core: asan: provide asan_memset_unchecked()

Provides asan_memset_unchecked() which does a memset that isn't checked
against the tagging in the ASAN shadow area. If ASAN isn't enabled it's
replaced b

core: asan: provide asan_memset_unchecked()

Provides asan_memset_unchecked() which does a memset that isn't checked
against the tagging in the ASAN shadow area. If ASAN isn't enabled it's
replaced by a direct call to memset().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: add .shippable.yml

Add a configuration file for the Shippable continuous integration tool
[1]. This file performs the same steps as the current Travis file
(.travis.yml), but it is faster and si

ci: add .shippable.yml

Add a configuration file for the Shippable continuous integration tool
[1]. This file performs the same steps as the current Travis file
(.travis.yml), but it is faster and simpler. Another advantage is, the
timeout is 1 hour compared to 50 minutes for Travis. All in all, this
could be a good fix for the issues we have with Travis being too slow
to properly check our pull requests.

This was tested on a private fork of optee_os, and it worked well for
verifying pushes to private branches as well as pull requests. A full
build takes about 20-25 minutes, that is including the builds for all
targets plus the xtest run in QEMU (with a fully populated cache).

One reason for Shippable being faster is that a custom Docker container
image is used, namely: jforissier/optee_os_ci on Docker Hub [2].
It is Ununtu 17.04 plus the packages required to build OP-TEE and run
the QEMU regression tests. Therefore, there is no lengthy preparation
step, such as building tools that are missing in the images provided by
Travis. Docker images are cached by Shippable, so our own rarely needs
to be fetched (which takes roughly 5 minutes).

Another reason for the good speed is that we use ccache for everything.
With a warm cache, each platform is built in no more than 5-6 seconds,
and this speedup is not offset by the longer time it takes to persist
a bigger cache file (contrary to what I observed with Travis).

Since caching works so well I also decided to cache the whole QEMU
environment (repo-based tree), so that the repo init + repo sync steps
are usually quite fast (45 seconds).

Lastly, switching GitHub from Travis to Shippable is very easy, so we
may consider doing so in the short term.

Links: [1] https://shippable.com
Links: [2] https://hub.docker.com/r/jforissier/optee_os_ci
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pager: fix compile error

Fixes compile error by replacing TEE_TEXT_VA_ADDR with TEE_TEXT_VA_START

Fixes: 6a815afa1623 ("core: introduce TEE_RAM_VA_START and TEE_TEXT_VA_START")
Reviewed-by: E

core: pager: fix compile error

Fixes compile error by replacing TEE_TEXT_VA_ADDR with TEE_TEXT_VA_START

Fixes: 6a815afa1623 ("core: introduce TEE_RAM_VA_START and TEE_TEXT_VA_START")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU virt pager)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: fix assembly macro mov_imm

The assembly macro mov_imm incorrectly uses the "mov" instruction to
load 16 bits of immediate data. This patch fixes the macro to use the
"movw" instruction

core: arm32: fix assembly macro mov_imm

The assembly macro mov_imm incorrectly uses the "mov" instruction to
load 16 bits of immediate data. This patch fixes the macro to use the
"movw" instruction instead.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce TEE_RAM_VA_START and TEE_TEXT_VA_START

The currently OP-TEE implementation depends on the identity mapping, and
the CFG_TEE_RAM_START and CFG_TEE_LOAD_ADDR are used as both physic an

core: introduce TEE_RAM_VA_START and TEE_TEXT_VA_START

The currently OP-TEE implementation depends on the identity mapping, and
the CFG_TEE_RAM_START and CFG_TEE_LOAD_ADDR are used as both physic and
virtual address which is not extensible.
This patch introduce the virtual address of these two marcos and as a
base of non-identity mapping.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Zeng Tao <prime.zeng@hisilicon.com>

show more ...

core: REE FS: bugfix error path

Fixes problem in put_dirh_primitive() when another concurrent has
detected an error and thus closed ree_fs_dirh as a part of error
recovery.

