounds accesses near
the end of an allocated buffer.

For example,

core: asan: fix check_access()

The previous implementation of check_access() was not fully
correct and could fail to detect out-of-bounds accesses near
the end of an allocated buffer.

For example, given a buffer of size 7 allocated at address A.
check_access(addr = A + 7, size = 1) would not trigger a panic,
because the check relied on va_is_well_aligned(end), which skips
validation when end is aligned.

The new check_access() implementation is based on the version from
FreeBSD's subr_asan.c and performs precise shadow memory validation.

In addition, asan_tag_access() behaviour was changed. The shadow byte
should encode the number of accessible bytes. (1 <= k <= 7) means that
the first k bytes are addressible.
This behaviour is in accordance with:

a) the stack instrumentation emitted by compiler
b) the original ASan paper, see [1] section 3.1 Shadow Memory
c) other kasan implementations from freebsd/linux-kernel

[1] https://www.usenix.org/system/files/conference/atc12/atc12-final39.pdf

Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core, libutils: unpoison stack on longjmp for ASan

Adds support for unpoisoning the stack when performing longjmp,
to ensure correct ASan behavior.

When a longjmp unwinds the stack, parts of the st

core, libutils: unpoison stack on longjmp for ASan

Adds support for unpoisoning the stack when performing longjmp,
to ensure correct ASan behavior.

When a longjmp unwinds the stack, parts of the stack that were
poisoned during deeper calls may remain marked as inaccessible.
This can lead to false ASan reports after longjmp, as the new
frame reuses that memory.

To avoid this, a call to asan_handle_longjmp() is added to
setjmp_a64.S, which unpoisons the stack range between the current
SP and the old SP (saved during setjmp).

Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add ASan runtime tests to core self-tests

Adds a set of AddressSanitizer (ASan) runtime tests.
Covers stack overflow, global buffer overflow, heap overflow,
use-after-free, invalid memcpy/mems

core: add ASan runtime tests to core self-tests

Adds a set of AddressSanitizer (ASan) runtime tests.
Covers stack overflow, global buffer overflow, heap overflow,
use-after-free, invalid memcpy/memset cases.

These tests are important to ensure that ASan works correctly
when enabled. Implementation of functions such as memset() and memcpy()
may change in the future, or ASan support may silently break when
switching to a new compiler version. Having explicit tests provides
confidence that ASan instrumentation remains functional and correctly
detects memory errors.

Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: asan: add support for custom panic callback

Add asan_set_panic_cb() to register a custom panic callback.

The ability to set a panic callback will be used in ASan tests to
capture and validate

core: asan: add support for custom panic callback

Add asan_set_panic_cb() to register a custom panic callback.

The ability to set a panic callback will be used in ASan tests to
capture and validate expected violations without triggering a full
system panic, which is important for automated testing.

Introduce asan_report() to provide more detailed reporting of
access violations, including nearby shadow memory dump.

Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-marvell: Add support for CN20K SoCs

Add support for Octeon20(CN20K) SoCs from Marvell.

Only tested 64-bit mode with default configurations:

1. Build command
make PLATFORM=marvell-cn20ka
mak

plat-marvell: Add support for CN20K SoCs

Add support for Octeon20(CN20K) SoCs from Marvell.

Only tested 64-bit mode with default configurations:

1. Build command
make PLATFORM=marvell-cn20ka
make PLATFORM=marvell-cnf20ka
2. Passed xtest

Signed-off-by: Anil Kumar Reddy <areddy3@marvell.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Revert "plat-rockchip: rk3399: remove GIC configuration"

With commit 4cb77793842a ("irqchip/gic-v3: Fix rk3399 workaround when
secure interrupts are enabled") in the Linux kernel OP-TEE panics after

Revert "plat-rockchip: rk3399: remove GIC configuration"

With commit 4cb77793842a ("irqchip/gic-v3: Fix rk3399 workaround when
secure interrupts are enabled") in the Linux kernel OP-TEE panics after
the kernel has booted with:
E/TC:3 0 Panic 'Secure interrupt handler not defined' at core/kernel/interrupt.c:105 <interrupt_main_handler>

