ldelf: check string table ranges

Checks that the string table is in the range of the ELF and also checks
that offsets into the string table are indeed inside the string table.
This fixes an error wh

ldelf: check string table ranges

Checks that the string table is in the range of the ELF and also checks
that offsets into the string table are indeed inside the string table.
This fixes an error where a malformed ELF may cause the loader to read
data from other ELF or from the loader itself.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: fix possible integer overflow in init_elf()

The size of the program headers is calculated as:
e_phoff + e_phnum * e_phentsize
This can overflow for large values leading to the 4k size check t

ldelf: fix possible integer overflow in init_elf()

The size of the program headers is calculated as:
e_phoff + e_phnum * e_phentsize
This can overflow for large values leading to the 4k size check to fail.
Fix this by using MUL_OVERFLOW() and ADD_OVERFLOW() instead.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check dynsymtab and dynstr ranges

Checks the ranges of dynsymtab and dynstr. Also checks that the dynstr
index in section headers isn't out of range. This fixes an error where a
malformed ELF

ldelf: check dynsymtab and dynstr ranges

Checks the ranges of dynsymtab and dynstr. Also checks that the dynstr
index in section headers isn't out of range. This fixes an error where a
malformed ELF may cause the loader to read data from other ELF or from
the loader itself.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check against section headers size overflow

Adds a check in copy_section_headers() to guard against overflow in
the e_shnum * e_shentsize multiplication.

Reviewed-by: Etienne Carriere <etien

ldelf: check against section headers size overflow

Adds a check in copy_section_headers() to guard against overflow in
the e_shnum * e_shentsize multiplication.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check that hashtab is in range before use

Adds checks that the hashtab found via the dynamic section is in range
of the loaded ELF before they are used. This fixes an error where a
malformed

ldelf: check that hashtab is in range before use

Adds checks that the hashtab found via the dynamic section is in range
of the loaded ELF before they are used. This fixes an error where a
malformed ELF may cause the loader to read data from other ELF or from
the loader itself.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check that PT_DYNAMIC is in range before use

Adds checks that the ELF program header PT_DYNAMIC is in range of the
loaded ELF before they are used. This fixes an error where a malformed
ELF m

ldelf: check that PT_DYNAMIC is in range before use

Adds checks that the ELF program header PT_DYNAMIC is in range of the
loaded ELF before they are used. This fixes an error where a malformed
ELF may cause the loader to read data from other ELF or from the loader
itself.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf, ta: add support for DT_INIT_ARRAY and DT_FINI_ARRAY

Adds support for running initialization and finalization functions in
TA ELF files. Such functions are used, for instance, by C++ compilers

ldelf, ta: add support for DT_INIT_ARRAY and DT_FINI_ARRAY

Adds support for running initialization and finalization functions in
TA ELF files. Such functions are used, for instance, by C++ compilers
to construct and destruct global objects. They can also be used in C
thanks to __attribute__((constructor)) and __attribute__((destructor)).

A global structure is added to libutee. ldelf is responsible for
filling it with the addresses of the functions pointer arrays present
in the ELF files whenever such a file is loaded. Since the number of
arrays is unknown at compile time (it depends on how many ELF files are
loaded, and whether they have constructors or destructors), memory is
allocated on the TA heap.

Two helper functions are introduced: __utee_call_elf_init_fn() and
__utee_call_elf_fini_fn(). They are used when the TA instance is
created and torn down, as well as by dlopen().

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, QEMUv8, HiKey960 32/64)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core, ldelf: add support for runtime loading of shared libraries

This commit prepares the introduction of libdl, a dynamic linking
library which will allow TAs to load shared libraries at run time,

core, ldelf: add support for runtime loading of shared libraries

This commit prepares the introduction of libdl, a dynamic linking
library which will allow TAs to load shared libraries at run time,
and resolve symbols on demand. It adds the following function to the
system PTA, inspired from the POSIX dlopen() and dlsym():

- system_dlopen(): takes a UUID and flags. Performs an upcall into
ldelf which then uses the usual system PTA functions to load an map the
requested library into the address space of the calling TA.
- system_dlsym(): takes a UUID and a symbol name. The symbol is
looked up in the library specified by UUID by calling into ldelf. If
UUID is all zeros, all the mapped binaries are searched.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutee: add tee_uuid_from_str()

Moves internal function parse_uuid() from ldelf/ta_elf.c to libutee so
that it may be used by TAs or other user-space libraries such as the
upcoming libdl. The funct

libutee: add tee_uuid_from_str()

Moves internal function parse_uuid() from ldelf/ta_elf.c to libutee so
that it may be used by TAs or other user-space libraries such as the
upcoming libdl. The function is renamed to tee_uuid_from_str() and
declared in tee_internal_api_extensions.h.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ldelf: accurate non-legacy TA check

Prior to this patch ldelf relied on e_entry in the ELF header to point
anywhere but at the lowest possible executable address to tell that it's
not a legacy TA. T

ldelf: accurate non-legacy TA check

Prior to this patch ldelf relied on e_entry in the ELF header to point
anywhere but at the lowest possible executable address to tell that it's
not a legacy TA. This isn't enough since all TAs can use this entry
address depending on compiler and linker. The only reliable indicator
that the TA is not a legacy TA is that the depr_entry field of the TA
header is UINT64_MAX. Unfortunately this means assuming that the ELF is
not a legacy TA at load time and that the process needs to be restarted
in case it turns out that it was a legacy TA.

With this patch we have reliable detection of non-legacy TAs, but with
increased load time for legacy TAs since the main ELF needs to be loaded
and verified twice due to the TA store interface.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: support TA ftrace

Adds support in ldelf to dump ftrace data.

Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wikl

ldelf: support TA ftrace

Adds support in ldelf to dump ftrace data.

Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: use DT_HASH to lookup symbols faster

Use the ELF hash table to lookup symbols rather than iterating over the
whole symbol table.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

ldelf: use DT_HASH to lookup symbols faster

Use the ELF hash table to lookup symbols rather than iterating over the
whole symbol table.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: support TA ASLR

Adds support in ldelf to load TAs using address space randomization if
CFG_TA_ASLR=y. Works as before with the kernel mode ELF loader with
two exceptions:
- It falls back to d

ldelf: support TA ASLR

Adds support in ldelf to load TAs using address space randomization if
CFG_TA_ASLR=y. Works as before with the kernel mode ELF loader with
two exceptions:
- It falls back to disable ASLR for a particular ELF if it fails to map
using ASLR.
- Each ELF is loaded with a randomized number of free pages in front.
These free pages can be reused when loading other ELF permitting
some ELF to become reordered in memory.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: remap first page of libraries

Remaps first page of libraries to a suitable location once the amount of
required virtual memory is known.

Reviewed-by: Jerome Forissier <jerome.forissier@linar

ldelf: remap first page of libraries

Remaps first page of libraries to a suitable location once the amount of
required virtual memory is known.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: support dumping TA call stack

Adds support in ldelf to dump the call stack of the TA.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@l

ldelf: support dumping TA call stack

Adds support in ldelf to dump the call stack of the TA.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: support dumping memory map

Adds support in ldelf to dump memory maps.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

Add user mode ELF loader

Adds ldelf which loads user mode TAs while in user mode. The TA ELF file is
loaded and relocated by ldelf before the TA can be executed.

Reviewed-by: Jerome Forissier <jero

Add user mode ELF loader

Adds ldelf which loads user mode TAs while in user mode. The TA ELF file is
loaded and relocated by ldelf before the TA can be executed.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...