Acked-by: Jerome Forissi

core: REE FS: bugfix error path

Fixes problem in put_dirh_primitive() when another concurrent has
detected an error and thus closed ree_fs_dirh as a part of error
recovery.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jianhui Li <airbak.li@hisilicon.com> (hi3798cv200)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU v8)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm timers: add read/write functions for counter PL1 control register

Can be used for enabling user access to both Physical/Virtual counter
registers. Example of usage:

uint32_t cntkctl;
cntkctl =

arm timers: add read/write functions for counter PL1 control register

Can be used for enabling user access to both Physical/Virtual counter
registers. Example of usage:

uint32_t cntkctl;
cntkctl = read_cntkctl();
cntkctl |= CNTKCTL_PL0VCTEN;
write_cntkctl(cntkctl);

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>

show more ...

Update link rules for User TA

Let's use --start-group / --end-group to allow all libraries added by the
user to use any symbols provided by optee-os lib without having to add that
library again.

Fo

Update link rules for User TA

Let's use --start-group / --end-group to allow all libraries added by the
user to use any symbols provided by optee-os lib without having to add that
library again.

For example, if one provides its own library libexample.a that use
strcmp(), which is provided by libutils.a, and he want to compile its TA
with libexample.a, he'll add

libdirs += ...
libnames += example

in his TA Makefile

But the linker will not find strcmp() symbol unless he adds utils lib
explicitly:
libnames += utils example
even if it is already specified in ta_dev_kit.mk because the order matter,
unless it uses -start-group / --end-group

Signed-off-by: Pierre Peiffer <ppeiffer@invensense.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jerome.forissier@linaro.org: wrap line in commit description]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm32: remove extra 'x' in core stack dump

Commit 6693786dda1a ("core: make panic call stack consistent with abort
call stack") has mistakenly introduced an extra 'x' in the TEE core
stack dum

core: arm32: remove extra 'x' in core stack dump

Commit 6693786dda1a ("core: make panic call stack consistent with abort
call stack") has mistakenly introduced an extra 'x' in the TEE core
stack dumps. Remove it.

Fixes: 6693786dda1a ("core: make panic call stack consistent with abort call stack")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

scripts/symbolize.py: get binary architecture from ELF file

Instead of making a fragile assumption, that we have a 64-bit TEE core
if we encounter 64-bit registers in the dump, read the architecture

scripts/symbolize.py: get binary architecture from ELF file

Instead of making a fragile assumption, that we have a 64-bit TEE core
if we encounter 64-bit registers in the dump, read the architecture
from the ELF file itself. This allows to correctly parse 32- and 64-bit
TEE core call stacks without any context but the string "Call stack:"
at the beginning. Therefore, the helper script can now be used on core
panics.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: make panic call stack consistent with abort call stack

The call stack is formatted differently when the TEE code panics vs.
when it receives an abort exception. The unfortunate consequence is,

core: make panic call stack consistent with abort call stack

The call stack is formatted differently when the TEE code panics vs.
when it receives an abort exception. The unfortunate consequence is,
the symbolize.py helper script cannot be used to troubleshoot panics.

Fix the issue by introducing common functions to format the call stack:
print_call_stack_arm32() and print_call_stack_arm64(), and by using
them in the panic and abort paths.

Suggested-by: Zeng Tao <prime.zeng@hisilicon.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: fix print_kernel_stack()

print_kernel_stack() can only print the upmost address in the call
stack, because the unwind_stack_arm64() function is passed 0 for stack
and stack_size.

Use t

core: arm64: fix print_kernel_stack()

print_kernel_stack() can only print the upmost address in the call
stack, because the unwind_stack_arm64() function is passed 0 for stack
and stack_size.

