arm32: move the UNWIND() macro to <asm.S>

All the users of the UNWIND() macro include <asm.S> already, which is
therefore a good place to define this macro. Let's move it from
<kernel/unwind.h> to <

arm32: move the UNWIND() macro to <asm.S>

All the users of the UNWIND() macro include <asm.S> already, which is
therefore a good place to define this macro. Let's move it from
<kernel/unwind.h> to <asm.S>, remove a couple of duplicates in
assembler files, and drop the useless includes.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: arm32: remove unused function relocate_exidx()

Since commit d1911a85142d ("core: load TAs using ldelf"), function
relocate_exidx() is not used any more. Remove it, as well as
offset_prel31() w

core: arm32: remove unused function relocate_exidx()

Since commit d1911a85142d ("core: load TAs using ldelf"), function
relocate_exidx() is not used any more. Remove it, as well as
offset_prel31() which was only called from this function.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: remove stack dump macros and multiple log levels

Of the various xPRINT_STACK() macros (x in {E,I,D,F}), only
EPRINT_STACK() is used. Let's simplify the code by removing the macros
altogether a

core: remove stack dump macros and multiple log levels

Of the various xPRINT_STACK() macros (x in {E,I,D,F}), only
EPRINT_STACK() is used. Let's simplify the code by removing the macros
altogether and calling print_kernel_stack() instead. Since only the
TRACE_ERROR is used, the 'level' argument to print_kernel_stack(),
print_stack_arm32() and print_stack_arm64() is removed too.

In addition to simplifying the code, these changes will allow the
consolidation of the stack unwinding code between core and ldelf.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: mm: fix region lookup in param_mem_to_user_va()

The test whether a memory parameter is located in a region may fail
because of a typo in the comparison. The region size must be
added to the st

core: mm: fix region lookup in param_mem_to_user_va()

The test whether a memory parameter is located in a region may fail
because of a typo in the comparison. The region size must be
added to the start address, not subtracted.

Fixes: 2667e1359e51 ("core: fix offset calculation in param_mem_to_user_va()")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Wolfgang Ocker <weo@reccoware.de>

show more ...

Add support for Renesas RZ/N1 platform

Add support for RZ/N1 platform from Renasas (PLATFORM=rzn1):
- Cortex-A7 based dual core processor.

This platform supports TrustZone based IO register access

Add support for Renesas RZ/N1 platform

Add support for RZ/N1 platform from Renasas (PLATFORM=rzn1):
- Cortex-A7 based dual core processor.

This platform supports TrustZone based IO register access control, so
add corresponding OEM service based implementation.

Link: https://www.renesas.com/us/en/products/microcontrollers-microprocessors/rz/rzn/rzn1d.html
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: ns16550: Allow customizable serial IO config

Add io_width and reg_shift configurable parameters to struct ns16550_data
in order to support 32 bit register read/write.

Signed-off-by: Sumit

drivers: ns16550: Allow customizable serial IO config

Add io_width and reg_shift configurable parameters to struct ns16550_data
in order to support 32 bit register read/write.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: Allow non-secure context restore in thumb mode

Allow initial exit from secure monitor mode to non-secure context
in thumb mode in case next stage boot-loader is expected to execute
in thumb mo

core: Allow non-secure context restore in thumb mode

Allow initial exit from secure monitor mode to non-secure context
in thumb mode in case next stage boot-loader is expected to execute
in thumb mode.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

vexpress-qemu_v8a: set CFG_ARM64_core to 'y' by default

Enables CFG_ARM64_core by default for PLATFORM=vexpress-qemu_v8a. This
platform is mostly used in full 64-bit mode, especially since until now

vexpress-qemu_v8a: set CFG_ARM64_core to 'y' by default

Enables CFG_ARM64_core by default for PLATFORM=vexpress-qemu_v8a. This
platform is mostly used in full 64-bit mode, especially since until now
the build.git Makefiles do not support anything else [1].

