storage: SQL FS concurrency

Allow concurrent access by multi-session/multi-instance TA.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@lin

storage: SQL FS concurrency

Allow concurrent access by multi-session/multi-instance TA.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

storage: REE FS concurrency

Allow concurrent access by multi-session/multi-instance TA.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@lin

storage: REE FS concurrency

Allow concurrent access by multi-session/multi-instance TA.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

storage: protect TA directory with a mutex

There is a race condition in the code that creates and deletes trusted
storage. If multiple threads invoke a multi-session TA to create and
delete differen

storage: protect TA directory with a mutex

There is a race condition in the code that creates and deletes trusted
storage. If multiple threads invoke a multi-session TA to create and
delete different files (such as xtest 6016), the following can occur:

Thread 1 (create file1) | Thread 2 (delete file2)
|
| unlink("/TA_dir/file2");
mkdir("/TA_dir"); |
| rmdir("/TA_dir");
create("/TA_dir/file1"); |
=> ENOENT |

Add a mutex to prevent this race condition.

Note: the bug is currently not triggered by xtest 1016 because the test
is run for RPMB FS only, and because directory operations are no-ops in
the RPMB implementation. The fix will be needed when enabling single-TA
concurrency with the REE and SQL backends.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: add no-map property to res mem

Adds a "no-map" property to the optee@xxx node. Before this patch the node
looked like:
optee@78000000 {
reg = <0x78000000 0x800000>;
};
With this patch

core: arm: add no-map property to res mem

Adds a "no-map" property to the optee@xxx node. Before this patch the node
looked like:
optee@78000000 {
reg = <0x78000000 0x800000>;
};
With this patch it becomes:
optee@78000000 {
reg = <0x78000000 0x800000>;
no-map;
};

This makes it clear to the Linux kernel that it must leave it to the
OP-TEE driver to map the reserved memory.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

hikey: increase heap size from 24 KiB to 32 KiB

The current heap size is not enough to run `xtest` when the newly
added SQLite FS is enabled (CFG_SQL_FS=y). Let's increase it a bit.

Signed-off-by:

hikey: increase heap size from 24 KiB to 32 KiB

The current heap size is not enough to run `xtest` when the newly
added SQLite FS is enabled (CFG_SQL_FS=y). Let's increase it a bit.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

tee_mm_get_pool_stats(): fix reset of max_allocated

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklan

tee_mm_get_pool_stats(): fix reset of max_allocated

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add heap allocation failure statistics

Adds the following statistics to the heap allocator and export then via
the static TA `core/arch/arm/sta/stats.c` (all of them can be reset):

- num_all

core: add heap allocation failure statistics

Adds the following statistics to the heap allocator and export then via
the static TA `core/arch/arm/sta/stats.c` (all of them can be reset):

- num_alloc_fail: number of calls to malloc()/calloc()/realloc() that
returned NULL
- biggest_alloc_fail: the size in bytes of the largest allocation
request that resulted in a failure
- biggest_alloc_fail_used: the number of bytes that were allocated at
that time

Depends on CFG_WITH_STATS=y.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add support for kernel address sanitizer

Adds support for kernel address sanitizer.
Currently only for plat-vexpress-qemu_virt.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tes

core: add support for kernel address sanitizer

Adds support for kernel address sanitizer.
Currently only for plat-vexpress-qemu_virt.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU v7)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add .early_bss section

Adds .early_bss to be used for variables that would normally land in
.bss, but must not since they are updated before .bss is cleared. This
section replaces earlier work

core: add .early_bss section

Adds .early_bss to be used for variables that would normally land in
.bss, but must not since they are updated before .bss is cleared. This
section replaces earlier workarounds using __data for such variables.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: rename _end symbol to __end

Renames the _end symbol to __end for consistency with other linker
symbols.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wi

core: arm: rename _end symbol to __end

Renames the _end symbol to __end for consistency with other linker
symbols.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ltc: sync from official develop branch

