core: rename mattr_uflags_to_str()

Renames mattr_uflags_to_str() to mattr_perm_to_str() and report all
permission bits using a 7 bytes long string instead.

This allows observing the permissions of

core: rename mattr_uflags_to_str()

Renames mattr_uflags_to_str() to mattr_perm_to_str() and report all
permission bits using a 7 bytes long string instead.

This allows observing the permissions of the minimal kernel mapping
added to the user space context.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Andrew Davis <andrew.davis@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: make all mapping non-global

Makes all mapping non-global to avoid the otherwise required tlb
invalidation when switching to user mode.

This change makes the fix for CVE-2017-5754 complete.

R

core: make all mapping non-global

Makes all mapping non-global to avoid the otherwise required tlb
invalidation when switching to user mode.

This change makes the fix for CVE-2017-5754 complete.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Andrew Davis <andrew.davis@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: use minimal kernel map in user space

Adds a trampoline in the exception vector to switch to a minimal kernel
map when in user mode. When returning to kernel mode the full kernel
mode map is re

core: use minimal kernel map in user space

Adds a trampoline in the exception vector to switch to a minimal kernel
map when in user mode. When returning to kernel mode the full kernel
mode map is restored.

Arm32 tries to mimic the arm64 exception model somewhat by letting each
exception handler run with disabled asynchronous aborts, irq and fiq.

Form arm32 accesses to the cpus thread_core_local is only done via the
stack pointer in abort mode. Entry of user mode is only done via abort
mode, that means that the abort mode spsr register carries the new cpsr.
Care is taken to have all exceptions disabled while using abort mode.

ASIDs are paired with a user mode ASID with lowest bit sset and a
kernel mode ASID with the lowest bit cleared.

ASID 0 is reserved for kernel mode use when there's no user mode mapping
active.

With this change an active used mode mapping while in kernel mode uses
(asid | 0), and while in user mode (asid | 1). The switch is done via
the trampoline in the vector.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Andrew Davis <andrew.davis@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: thread_a32.S: move intr handler macros

Moves the interrupt handler macros closer to the vector.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jero

core: thread_a32.S: move intr handler macros

Moves the interrupt handler macros closer to the vector.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Andrew Davis <andrew.davis@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: exception handlers in one section

Moves all exception handlers into the section of the vector,
.text.thread_vect_table. This makes it possible to later map just the
exception vector and

core: arm32: exception handlers in one section

Moves all exception handlers into the section of the vector,
.text.thread_vect_table. This makes it possible to later map just the
exception vector and the closest associated code while in user mode.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Andrew Davis <andrew.davis@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: user mode translation table

Adds a second translation table to be used while in user mode containing
user mode mapping and a minimal kernel mapping.

Reviewed-by: Etienne Carriere <etienne.car

core: user mode translation table

Adds a second translation table to be used while in user mode containing
user mode mapping and a minimal kernel mapping.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Andrew Davis <andrew.davis@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: add kernel mapping to user map

Adds a minimal kernel mapping needed when user mapping is active.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Andrew Davis <andrew

core: mm: add kernel mapping to user map

Adds a minimal kernel mapping needed when user mapping is active.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Andrew Davis <andrew.davis@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: thread: add thread_get_user_kcode()

Adds thread_get_user_kcode() to report required kernel mapping
(exception vector and some associated code in the same section as the
vector) inside a user m

core: thread: add thread_get_user_kcode()

Adds thread_get_user_kcode() to report required kernel mapping
(exception vector and some associated code in the same section as the
vector) inside a user mapping.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Andrew Davis <andrew.davis@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add mobj_tee_ram

Adds mobj_tee_ram to describe TEE RAM mapping inside a user mapping.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissi

core: add mobj_tee_ram

Adds mobj_tee_ram to describe TEE RAM mapping inside a user mapping.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Andrew Davis <andrew.davis@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tlbi_asid() handle kernel mode ASID too

When invalidating an ASID (lowest bit 0), clear the paired ASID (lowest
bit 1)too.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed

core: tlbi_asid() handle kernel mode ASID too

When invalidating an ASID (lowest bit 0), clear the paired ASID (lowest
bit 1)too.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Andrew Davis <andrew.davis@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: refactor ASID management

Refactors Address Space Identifier management. The field in struct
user_ta_ctx is moved into struct tee_mmu_info and renamed to asid.

Allocation refactored internally

core: refactor ASID management

Refactors Address Space Identifier management. The field in struct
user_ta_ctx is moved into struct tee_mmu_info and renamed to asid.

Allocation refactored internally with asid_alloc() and asid_free()
functions, based on bitstring.h macros.

ASIDs starts at 2, and is always an even number.

ASIDs with the lowest bit set is reserved for as the second ASID when
using ASIDs in pairs.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Andrew Davis <andrew.davis@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: make core_mmu.h asm friendly

Makes core_mmu.h assembly friendly by excluding C code with #ifndef ASM

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier

core: make core_mmu.h asm friendly

Makes core_mmu.h assembly friendly by excluding C code with #ifndef ASM

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Andrew Davis <andrew.davis@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32_macros.S: add {read,write}_ttbr0_64bit

Adds the macros read_ttbr0_64bit and write_ttbr0_64bit

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <

core: arm32_macros.S: add {read,write}_ttbr0_64bit

Adds the macros read_ttbr0_64bit and write_ttbr0_64bit

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32_macros.S: add {read,write}_tpidrprw

Adds the assembly macros write_tpidrprw and read_tpidrprw to access the
TPIDRPRW register.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org

core: arm32_macros.S: add {read,write}_tpidrprw

Adds the assembly macros write_tpidrprw and read_tpidrprw to access the
TPIDRPRW register.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: sm: invalidate branch predictor

If build with secure monitor and CFG_CORE_WORKAROUND_SPECTRE_BP=y
invalidate branch predictor on non-secure entry.