Link: [1] https://github.com/OP-TEE/build/blob/3.10.0/qemu_v8.mk#L9
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: do not trace syscall_log()

Tracing the log syscall is of very little value since it will generate
some output to the console anyways. Worse, it pollutes the TA output in
case of a panic or an

core: do not trace syscall_log()

Tracing the log syscall is of very little value since it will generate
some output to the console anyways. Worse, it pollutes the TA output in
case of a panic or an abort. For example:

o regression_4005.1 AE case 0 algo 0x40000710 line 2819
F/TC:?? 0 trace_syscall:132 syscall #27 (syscall_cryp_obj_alloc)
F/TC:?? 0 trace_syscall:132 syscall #15 (syscall_cryp_state_alloc)
F/TC:?? 0 trace_syscall:132 syscall #27 (syscall_cryp_obj_alloc)
F/TC:?? 0 trace_syscall:132 syscall #24 (syscall_cryp_obj_get_info)
F/TC:?? 0 trace_syscall:132 syscall #30 (syscall_cryp_obj_populate)
F/TC:?? 0 trace_syscall:132 syscall #24 (syscall_cryp_obj_get_info)
F/TC:?? 0 trace_syscall:132 syscall #24 (syscall_cryp_obj_get_info)
F/TC:?? 0 trace_syscall:132 syscall #29 (syscall_cryp_obj_reset)
F/TC:?? 0 trace_syscall:132 syscall #24 (syscall_cryp_obj_get_info)
F/TC:?? 0 trace_syscall:132 syscall #24 (syscall_cryp_obj_get_info)
F/TC:?? 0 trace_syscall:132 syscall #31 (syscall_cryp_obj_copy)
F/TC:?? 0 trace_syscall:132 syscall #24 (syscall_cryp_obj_get_info)
F/TC:?? 0 trace_syscall:132 syscall #28 (syscall_cryp_obj_close)
F/TC:?? 0 trace_syscall:132 syscall #34 (syscall_authenc_init)
F/TC:?? 0 trace_syscall:132 syscall #2 (syscall_panic)
E/TC:?? 0
E/TC:?? 0 TA panicked with code 0xffff0006
F/TC:?? 0 trace_syscall:132 syscall #1 (syscall_log)
E/LD: Status of TA cb3e5ba0-adf1-11e0-998b-0002a5d5c51b
F/TC:?? 0 trace_syscall:132 syscall #1 (syscall_log)
E/LD: arch: aarch64
F/TC:?? 0 trace_syscall:132 syscall #1 (syscall_log)
E/LD: region 0: va 0x40004000 pa 0x100062d000 size 0x002000 flags rw-s (ldelf)
F/TC:?? 0 trace_syscall:132 syscall #1 (syscall_log)
E/LD: region 1: va 0x40006000 pa 0x100062f000 size 0x00d000 flags r-xs (ldelf)
...

Therefore, skip the trace if the syscall number it TEE_SCN_LOG.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add tee_pobj_create_final()

Adds tee_pobj_create_final() which finalized a create operation. Until
tee_pobj_create_final() has been called the struct pobj cannot be shared
with any other objec

core: add tee_pobj_create_final()

Adds tee_pobj_create_final() which finalized a create operation. Until
tee_pobj_create_final() has been called the struct pobj cannot be shared
with any other object.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: syscall_storage_next_enum() use live pobj

Instead of using a fake pobj in syscall_storage_next_enum() retrieve the
shared pobj instead in order to get the flags of an already opened
object.

T

core: syscall_storage_next_enum() use live pobj

Instead of using a fake pobj in syscall_storage_next_enum() retrieve the
shared pobj instead in order to get the flags of an already opened
object.

TEE_POBJ_USAGE_ENUM is supplied to tee_pobj_get() to avoid checking for
conflicts with how the pobj is already used.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee_pobj_get() takes an enum tee_pobj_usage

Changes tee_pobj_get() to take an enum tee_pobj_usage usage instead of a
bool temporary.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signe

core: tee_pobj_get() takes an enum tee_pobj_usage

Changes tee_pobj_get() to take an enum tee_pobj_usage usage instead of a
bool temporary.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove struct tee_obj::flags

struct tee_obj keeps a TEE_ObjectInfo which has a flags field with the
same meaning as the flags field in struct tee_obj. To avoid the two
fields getting out of sy

core: remove struct tee_obj::flags

struct tee_obj keeps a TEE_ObjectInfo which has a flags field with the
same meaning as the flags field in struct tee_obj. To avoid the two
fields getting out of sync remove struct tee_obj::flags and only use
TEE_ObjectInfo::handleFlags.