All source files under src directory and header files under include
directory have been synced, but have not added all macros newly added
in official develop b

ltc: sync from official develop branch

All source files under src directory and header files under include
directory have been synced, but have not added all macros newly added
in official develop branch and the last synced SHA1 in official
develop branch is 6ad52252688bb34f90b5e79da4830a927e87b81f

Signed-off-by: Matt Ma <matt.ma@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Reviewed-by: David Brown <david.brown@linaro.org>

show more ...

trace.h: add macros to unwind and print the call stack (kernel only)

Adds [EIDF]PRINT_STACK() for debugging purposes. Depends on
CFG_CORE_UNWIND=y.
As a side-effect, also adds a few things that may

trace.h: add macros to unwind and print the call stack (kernel only)

Adds [EIDF]PRINT_STACK() for debugging purposes. Depends on
CFG_CORE_UNWIND=y.
As a side-effect, also adds a few things that may be useful on their
own: __always_inline, read_pc(), read_fp(), read_lr().

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: SMC handler: initialize frame pointer to 0

init_regs() should set the frame pointer (x29) to zero to indicate the
end of the frame record chain, as required by the Aarch64 AAPCS.
Withou

core: arm64: SMC handler: initialize frame pointer to 0

init_regs() should set the frame pointer (x29) to zero to indicate the
end of the frame record chain, as required by the Aarch64 AAPCS.
Without this, there is no guarantee that unwind_stack() will terminate.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

storage: sqlfs: save memory when sql_fs_ftruncate() extends a file

There is no need to actually allocate a buffer filled with zeroes in
sql_fs_ftruncate(). Instead, update write_block_partial() so t

storage: sqlfs: save memory when sql_fs_ftruncate() extends a file

There is no need to actually allocate a buffer filled with zeroes in
sql_fs_ftruncate(). Instead, update write_block_partial() so that a
NULL data pointer means all null bytes. This eliminates a large (4K)
temporary allocation.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

rpmb: move rpmb_mutex to fs layer

In rpmb_fs_write(), if other session write RPMB between read_fat() and
tee_rpmb_write(), it may write to the same address. So move rpmb_mutex
to fs layer for concur

rpmb: move rpmb_mutex to fs layer

In rpmb_fs_write(), if other session write RPMB between read_fat() and
tee_rpmb_write(), it may write to the same address. So move rpmb_mutex
to fs layer for concurrency scenarios.

Signed-off-by: Lijianhui (Airbak) <airbak.li@hisilicon.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add memory type MEM_AREA_RAM_SEC, MEM_AREA_RAM_NSEC

replace memory type MEM_AREA_KEYVAULT with MEM_AREA_RAM_SEC
MEM_AREA_RAM_SEC: for cached, secure memory
MEM_AREA_RAM_NSEC: for cached, nonse

core: add memory type MEM_AREA_RAM_SEC, MEM_AREA_RAM_NSEC

replace memory type MEM_AREA_KEYVAULT with MEM_AREA_RAM_SEC
MEM_AREA_RAM_SEC: for cached, secure memory
MEM_AREA_RAM_NSEC: for cached, nonsecure memory

Signed-off-by: Pengguang Zhu <zpghao@163.com>
Reviewed-by: etienne carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

rsa_verify_hash: fix possible bleichenbacher signature attack

Fixes CVE-2016-6129

cherry-picked from:
https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09

Acked-by

rsa_verify_hash: fix possible bleichenbacher signature attack

Fixes CVE-2016-6129

cherry-picked from:
https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Add RCAR H3 platform support

Added support for Renesas RCAR devices. Initially RCAR H3 is supported.

Signed-off-by: Volodymyr Babchuk <volodymyr.babchuk@globallogic.com>
Reviewed-by: Jens Wiklander

Add RCAR H3 platform support

Added support for Renesas RCAR devices. Initially RCAR H3 is supported.