Fixes CVE-2017-5715

Reviewed-by: Jer

core: arm32: sm: invalidate branch predictor

If build with secure monitor and CFG_CORE_WORKAROUND_SPECTRE_BP=y
invalidate branch predictor on non-secure entry.

Fixes CVE-2017-5715

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix the reopen session condition for single instance TA

when a single instance TA is not muti-session, it 's allowed to open a
new session only if the TA context reference is not zero, no matt

core: fix the reopen session condition for single instance TA

when a single instance TA is not muti-session, it 's allowed to open a
new session only if the TA context reference is not zero, no matter
whether it is keepalive or not.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Zeng Tao <prime.zeng@hisilicon.com>

show more ...

Fix USER_TA_PROP_TYPE_BOOL handling

In 'ta_props' in ta/arch/arm/user_ta_header.c properties tagged as
USER_TA_PROP_TYPE_BOOL are assigned a pointer to a bool, but is in the
rest of the code handled

Fix USER_TA_PROP_TYPE_BOOL handling

In 'ta_props' in ta/arch/arm/user_ta_header.c properties tagged as
USER_TA_PROP_TYPE_BOOL are assigned a pointer to a bool, but is in the
rest of the code handled as if it was a pointer to a uint32_t. This
works as long as a bool is four bytes, with certain compilers the size
of a `bool` is 1 instead leading to errors.

TA properties can be supplied via the define
TA_CURRENT_TA_EXT_PROPERTIES. The pattern used in
ta/arch/arm/user_ta_header.c is likely copied when assigning properties
via TA_CURRENT_TA_EXT_PROPERTIES.

This patch is fixing the assumption that the size of a `bool` is the
same as the size of a `uint32_t` by changing all handling of
USER_TA_PROP_TYPE_BOOL to base it on the type `bool` instead of
`uint32_t`.

Reviewed-by: Jianhui Li <airbak.li@hisilicon.com>
Tested by: Jianhui Li <airbak.li@hisilicon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove the unused file tee_authenc.h

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: thread.h: reorder struct thread_core_local

Reorders elements in struct thread_core_local to make sure that:
uint32_t r[2];
is double word (8) aligned for ARM32 since the strd instruction
somet

core: thread.h: reorder struct thread_core_local

Reorders elements in struct thread_core_local to make sure that:
uint32_t r[2];
is double word (8) aligned for ARM32 since the strd instruction
sometimes is used to write to that element.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: thread_a32.S: remove useless .section

Removes the useless .section .text.thread_asm

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@l

core: thread_a32.S: remove useless .section

Removes the useless .section .text.thread_asm

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: treat size fault as translation fault

AArch64 is very specific regarding different data/prefetch exceptions.
With this patch recognize Address Size faults and treat them as
translation

core: arm64: treat size fault as translation fault

AArch64 is very specific regarding different data/prefetch exceptions.
With this patch recognize Address Size faults and treat them as
translation faults.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pgt: bugfix pop_from_some_list()

Prior to this patch pgt obtained with pop_least_used_from_cache_list()
in pop_from_some_list() wasn't cleared properly. Only entries used for
paging was clear.

core: pgt: bugfix pop_from_some_list()

Prior to this patch pgt obtained with pop_least_used_from_cache_list()
in pop_from_some_list() wasn't cleared properly. Only entries used for
paging was clear. With this patch the entire pgt is cleared to cover
eventual entries not used for paging.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

poplar: Add initial support

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

trace: make output more compact

The new format for traces are:
<type>/<where>:<thread_id> [<func:line>] <message>

<type>:
D = DEBUG
E = ERROR
I = INFO
F = FLOW

<where>:
TA = Trusted Ap

trace: make output more compact

The new format for traces are:
<type>/<where>:<thread_id> [<func:line>] <message>

<type>:
D = DEBUG
E = ERROR
I = INFO
F = FLOW

<where>:
TA = Trusted Application
TC = TEE Core

I.e, it outputs messages like this:
D/TC:00 ta_load:316 ELF load address 0x101000
etc

Thread ID will either take a single or two digits depending on the
number of threads in use.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core/tee/tadb.c: Workaround error: missing braces around initializer

GCC 4.9 generates below false positive:

core/tee/tadb.c:593:15: error: missing braces around initializer [-Werror=missing-braces

core/tee/tadb.c: Workaround error: missing braces around initializer

GCC 4.9 generates below false positive:

core/tee/tadb.c:593:15: error: missing braces around initializer [-Werror=missing-braces]
const struct tadb_entry null_entry = { 0 };
^
core/tee/tadb.c:593:15: error: (near initialization for ‘null_entry.prop’) [-Werror=missing-braces]

Work around it by adding extra braces.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...