core: thread: add compiler barrier to thread_set_exceptions()

With compiler optimizer enable (-O2) compiler generate invalid code
for thread_get_id_may_fail(). The curr_thread read got re-order
afte

core: thread: add compiler barrier to thread_set_exceptions()

With compiler optimizer enable (-O2) compiler generate invalid code
for thread_get_id_may_fail(). The curr_thread read got re-order
after exceptions unmask.

Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add unwind library (libunw)

Adds libunw to consolidate the stack unwinding code found in
ldelf/unwind_arm{32,64}.c and core/arch/arm/kernel/unwind_arm{32,64}.c.

The library is called "libunw" rathe

Add unwind library (libunw)

Adds libunw to consolidate the stack unwinding code found in
ldelf/unwind_arm{32,64}.c and core/arch/arm/kernel/unwind_arm{32,64}.c.

The library is called "libunw" rather than "libunwind" to avoid
confusion with the GNU libunwind [1]. The header file is <unw/unwind.h>
to avoid a conflict with GCC's <unwind.h>.

Link: [1] https://www.nongnu.org/libunwind
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

arm32: fold UNWIND(.fnstart/.fnend) into the FUNC macros

This change applies to arm32 assembler sources.

Instead of using UNWIND(.fnstart) after FUNC or LOCAL_FUNC and
UNWIND(.fnend) before END_FUN

arm32: fold UNWIND(.fnstart/.fnend) into the FUNC macros

This change applies to arm32 assembler sources.

Instead of using UNWIND(.fnstart) after FUNC or LOCAL_FUNC and
UNWIND(.fnend) before END_FUNC, let's fold these statements into the
FUNC macros.

The .fnstart/.fnend directives mark the start and end of a function
with an unwind table entry (.ARM.exidx) and therefore a function
without them has no entry and cannot be unwound. This means that a
stack dump (on abort or panic) would stop when reaching such a
function.

As a result of this patch, a small number of functions now have an
entry in the unwind table when they had none before (the functions
which were using FUNC or LOCAL_FUNC but had no .fnstart/.fnend). It was
almost always a bug and this pacth only increases the size of the
.ARM.exidx section by a few bytes (tested on QEMU).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

arm32: move the UNWIND() macro to <asm.S>

All the users of the UNWIND() macro include <asm.S> already, which is
therefore a good place to define this macro. Let's move it from
<kernel/unwind.h> to <

arm32: move the UNWIND() macro to <asm.S>

All the users of the UNWIND() macro include <asm.S> already, which is
therefore a good place to define this macro. Let's move it from
<kernel/unwind.h> to <asm.S>, remove a couple of duplicates in
assembler files, and drop the useless includes.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: remove stack dump macros and multiple log levels

Of the various xPRINT_STACK() macros (x in {E,I,D,F}), only
EPRINT_STACK() is used. Let's simplify the code by removing the macros
altogether a

core: remove stack dump macros and multiple log levels

Of the various xPRINT_STACK() macros (x in {E,I,D,F}), only
EPRINT_STACK() is used. Let's simplify the code by removing the macros
altogether and calling print_kernel_stack() instead. Since only the
TRACE_ERROR is used, the 'level' argument to print_kernel_stack(),
print_stack_arm32() and print_stack_arm64() is removed too.

In addition to simplifying the code, these changes will allow the
consolidation of the stack unwinding code between core and ldelf.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutee: fix TEE_BigIntDiv(): dest_q or dest_r may be NULL

Fixes TEE_BigIntDiv() to allow NULL values for dest_q and dest_r as
required by the GlobalPlatform spec.

