ldelf: fix crash when hash-style is sysv

This issue afects binaryes using the sysv style hash table
(-WL,hash-style=sysv)

When the "nbuckets" filed in the hash table (.hash) is set to 0, ldelf
will

ldelf: fix crash when hash-style is sysv

This issue afects binaryes using the sysv style hash table
(-WL,hash-style=sysv)

When the "nbuckets" filed in the hash table (.hash) is set to 0, ldelf
will do out-of-bounds indexing and crash with a data abort. Such a hash
table is strange but GCC 13.3.0 seems to produce them in some cases
anyway.

This fix returns an error is nbuckets is 0 before using the value, and
makes an affected S-EL0 SP binary load fine.

Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ldelf: riscv: e64_relocate(): tag sym_idx as __maybe_unused

The sym_idx variable in e64_relocate() is not used in the rv64 build.
Therefore, mark it __maybe_unused to avoid a warning.

Signed-off-by

ldelf: riscv: e64_relocate(): tag sym_idx as __maybe_unused

The sym_idx variable in e64_relocate() is not used in the rv64 build.
Therefore, mark it __maybe_unused to avoid a warning.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check val for NULL dereference

Check if val pointer is different from NULL before assigning value.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.

ldelf: check val for NULL dereference

Check if val pointer is different from NULL before assigning value.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ldelf: support RISC-V

Add 64-bit RISC-V ldelf startup assembly and
parsing 64-bit ELF files.

Signed-off-by: liushiwei <liushiwei@eswincomputing.com>
Tested-by: liushiwei <liushiwei@eswincomputing.c

ldelf: support RISC-V

Add 64-bit RISC-V ldelf startup assembly and
parsing 64-bit ELF files.

Signed-off-by: liushiwei <liushiwei@eswincomputing.com>
Tested-by: liushiwei <liushiwei@eswincomputing.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: add DT_GNU_HASH support

It is possible for an ELF to be compiled with --hash-style=gnu;
some distros even have that as their default. This produces an ELF
with no .hash section, but with a .g

ldelf: add DT_GNU_HASH support

It is possible for an ELF to be compiled with --hash-style=gnu;
some distros even have that as their default. This produces an ELF
with no .hash section, but with a .gnu.hash section in its stead.

GNU-style hash sections have better performance than old SYSV-style ones.
It can be expected that, as time goes on, it becomes the new default.

Use the DT_GNU_HASH table for symbol lookup when present, then fall
back onto DT_HASH.

Co-developed-by: Elvira Khabirova <e.khabirova@omp.ru>
Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ldelf: improve handling of weak undefined symbols

When processing a dynamic relocation for a weak undefined symbol, it is
not an error if the symbol is not found (such a symbol should resolve
to zer

ldelf: improve handling of weak undefined symbols

When processing a dynamic relocation for a weak undefined symbol, it is
not an error if the symbol is not found (such a symbol should resolve
to zero). The current code doesn't make a special case of this; it sets
the value to zero *after* the symbol lookup. That's OK when the binary
uses the legacy dynamic symbol table (DT_HASH format), because undefined
symbols are present in it. However, things will break when we switch to
the newer DT_GNU_HASH format which doesn't include them.

Update the code to prepare the DT_GNU_HASH support.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check presence of sym_tab in e32_relocate()

Adds checks in e32_relocate() that sym_tab is assigned a symbol table
before using it.

This fixes coverity scan:
CID 1501826 (#1 of 3): Explicit n

ldelf: check presence of sym_tab in e32_relocate()

Adds checks in e32_relocate() that sym_tab is assigned a symbol table
before using it.

This fixes coverity scan:
CID 1501826 (#1 of 3): Explicit null dereferenced (FORWARD_NULL)
CID 1501826 (#2 of 3): Explicit null dereferenced (FORWARD_NULL)
CID 1501826 (#3 of 3): Explicit null dereferenced (FORWARD_NULL)

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: arm64: support R_AARCH64_NONE relocations

Add support for relocation type R_AARCH64_NONE indicating no
relocation is needed. No issue have been currently reported
on 64bit machines but the is

ldelf: arm64: support R_AARCH64_NONE relocations

Add support for relocation type R_AARCH64_NONE indicating no
relocation is needed. No issue have been currently reported
on 64bit machines but the issue was found with 32bit TAs that
were built with GCC 9 and were illegitimately refused to be loaded.

Linker that generates the TA executable usually does not add such
relocation type entries in the relocation table as it adds
no real value at run or debug time. This change ensures that if
such entries remain in a TA, it is still loadable.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

ldelf: arm32: support R_ARM_NONE relocations

Fixes an issue when the toolchain used to build a TA creates
R_ARM_NONE entries in the relocation table. Such relocation
type means that no relocation is

ldelf: arm32: support R_ARM_NONE relocations

Fixes an issue when the toolchain used to build a TA creates
R_ARM_NONE entries in the relocation table. Such relocation
type means that no relocation is expected but the relocation
table parser did not handle this type prior this change and TAs
with such entries failed to be loaded with an error message like:

E/LD: e32_relocate:378 Unknown relocation type 0

It appears that GCC 9 (at least GCC-9.2 and GCC-9.3) creates such
entries while prior version of the GCC toolchain did not.