So for kernels after v6.14 we need another workaround. The easiest is to
revert commit 447c5f6bc49ff5408c0543ceaaabf0cb8f23804d. The GIC is still
broken, but the device is still usable in other aspects.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (rockchip-rk3399) (Rockpi4B)
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-corstone1000: increase CFG_TZDRAM_SIZE

TZDRAM is a 4MB SRAM in Corstone-1000. Its start address is `0x0200_0000`
but the first 0x2000 bytes are reserved for future use. `CFG_TZDRAM_SIZE`
can be

plat-corstone1000: increase CFG_TZDRAM_SIZE

TZDRAM is a 4MB SRAM in Corstone-1000. Its start address is `0x0200_0000`
but the first 0x2000 bytes are reserved for future use. `CFG_TZDRAM_SIZE`
can be increased to `0x360000` so OP-TEE has more RAM.

Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

dts: stm32: remove activation of RTC nodes at board level

Remove unnecessary activation of RTC in stm32mp15xxdkx.dtsi and
stm32mp135f-dk.dts.
RTC node is default enabled in stm32mp131.dtsi and stm32

dts: stm32: remove activation of RTC nodes at board level

Remove unnecessary activation of RTC in stm32mp15xxdkx.dtsi and
stm32mp135f-dk.dts.
RTC node is default enabled in stm32mp131.dtsi and stm32mp151.dtsi.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: default enable RTC on stm32mp1

TAMP peripheral has a dependency on RTC.
Since TAMP is enable by default in stm32mp131.dtsi and stm32mp151.dtsi.
Default probe RTC to solve TAMP's dependen

dts: stm32: default enable RTC on stm32mp1

TAMP peripheral has a dependency on RTC.
Since TAMP is enable by default in stm32mp131.dtsi and stm32mp151.dtsi.
Default probe RTC to solve TAMP's dependency on it.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

Add optee.ta.instanceKeepCrashed property

Add the optee.ta.instanceKeepCrashed property to prevent a TA with
gpd.ta.instanceKeepAlive=true to be restarted. This prevents unexpected
resetting of the

Add optee.ta.instanceKeepCrashed property

Add the optee.ta.instanceKeepCrashed property to prevent a TA with
gpd.ta.instanceKeepAlive=true to be restarted. This prevents unexpected
resetting of the state of the TA.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Alex Lewontin <alex.lewontin@canonical.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: user_ta: PAUTH key initialization may fail

Test crypto_rng_read() return value when initializing user TA pointer
authentication. For sake of simplicity get random bytes before user TA
context

core: user_ta: PAUTH key initialization may fail

Test crypto_rng_read() return value when initializing user TA pointer
authentication. For sake of simplicity get random bytes before user TA
context starts to be initialized.

Fixes: 2b06f9dede33 ("Add basic pointer authentication support for TA's")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: rstctrl: add security check for STM32MP25 reset controller

Test if the id of the peripheral is not out of range.

Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Reviewed-b

drivers: rstctrl: add security check for STM32MP25 reset controller

Test if the id of the peripheral is not out of range.

Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

clk: stm32mp25: cosmetic fixes for STM32MP25 clock driver

Cosmetic fixes to align STM32MP21 and STM32MP25 clock drivers.

Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Reviewed-by

clk: stm32mp25: cosmetic fixes for STM32MP25 clock driver

Cosmetic fixes to align STM32MP21 and STM32MP25 clock drivers.

Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

dts: stm32: enable Reset and Clock Controller for stm32mp215f-dk

Add device tree files for stm32mp215f-dk board.

Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Acked-by: Etienne C

dts: stm32: enable Reset and Clock Controller for stm32mp215f-dk

Add device tree files for stm32mp215f-dk board.

Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-stm32mp2: update reset and clocks driver flags for STM32MP21

Add CFG_STM32MP21_CLK and CFG_STM32MP21_RSTCTRL flags to enable
RCC drivers.

Signed-off-by: Gabriel Fernandez <gabriel.fernandez@fo

plat-stm32mp2: update reset and clocks driver flags for STM32MP21

Add CFG_STM32MP21_CLK and CFG_STM32MP21_RSTCTRL flags to enable
RCC drivers.

Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: rstctrl: add reset controller for STM32MP21 platforms

Implement the STM32MP21 reset controller device by embedding it
with CFG_STM32_RSTCTRL=y and CFG_STM32MP21_RSTCTRL=y.

Signed-off-by: N

drivers: rstctrl: add reset controller for STM32MP21 platforms

Implement the STM32MP21 reset controller device by embedding it
with CFG_STM32_RSTCTRL=y and CFG_STM32MP21_RSTCTRL=y.

Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

clk: stm32mp21: introduce STM32MP21 clock driver

As the STM32MP25 clock driver, this driver is based on the
clk-stm32-core API to manage STM32 gates, dividers, and multiplexer.

Signed-off-by: Yann

clk: stm32mp21: introduce STM32MP21 clock driver

As the STM32MP25 clock driver, this driver is based on the
clk-stm32-core API to manage STM32 gates, dividers, and multiplexer.

Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dt-bindings: add STM32MP21 clocks and resets bindings

Add stm32mp21-clks.h, stm32mp21-clksrc.h & stm32mp21-resets.h DT
bindings files for STM32MP21.

Signed-off-by: Yann Gautier <yann.gautier@foss.s

dt-bindings: add STM32MP21 clocks and resets bindings

Add stm32mp21-clks.h, stm32mp21-clksrc.h & stm32mp21-resets.h DT
bindings files for STM32MP21.

Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-vexpress: qemu_v8: support EL1 physical timer interrupt

Add support to configure the timer callout service based on interrupt
from the EL1 physical timer when configuration with SPMC at S-EL2
(

plat-vexpress: qemu_v8: support EL1 physical timer interrupt

Add support to configure the timer callout service based on interrupt
from the EL1 physical timer when configuration with SPMC at S-EL2
(CFG_CORE_SEL2_SPMC=y).

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm: support EL1 physical timer

When configured with an SPMC at S-EL2 (CFG_CORE_SEL2_SPMC=y) use the
(emulated) EL1 physical timer instead of the EL3 physical timer since
the latter then is us

core: arm: support EL1 physical timer

When configured with an SPMC at S-EL2 (CFG_CORE_SEL2_SPMC=y) use the
(emulated) EL1 physical timer instead of the EL3 physical timer since
the latter then is used by S-EL2.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

core: arm64.h: add {read,write}_cntp_{ct,tva,cva}l()

Add wrapper functions to read and write to the EL1 physical timer
registers cntp_ctl_el0, cntp_tval_el0, and cntp_cval_el0. These
registers are u

core: arm64.h: add {read,write}_cntp_{ct,tva,cva}l()

Add wrapper functions to read and write to the EL1 physical timer
registers cntp_ctl_el0, cntp_tval_el0, and cntp_cval_el0. These
registers are used when using the Arm Generic Timer with
CFG_CORE_SEL2_SPMC=y (Hafnium as SPMC at S-EL2).

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: hfic: handle well-known interrupt IDs

The paravirtualized interrupt interface has a few interrupt IDs reserved
for special purposes, for instance, the timer interrupt ID. Trying to
manipula

drivers: hfic: handle well-known interrupt IDs

The paravirtualized interrupt interface has a few interrupt IDs reserved
for special purposes, for instance, the timer interrupt ID. Trying to
manipulate will often result in a returned error. However, these
interrupt are all edge-triggered so they can be ignored without being
reasserted immediately. So in the assert() that checks that the
operation was successful, allow operations on the well-known IDs to
fail.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: ree_fs: initialize ta_ver.db in one operation

Combined the object creation and data writing operations into a single
step to enhance reliability. This change addresses the situation where,
if

core: ree_fs: initialize ta_ver.db in one operation

Combined the object creation and data writing operations into a single
step to enhance reliability. This change addresses the situation where,
if object creation occurs but the data writing fails, an empty object
would be left behind, leading to potential issues during the next boot.

Link: https://github.com/OP-TEE/optee_os/issues/7438
Fixes: 183398139c9c ("core: enable rollback protection for REE-FS TAs")
Signed-off-by: Gavin Liu <gavin.liu@mediatek.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...