core: fix overflow in split_vm_range()

Fixes a possible overflow in split_vm_range() where len is a very large
number.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissie

core: fix overflow in split_vm_range()

Fixes a possible overflow in split_vm_range() where len is a very large
number.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix typo in system_set_prot()

Fixes a typo in system_set_prot() where a "," was used instead of a ";".
This fix should not change the behaviour of the function.

Reviewed-by: Joakim Bech <joak

core: fix typo in system_set_prot()

Fixes a typo in system_set_prot() where a "," was used instead of a ";".
This fix should not change the behaviour of the function.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix overflow in va_range_is_contiguous()

Fixes a possible overflow in va_range_is_contiguous() where len is a
very large number.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by:

core: fix overflow in va_range_is_contiguous()

Fixes a possible overflow in va_range_is_contiguous() where len is a
very large number.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix overflow in binh_copy_to()

Fixes overflows in binh_copy_to() when num_bytes or offs_bytes are very
large numbers.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome For

core: fix overflow in binh_copy_to()

Fixes overflows in binh_copy_to() when num_bytes or offs_bytes are very
large numbers.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix overflow in read_uncompressed()

Fixes overflow in read_uncompressed() where the len parameter is a very
large number.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome

core: fix overflow in read_uncompressed()

Fixes overflow in read_uncompressed() where the len parameter is a very
large number.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix overflow in buf_ta_read()

Fixes overflow in buf_ta_read() where the len parameter is a very
large number.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <

core: fix overflow in buf_ta_read()

Fixes overflow in buf_ta_read() where the len parameter is a very
large number.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix overflow in ree_fs_ta_read()

Fixes overflow in ree_fs_ta_read() where the len parameter is a very
large number.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Foris

core: fix overflow in ree_fs_ta_read()

Fixes overflow in ree_fs_ta_read() where the len parameter is a very
large number.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix potential overflow in system_map_ta_binary()

Fixes potential overflows when calculating required sizes for mapping a
part of a fobj.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Revi

core: fix potential overflow in system_map_ta_binary()

Fixes potential overflows when calculating required sizes for mapping a
part of a fobj.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix handle return in system_open_ta_binary()

Prior to this patch system_open_ta_binary() was not updating the
params[0].value.a out parameter used to carry a handle of the opened
binary. Fix t

core: fix handle return in system_open_ta_binary()

Prior to this patch system_open_ta_binary() was not updating the
params[0].value.a out parameter used to carry a handle of the opened
binary. Fix this by assigning the value to the handle to
params[0].value.a.

Note that if only one binary is opened at a time the handle will be 0
and ldelf will still work even without this fix.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix potential overflow in system_map_zi()

Fixes a potential overflow when calculating required page size for a
fobj allocation. This is fixed by using the new ROUNDUP_DIV() macro
instead of ro

core: fix potential overflow in system_map_zi()

Fixes a potential overflow when calculating required page size for a
fobj allocation. This is fixed by using the new ROUNDUP_DIV() macro
instead of rounding up and the dividing.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: parameter check in system_rng_reseed()

Removes confusing comment in system_rng_reseed(). Removes the max limit
on input buffer size, that's handled inside crypto_rng_add_event(). Also
checks t

core: parameter check in system_rng_reseed()

Removes confusing comment in system_rng_reseed(). Removes the max limit
on input buffer size, that's handled inside crypto_rng_add_event(). Also
checks that the supplied buffer isn't NULL.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: gprof: check that PC sampling is idle before starting

In gprof_start_pc_sampling() check that PC sampling isn't started yet,
or have been stopped before starting again. This avoids memory leak

core: gprof: check that PC sampling is idle before starting

In gprof_start_pc_sampling() check that PC sampling isn't started yet,
or have been stopped before starting again. This avoids memory leakage
by s->sbuf being overwritten with a pointer to a new buffer.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: bnxt: add overflow check in bnxt_copy_crash_dump()

Adds a check that offset + len doesn't overflow when checking that the
resulting size is still less than BNXT_CRASH_LEN.

Reviewed-by: Joa

drivers: bnxt: add overflow check in bnxt_copy_crash_dump()

Adds a check that offset + len doesn't overflow when checking that the
resulting size is still less than BNXT_CRASH_LEN.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add overflow check in SHDR_GET_SIZE()

Adds overflow check in SHDR_GET_SIZE(), 0 which never can be a correct
size is returned in case of overflow.

Reviewed-by: Joakim Bech <joakim.bech@linaro

core: add overflow check in SHDR_GET_SIZE()

Adds overflow check in SHDR_GET_SIZE(), 0 which never can be a correct
size is returned in case of overflow.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove #include <elf_common.h>

Since the introduction of ldelf, the TEE kernel does not do any ELF
processing anymore. Remove the useless ELF includes.

