| ecdedc94 | 14-May-2018 |
Jens Wiklander <jens.wiklander@linaro.org> |
util: update fallback SUB_OVERFLOW() macro
Updates the fallback SUB_OVERFLOW() macro to better support mixed types in the arguments.
Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-b
util: update fallback SUB_OVERFLOW() macro
Updates the fallback SUB_OVERFLOW() macro to better support mixed types in the arguments.
Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 9a8117de | 14-May-2018 |
Jens Wiklander <jens.wiklander@linaro.org> |
util: update fallback ADD_OVERFLOW() macro
Updates the fallback ADD_OVERFLOW() macro to better support mixed types in the arguments.
Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-b
util: update fallback ADD_OVERFLOW() macro
Updates the fallback ADD_OVERFLOW() macro to better support mixed types in the arguments.
Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 2770e242 | 14-May-2018 |
Etienne Carriere <etienne.carriere@linaro.org> |
libutils: MIN/MAX macros for assembly code
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Joakim Bech <joakim.bech@linaro.org> |
| 2b38f7fd | 04-May-2018 |
Jerome Forissier <jerome.forissier@linaro.org> |
libutils: bget_malloc.c: fix overflow tests
The overflow tests in raw_calloc(), raw_realloc() and raw_malloc() are wrong. They don't work as expected when hdr_size and ftr_size are both zero. The bu
libutils: bget_malloc.c: fix overflow tests
The overflow tests in raw_calloc(), raw_realloc() and raw_malloc() are wrong. They don't work as expected when hdr_size and ftr_size are both zero. The bug is exposed by commit 96c1d8c56cde ("ta: TEE_Malloc() and friend: skips layers") which causes xtest 8033 to fail because TEE_Malloc(0, TEE_MALLOC_FILL_ZERO) now returns NULL.
In addition, the allocation functions in bget.c (bget(), bgetz() and bgetr()) take a parameter of type bufsize for the allocation size. This happens to be a (signed) long. On the other hand, raw_malloc(), raw_calloc() and raw_realloc() take a size_t parameter which is unsigned long. Therefore, large size values are incorrectly interpreted as being negative by the bget code, which then asserts. When run in the context of a TA, this causes a TA panic instead of a TEE_ERROR_OUT_OF_MEMORY error. This bug is also exposed by commit 96c1d8c56cde ("ta: TEE_Malloc() and friend: skips layers") and makes xtest 8034 and 8042 fail. 8034 is TEE_Malloc(0xFFFFFFFE, TEE_MALLOC_FILL_ZERO) while 8042 is TEE_Realloc(ptr, 0xFFFFFFFE).
Rework the raw_calloc(), raw_realloc() and raw_malloc() functions to use the MUL_OVERFLOW() and ADD_OVERFLOW() macros instead, operating on the proper types.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Tested-by: Jerome Forissier <jerome.forissier@linaro.org>
show more ...
|
| 86ab9ffe | 08-May-2018 |
Jens Wiklander <jens.wiklander@linaro.org> |
util: fix fallback SUB_OVERFLOW() macro
This only applies when the compiler doesn't provide the __builtin_sub_overflow() function (before GCC 5.1).
Fixes problem due to integer promotion in overflo
util: fix fallback SUB_OVERFLOW() macro
This only applies when the compiler doesn't provide the __builtin_sub_overflow() function (before GCC 5.1).
Fixes problem due to integer promotion in overflow macros when result is a signed type and the subtrahend is an unsigned type with a low value.
SUB_OVERFLOW() still doesn't handle all combinations of signed and unsigned types in the parameters.
Fixes: ce0d8e2da340 ("util: add macros for arithmetics with overflow checking") Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 2b304337 | 07-May-2018 |
Jens Wiklander <jens.wiklander@linaro.org> |
util: fix fallback ADD_OVERFLOW() macro
This only applies when the compiler doesn't provide the __builtin_add_overflow() function (before GCC 5.1).
Fixes problem due to integer promotion in overflo
util: fix fallback ADD_OVERFLOW() macro
This only applies when the compiler doesn't provide the __builtin_add_overflow() function (before GCC 5.1).
Fixes problem due to integer promotion in overflow macros when result is a signed type and the second addend is an unsigned type with value 0.
ADD_OVERFLOW() still doesn't handle all combinations of signed and unsigned types in the parameters.
