riscv: mm: initial implementation of memory management routines

An initial working implementation of mm for RISC-V MMU-enabled harts.
The default MMU mode is set to Sv39 for RV64 with 3 page table l

riscv: mm: initial implementation of memory management routines

An initial working implementation of mm for RISC-V MMU-enabled harts.
The default MMU mode is set to Sv39 for RV64 with 3 page table levels.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

riscv: kernel: asm-defines.c: add defines for struct core_mmu_config

Add CORE_MMU_CONFIG_SIZE and CORE_MMU_CONFIG_SATP defines
to asm-defines.c

Signed-off-by: Marouene Boubakri <marouene.boubakri@n

riscv: kernel: asm-defines.c: add defines for struct core_mmu_config

Add CORE_MMU_CONFIG_SIZE and CORE_MMU_CONFIG_SATP defines
to asm-defines.c

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

riscv: mm: core_mmu_arch.h: define translation levels parameters

This commits modify core_mmu_arch.h to:
- Set CORE_MMU_PGDIR_LEVEL to zero, since the deepest translation
level is always zero.
- Set

riscv: mm: core_mmu_arch.h: define translation levels parameters

This commits modify core_mmu_arch.h to:
- Set CORE_MMU_PGDIR_LEVEL to zero, since the deepest translation
level is always zero.
- Set CORE_MMU_BASE_TABLE_LEVEL to (RISCV_PGLEVELS - 1) which the first
translation level depending on the MMU mode.
- Set RISCV_MMU_ASID_WIDTH to number of bits used to represent ASID.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: add dsb_osh()

Implement the use of osh data barrier to ensure that all data
access and modifications have been completed before executing
subsequent instructions.

Signed-off-by: Xiaoxu

core: arm64: add dsb_osh()

Implement the use of osh data barrier to ensure that all data
access and modifications have been completed before executing
subsequent instructions.

Signed-off-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: stm32_bsec: implement the get otp by phandle

Add a new interface stm32_bsec_find_otp_by_phandle() to retrieve
localization of an OTP from a given node phandle.

When the node phandle is abs

drivers: stm32_bsec: implement the get otp by phandle

Add a new interface stm32_bsec_find_otp_by_phandle() to retrieve
localization of an OTP from a given node phandle.

When the node phandle is absent in the NVMEM node, layout_cell->phandle = 0
and reference to this OTP with this API function is not possible.

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>

show more ...

drivers: stm32_bsec: add support for bits property in the DT

Adds the possibility to specify the number of managed bit in the NVMEM
cell device tree description, using the optional bits property
and

drivers: stm32_bsec: add support for bits property in the DT

Adds the possibility to specify the number of managed bit in the NVMEM
cell device tree description, using the optional bits property
and removes restriction on aligned NVMEM cell on 32-bit word by supporting
bit offset in stm32_bsec_find_otp_in_nvmem_layout().

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>

show more ...

drivers: stm32_bsec: keep stm32_bsec_permanent_lock_otp() under flag

Keep the function to access the OTP lock under the CFG_STM32_BSEC_WRITE
flag to align with the write function.

Reviewed-by: Etie

drivers: stm32_bsec: keep stm32_bsec_permanent_lock_otp() under flag

Keep the function to access the OTP lock under the CFG_STM32_BSEC_WRITE
flag to align with the write function.

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

drivers: stm32_bsec: add BSEC_DEN_ALL_MSK support

Correctly handle the reserved bits in register BSEC_DEN with the mask
BSEC_DEN_ALL_MSK.

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com

drivers: stm32_bsec: add BSEC_DEN_ALL_MSK support

Correctly handle the reserved bits in register BSEC_DEN with the mask
BSEC_DEN_ALL_MSK.

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>

show more ...

drivers: stm32_bsec: fix stm32_bsec_find_otp_in_nvmem_layout()

Remove the unnecessary ';' at the end of the function.

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Pat

drivers: stm32_bsec: fix stm32_bsec_find_otp_in_nvmem_layout()

Remove the unnecessary ';' at the end of the function.

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>

show more ...

mk/aosp_optee.mk: fix build dependency between a TA and its libraries

The LOCAL_REQUIRED_MODULES proposed by the commit [1] creates the
dependency for the specified modules and product to make sure

mk/aosp_optee.mk: fix build dependency between a TA and its libraries

The LOCAL_REQUIRED_MODULES proposed by the commit [1] creates the
dependency for the specified modules and product to make sure they are
installed to the product image. But it doesn't create the dependency
between a TA and its libraries for build process to correctly link them.
Add the dependency back and change the depended file to the result file
in the intermediate directory instead of the installation directory.

Fixes: fb66b364b5d2 ("mk/aosp_optee.mk: fix build dependency for static libraries")
Signed-off-by: Tadd Kao <tadd.kao@mediatek.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mk/aosp_optee.mk: allow building ta with specified target architecture

Introduce $(local_optee_ta_target) to specify the target architecture
of the built TA in aosp build environment.

Signed-off-by

mk/aosp_optee.mk: allow building ta with specified target architecture

Introduce $(local_optee_ta_target) to specify the target architecture
of the built TA in aosp build environment.

