core: ltc: force alignment of A32 assembler functions to 4 bytes

The Clang assembler will not align all the functions containing A32
code (as opposed to thumb) on 4-byte boundaries, contrary to GCC.

core: ltc: force alignment of A32 assembler functions to 4 bytes

The Clang assembler will not align all the functions containing A32
code (as opposed to thumb) on 4-byte boundaries, contrary to GCC.
This can cause a runtime exception (undef-abort).

Add a ".balign 4" to the ENTRY macro to fix that.

See also commit ff7c2da6d14b ("Force alignment of assembler functions
(FUNC and LOCAL_FUNC) to 4 bytes") [1].

Link: [1] https://github.com/OP-TEE/optee_os/commit/ff7c2da6d14b
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: aes_modes_armv8a_ce_a64.S: get rid of literal load of addend vector

Cherry pick of Linux kernel commit ed6ed11830a9 ("crypto:
arm64/aes-modes - get rid of literal load of addend vector").

core: ltc: aes_modes_armv8a_ce_a64.S: get rid of literal load of addend vector

Cherry pick of Linux kernel commit ed6ed11830a9 ("crypto:
arm64/aes-modes - get rid of literal load of addend vector"). Original
commit message:

"
Replace the literal load of the addend vector with a sequence that
performs each add individually. This sequence is only 2 instructions
longer than the original, and 2% faster on Cortex-A53.

This is an improvement by itself, but also works around a Clang issue,
whose integrated assembler does not implement the GNU ARM asm syntax
completely, and does not support the =literal notation for FP registers
(more info at https://bugs.llvm.org/show_bug.cgi?id=38642)
"

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

show more ...

core: ltc: aes_modes_armv8a_ce_a64.S: fix incorrect assembly syntax

"umov w0, v0.4s[0]" is not valid UAL syntax; the 4 should not be here.
GCC accepts it fine but Clang does not. Fix it.

Signed-off

core: ltc: aes_modes_armv8a_ce_a64.S: fix incorrect assembly syntax

"umov w0, v0.4s[0]" is not valid UAL syntax; the 4 should not be here.
GCC accepts it fine but Clang does not. Fix it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: crypto: AES-GCM: fix incorrect assembly syntax

"umov w0, v0.4s[0]" is not valid UAL syntax; the 4 should not be here.
GCC accepts it fine but Clang does not. Fix it.

Signed-off-by: Jer

core: arm64: crypto: AES-GCM: fix incorrect assembly syntax

"umov w0, v0.4s[0]" is not valid UAL syntax; the 4 should not be here.
GCC accepts it fine but Clang does not. Fix it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt: add __noreturn to _fdt_fill_device_info() stub

When CFG_DT != y, the stub function _fdt_fill_device_info() just
panics. Therefore it deserves the __noreturn attribute. Adding it makes
a Cl

core: dt: add __noreturn to _fdt_fill_device_info() stub

When CFG_DT != y, the stub function _fdt_fill_device_info() just
panics. Therefore it deserves the __noreturn attribute. Adding it makes
a Clang warning go away.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Get rid of option -Wno-suggest-attribute=noreturn

The GCC option -Wno-suggest-attribute=noreturn is not supported by
Clang. Instead of playing with compiler options, let's fix the code
according to

Get rid of option -Wno-suggest-attribute=noreturn

The GCC option -Wno-suggest-attribute=noreturn is not supported by
Clang. Instead of playing with compiler options, let's fix the code
according to the following rules:
- If a function is know to never return, it should have the __noreturn
attribute in the header file.
- If only some implementation of a function never returns, __noreturn
shall be applied to that particular implementation in the .c file.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: driver: generic resources for crypto device driver

Add a generic cryptographic driver interface connecting
TEE Crypto generic APIs to HW driver interface

The Generic Crypto Driver interface i

core: driver: generic resources for crypto device driver

Add a generic cryptographic driver interface connecting
TEE Crypto generic APIs to HW driver interface

The Generic Crypto Driver interface in the core/driver/crypto/crypto_api
is implemented to be able to use a HW driver.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

ta: ldelf.ld.S: align __reloc_begin on 8 bytes

__reloc_begin is currently defined as "__reloc_begin = ." just before
the various .rel.* output sections. The problem is, there is no
guarantee that th

ta: ldelf.ld.S: align __reloc_begin on 8 bytes

__reloc_begin is currently defined as "__reloc_begin = ." just before
the various .rel.* output sections. The problem is, there is no
guarantee that the symbol will actually point to the first relocation
entry due to the alignment constraints on relocation sections. For
instance for Aarch64 relocations, alignment is 8 bytes, but
__reloc_begin has no alignment constraint, so it might end before the
first relocation (this issue was observed with the Clang linker,
ld.lld).