Fixes: ce0d8e2da340 ("util: add macros for arithmetics with overflow checking") Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| d815ab47 | 27-Apr-2018 |
Jerome Forissier <jerome.forissier@linaro.org> |
libutils: isoc: implement tolower(), isdigit() and isxdigit()
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Joakim B
libutils: isoc: implement tolower(), isdigit() and isxdigit()
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Joakim Bech <joakim.bech@linaro.org>
show more ...
|
| fb30cafd | 27-Apr-2018 |
Jerome Forissier <jerome.forissier@linaro.org> |
Prevent unused warnings in speculation_barrier.h
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Joakim Bech <joakim.b
Prevent unused warnings in speculation_barrier.h
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Joakim Bech <joakim.bech@linaro.org>
show more ...
|
| 6aca2c8e | 27-Apr-2018 |
Jerome Forissier <jerome.forissier@linaro.org> |
libutils: import speculation_barrier.h
Import speculation_barrier.h from [1]. This file implements a set of wrapper macros for the __builtin_load_no_speculate builtin function detailed at [2]. This
libutils: import speculation_barrier.h
Import speculation_barrier.h from [1]. This file implements a set of wrapper macros for the __builtin_load_no_speculate builtin function detailed at [2]. This builtin function defines a speculation barrier, which can be used to limit the conditions under which a value which has been loaded can be used under specualtive execution.
The header file provided here allows a migration path to using the builtin function for users who are unable to immediately upgrade to a compiler which supports the builtin.
(Description taken from the README.md file of the speculation_barrier project by Arm on GitHub [3])
Link: [1] https://raw.githubusercontent.com/ARM-software/speculation-barrier/80e65cd830b321ff676941c2fab773da450e6dae/speculation_barrier.h Link: [2] https://www.arm.com/security-update Link: [3] https://github.com/ARM-software/speculation-barrier Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Joakim Bech <joakim.bech@linaro.org>
show more ...
|
| 621a56cf | 26-Apr-2018 |
Jens Wiklander <jens.wiklander@linaro.org> |
libutil: provide non-stubbed ctypes.h
Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@
libutil: provide non-stubbed ctypes.h
Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| f6eaffba | 24-Apr-2018 |
Jens Wiklander <jens.wiklander@linaro.org> |
libutee: remove redundant malloc() layers
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.
libutee: remove redundant malloc() layers
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 96c1d8c5 | 24-Apr-2018 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: TEE_Malloc() and friend: skips layers
Prior to this patch TEE_Malloc(), TEE_Realloc() and TEE_Free() were using two extra layers implemented on top of the well known malloc(), realloc(), calloc(
ta: TEE_Malloc() and friend: skips layers
Prior to this patch TEE_Malloc(), TEE_Realloc() and TEE_Free() were using two extra layers implemented on top of the well known malloc(), realloc(), calloc() and free() functions. With this patch the extra layers are skipped.
When compiled for user TAs realloc() clears all memory that otherwise would be uninitialized memory since it's required by the spec [1] if TEE_Malloc() is called with the hint TEE_MALLOC_FILL_ZERO. Since that's the only recognized hint in the spec realloc() assumes that it's always needed.
[1] GP TEE Internal Core API Specification v1.1
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| c0ce02ed | 24-Apr-2018 |
Jens Wiklander <jens.wiklander@linaro.org> |
TEE_Realloc(): fix invalid declaration
Prior to this was TEE_Realloc() declared as:
void *TEE_Realloc(const void *buffer, uint32_t newSize);
This does not make sense as the argument buffer can and
TEE_Realloc(): fix invalid declaration
Prior to this was TEE_Realloc() declared as:
void *TEE_Realloc(const void *buffer, uint32_t newSize);
This does not make sense as the argument buffer can and will be changed as a result of calling this function. Instead fix the declaration to be:
void *TEE_Realloc(void *buffer, uint32_t newSize);
This is also more in line with realloc().
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 7531fb24 | 29-Mar-2018 |
Jens Wiklander <jens.wiklander@linaro.org> |
Use mempool API from libutils for bignum allocations
Uses the Use mempool API from libutils for bignum allocations.
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> Acked-by: Jerome Forissie
Use mempool API from libutils for bignum allocations
Uses the Use mempool API from libutils for bignum allocations.
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| a2eb5b55 | 18-Apr-2018 |
Jens Wiklander <jens.wiklander@linaro.org> |
libutils: add mempool API
Adds mempool.h with an API suitable for allocating short-lived object. Based on the internal counterpart in libmpa. This is needed to integrate other bignum implementations
libutils: add mempool API
Adds mempool.h with an API suitable for allocating short-lived object. Based on the internal counterpart in libmpa. This is needed to integrate other bignum implementations.
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 2733280a | 06-Apr-2018 |
Etienne Carriere <etienne.carriere@linaro.org> |
libutee: out and tag buffers can be too short in TEE_AEEncryptFinal
With this change, a single call to TEE_AEEncryptFinal() checks both the output data buffer size and the tag buffer size and return
libutee: out and tag buffers can be too short in TEE_AEEncryptFinal
With this change, a single call to TEE_AEEncryptFinal() checks both the output data buffer size and the tag buffer size and return TEE_ERROR_SHORT_BUFFER with both expected size if at least one of the provided buffer is too short.
Before this change caller may need to call twice TEE_AEEncryptFinal() in the right order to get the output buffers sizes, first for the output data size then for the tag data size.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 387b0ee3 | 05-Apr-2018 |
Etienne Carriere <etienne.carriere@linaro.org> |
core: deprecate TA property flags EXEC_DDR and USER_MODE
TA property flags TA_FLAG_EXEC_DDR and TA_FLAG_USER_MODE were not really useful in the OP-TEE and now they are meaningless.