Reviewed-by: Jerome Forissier <je

libutee: fix TEE_BigIntDiv(): dest_q or dest_r may be NULL

Fixes TEE_BigIntDiv() to allow NULL values for dest_q and dest_r as
required by the GlobalPlatform spec.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: arm64: support R_AARCH64_TLSDESC relocations

When compiling the __thread test in optee_test (xtest 1029), GCC 8.3
emits R_AARCH64_TLS_TPREL relocations while GCC 6 and 7 generate
R_AARCH64_TL

ldelf: arm64: support R_AARCH64_TLSDESC relocations

When compiling the __thread test in optee_test (xtest 1029), GCC 8.3
emits R_AARCH64_TLS_TPREL relocations while GCC 6 and 7 generate
R_AARCH64_TLSDESC instead. The latter are quite easy to implement once
the former are done so add the required code to ldelf. This also
enables the C++ tests (xtest 1031) to pass with the older compilers.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMUv8, GCC 6.2/7.2)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: embed AEABI personality routines upon CFG_UNWIND

Fix a TA build issue found when CFG_UNWIND=n. This issue produces a
build error trace like the below:

.../toolchains/aarch32/bin/arm-linux

libutils: embed AEABI personality routines upon CFG_UNWIND

Fix a TA build issue found when CFG_UNWIND=n. This issue produces a
build error trace like the below:

.../toolchains/aarch32/bin/arm-linux-gnueabihf-ld.bfd: .../toolchains/aarch32/bin/../lib/gcc/arm-linux-gnueabihf/8.3.0/libgcc_eh.a(unwind-arm.o): in function `__aeabi_unwind_cpp_pr0':
/tmp/dgboter/bbs/rhev-vm8--rhe6x86_64/buildbot/rhe6x86_64--arm-linux-gnueabihf/build/src/gcc/libgcc/config/arm/unwind-arm.c:494: multiple definition of `__aeabi_unwind_cpp_pr0'; .../optee_os/out/arm/export-ta_arm32/lib/libutils.a(aeabi_unwind.o): .../optee_os/lib/libutils/ext/arch/arm/aeabi_unwind.c:9: first defined here
.../optee_os/out/arm/export-ta_arm32/mk/link.mk:109: recipe for target 'out/5b9e0e40-2636-11e1-ad9e-0002a5d5c51b.elf' failed

I don't understand why toolchain support for __aeabi_unwind_cpp_pr0()
conflicts with the libutils implementation only when CFG_UNWIND=n. Yet
the current change works around the issue.

Fixes: https://github.com/OP-TEE/optee_test/issues/440
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: add stack overflow detection

This commit introduces CFG_CORE_DEBUG_CHECK_STACKS to check the stack
limits using compiler instrumentation (-finstrument-functions). When
enabled, the C compiler

core: add stack overflow detection

This commit introduces CFG_CORE_DEBUG_CHECK_STACKS to check the stack
limits using compiler instrumentation (-finstrument-functions). When
enabled, the C compiler will insert entry and exit hooks in all
functions in the TEE core. On entry, the stack pointer is checked and
if an overflow is detected, panic() is called.

How is this helpful since we have stack canaries already?
1. When a dead canary is found, the call stack will give no indication
of the root cause of the corruption which may have happened quite some
time before. Running the test case again with a debugger attached and a
watchpoint on the canary is not always an option.
2. The system may corrupt the stack and hang in an exception handler
before the first canary check, for instance, during boot when the
temporary stack is used. This code will likely catch such issues, too.

The downside is increased stack usage and a significant runtime overhead
which is why this feature should be enabled only for troubleshooting.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, QEMUv8)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ldelf, libutee: rework support of DT_INIT_ARRAY/DT_FINI_ARRAY

Now that we have the standard function dl_iterate_phdr() in libutee, we
can use it to process the initialization and finalization arrays

ldelf, libutee: rework support of DT_INIT_ARRAY/DT_FINI_ARRAY

Now that we have the standard function dl_iterate_phdr() in libutee, we
can use it to process the initialization and finalization arrays in the
ELF files and deprecate the ad-hoc structure __init_fini_info
introduced in commit dd655cb9906c ("ldelf, ta: add support for
DT_INIT_ARRAY and DT_FINI_ARRAY") [1].
Unfortunately, removing __init_fini_info is not an option if we want to
ensure backward compatibility. This concerns only TAs which use ELF
initialization and/or finalization functions.

