Define register_sdp_mem() only when CFG_SECURE_DATA_PATH is defined

Suggested-by: Jerome Forissier <jerome.forissier@linaro.org>
Suggested-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-o

Define register_sdp_mem() only when CFG_SECURE_DATA_PATH is defined

Suggested-by: Jerome Forissier <jerome.forissier@linaro.org>
Suggested-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm32: sm_a32.S: fix assembly errors

Fixes assembly error:
AS out/arm/core/arch/arm/sm/sm_a32.o
core/arch/arm/sm/sm_a32.S: Assembler messages:
core/arch/arm/sm/sm_a32.S:354: Error: invalid con

core: arm32: sm_a32.S: fix assembly errors

Fixes assembly error:
AS out/arm/core/arch/arm/sm/sm_a32.o
core/arch/arm/sm/sm_a32.S: Assembler messages:
core/arch/arm/sm/sm_a32.S:354: Error: invalid constant (c08) after fixup
core/arch/arm/sm/sm_a32.S:356: Error: invalid constant (c09) after fixup
core/arch/arm/sm/sm_a32.S:358: Error: invalid constant (c0e) after fixup
core/arch/arm/sm/sm_a32.S:363: Error: invalid constant (c0f) after fixup
mk/compile.mk:146: recipe for target 'out/arm/core/arch/arm/sm/sm_a32.o' failed

Fixes: 2ac6322d1ab1 ("core: arm32: sm: runtime selection of spectre workaround")
Tested-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> (QEMU v7)
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64.S: spectre workaround

If build with CFG_CORE_WORKAROUND_SPECTRE_BP_SEC=y invalidate branch
predictor on all secure world exceptions originating in secure EL0
(secure user space).

Fixes

core: arm64.S: spectre workaround

If build with CFG_CORE_WORKAROUND_SPECTRE_BP_SEC=y invalidate branch
predictor on all secure world exceptions originating in secure EL0
(secure user space).

Fixes CVE-2017-5715

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: thread: update vector relative to vbar

With CFG_CORE_UNMAP_CORE_AT_EL0=y the exception vector is updated to use
the minimal kernel mapping during user space execution. With this patch
v

core: arm64: thread: update vector relative to vbar

With CFG_CORE_UNMAP_CORE_AT_EL0=y the exception vector is updated to use
the minimal kernel mapping during user space execution. With this patch
vbar is updated relative to previous value in vbar to allow different
exception vectors for different cpu types.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: pad vector with illegal instruction

Pads exception vector with an illegal instruction to improve robustness.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by:

core: arm64: pad vector with illegal instruction

Pads exception vector with an illegal instruction to improve robustness.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: thread_a64.S: cleanup vector entries

Renames the labels in the exception vector to use consistent lower case
names.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by:

core: thread_a64.S: cleanup vector entries

Renames the labels in the exception vector to use consistent lower case
names.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm.h: move midr definitions

Moves MIDR definitions from arm32.h to arm.h

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: arm32: thread: invalidate branch predictor

If build with CFG_CORE_WORKAROUND_SPECTRE_BP_SEC=y invalidate branch
predictor on all secure world exceptions.

Fixes CVE-2017-5715

Tested-by: Jerom

core: arm32: thread: invalidate branch predictor

If build with CFG_CORE_WORKAROUND_SPECTRE_BP_SEC=y invalidate branch
predictor on all secure world exceptions.

Fixes CVE-2017-5715

Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: thread: update vector relative to vbar

With CFG_CORE_UNMAP_CORE_AT_EL0=y the exception vector is updated to use
the minimal kernel mapping during user space execution. With this patch
v

core: arm32: thread: update vector relative to vbar

With CFG_CORE_UNMAP_CORE_AT_EL0=y the exception vector is updated to use
the minimal kernel mapping during user space execution. With this patch
vbar is updated relative to previous value in vbar to allow different
exception vectors for different cpu types.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: sm: runtime selection of spectre workaround

Adds runtime selection of spectre workaround. Special treatment for
Cortex A-15 CPUs on which BPIALL isn't effective and requires a ICIALLU
i

core: arm32: sm: runtime selection of spectre workaround

Adds runtime selection of spectre workaround. Special treatment for
Cortex A-15 CPUs on which BPIALL isn't effective and requires a ICIALLU
instead.