Define the mask
core: deprecate TA property flags EXEC_DDR and USER_MODE
TA property flags TA_FLAG_EXEC_DDR and TA_FLAG_USER_MODE were not really useful in the OP-TEE and now they are meaningless.
Define the mask of flags a TA may pretend to and assert loaded TAs do not expect flags set outside of the defined supported bit flags.
Fix gmon.h against duplicate round macros.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
show more ...
|
| e3458e03 | 26-Mar-2018 |
Jerome Forissier <jerome.forissier@linaro.org> |
libutee: introduce CFG_TA_BIGNUM_MAX_BITS
Make the size of big numbers in libutee configurable. This controls the size of the big numbers that can be manipulated through the TEE Internal Core API (A
libutee: introduce CFG_TA_BIGNUM_MAX_BITS
Make the size of big numbers in libutee configurable. This controls the size of the big numbers that can be manipulated through the TEE Internal Core API (Arithmetical functions).
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 5beb9909 | 23-Mar-2018 |
Jerome Forissier <jerome.forissier@linaro.org> |
libutee: remove redundant #define for TEE_MAX_NUMBER_OF_SUPPORTED_BITS
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> |
| decd9df7 | 02-Feb-2018 |
Victor Chong <victor.chong@linaro.org> |
compiler.h: Avoid macro redefinition
__packed, __noreturn, __unused and __used are already defined in certain environtments, e.g. bionic, so avoid redefining them here.
Signed-off-by: Victor Chong
compiler.h: Avoid macro redefinition
__packed, __noreturn, __unused and __used are already defined in certain environtments, e.g. bionic, so avoid redefining them here.
Signed-off-by: Victor Chong <victor.chong@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| b7f0111d | 26-Jan-2018 |
Volodymyr Babchuk <vlad.babchuk@gmail.com> |
bget: use struct bpoolset instead of global variables
Move all global variables that are used by bget into struct bpoolset. "poolset" choosed because term "pool" already used by bget itself. bget ca
bget: use struct bpoolset instead of global variables
Move all global variables that are used by bget into struct bpoolset. "poolset" choosed because term "pool" already used by bget itself. bget can use multiple pools to allocate memory. Now it is posible to use number of pool sets simultaneosly.
Such feature is needed for virtualization support, because we want to use separate allocator for OP-TEE kernel memory allocations and separate allocator for client memory allocations.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 7c0e4b4c | 18-Jan-2018 |
Jerome Forissier <jerome.forissier@linaro.org> |
util.h: add CONCAT() macro
Add a macro that can be used to paste evaluated pre-processor tokens in the code.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carri
util.h: add CONCAT() macro
Add a macro that can be used to paste evaluated pre-processor tokens in the code.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 7f45f761 | 17-Oct-2017 |
Ken Liu <ken.liu@arm.com> |
core: add pseudo-TA for retrieve sdp physical address
Add a pseudo-TA to convert a Secure Data Path virtual address to physical address. May only be called by a TA that has TA_FLAG_SECURE_DATA_PATH.
core: add pseudo-TA for retrieve sdp physical address
Add a pseudo-TA to convert a Secure Data Path virtual address to physical address. May only be called by a TA that has TA_FLAG_SECURE_DATA_PATH.
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Tested-by: Edison Ai <edison.ai@arm.com> (Juno) Signed-off-by: Edison Ai <edison.ai@arm.com>
show more ...
|
| b1d7375c | 15-Dec-2017 |
Jerome Forissier <jerome.forissier@linaro.org> |
Remove 'All rights reserved' from Linaro files
The text 'All rights reserved' is useless [1]. The Free Software Foundation's REUSE Initiative best practices document [2] does not contain these words
Remove 'All rights reserved' from Linaro files
The text 'All rights reserved' is useless [1]. The Free Software Foundation's REUSE Initiative best practices document [2] does not contain these words. Therefore, we can safely remove the text from the files that are owned by Linaro.
Generated by: spdxify.py --linaro-only --strip-arr optee_os/
Link: [1] https://en.wikipedia.org/wiki/All_rights_reserved Link: [2] https://reuse.software/practices/ Link: [3] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Joakim Bech <joakim.bech@linaro.org>
show more ...
|
| 78b7c7c7 | 15-Dec-2017 |
Jerome Forissier <jerome.forissier@linaro.org> |
Remove license notice from Linaro files
Now that we have added SPDX identifiers, we can safely remove the verbose license text from the files that are owned by Linaro.
Generated by [1]: spdxify.p
Remove license notice from Linaro files
Now that we have added SPDX identifiers, we can safely remove the verbose license text from the files that are owned by Linaro.
Generated by [1]: spdxify.py --linaro-only --strip-license-text optee_os/
Link: [1] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Joakim Bech <joakim.bech@linaro.org>
show more ...
|