Additional checks are added in syscall_storage_obj_open() and
syscall_storage_obj_create() to make sure that no undefined flags are
added to TEE_ObjectInfo::handleFlags.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: syscall_storage_obj_create(): check that the attributes object is initialized

Adds a check in syscall_storage_obj_create() to see that the attributes
object is initialized.

Reviewed-by: Jerom

core: syscall_storage_obj_create(): check that the attributes object is initialized

Adds a check in syscall_storage_obj_create() to see that the attributes
object is initialized.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix offset calculation in param_mem_to_user_va()

In param_mem_to_user_va() the offset of a memory parameter is used to
check if a particular struct vm_region will cover that parameter.
struct

core: fix offset calculation in param_mem_to_user_va()

In param_mem_to_user_va() the offset of a memory parameter is used to
check if a particular struct vm_region will cover that parameter.
struct vm_region always uses offsets from the beginning of the first
physical page while a memory parameter contains only the offset from the
beginning of a MOBJ. Consequently the two offset cannot be compared
directly.

Until this patch the two offset where compared directly so fix it by
adding the phys_offs of the MOBJ to the offset of the memory parameter.

Note that this doesn't change the computed virtual address, it only
fails to find a matching struct vm_region under certain circumstances.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Fix the entry on the match table for TPM support.

TF-A Measured Boot driver expects a tpm_event_log node on the
DTB with the compatible field set to "arm,tpm_event_log", so
fix the match table

core: Fix the entry on the match table for TPM support.

TF-A Measured Boot driver expects a tpm_event_log node on the
DTB with the compatible field set to "arm,tpm_event_log", so
fix the match table entry for the TPM support to match the one
used by TF-A.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: mmu: arm64: fix get_va_width()

Fixes get_va_width() when CFG_LPAE_ADDR_SPACE_SIZE != (1ull << 32).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wik

core: mmu: arm64: fix get_va_width()

Fixes get_va_width() when CFG_LPAE_ADDR_SPACE_SIZE != (1ull << 32).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: rpc i2c: fix, REE processed bytes

Fix number of bytes processed by the REE that is returned in p[3] as
defined in the API, not in p[2].

Fixes: 30c53a724263 ("core: arm: rpc i2c trampolin

core: arm: rpc i2c: fix, REE processed bytes

Fix number of bytes processed by the REE that is returned in p[3] as
defined in the API, not in p[2].

Fixes: 30c53a724263 ("core: arm: rpc i2c trampoline driver")
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: add user parameter thread_rpc_shm_cache_alloc()

Adds a user parameter to thread_rpc_shm_cache_alloc() to make sure that
different callers of thread_rpc_shm_cache_alloc() doesn't interfere with

core: add user parameter thread_rpc_shm_cache_alloc()

Adds a user parameter to thread_rpc_shm_cache_alloc() to make sure that
different callers of thread_rpc_shm_cache_alloc() doesn't interfere with
each other. The FS allocation could perhaps be intertwined with I2C
allocations if crypto operations are done over I2C.

Fixes: 9bee8f2a5af7 ("core: add generic rpc shared memory buffer caching")
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

virt: clear current thread id during initialization

When OP-TEE is built with CFG_VIRTUALIZATION=y, it does not call
`thread_clr_boot_thread()` during boot because the threads are
allocated in "tee"

virt: clear current thread id during initialization

When OP-TEE is built with CFG_VIRTUALIZATION=y, it does not call
`thread_clr_boot_thread()` during boot because the threads are
allocated in "tee" memory area, which is not available when there is
no virtual guests.