Fixes CVE-2017-5715

Fixes: 3bc90f3d3ecd ("core: arm32: sm: invalidate branch predictor")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm32: enable ACTLR_CA15_ENABLE_INVALIDATE_BTB

Enables ACTLR_CA15_ENABLE_INVALIDATE_BTB (ACTLR[0]) in generic boot if
compiled with CFG_CORE_WORKAROUND_SPECTRE_BP or
CFG_CORE_WORKAROUND_SPECTRE_BP_S

arm32: enable ACTLR_CA15_ENABLE_INVALIDATE_BTB

Enables ACTLR_CA15_ENABLE_INVALIDATE_BTB (ACTLR[0]) in generic boot if
compiled with CFG_CORE_WORKAROUND_SPECTRE_BP or
CFG_CORE_WORKAROUND_SPECTRE_BP_SEC and the cpu is discovered to be
Cortex-A15.

Fixes CVE-2017-5715

Acked-by: Andrew Davis <andrew.davis@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-sunxi: ACTLR_CA15_ENABLE_INVALIDATE_BTB

Enables ACTLR_CA15_ENABLE_INVALIDATE_BTB (ACTLR[0]) if compiled with
CFG_CORE_WORKAROUND_SPECTRE_BP or CFG_CORE_WORKAROUND_SPECTRE_BP_SEC.

Fixes CVE-201

plat-sunxi: ACTLR_CA15_ENABLE_INVALIDATE_BTB

Enables ACTLR_CA15_ENABLE_INVALIDATE_BTB (ACTLR[0]) if compiled with
CFG_CORE_WORKAROUND_SPECTRE_BP or CFG_CORE_WORKAROUND_SPECTRE_BP_SEC.

Fixes CVE-2017-5715

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32.h: ACTLR_CA15_ENABLE_INVALIDATE_BTB

Adds Cortex-A15 only define ACTLR_CA15_ENABLE_INVALIDATE_BTB

Acked-by: Andrew Davis <andrew.davis@linaro.org>
Reviewed-by: Etienne Carriere <etienne.

core: arm32.h: ACTLR_CA15_ENABLE_INVALIDATE_BTB

Adds Cortex-A15 only define ACTLR_CA15_ENABLE_INVALIDATE_BTB

Acked-by: Andrew Davis <andrew.davis@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32.h: remove unused ACTLR_* defines

Removes unused ACTLR_* defines, only keeping ACTLR_SMP.

Acked-by: Andrew Davis <andrew.davis@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere

core: arm32.h: remove unused ACTLR_* defines

Removes unused ACTLR_* defines, only keeping ACTLR_SMP.

Acked-by: Andrew Davis <andrew.davis@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32.h: add MIDR defines

Adds MIDR defines for additional CPUs and also to extract implementer
field.

Acked-by: Andrew Davis <andrew.davis@linaro.org>
Reviewed-by: Jerome Forissier <jerome.f

core: arm32.h: add MIDR defines

Adds MIDR defines for additional CPUs and also to extract implementer
field.

Acked-by: Andrew Davis <andrew.davis@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: assert foreign interrupts are masked in get_core_pos()

This change modifies get_core_pos() so that calling the routine
from C source asserts the foreign interrupts are masked when
the function

core: assert foreign interrupts are masked in get_core_pos()

This change modifies get_core_pos() so that calling the routine
from C source asserts the foreign interrupts are masked when
the function is called, preventing a cpu migration while reading
current core position.

There is no assertion of foreign interrupt masking for such calls to
get_core_pos() from assembly sources.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: thread_mask/unmask_exceptions() instead of read/write_daif

This change does not modify the core behavior, only update
core_mmu_set_user_map() to use generic exception masking routines.

Signed

core: thread_mask/unmask_exceptions() instead of read/write_daif

This change does not modify the core behavior, only update
core_mmu_set_user_map() to use generic exception masking routines.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: lpae: mask exceptions during core_mmu_find_table()

core_mmu_find_table() calls get_core_pos() so it should mask interrupts
to avoid being re-scheduled to another core.

Signed-off-by: Jerome F

core: lpae: mask exceptions during core_mmu_find_table()

core_mmu_find_table() calls get_core_pos() so it should mask interrupts
to avoid being re-scheduled to another core.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: thread: fix exception return

Fixes exception return from FIQ and SVC handlers to not return via
abort mode as we under some circumstances may return to abort mode.