Signed-off-by: Tadd Kao <tadd.kao@mediatek.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Add external DT initialization and updating

Initialize the external DT which is provided by early boot stage. The
external DT is updated by adding reserved-memory node for secure RAM.

core: riscv: Add external DT initialization and updating

Initialize the external DT which is provided by early boot stage. The
external DT is updated by adding reserved-memory node for secure RAM.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: Get external device tree provided by early boot stage

Early boot stage (i.e., M-mode firmware) can provide external device
tree via register a1. Implement code that OP-TEE gets device t

core: riscv: Get external device tree provided by early boot stage

Early boot stage (i.e., M-mode firmware) can provide external device
tree via register a1. Implement code that OP-TEE gets device tree from
a1 and saves the value into s1 for future use. Platform can also define
CFG_DT_ADDR to forcely set the physical address of the device tree.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: Refine variable declarations and return values in dt.c

Provide initialization values for local variables. The return values of
libfdt functions are returned instead of -1 since libfdt

core: kernel: Refine variable declarations and return values in dt.c

Provide initialization values for local variables. The return values of
libfdt functions are returned instead of -1 since libfdt has its own
error codes and they are useful for debug.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: Move some DT functions to common kernel

Some existed functions for device tree in ARM could be also used for
other architectures. This commit moves most of functions from ARM
architecture

core: arm: Move some DT functions to common kernel

Some existed functions for device tree in ARM could be also used for
other architectures. This commit moves most of functions from ARM
architecture into "core/kernel/dt.c", including external DT descriptor,
DT overlay, external DT initialization, API for adding DT child nodes
and reserved-memory nodes. Since "core/kernel/dt.c" is dependent with
CFG_DT, other functions which are independent with CFG_DT are put into
new file "core/kernel/boot.c".

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: fix update from user parameters with CFG_PAN=y

When CFG_PAN is enabled, OP-TEE kernel can not directly access the user
memory, otherwise an exception occurs. To fix it, we apply user-access
fu

core: fix update from user parameters with CFG_PAN=y

When CFG_PAN is enabled, OP-TEE kernel can not directly access the user
memory, otherwise an exception occurs. To fix it, we apply user-access
functions when OP-TEE kernel updates the parameters from user stack. A
bounce buffer is allocated and the user stack contents are duplicated
into the bounce buffer before OP-TEE kernel accesses them.

Fixes: 376448c26af4 ("core: use user-access functions for passing params")
Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix ldelf invalid access to user stack with CFG_PAN=y

When CFG_PAN is enabled, OP-TEE kernel can not directly access the user
memory, otherwise an exception occurs. To fix it, we apply user-ac

core: fix ldelf invalid access to user stack with CFG_PAN=y

When CFG_PAN is enabled, OP-TEE kernel can not directly access the user
memory, otherwise an exception occurs. To fix it, we apply user-access
functions when ldelf gets the parameters from the user stack "arg".

Fixes: 52e7b1a67f8f ("core: use user-access functions in ldelf interaction")
Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: spmc: simplify using {high,low}32_from_64()

Simplify spmc_sp_handle_mem_share() using high32_from_64() and
low32_from_64() instead of reg_pair_from_64().

Signed-off-by: Jens Wiklander <jens.w

core: spmc: simplify using {high,low}32_from_64()

Simplify spmc_sp_handle_mem_share() using high32_from_64() and
low32_from_64() instead of reg_pair_from_64().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

libutils: add {high,low}32_from_64() helper

Adds two helper functions high32_from_64() and low32_from_64() used for
retrieving the upper and lower halves of a uint64_t.

Signed-off-by: Jens Wiklande

libutils: add {high,low}32_from_64() helper

Adds two helper functions high32_from_64() and low32_from_64() used for
retrieving the upper and lower halves of a uint64_t.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ci: qemuv8: add check with PAN enabled

Update CI to check with PAN enabled as well. This check will help to
ensure that new commits also use user-access functions properly.

Signed-off-by: Seonghyun

ci: qemuv8: add check with PAN enabled

Update CI to check with PAN enabled as well. This check will help to
ensure that new commits also use user-access functions properly.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: Apply finer-grained PAN

Prior to this commit, the PAN was disabled for most of the time,
within the thread scall handler. After resolving all outstanding
missing unprivileged access functions,

core: Apply finer-grained PAN

Prior to this commit, the PAN was disabled for most of the time,
within the thread scall handler. After resolving all outstanding
missing unprivileged access functions, we can now enable finer-
grained PAN, where the unprivileged access is only allowed inside
handful of special user-access functions.

There are some exceptions where we toggle PAN to allow the OP-TEE
core to access user memory, instead of using user-access functions
or bounce buffers. Those are crypto services and ldelf syscall
handlers. Those are chosen to avoid potential large bounce buffer
allocations.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: use user-access functions for crypto service

Use user-access functions for crypto service functions, excluding
encryption, decryption and hasn operations, which might require
large bounce buff

core: use user-access functions for crypto service

Use user-access functions for crypto service functions, excluding
encryption, decryption and hasn operations, which might require
large bounce buffer allocations. Besides these operations, user-
access functions are applied for those functions that takes
attributes, IVs, big numbers, and auxiliary data from the user-
space.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: use user-access functions in system PTA

When user TAs call into the system PTA, allocate bounce buffers and
copy data from the user buffers to the bounce buffers, which can be
accessed by the

core: use user-access functions in system PTA

When user TAs call into the system PTA, allocate bounce buffers and
copy data from the user buffers to the bounce buffers, which can be
accessed by the core kernel functions.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: use GET_USER_SCALAR() to save TA panic regs

Use GET_USER_SCALAR() macro to retrieve register values from the
user stack upon TA panic.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Revie

core: use GET_USER_SCALAR() to save TA panic regs

Use GET_USER_SCALAR() macro to retrieve register values from the
user stack upon TA panic.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: use user-access functions for storage svc

Use user-access functions within storage service syscalls, mainly to
copy object id from user-spaced buffers.

Signed-off-by: Seonghyun Park <seonghp@

core: use user-access functions for storage svc

Use user-access functions within storage service syscalls, mainly to
copy object id from user-spaced buffers.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...