[1] Released in version 3.9.0.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf, libutee: add minimal Thread Local Storage support

Preparing for C++ support in TAs.

Adds enough runtime Thread Local Storage (TLS) support for the GNU C++
compilers (arm-linux-gnueabihf-g++,

ldelf, libutee: add minimal Thread Local Storage support

Preparing for C++ support in TAs.

Adds enough runtime Thread Local Storage (TLS) support for the GNU C++
compilers (arm-linux-gnueabihf-g++, aarch64-linux-gnu-g++) to work with
OP-TEE. That is:

- A Thread Control Block,
- The __tls_get_addr() and dl_iterate_phdr() functions.

Note that __tls_get_addr() is an ABI helper so it has no prototype in a
user-accessible header file. dl_iterate_phdr() however is defined in
<link.h> and may be used in a TA. The file lib/libutee/include/link.h is
borrowed from Android's Bionic [1] with minor changes (added the
required #include statement and named the function parameters). A
similar <link.h> header is provided by other C libraries such as GNU
libc, musl and FreeBSD/NetBSD/OpenBSD.

Link: [1] https://android.googlesource.com/platform/bionic/+/master/libc/include/link.h
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: add <elf.h>

Preparing for C++ support in TAs.

Adds header file <elf.h> in addition to <elf32.h> and <elf64.h>. This
file defines the various Elf types depending on the current
architecture

libutee: add <elf.h>

Preparing for C++ support in TAs.

Adds header file <elf.h> in addition to <elf32.h> and <elf64.h>. This
file defines the various Elf types depending on the current
architecture. In other words: when building for Aarch32 Elf_* is defined
as Elf32_*, but when building for Aarch64 it is defined as Elf64_*. This
will be useful for programs which need to examine their own structure
via dl_iterate_phdr() (which will come in a later commit).

Note: <elf.h> serves the same purpose as FreeBSD's <sys/elf.h> but does
it differently; the file is not imported from FreeBSD.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Move ELF headers from ldelf/ to lib/libutee/

Preparing for C++ support in TAs.

Moves the ELF headers (elf32.h, elf64.h, elf_common.h) from
ldelf/include to lib/libutee/include so that they may be u

Move ELF headers from ldelf/ to lib/libutee/

Preparing for C++ support in TAs.

Moves the ELF headers (elf32.h, elf64.h, elf_common.h) from
ldelf/include to lib/libutee/include so that they may be used
by libutee to implement the dl_iterate_phdr() function. This will be
done in a later commit.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: arm64: add read_tpidr_el0() and write_tpidr_el0() macros

Preparing for C++ support in TAs.

Adds macros to <arm64_user_sysreg.h> to access TPIDR_EL0, the EL0 Read/
Write Software Thread ID

libutee: arm64: add read_tpidr_el0() and write_tpidr_el0() macros

Preparing for C++ support in TAs.

Adds macros to <arm64_user_sysreg.h> to access TPIDR_EL0, the EL0 Read/
Write Software Thread ID Register.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: add simplified fputc(), fputs(), fwrite(), write()

Preparing for C++ support in TAs.

Adds a few <stdio.h> functions to libutils:

fputc() fputs() fwrite() write()

The proposed implem

libutils: add simplified fputc(), fputs(), fwrite(), write()

Preparing for C++ support in TAs.

Adds a few <stdio.h> functions to libutils:

fputc() fputs() fwrite() write()

The proposed implementations are limited in the sense that they only
accept writing to stdout or stderr. The output goes directly to the
secure console and no difference is made between stdout and stderr.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: add sprintf()

Preparing for C++ support in TAs.

Implement sprintf() in libutils.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linar

libutils: add sprintf()

Preparing for C++ support in TAs.