Fixes: 5b8a58b415da ("core:

core: thread: fix exception return

Fixes exception return from FIQ and SVC handlers to not return via
abort mode as we under some circumstances may return to abort mode.

Fixes: 5b8a58b415da ("core: thread: fix exception return")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: thread_a64.S: fix gcc 4.9 compile error

Fixes compile errors
out/arm-plat-hikey/core/arch/arm/kernel/thread_a64.o: In function `el0_sync_abort':
/home/bla/optee_os/core/arch/arm/kernel/thread_

core: thread_a64.S: fix gcc 4.9 compile error

Fixes compile errors
out/arm-plat-hikey/core/arch/arm/kernel/thread_a64.o: In function `el0_sync_abort':
/home/bla/optee_os/core/arch/arm/kernel/thread_a64.S:778:(.text.el0_sync_abort+0xf4): relocation truncated to fit: R_AARCH64_TSTBR14 against `.text.thread_vect_table'
out/arm-plat-hikey/core/arch/arm/kernel/thread_a64.o: In function `elx_fiq':
/home/bla/optee_os/core/arch/arm/kernel/thread_a64.S:949:(.text.elx_fiq+0x9c): relocation truncated to fit: R_AARCH64_TSTBR14 against `.text.thread_vect_table'
make: *** [out/arm-plat-hikey/core/tee.elf] Error 1
experienced with some gcc 4.9 compiler

Fixes: https://github.com/OP-TEE/optee_os/issues/2067
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Victor Chong <victor.chong@linaro.org> (hikey)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm: pl310: fix cache sync

According to PL310 TRM:
Atomic operations:
The following are atomic operations:
Clean Line by PA or by Set/Way
Invalidate Line by PA
Clean and Invalidate Line

arm: pl310: fix cache sync

According to PL310 TRM:
Atomic operations:
The following are atomic operations:
Clean Line by PA or by Set/Way
Invalidate Line by PA
Clean and Invalidate Line by PA or by Set/Way
Cache Sync.
These operations stall the slave ports until they are complete.
When these registers are read, bit [0], the C flag, indicates that
a background operation is in progress. When written, bit 0 must be
zero.

So write 1 to sync register is not correct.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: default enable HWSUPP_PMULT_64 with CRYPTO_WITH_CE

64-bit polynomial multiply is defined in the ARMv8.0 Cryptographic
Extension instructions together with other instructions like AES*

core: crypto: default enable HWSUPP_PMULT_64 with CRYPTO_WITH_CE

64-bit polynomial multiply is defined in the ARMv8.0 Cryptographic
Extension instructions together with other instructions like AES*
and SHA1*. Therefore, it is reasonable to enable CFG_HWSUPP_PMULT_64
when CFG_CRYPTO_WITH_CE is enabled. Platforms can always override this
value if need be.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: rename CFG_HWSUPP_PMULL to CFG_HWSUPP_PMULT_64

CFG_HWSUPP_PMULL is used to determine whether the CPU supports long
polynomial multiplies of 64-bit values, which means:
- for AArch64: P

core: crypto: rename CFG_HWSUPP_PMULL to CFG_HWSUPP_PMULT_64

CFG_HWSUPP_PMULL is used to determine whether the CPU supports long
polynomial multiplies of 64-bit values, which means:
- for AArch64: PMULL and PMULL2 with the 1Q arrangement specifier
- for AArch32: VMULL.P64
Otherwise, 8-bit polynomial multiplication is used instead.

Therefore, CFG_HWSUPP_PMULT_64 is a better name because it does not
seem to imply Aarch64 (no PMULL) and clearly states the 64-bit size.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee_svc_cryp.c: remove final ctx management

Removes the final remains of the crypo ctx management in tee_svc_cryp.c.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by:

core: tee_svc_cryp.c: remove final ctx management

Removes the final remains of the crypo ctx management in tee_svc_cryp.c.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto.h manages authenc context memory

To ease integration with other crypto libraries change the authenc context
interface in crypto.h to manage the memory used for the authenc context.

Rev

core: crypto.h manages authenc context memory

To ease integration with other crypto libraries change the authenc context
interface in crypto.h to manage the memory used for the authenc context.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...