Signed-off-by: Jerome Forissier <jerome

core: remove #include <elf_common.h>

Since the introduction of ldelf, the TEE kernel does not do any ELF
processing anymore. Remove the useless ELF includes.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: add descriptive defines for RSA key formats

Add descriptive defines for RSA private key formats for a better
readability.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-b

drivers: caam: add descriptive defines for RSA key formats

Add descriptive defines for RSA private key formats for a better
readability.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: driver: fix RSA encoded message length computation

Fix the RSA encoded message length computation when verifying the
message.
This fixes inconsistent xtest 4006.20 and 4006.32 fails.

Signed-o

core: driver: fix RSA encoded message length computation

Fix the RSA encoded message length computation when verifying the
message.
This fixes inconsistent xtest 4006.20 and 4006.32 fails.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: fix RSA key format number 3

Fix the RSA private key format number 3.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

core: core_mmu_v7.c: set TTBCR_PD1 in reduced mappings

When using reduced mappings set TTBCR_PD1 in order to disable table
walks using TTBR1 which holds the OP-TEE Core mappings. This saves us
from

core: core_mmu_v7.c: set TTBCR_PD1 in reduced mappings

When using reduced mappings set TTBCR_PD1 in order to disable table
walks using TTBR1 which holds the OP-TEE Core mappings. This saves us
from keeping an empty L1 translation table (16 KiB) with
CFG_CORE_UNMAP_CORE_AT_EL0=y.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: make main l1 translation tables static again

The main level 1 memory translation tables for both short and
longer descriptors are only accessed internally in respective
C file. So make the tab

core: make main l1 translation tables static again

The main level 1 memory translation tables for both short and
longer descriptors are only accessed internally in respective
C file. So make the tables static again.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: fix compilation warning hal_jr.c

Fix compilation warning when CFG_NXP_CAAM=y and CFG_CRYPTO_DRIVER=n

core/drivers/crypto/caam/hal/common/hal_jr.c:19:29: warning:
‘jr_backup’ defined

drivers: caam: fix compilation warning hal_jr.c

Fix compilation warning when CFG_NXP_CAAM=y and CFG_CRYPTO_DRIVER=n

core/drivers/crypto/caam/hal/common/hal_jr.c:19:29: warning:
‘jr_backup’ defined but not used [-Wunused-const-variable=]
static const struct reglist jr_backup[] = {

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: crypto: fix compilation warning hash_oid.c

core/drivers/crypto/crypto_api/oid/hash_oid.c:37:10:
warning: return discards ‘const’ qualifier from pointer target
type [-Wdiscarded-qualifiers]

drivers: crypto: fix compilation warning hash_oid.c

core/drivers/crypto/crypto_api/oid/hash_oid.c:37:10:
warning: return discards ‘const’ qualifier from pointer target
type [-Wdiscarded-qualifiers]
return &drvcrypt_hash_oid[main_alg];

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: crypto: fix missing header hash_oid.c

Fix compilation error when CFG_NXP_CAAM=y

core/drivers/crypto/crypto_api/oid/hash_oid.c:34:22:
error: implicit declaration of function ‘TEE_ALG_GET_MA

drivers: crypto: fix missing header hash_oid.c

Fix compilation error when CFG_NXP_CAAM=y

core/drivers/crypto/crypto_api/oid/hash_oid.c:34:22:
error: implicit declaration of function ‘TEE_ALG_GET_MAIN_ALG’;
did you mean ‘TEE_ALG_HMAC_SM3’?
[-Werror=implicit-function-declaration]
uint32_t main_alg = TEE_ALG_GET_MAIN_ALG(algo);

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: fix suspend/resume issue

Add missing save/restore of the Secure JR configuration (all devices).
On i.MX6Q/D fix the job ring resume to reconfigure the Software JR queues
and re-instan

drivers: caam: fix suspend/resume issue

Add missing save/restore of the Secure JR configuration (all devices).
On i.MX6Q/D fix the job ring resume to reconfigure the Software JR queues
and re-instantiate the RNG if needed.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: init: ASLR offset leak in initcall error message

Initial call error message print out call pointer. This leak
the ASLR offset. Subtract VA start address to hide ASLR offset.

Signed-off-by: Kh

core: init: ASLR offset leak in initcall error message

Initial call error message print out call pointer. This leak
the ASLR offset. Subtract VA start address to hide ASLR offset.

Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: s/Initial call/Initcall/, wrap line, uppercase ASLR in subject]
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...