Linker that generates the TA executable usually does not add such
relocation type entries in the relocation table as it adds
no real value at run or debug time. This change ensures that if
such entries remain in a TA, it is still loadable.

Fixes: https://github.com/OP-TEE/optee_os/issues/4064
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (stm32mp1, qemu)
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

ldelf: arm64: support R_AARCH64_TLSDESC relocations

When compiling the __thread test in optee_test (xtest 1029), GCC 8.3
emits R_AARCH64_TLS_TPREL relocations while GCC 6 and 7 generate
R_AARCH64_TL

ldelf: arm64: support R_AARCH64_TLSDESC relocations

When compiling the __thread test in optee_test (xtest 1029), GCC 8.3
emits R_AARCH64_TLS_TPREL relocations while GCC 6 and 7 generate
R_AARCH64_TLSDESC instead. The latter are quite easy to implement once
the former are done so add the required code to ldelf. This also
enables the C++ tests (xtest 1031) to pass with the older compilers.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMUv8, GCC 6.2/7.2)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf, libutee: add minimal Thread Local Storage support

Preparing for C++ support in TAs.

Adds enough runtime Thread Local Storage (TLS) support for the GNU C++
compilers (arm-linux-gnueabihf-g++,

ldelf, libutee: add minimal Thread Local Storage support

Preparing for C++ support in TAs.

Adds enough runtime Thread Local Storage (TLS) support for the GNU C++
compilers (arm-linux-gnueabihf-g++, aarch64-linux-gnu-g++) to work with
OP-TEE. That is:

- A Thread Control Block,
- The __tls_get_addr() and dl_iterate_phdr() functions.

Note that __tls_get_addr() is an ABI helper so it has no prototype in a
user-accessible header file. dl_iterate_phdr() however is defined in
<link.h> and may be used in a TA. The file lib/libutee/include/link.h is
borrowed from Android's Bionic [1] with minor changes (added the
required #include statement and named the function parameters). A
similar <link.h> header is provided by other C libraries such as GNU
libc, musl and FreeBSD/NetBSD/OpenBSD.

Link: [1] https://android.googlesource.com/platform/bionic/+/master/libc/include/link.h
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: arm64: support R_AARCH64_TLS_TPREL relocations

Preparing for C++ support in TAs.

This commit adds support for relocation type R_AARCH64_TLS_TPREL.
Although OP-TEE does not support multi-thre

ldelf: arm64: support R_AARCH64_TLS_TPREL relocations

Preparing for C++ support in TAs.

This commit adds support for relocation type R_AARCH64_TLS_TPREL.
Although OP-TEE does not support multi-threaded TAs, introducing basic
support for multi-threading will allow binaries generated by the
aarch64-linux-gnueabihf-g++ compiler to work properly. Indeed, this
compiler is configured for a multi-threadded environment by default.

The way R_AARCH64_TLS_TPREL works is simple: the runtime library needs
to keep a per-thread copy of all the TLS segments in the application.
When the compiler needs to access a thread-specific symbol, it emits
this relocation. The loader will then replace the value by the offset
of the desired symbol in the Thread Control Block of the current thread
(the address of the TCB is obtained via the TPIDR_EL0 register).

The runtime code that sets up the TCB from the TLS segments will come
in a later commit.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: arm: support R_ARM_TLS_DTPMOD32 and R_ARM_TLS_DTPOFF32 relocations

Preparing for C++ support in TAs.

This commit adds support for Thread Local Storage (TLS) relocation
types R_ARM_TLS_DTPMOD

ldelf: arm: support R_ARM_TLS_DTPMOD32 and R_ARM_TLS_DTPOFF32 relocations

Preparing for C++ support in TAs.

This commit adds support for Thread Local Storage (TLS) relocation
types R_ARM_TLS_DTPMOD32 and R_ARM_TLS_DTPOFF32.

OP-TEE does not support multi-threaded TAs so in principle there is no
need to handle the TLS relocations. However, this commit will allow to
run C++ TAs built with the "official" arm-linux-gnueabihf compiler
(which is built with threading support enabled), as long as no
multi-thread feature is explicitly used by the TA. In other words, it
avoids the need to re-build a toolchain with --disable-threads.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: add support for weak symbols

Preparing for C++ support in TAs.

When ldelf performs a symbol lookup in a TA, it currently considers
only global symbols that are not undefined. It turns out th

ldelf: add support for weak symbols

Preparing for C++ support in TAs.

When ldelf performs a symbol lookup in a TA, it currently considers
only global symbols that are not undefined. It turns out that g++ can
generates dynamic relocations referencing symbols that are weak and
undefined [1], in other words: weak declarations. Those should end up
resolving to zero.

This commit updates the symbol resolution to first look for global
defined symbols, then weak defined, then weak undefined.