The patch forces the alignment of __reloc_begin on 8 bytes so that
there can be no unwanted padding.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

util.h: add the macro ROUNDUP_OVERFLOW()

Adds the macro ROUNDUP_OVERFLOW() which rounds up like ROUNDUP() but also
checks the result for overflow and returns true on overflow.

Reviewed-by: Etienne

util.h: add the macro ROUNDUP_OVERFLOW()

Adds the macro ROUNDUP_OVERFLOW() which rounds up like ROUNDUP() but also
checks the result for overflow and returns true on overflow.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: bget_malloc.c: copy statistics using memcpy_unckecked()

When CFG_CORE_SANITIZE_KADDRESS=y, most OP-TEE files are built with
address sanitizer flags except bget_malloc.c. As a result, the m

libutils: bget_malloc.c: copy statistics using memcpy_unckecked()

When CFG_CORE_SANITIZE_KADDRESS=y, most OP-TEE files are built with
address sanitizer flags except bget_malloc.c. As a result, the memcpy()
function in memcpy.c is instrumented, whereas the malloc context
structure (malloc_ctx) in bget_malloc.c is not. This causes the
following panic:

$ xtest --stats --alloc

E/TC:0 0 Panic at core/kernel/asan.c:189 <check_access>
E/TC:0 0 Call stack:
E/TC:0 0 0x0e125c3d print_kernel_stack at optee_os/core/arch/arm/kernel/unwind_arm32.c:450
E/TC:0 0 0x0e13fcfb __do_panic at optee_os/core/kernel/panic.c:32 (discriminator 1)
E/TC:0 0 0x0e13e099 check_access at optee_os/core/kernel/asan.c:187 (discriminator 2)
E/TC:0 0 0x0e13e10f check_load at optee_os/core/kernel/asan.c:199
E/TC:0 0 0x0e13e187 __asan_load4_noabort at optee_os/core/kernel/asan.c:231
E/TC:0 0 0x0e185d15 memcpy at optee_os/lib/libutils/isoc/newlib/memcpy.c:112
E/TC:0 0 0x0e184a3f gen_malloc_get_stats at optee_os/lib/libutils/isoc/bget_malloc.c:234
[...]

Introduce memcpy_unchecked() (which evaluates to asan_memcpy_unchecked()
when ASAN is enabled and memcpy() otherwise) to fix the issue.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ftrace: exclude only foreign interrupt time

Current TA function execution time feature only reports user mode
execution time and exclude any non-user mode execution time. But in
case of syscalls whi

ftrace: exclude only foreign interrupt time

Current TA function execution time feature only reports user mode
execution time and exclude any non-user mode execution time. But in
case of syscalls which are essentially function invocations from TA
into the kernel, we shouldn't exclude syscall execution time in order
to account for actual function execution time. That means we only
exclude time that is spent serving foreign interrupts.

So changes in this patch allows to incorporate syscall execution time
in the function graph output.

Fixes: f5df167c2ffb ("ftrace: Add function execution time support")
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

hikey960: add ASAN shadow offset for 32-bit build

Adds the proper CFG_ASAN_SHADOW_OFFSET value for HiKey960 in 32-bit
mode. This allows to run with the kernel address sanitizer enabled
(CFG_CORE_SAN

hikey960: add ASAN shadow offset for 32-bit build

Adds the proper CFG_ASAN_SHADOW_OFFSET value for HiKey960 in 32-bit
mode. This allows to run with the kernel address sanitizer enabled
(CFG_CORE_SANITIZE_KADDRESS=y).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: don't use __bss and __data attributes

Manual placement in .data or .bss section breaks GCC Address
Sanitizer, because it refuses to track variables, that are stored in
user sections. Even if t

core: don't use __bss and __data attributes

Manual placement in .data or .bss section breaks GCC Address
Sanitizer, because it refuses to track variables, that are stored in
user sections. Even if those sections are actually not user-defined,
but generic .bss and .data.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey960, ASAN)
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, GP, ASAN)

show more ...

ftrace: allow display of larger durations

Currently the ftrace buffer shows durations in microseconds and modulo
1000000 us. It is problematic if values larger than one second are
measured.

This pa

ftrace: allow display of larger durations

Currently the ftrace buffer shows durations in microseconds and modulo
1000000 us. It is problematic if values larger than one second are
measured.

This patch makes sure that no invalid value is ever displayed when an
overflow occurs. Instead, the trace will contain dashes, such as
"--------- us".