Use the correct values, so that we can get complete stack dumps (when
panic() is called for instance).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-ls: Add support for armv8 platform flavours

Added support for armv8 platform flavours as follows:
- PLATFORM = ls-ls1043ardb
- PLATFORM = ls-ls1046ardb

Signed-off-by: Sumit Garg <sumit.garg@nx

plat-ls: Add support for armv8 platform flavours

Added support for armv8 platform flavours as follows:
- PLATFORM = ls-ls1043ardb
- PLATFORM = ls-ls1046ardb

Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

scripts/symbolize.py: accept -d <ELF_file> in addition to -d <dir>

The -d option of symbolize.py normally expects one or more directories,
where the script will look for ELF files (TEE or TA, depend

scripts/symbolize.py: accept -d <ELF_file> in addition to -d <dir>

The -d option of symbolize.py normally expects one or more directories,
where the script will look for ELF files (TEE or TA, depending on the
input dump). For convenience, let's also accept paths to the actual ELF
files. Previously, the script would just ignore file arguments and
silently fail to resolve stack traces.

Reported-by: Lijianhui <airbak.li@hisilicon.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>

show more ...

core: bugfix core_mmu_user_mapping_is_active()

Fixes race in both v7 and lpae versions of
core_mmu_user_mapping_is_active() by temporarily disabling interrupts.

Reviewed-by: Etienne Carriere <etien

core: bugfix core_mmu_user_mapping_is_active()

Fixes race in both v7 and lpae versions of
core_mmu_user_mapping_is_active() by temporarily disabling interrupts.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU v8)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

README.md: fix URLs to HiKey and HiKey960

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

libutee: printf() fix: remove newline added by mistake

puts() was recently modified [1] to always add a trailing newline (\n).
This change has broken printf() which uses puts() internally.

Fix the

libutee: printf() fix: remove newline added by mistake

puts() was recently modified [1] to always add a trailing newline (\n).
This change has broken printf() which uses puts() internally.

Fix the issue by calling trace_ext_puts() instead.

Fixes: 6246cc9d957c ("libutee: puts(): add trailing newline")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mk: report an error when the CFG_ARM64{32}_core both missing

When the CFG_ARM64_core and CFG_ARM32_core are both missing defined by
the platform, it will raise unexpected compile errors. In this pat

mk: report an error when the CFG_ARM64{32}_core both missing

When the CFG_ARM64_core and CFG_ARM32_core are both missing defined by
the platform, it will raise unexpected compile errors. In this patch,
report an compile error when neither the CFG_ARM64_core nor
CFG_ARM32_core is defined.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Zeng Tao <prime.zeng@hisilicon.com>

show more ...

Fix FIQ mask for the native interrupt handler for arm32

In Arm aarch32 mode, FIQ is not masked by hardware in IRQ mode.
For GICv2, IRQ is for foreign interrupt and already masked by hardware
in FIQ

Fix FIQ mask for the native interrupt handler for arm32

In Arm aarch32 mode, FIQ is not masked by hardware in IRQ mode.
For GICv2, IRQ is for foreign interrupt and already masked by hardware
in FIQ mode which is used for native interrupt.
For GICv3, FIQ is for foreign interrupt. It's not masked by hardware in
IRQ mode which is used for natvie interrupt. We need to mask it explicitly.

Signed-off-by: David Wang <david.wang@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Disable IRQ and FIQ in IRQ/ABT/SVC/UND thread handlers for arm32

Disable native and foreign interrupts in thread handlers for arm32.
The tee handlers can decide when the native interrupts can be ena

Disable IRQ and FIQ in IRQ/ABT/SVC/UND thread handlers for arm32

Disable native and foreign interrupts in thread handlers for arm32.
The tee handlers can decide when the native interrupts can be enabled.

Signed-off-by: David Wang <david.wang@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts/symbolize.py: try to resolve abort address to symbol/section[+offset]

Use nm and objdump to find the symbol and ELF section that match the
address reported in the the abort line. This can he

scripts/symbolize.py: try to resolve abort address to symbol/section[+offset]

Use nm and objdump to find the symbol and ELF section that match the
address reported in the the abort line. This can help debug writes to
read-only data or unaligned accesses to global data, for example.

If the address can be resolved to a symbol plus some offset and/or a
section plus some offset, the abort line is printed again just before
the call stack with the symbolic information added. Not that the
translation cannot be done immediately when the abort line is seen
because at this point we don't know the architecture, and we don't have
the load address of the TA.