Implement sprintf() in libutils.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: TEE_AsymmetricSignDigest support 0 signature len

User can call TEE_AsymmetricSignDigest with a NULL signature and a valid
zero signatureLen in order to discover the size of the required
sig

libutee: TEE_AsymmetricSignDigest support 0 signature len

User can call TEE_AsymmetricSignDigest with a NULL signature and a valid
zero signatureLen in order to discover the size of the required
signature buffer (function should then return TEE_ERROR_SHORT_BUFFER and
update signatureLen with the required amount).

Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mempool: use recursive mutex

The mempool code can be simplified by using a recursive mutex.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carri

core: mempool: use recursive mutex

The mempool code can be simplified by using a recursive mutex.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: atomic.h: add atomic_{load,store}_short()

Adds atomic functions operating on the 'short int' type.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <et

libutils: atomic.h: add atomic_{load,store}_short()

Adds atomic functions operating on the 'short int' type.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: make thread ID a short int

Changes thread_get_id() and thread_get_id_may_fail() to return 'short
int' instead of 'int'. That is, 16 bits instead of 32 on all supported
architectures which is m

core: make thread ID a short int

Changes thread_get_id() and thread_get_id_may_fail() to return 'short
int' instead of 'int'. That is, 16 bits instead of 32 on all supported
architectures which is more than enough since the largest thread ID
value is (CFG_NUM_THREADS - 1). Note, struct wait_queue_elem::handle
is already a short int.

trace_ext_get_thread_id() is not changed (still returns an int) because
it is part of the TA API and modifying it would needlessly introduce
incompatibilities.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: add leading underscore to base64 functions

Add a leading underscore to global functions: base64_dec(),
base64_enc(), base64_enc_len() to avoid the risk of conflicts with user
programs.

Sig

libutee: add leading underscore to base64 functions

Add a leading underscore to global functions: base64_dec(),
base64_enc(), base64_enc_len() to avoid the risk of conflicts with user
programs.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutee: remove unnecessary parentheses

checkpatch warns about unnecessary parentheses, remove them.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@

libutee: remove unnecessary parentheses

checkpatch warns about unnecessary parentheses, remove them.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutee, ldelf: add leading underscore to syscall wrappers

libutee defines assembler wrapper functions for each OP-TEE system call.
These wrappers have a utee_ prefix. This commit adds a leading
und

libutee, ldelf: add leading underscore to syscall wrappers

libutee defines assembler wrapper functions for each OP-TEE system call.
These wrappers have a utee_ prefix. This commit adds a leading
underscore so that the names cannot clash with user-defined symbols.
Doing so is common practice for "system" libraries, as defined by the C
standard in a set of requirements that can be summarized as follows
(excerpt from the GNU libc documentation [1]):

[R]eserved names include all external identifiers (global functions
and variables) that begin with an underscore (‘_’) and all identifiers
regardless of use that begin with either two underscores or an
underscore followed by a capital letter are reserved names. This is so
that the library and header files can define functions, variables, and
macros for internal purposes without risk of conflict with names in
user programs.

The utee_*() wrappers are internal to OP-TEE and are not supposed to be
called directly by TAs so this should not have any user-visible impact.

Link: [1] https://www.gnu.org/software/libc/manual/html_node/Reserved-Names.html
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutils: atomic.h: fix atomic_load_u32() types

Prior to this patch was atomic_load_u32() using wrong types, unsigned int
instead of the expected uint32_t. Fix this by changing the types.

Reviewed-

libutils: atomic.h: fix atomic_load_u32() types

Prior to this patch was atomic_load_u32() using wrong types, unsigned int
instead of the expected uint32_t. Fix this by changing the types.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: base64: initialize local variables

Initialize local variables where defined in base64 coding functions
as per OP-TEE coding style directives.

Signed-off-by: Etienne Carriere <etienne.carri

libutee: base64: initialize local variables

Initialize local variables where defined in base64 coding functions
as per OP-TEE coding style directives.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...