Signed-off-by: Volodymyr Babchuk <volodymyr.babchuk@globallogic.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: add SCIF driver

SCIF stands for "Serial Communication Interface with FIFO".
It is an UART device used on different Renesas SoCs.

Signed-off-by: Volodymyr Babchuk <volodymyr.babchuk@globall

drivers: add SCIF driver

SCIF stands for "Serial Communication Interface with FIFO".
It is an UART device used on different Renesas SoCs.

Signed-off-by: Volodymyr Babchuk <volodymyr.babchuk@globallogic.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libfdt: undef sanitizer fix fdt_setprop()

Fixes undefined sanitizer problem in fdt_setprop().

The compiler (gcc 5.3) issues some runtime checks with
-fsanitize=undefined which is triggered if for i

libfdt: undef sanitizer fix fdt_setprop()

Fixes undefined sanitizer problem in fdt_setprop().

The compiler (gcc 5.3) issues some runtime checks with
-fsanitize=undefined which is triggered if for instance any of the
pointers supplied to memcpy() is NULL as val can be in fdt_setprop() if
there's no value.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMUv7)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Fix invalid default value of $(PLATFORM_FLAVOR)

Fixes the following error:

$ make -s PLATFORM=stm
core/arch/arm/plat-stm/system_config.mk:20:
*** PLATFORM_FLAVOR=qemu_virt is not supporte

Fix invalid default value of $(PLATFORM_FLAVOR)

Fixes the following error:

$ make -s PLATFORM=stm
core/arch/arm/plat-stm/system_config.mk:20:
*** PLATFORM_FLAVOR=qemu_virt is not supported. Stop.

(one would expect PLATFORM_FLAVOR to default to 'orly2').
This patch does the following:

- Do not set "PLATFORM_FLAVOR ?= qemu_virt" in the main Makefile. The
default value for PLATFORM_FLAVOR has to be defined by each platform in
plat-*/conf.mk.
- Consistent with the above, "PLATFORM_FLAVOR_$(PLATFORM_FLAVOR) := y"
is moved to core/core.mk, after $(platform-dir)/conf.mk has been
included, i.e., where $(PLATFORM_FLAVOR) can be relied upon.
- All definitions of "PLATFORM_FLAVOR_$(PLATFORM_FLAVOR) := y"
are removed from platform files, since it is already taken care of in
core/core.mk.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Fix static TA memory leak

The static TA context allocated in tee_ta_init_static_ta_session() is
never freed. Do it in static_ta_destroy().

Test case:
while [ true ]; do \
xtest 1001 >/dev/nul

Fix static TA memory leak

The static TA context allocated in tee_ta_init_static_ta_session() is
never freed. Do it in static_ta_destroy().

Test case:
while [ true ]; do \
xtest 1001 >/dev/null 2>&1 || break; \
i=$(($i+1)); \
if [ $(($i % 10)) -eq 0 ]; then echo $i; fi; \
done

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: JunLin Quan <junlin.quan@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

[Review] Oops, stc might still be used after free

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm64: fix masking exceptions on normal exit

Before this patch debug and asynchronous abort wasn't masked
when doing a normal return from call. This patch fixes that.

Reviewed-by: Etienne Car

core: arm64: fix masking exceptions on normal exit

Before this patch debug and asynchronous abort wasn't masked
when doing a normal return from call. This patch fixes that.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMUv8)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: init FS key manager late

Switches to service_init_late() to initialize FS key manager as it
depends on the tee_cryp_init service init call.

Reviewed-by: Jerome Forissier <jerome.forissier@lin

core: init FS key manager late

Switches to service_init_late() to initialize FS key manager as it
depends on the tee_cryp_init service init call.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add late service_init and driver_init

Adds service_init_late() for init calls that depends on other services.
Adds driver_init_late() for init calls that depends on other drivers.

Reviewed-by

core: add late service_init and driver_init

Adds service_init_late() for init calls that depends on other services.
Adds driver_init_late() for init calls that depends on other drivers.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...