So, in this case local core state is left in erroneous state, which
causes assertion violation in thread_alloc_and_run(), when guests
calls OP-TEE for the first time from boot core.

Fixes: b166fabf3e8c ("core: initialize thread_core_local::curr_thread to -1")
Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: add stack overflow detection

This commit introduces CFG_CORE_DEBUG_CHECK_STACKS to check the stack
limits using compiler instrumentation (-finstrument-functions). When
enabled, the C compiler

core: add stack overflow detection

This commit introduces CFG_CORE_DEBUG_CHECK_STACKS to check the stack
limits using compiler instrumentation (-finstrument-functions). When
enabled, the C compiler will insert entry and exit hooks in all
functions in the TEE core. On entry, the stack pointer is checked and
if an overflow is detected, panic() is called.

How is this helpful since we have stack canaries already?
1. When a dead canary is found, the call stack will give no indication
of the root cause of the corruption which may have happened quite some
time before. Running the test case again with a debugger attached and a
watchpoint on the canary is not always an option.
2. The system may corrupt the stack and hang in an exception handler
before the first canary check, for instance, during boot when the
temporary stack is used. This code will likely catch such issues, too.

The downside is increased stack usage and a significant runtime overhead
which is why this feature should be enabled only for troubleshooting.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, QEMUv8)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: simplify setting of THREAD_CLF_TMP

Simplifies the manipulation of THREAD_CLF_TMP in the per-core
structure thread_core_local:

- thread_clr_thread_core_local() sets the flag for all cores so t

core: simplify setting of THREAD_CLF_TMP

Simplifies the manipulation of THREAD_CLF_TMP in the per-core
structure thread_core_local:

- thread_clr_thread_core_local() sets the flag for all cores so that
init_secondary_helper() doesn't have to. It is renamed to
thread_init_thread_core_local().
- The flag remains set upon return to normal world, ready for the next
entry into secure world.
- The foreign_intr_handler macro sets the flag since it uses the
temporary stack.
- thread_core_local_set_tmp_stack_flag() is now unused and can be
removed.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: add __noprof attribute to register accessors

Allowing instrumentation of register accessor functions does not really
make sense, since they are normally inlined by the compiler. On the
contrar

core: add __noprof attribute to register accessors

Allowing instrumentation of register accessor functions does not really
make sense, since they are normally inlined by the compiler. On the
contrary, allowing the compiler to instrument these functions (if for
some reason they are not inlined) can cause serious problems such as
infinite recursion (in case the instrumentation ends up calling a
register accessor again) or unexpected results (if the accessor is used
by early code before the instrumentation is initialized).

Note that the accessors used by user space already have __noprof (see
lib/libutee/include/arm64_user_sysreg.h and scripts/arm32_sysreg.py).

For these reasons, add __noprof to core/arch/arm/include/arm{32,64}.h.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: always increase mappings for pta memrefs

In copy_in_param() always call mobj_inc_map() before mobj_get_va() to
guarantee that the memref is mapped for the duration of the call into
the PTA.

R

core: always increase mappings for pta memrefs

In copy_in_param() always call mobj_inc_map() before mobj_get_va() to
guarantee that the memref is mapped for the duration of the call into
the PTA.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mobj: add {inc,dec}_map() to struct mobj_ops

Adds inc_map() and dec_map() to struct mobj_ops. The old mobj_inc_map()
and mobj_dec_map() implementations in mobj_dyn_shm.c and mobj_ffa.c are
are

core: mobj: add {inc,dec}_map() to struct mobj_ops

Adds inc_map() and dec_map() to struct mobj_ops. The old mobj_inc_map()
and mobj_dec_map() implementations in mobj_dyn_shm.c and mobj_ffa.c are
are replaced with function pointers in mobj_reg_shm_ops and
mobj_ffa_ops. Inline versions of mobj_inc_map() and mobj_dec_map() are
added to call the correct function via struct mobj_ops instead. If
struct mobj_ops for a particular mobj doesn't have and implementation of
inc_map() or dec_map() TEE_SUCCESS is returned instead.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...