In addition, the unit is changed from microseconds (us) to milliseconds
(ms) when the duration exceeds a predefined value set by CFG_FTRACE_US_MS
(default: 10000 us).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

ftrace: allow tracing of syscall wrappers only

Introduces a new configuration flag: CFG_SYSCALL_WRAPPERS_MCOUNT to
control the instrumentation of the system call wrapper functions
(utee_*) with -pg,

ftrace: allow tracing of syscall wrappers only

Introduces a new configuration flag: CFG_SYSCALL_WRAPPERS_MCOUNT to
control the instrumentation of the system call wrapper functions
(utee_*) with -pg, for function tracing and gprof.
The default value is taken from CFG_ULIBS_MCOUNT.
The main use case is to trace only the system calls in a TA:
CFG_TA_FTRACE_SUPPORT=y CFG_SYSCALL_WRAPPERS_MCOUNT=y

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

get_maintainer.py: fix spelling mistake

OSError is spelled incorrectly, causing the following error:

$ ./scripts/get_maintainer.py core/arch/arm/plat-imx/
Traceback (most recent call last):
Fi

get_maintainer.py: fix spelling mistake

OSError is spelled incorrectly, causing the following error:

$ ./scripts/get_maintainer.py core/arch/arm/plat-imx/
Traceback (most recent call last):
File "./scripts/get_maintainer.py", line 102, in split_patchset
f = open(patchset, "r")
IsADirectoryError: [Errno 21] Is a directory: 'core/arch/arm/plat-imx/'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "./scripts/get_maintainer.py", line 292, in <module>
main()
File "./scripts/get_maintainer.py", line 242, in main
patches = split_patchset(arg)
File "./scripts/get_maintainer.py", line 103, in split_patchset
except OsError:
NameError: name 'OsError' is not defined

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: add mx6dapalis/mx6qapalis platform flavor

Add Toradex Apalis iMX6D and iMX6Q (1GB module variant) platform
flavors.

CFG_DDR_SIZE needs to be manually set by the user (e.g. 0x80000000)
if

core: imx: add mx6dapalis/mx6qapalis platform flavor

Add Toradex Apalis iMX6D and iMX6Q (1GB module variant) platform
flavors.

CFG_DDR_SIZE needs to be manually set by the user (e.g. 0x80000000)
if using the 2GB module variants.

Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: imx: add support for i.MX 8MN

Add support for i.MX 8MN.
Add board flavor:
* imx8mnevk

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@lin

core: imx: add support for i.MX 8MN

Add support for i.MX 8MN.
Add board flavor:
* imx8mnevk

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

show more ...

core: imx: add support for i.MX 8QM

Add support for i.MX 8QM.
Add board flavors:
* imx8qmmek

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Signed-off-by: Clement Faure <clement.faure@n

core: imx: add support for i.MX 8QM

Add support for i.MX 8QM.
Add board flavors:
* imx8qmmek

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

show more ...

core: imx: add support for i.MX 8QxP

Add support for i.MX 8QxP
Add board flavors:
* imx8qxpmek

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Signed-off-by: Alessandro Di Chiara <alessa

core: imx: add support for i.MX 8QxP

Add support for i.MX 8QxP
Add board flavors:
* imx8qxpmek

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Signed-off-by: Alessandro Di Chiara <alessandro.dichiara@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

show more ...

core: imx: allow to boot without console

Allow imx SoCs to boot without console when CONSOLE_UART_BASE is not
defined.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Foris

core: imx: allow to boot without console

Allow imx SoCs to boot without console when CONSOLE_UART_BASE is not
defined.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

show more ...

core: imx: add device tree support for uart

Allow driver to read device tree to enable uart.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@lin

core: imx: add device tree support for uart

Allow driver to read device tree to enable uart.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

show more ...

build: do not use -Wp with the preprocessor and use -o instead of a redirection

This patch cleans up the command line where we use the C preprocessor
to better reflect the documented usage in the GC

build: do not use -Wp with the preprocessor and use -o instead of a redirection

This patch cleans up the command line where we use the C preprocessor
to better reflect the documented usage in the GCC man page, thus
preparing for Clang support.

1. When invoking the C preprocessor, there is no need for -Wp to pass
arguments, so remove it.

2. -MD is not supposed to take a file name when passed to cpp. The
dependency output file name is overridden with -MF.

3. Lastly, it is better to use -o to specify the output file instead
of redirecting standard output, because if an error occurs during
preprocessing we don't want the output file to be created.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add missing arch_extension to thread assembly

Compilation with newer gcc versions fails:

core/arch/arm/kernel/thread_optee_smc_a32.S: Assembler messages:
core/arch/arm/kernel/thread_optee_smc

core: add missing arch_extension to thread assembly

Compilation with newer gcc versions fails:

core/arch/arm/kernel/thread_optee_smc_a32.S: Assembler messages:
core/arch/arm/kernel/thread_optee_smc_a32.S:29: Error: selected processor does not support `smc #0' in ARM mode

add the required .arch_extension sec to the recently added assembly
file.

Fixes: 2786f1438fc8 ("core: thread: separate old SMC interface handling")
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

MAINTAINERS: add Github handles for teams

The reviewers/maintainers for some subsystem may be reached on Github
using special team handles. Add them to MAINTAINERS.

Signed-off-by: Jerome Forissier

MAINTAINERS: add Github handles for teams

The reviewers/maintainers for some subsystem may be reached on Github
using special team handles. Add them to MAINTAINERS.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...