[1] __pthread_key_create, pthread_mutex_lock, pthread_mutex_unlock,
__gnu_Unwind_Find_exidx.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: __resolve_sym(): support STT_NOTYPE

Symbols defined in a linker script are assigned type STT_NOTYPE, but
the __resolve_sym() function in ldelf only supports STT_OBJECT and
STT_FUNCTION. As a

ldelf: __resolve_sym(): support STT_NOTYPE

Symbols defined in a linker script are assigned type STT_NOTYPE, but
the __resolve_sym() function in ldelf only supports STT_OBJECT and
STT_FUNCTION. As a result, it is impossible to resolve STT_NOTYPE
symbols at runtime. This causes an error in shared libraries when
ftrace is enabled:

# Platform: QEMU
$ make CFG_FTRACE_SUPPORT=y CFLAGS_ta_arm32=-pg run

$ xtest 1019

D/LD: ldelf:134 Loading TA 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b
E/LD: __resolve_sym:61 Symbol type not supported
E/TC:? 0 init_with_ldelf:232 ldelf failed with res: 0xffff000a

* regression_1019 Test dynamically linked TA
regression_1000.c:1502: [...] TEEC_ERROR_NOT_SUPPORTED

This commit adds STT_NOTYPE to the supported types, handled the same way
as STT_OBJECT and STT_FUNCTION.

Fixes: 97c5ac19427b ("ldelf: check ranges in __resolve_sym()")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: prints consistent with readelf

Prints names of sections consistent with names used in the readelf
utility.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander

ldelf: prints consistent with readelf

Prints names of sections consistent with names used in the readelf
utility.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: consistent error codes

Changes error codes related to bad format or values in ELF to
TEE_ERROR_BAD_FORMAT. This includes overflowing multiplications and
addresses outside the range of the cur

ldelf: consistent error codes

Changes error codes related to bad format or values in ELF to
TEE_ERROR_BAD_FORMAT. This includes overflowing multiplications and
addresses outside the range of the current ELF being parsed.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: use confine_array_index() to cap speculation

Uses confine_array_index() to limit speculation on different indexes into
the ELF.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Ac

ldelf: use confine_array_index() to cap speculation

Uses confine_array_index() to limit speculation on different indexes into
the ELF.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check ranges in __resolve_sym()

Adds checks in __resolve_sym() to see that the offset of the name and
location of a symbol is in range.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
A

ldelf: check ranges in __resolve_sym()

Adds checks in __resolve_sym() to see that the offset of the name and
location of a symbol is in range.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: strict checks during relocation

Adds strict check of symbol index, string table index and destination
location when relocating an ELF. This fixes an error where a malformed
ELF may cause the

ldelf: strict checks during relocation

Adds strict check of symbol index, string table index and destination
location when relocating an ELF. This fixes an error where a malformed
ELF may cause the loader to read/write data from/in other ELF or from
the loader itself.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check dynsym index is in range

Checks that a dynsym index found in hashtab is in the valid range of
dynsyms before indexing into the dynsym table. This fixes an error where
a malformed ELF ma

ldelf: check dynsym index is in range

Checks that a dynsym index found in hashtab is in the valid range of
dynsyms before indexing into the dynsym table. This fixes an error where
a malformed ELF may cause the loader to read data from other ELF or from
the loader itself.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check that hashtab entries are in range

Adds checks that each looked up entry in the hashtab is in the range of
the hashtab. This fixes an error where a malformed ELF may cause the
loader to

ldelf: check that hashtab entries are in range

Adds checks that each looked up entry in the hashtab is in the range of
the hashtab. This fixes an error where a malformed ELF may cause the
loader to read data from other ELF or from the loader itself.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: add __noreturn

The 32-bit variant of e64_relocate() deserves a __noreturn attribute
because it calls utee_return() unconditionally. Fixes a Clang warning.

Signed-off-by: Jerome Forissier <je

ldelf: add __noreturn

The 32-bit variant of e64_relocate() deserves a __noreturn attribute
because it calls utee_return() unconditionally. Fixes a Clang warning.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core, ldelf: add support for runtime loading of shared libraries

This commit prepares the introduction of libdl, a dynamic linking
library which will allow TAs to load shared libraries at run time,

core, ldelf: add support for runtime loading of shared libraries

This commit prepares the introduction of libdl, a dynamic linking
library which will allow TAs to load shared libraries at run time,
and resolve symbols on demand. It adds the following function to the
system PTA, inspired from the POSIX dlopen() and dlsym():

- system_dlopen(): takes a UUID and flags. Performs an upcall into
ldelf which then uses the usual system PTA functions to load an map the
requested library into the address space of the calling TA.
- system_dlsym(): takes a UUID and a symbol name. The symbol is
looked up in the library specified by UUID by calling into ldelf. If
UUID is all zeros, all the mapped binaries are searched.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ldelf: support TA ftrace

Adds support in ldelf to dump ftrace data.

Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wikl

ldelf: support TA ftrace

Adds support in ldelf to dump ftrace data.

Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...