core: asan: pager adoptions

Makes sure that __asan_register_globals is available during init.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wikland

core: asan: pager adoptions

Makes sure that __asan_register_globals is available during init.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: asan adoptions

Tag temporary or allocated memory ranges to allow new accesses.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander

core: pager: asan adoptions

Tag temporary or allocated memory ranges to allow new accesses.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: kern.ld.S: put constructors in init

Makes sure that constructor functions are in the init section to be
available during initialization of OP-TEE.

Acked-by: Etienne Carriere <etienne.car

core: arm: kern.ld.S: put constructors in init

Makes sure that constructor functions are in the init section to be
available during initialization of OP-TEE.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: asan: provide asan_memcpy_unchecked()

Provides asan_memcpy_unchecked() which does a memcpy() that isn't
checked against the tagging in the ASAN shadow area. If ASAN isn't
enabled it's replaced

core: asan: provide asan_memcpy_unchecked()

Provides asan_memcpy_unchecked() which does a memcpy() that isn't
checked against the tagging in the ASAN shadow area. If ASAN isn't
enabled it's replaced by a direct call to memcpy().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core; add MEM_AREA_TEE_ASAN

Adds MEM_AREA_TEE_ASAN which is used when pager is enabled to map the
memory used by the address sanitizer if enabled.

Currently this only works in configurations with t

core; add MEM_AREA_TEE_ASAN

Adds MEM_AREA_TEE_ASAN which is used when pager is enabled to map the
memory used by the address sanitizer if enabled.

Currently this only works in configurations with the pager where
emulated SRAM is used.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: bugfix set_alias_area()

Fixes set_alias_area() to only take the supplied area, prior to this
the final page would have been included too.

Reviewed-by: Etienne Carriere <etienne.carrier

core: pager: bugfix set_alias_area()

Fixes set_alias_area() to only take the supplied area, prior to this
the final page would have been included too.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

tee: fix improper calloc usage

calloc() takes number of entries as first argument, and size of entry
as a second. There was several places, where argument order was
reversed.

Signed-off-by: Volodym

tee: fix improper calloc usage

calloc() takes number of entries as first argument, and size of entry
as a second. There was several places, where argument order was
reversed.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Replace struct prng_ops with function interface

Adds crypto_rng_add_entropy() and crypto_rng_read() replacing
struct prng_ops in crypto_ops.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.o

Replace struct prng_ops with function interface

Adds crypto_rng_add_entropy() and crypto_rng_read() replacing
struct prng_ops in crypto_ops.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: RPMB_FS: remember owner uuid

Prior to this patch was the owning uuid looked up via the current
session. The assumption that the uuid of the context of the current
session is the same as the o

core: RPMB_FS: remember owner uuid

Prior to this patch was the owning uuid looked up via the current
session. The assumption that the uuid of the context of the current
session is the same as the owner of a RPMB file doesn't hold any longer
after:
commit 078f18f82eeb ("core: RPMB FS: provide tee_rpmb_fs_raw_open()")
was introduced.

Instead the pointer to the uuid passed as the owner is stored in the
file handle and used as needed when encrypting/decrypting the file.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/1780
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix access conflict status in rpmb fs that panics TA

According to the GPD TEE Internal Core API specs, when creating
an existing persistent object without the overwrite flag, the OS
should ret

core: fix access conflict status in rpmb fs that panics TA

According to the GPD TEE Internal Core API specs, when creating
an existing persistent object without the overwrite flag, the OS
should return a TEE_ERROR_ACCESS_CONFLICT status.

This change fixes the RPMB FS layer. An effect of this correction
is that before this change, OS panicked TAs that requested such
forbidden object creation, as a TEE_ERROR_BAD_PARAMETERS return
value is considered by the API as an unexpected status.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)

show more ...

core: arm32: reset_secondary() set reset vector

Sets reset vector in reset_secondary() to trap unexpected exceptions.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wik

core: arm32: reset_secondary() set reset vector

Sets reset vector in reset_secondary() to trap unexpected exceptions.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU v7/v8)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: replace _start with reset() function

Renames _start to reset_vect_table and renames reset() to _start() in
order to avoid pulling in too much unpaged code via
reset_secondary()/cpu_on_h

core: arm32: replace _start with reset() function

Renames _start to reset_vect_table and renames reset() to _start() in
order to avoid pulling in too much unpaged code via
reset_secondary()/cpu_on_handler().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Keep assembly functions in separate sections

To get a more fine grained selection of which area (init, paged,
unpaged) an assembly function is assigned do the equivalent of
-ffunction-sections but i

Keep assembly functions in separate sections

To get a more fine grained selection of which area (init, paged,
unpaged) an assembly function is assigned do the equivalent of
-ffunction-sections but in assembly.