Here is an example (the line added by this patch is marked with >>):

User TA data-abort at address 0x1314d0 (write permission fault)
fsr 0x0000080f ttbr0 0x0e07a06a ttbr1 0x0e07406a cidr 0x1
cpu #0 cpsr 0x60000030
r0 0x00000001 r4 0x00102780 r8 0x00000000 r12 0xb736e358
r1 0x00102724 r5 0x00121e4f r9 0x00000000 sp 0x001026e0
r2 0x00000001 r6 0x001026dc r10 0x00000000 lr 0x00105cf1
r3 0x001314d0 r7 0x001026e0 r11 0x00000000 pc 0x00105790
Status of TA 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b (0xe073b70) (active)
arch: arm load address: 0x103000 ctx-idr: 1
stack: 0x100000 10240
region 0: va 0x100000 pa 0xe21e000 size 0x3000
region 1: va 0x103000 pa 0xe100000 size 0x2e000
region 2: va 0x131000 pa 0xe12e000 size 0xa000
region 3: va 0x13b000 pa 0xe138000 size 0xe6000
region 4: va 0 pa 0 size 0
region 5: va 0 pa 0 size 0
region 6: va 0 pa 0 size 0
region 7: va 0 pa 0 size 0
>> User TA data-abort at address 0x1314d0 const_val+4 .rodata+4452 (write permission fault)
Call stack:
0x00105790 ta_entry_bad_mem_access at optee_test/ta/os_test/os_test.c:917
0x00105cf1 TA_InvokeCommandEntryPoint at optee_test/ta/os_test/ta_entry.c:101
0x00121e33 entry_invoke_command at optee_os/lib/libutee/arch/arm/user_ta_entry.c:207
0x00121e8f __utee_entry at optee_os/lib/libutee/arch/arm/user_ta_entry.c:235

The test TA does the following:

const int const_val[3] = { 1, };
/* ... */
((int *)const_val)[1] = 2;

Suggested-by: Zeng Tao <prime.zeng@hisilicon.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>

show more ...

scripts/symbolize.py: use base-16 when converting hex strings

When converting a hex string formatted as '0x<hex>', a value of 0 may
be given for base and Python will automatically assume a base-16
l

scripts/symbolize.py: use base-16 when converting hex strings

When converting a hex string formatted as '0x<hex>', a value of 0 may
be given for base and Python will automatically assume a base-16
literal. However, since we're always dealing with hex strings (with or
without a 0x prefix), it is more convenient to specify base-16
everywhere.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>

show more ...

plat-sam: Add support for Atmel-Microchip SAMA5D2-XULT board

Add basic support to get op-tee to run on SAMA5D2-XULT board.

The SoC is based on single core ARM Cortex-A5 and supports:
ARM TrustZone

plat-sam: Add support for Atmel-Microchip SAMA5D2-XULT board

Add basic support to get op-tee to run on SAMA5D2-XULT board.

The SoC is based on single core ARM Cortex-A5 and supports:
ARM TrustZone with support for configuring memory/peripherals as secure
Secure RTC
Secure boot
On-the-fly encryption/decryption of DDR bus
Tamper protection

Link: http://www.atmel.com/Images/Atmel-11267-32-bit-Cortex-A5-Microcontroller-SAMA5D2_Datasheet.pdf
Signed-off-by: Akshay Bhat <akshay.bhat@timesys.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

arm: pl310: Support processors without SCU

Not all processors might have a SCU unit. So conditionally include code
that configures SCU.

Signed-off-by: Akshay Bhat <akshay.bhat@timesys.com>
Acked-by

arm: pl310: Support processors without SCU

Not all processors might have a SCU unit. So conditionally include code
that configures SCU.

Signed-off-by: Akshay Bhat <akshay.bhat@timesys.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: plat-hikey: increase CFG_TEE_RAM_VA_SIZE

Increases CFG_TEE_RAM_VA_SIZE to 2 MiB for the plat-hikey platform.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander

core: plat-hikey: increase CFG_TEE_RAM_VA_SIZE

Increases CFG_TEE_RAM_VA_SIZE to 2 MiB for the plat-hikey platform.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...