Some functions has to be in specific places in the binary for a
successful boot, link script is updated accordingly.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: thread_set_und_sp(): correct end tag

Sets correct end tag for thread_set_und_sp()

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklan

core: arm32: thread_set_und_sp(): correct end tag

Sets correct end tag for thread_set_und_sp()

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: psci: pass nsec ctx to system_suspend

In the commit 732fc43(core: arm: psci: pass nsec ctx to psci), we have
done the job, but we forgot to follow it in the later commit 1d40eb8
(core: ar

core: arm: psci: pass nsec ctx to system_suspend

In the commit 732fc43(core: arm: psci: pass nsec ctx to psci), we have
done the job, but we forgot to follow it in the later commit 1d40eb8
(core: arm: sm: add PSCI system suspend), fix it in this patch.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Zeng Tao <prime.zeng@hisilicon.com>

show more ...

core: fix allocated object on object creation failure in svc storage

Changes syscall_storage_obj_create to give physical object ownership
to the tee object layer only once storage is successfully in

core: fix allocated object on object creation failure in svc storage

Changes syscall_storage_obj_create to give physical object ownership
to the tee object layer only once storage is successfully inited
for that object. Otherwise, if tee_svc_storage_init_file fails,
the storage does not own the physical object and close method
will not release the object.

This change fixes https://github.com/OP-TEE/optee_test/issues/232.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

pta: change DMSG to FMSG for invoke in pta/SDP

When running the default configuration SDP spams a lot:
DEBUG: [0x0] TEE-CORE:invoke_command:338: command entry point
for pseudo t

pta: change DMSG to FMSG for invoke in pta/SDP

When running the default configuration SDP spams a lot:
DEBUG: [0x0] TEE-CORE:invoke_command:338: command entry point
for pseudo ta "invoke_tests.pta"
...

By changing from DMSG to FMSG this will not flood the console anymore.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Fix comment in tee_ree_fs.c

Signed-off-by: Liu Zheng <wellsleeplz@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

entry_std.c: Initialize num_params to fix gcc warning

Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

thread.c: free rpc arg mobj during cache disabling

Mobj, containing memory for RPC arguments was not deleted
when client disabled argument cache. That would lead
to resource leak.

Signed-off-by: Vo

thread.c: free rpc arg mobj during cache disabling

Mobj, containing memory for RPC arguments was not deleted
when client disabled argument cache. That would lead
to resource leak.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

hikey, hikey960: enable dynamic shared memory

Enables dynamic shared memory by registering the non-secure memory
range in plat-hikey/main.c.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro

hikey, hikey960: enable dynamic shared memory

Enables dynamic shared memory by registering the non-secure memory
range in plat-hikey/main.c.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add v2p/p2v tests in embedded tests

Use the invocation test pseudo TA to test virt_to_phys and
phys_to_virt conversions over TA memory reference parameters.

Convert in MEM_AREA_TA_VASPACE mem

core: add v2p/p2v tests in embedded tests

Use the invocation test pseudo TA to test virt_to_phys and
phys_to_virt conversions over TA memory reference parameters.

Convert in MEM_AREA_TA_VASPACE memory when pTA client is a TA.
Otherwise if means pTA client is in the non-secure world and
the memref parameters are mapped straight to TEE core. Try in
the static SHM, SDP memory and in the dynamic SHM.

Several configuration aside pager can make phys_to_virt() failing
to find an existing valid virtual address. When so, do not report
an error to the client.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemus, b2260)

show more ...

core:mmu: privileged land pa2va is not supported in dynamic SHM

Implementation currently does not support finding a mapped virtual
memory address in the dynamic SHM range from a physical address.

T

core:mmu: privileged land pa2va is not supported in dynamic SHM

Implementation currently does not support finding a mapped virtual
memory address in the dynamic SHM range from a physical address.

This change prevents phys_to_virt() from producing a faulty
virtual address when dealing with dynamic SHM virtual address range.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core:debug: add verbosity when pa/va do not match

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

core:mmu: fix userland pa2va conversion

When dealing with a memory object that are physically granulated,
looking for a matching physical page requires to test each granule
of the memory object.

Si

core:mmu: fix userland pa2va conversion

When dealing with a memory object that are physically granulated,
looking for a matching physical page requires to test each granule
of the memory object.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...