diff options
Diffstat (limited to 'core')
36 files changed, 181 insertions, 179 deletions
diff --git a/core/arch/arm/include/kernel/tz_ssvce.h b/core/arch/arm/include/kernel/tz_ssvce.h index 170d8e81..a886f9dc 100644 --- a/core/arch/arm/include/kernel/tz_ssvce.h +++ b/core/arch/arm/include/kernel/tz_ssvce.h @@ -29,6 +29,9 @@ #define TZ_SSVCE_H #ifndef ASM + +#include <types_ext.h> + unsigned int secure_get_cpu_id(void); void arm_cl1_d_cleanbysetway(void); diff --git a/core/arch/arm/include/mm/core_memprot.h b/core/arch/arm/include/mm/core_memprot.h index 97abdcb7..c32f626c 100644 --- a/core/arch/arm/include/mm/core_memprot.h +++ b/core/arch/arm/include/mm/core_memprot.h @@ -28,9 +28,8 @@ #ifndef CORE_MEMPROT_H #define CORE_MEMPROT_H -#include <types_ext.h> -#include <kernel/tee_common_unpg.h> #include <mm/core_mmu.h> +#include <types_ext.h> /* * "pbuf_is" support. diff --git a/core/arch/arm/include/mm/core_mmu.h b/core/arch/arm/include/mm/core_mmu.h index 09efcf97..afeb5fb4 100644 --- a/core/arch/arm/include/mm/core_mmu.h +++ b/core/arch/arm/include/mm/core_mmu.h @@ -28,13 +28,10 @@ #ifndef CORE_MMU_H #define CORE_MMU_H -#include <kernel/tee_common_unpg.h> #include <kernel/user_ta.h> #include <mm/tee_mmu_types.h> #include <types_ext.h> -#include <assert.h> - /* A small page is the smallest unit of memory that can be mapped */ #define SMALL_PAGE_SHIFT 12 #define SMALL_PAGE_MASK 0x00000fff diff --git a/core/arch/arm/include/tee/arch_svc.h b/core/arch/arm/include/tee/arch_svc.h index 9b181aec..18488651 100644 --- a/core/arch/arm/include/tee/arch_svc.h +++ b/core/arch/arm/include/tee/arch_svc.h @@ -27,8 +27,6 @@ #ifndef TEE_ARCH_SVC_H #define TEE_ARCH_SVC_H -#include <kernel/tee_common_unpg.h> - struct thread_svc_regs; void tee_svc_handler(struct thread_svc_regs *regs); diff --git a/core/arch/arm/kernel/abort.c b/core/arch/arm/kernel/abort.c index 9b9ea8ba..16f0b12c 100644 --- a/core/arch/arm/kernel/abort.c +++ b/core/arch/arm/kernel/abort.c @@ -336,11 +336,9 @@ static void handle_user_ta_panic(struct abort_info *ai) #ifdef CFG_WITH_VFP static void handle_user_ta_vfp(void) { - TEE_Result res; struct tee_ta_session *s; - res = tee_ta_get_current_session(&s); - if (res != TEE_SUCCESS) + if (tee_ta_get_current_session(&s) != TEE_SUCCESS) panic(); thread_user_enable_vfp(&to_user_ta_ctx(s->ctx)->vfp); diff --git a/core/arch/arm/kernel/generic_boot.c b/core/arch/arm/kernel/generic_boot.c index f5d1cd30..9824ad4b 100644 --- a/core/arch/arm/kernel/generic_boot.c +++ b/core/arch/arm/kernel/generic_boot.c @@ -247,7 +247,7 @@ static void init_runtime(unsigned long pageable_part) res = hash_sha256_check(hash, page, SMALL_PAGE_SIZE); if (res != TEE_SUCCESS) { EMSG("Hash failed for page %zu at %p: res 0x%x", - n, page, res); + n, page, res); panic(); } } diff --git a/core/arch/arm/kernel/mutex.c b/core/arch/arm/kernel/mutex.c index aa84f5f1..0c828fa9 100644 --- a/core/arch/arm/kernel/mutex.c +++ b/core/arch/arm/kernel/mutex.c @@ -24,10 +24,11 @@ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ + #include <kernel/mutex.h> +#include <kernel/panic.h> #include <kernel/tz_proc.h> #include <kernel/thread.h> -#include <kernel/tee_common_unpg.h> #include <trace.h> void mutex_init(struct mutex *m) @@ -83,7 +84,9 @@ static void __mutex_unlock(struct mutex *m, const char *fname, int lineno) old_itr_status = thread_mask_exceptions(THREAD_EXCP_ALL); cpu_spin_lock(&m->spin_lock); - TEE_ASSERT(m->value == MUTEX_VALUE_LOCKED); + if (m->value != MUTEX_VALUE_LOCKED) + panic(); + thread_rem_mutex(m); m->value = MUTEX_VALUE_UNLOCKED; @@ -154,8 +157,10 @@ void mutex_destroy(struct mutex *m) * Caller guarantees that no one will try to take the mutex so * there's no need to take the spinlock before accessing it. */ - TEE_ASSERT(m->value == MUTEX_VALUE_UNLOCKED); - TEE_ASSERT(wq_is_empty(&m->wq)); + if (m->value != MUTEX_VALUE_UNLOCKED) + panic(); + if (!wq_is_empty(&m->wq)) + panic(); } void condvar_init(struct condvar *cv) @@ -165,8 +170,9 @@ void condvar_init(struct condvar *cv) void condvar_destroy(struct condvar *cv) { - if (cv->m) - TEE_ASSERT(!wq_have_condvar(&cv->m->wq, cv)); + if (cv->m && wq_have_condvar(&cv->m->wq, cv)) + panic(); + condvar_init(cv); } @@ -220,7 +226,8 @@ static void __condvar_wait(struct condvar *cv, struct mutex *m, /* Link this condvar to this mutex until reinitialized */ cpu_spin_lock(&cv->spin_lock); - TEE_ASSERT(!cv->m || cv->m == m); + if (cv->m && cv->m != m) + panic(); cv->m = m; cpu_spin_unlock(&cv->spin_lock); @@ -230,7 +237,9 @@ static void __condvar_wait(struct condvar *cv, struct mutex *m, wq_wait_init_condvar(&m->wq, &wqe, cv); /* Unlock the mutex */ - TEE_ASSERT(m->value == MUTEX_VALUE_LOCKED); + if (m->value != MUTEX_VALUE_LOCKED) + panic(); + thread_rem_mutex(m); m->value = MUTEX_VALUE_UNLOCKED; diff --git a/core/arch/arm/kernel/user_ta.c b/core/arch/arm/kernel/user_ta.c index c3b2a616..b1f1c2d2 100644 --- a/core/arch/arm/kernel/user_ta.c +++ b/core/arch/arm/kernel/user_ta.c @@ -26,10 +26,12 @@ * POSSIBILITY OF SUCH DAMAGE. */ +#include <assert.h> #include <compiler.h> #include <keep.h> #include <types_ext.h> #include <stdlib.h> +#include <kernel/panic.h> #include <kernel/tee_ta_manager.h> #include <kernel/thread.h> #include <kernel/user_ta.h> @@ -488,7 +490,8 @@ static TEE_Result user_ta_enter(TEE_ErrorOrigin *err, TEE_ErrorOrigin serr = TEE_ORIGIN_TEE; struct tee_ta_session *s __maybe_unused; - TEE_ASSERT((utc->ctx.flags & TA_FLAG_EXEC_DDR) != 0); + if (!(utc->ctx.flags & TA_FLAG_EXEC_DDR)) + panic(); /* Map user space memory */ res = tee_mmu_map_param(utc, param); diff --git a/core/arch/arm/mm/core_mmu.c b/core/arch/arm/mm/core_mmu.c index 7d85ca02..9385f588 100644 --- a/core/arch/arm/mm/core_mmu.c +++ b/core/arch/arm/mm/core_mmu.c @@ -33,26 +33,27 @@ */ #include <platform_config.h> -#include <stdlib.h> +#include <arm.h> #include <assert.h> #include <kernel/tz_proc.h> #include <kernel/tz_ssvce.h> +#include <kernel/panic.h> +#include <kernel/tee_misc.h> +#include <kernel/tee_ta_manager.h> +#include <kernel/thread.h> +#include <kernel/tz_ssvce_pl310.h> +#include <mm/core_memprot.h> #include <mm/core_mmu.h> +#include <mm/pgt_cache.h> #include <mm/tee_mmu.h> #include <mm/tee_mmu_defs.h> -#include <mm/core_memprot.h> -#include <mm/pgt_cache.h> #include <mm/tee_pager.h> +#include <stdlib.h> #include <trace.h> -#include <kernel/tee_misc.h> -#include <kernel/panic.h> -#include <kernel/tee_ta_manager.h> #include <util.h> -#include "core_mmu_private.h" -#include <kernel/tz_ssvce_pl310.h> #include <kernel/tee_l2cc_mutex.h> -#include <kernel/thread.h> -#include <arm.h> + +#include "core_mmu_private.h" #define MAX_MMAP_REGIONS 10 #define RES_VASPACE_SIZE (CORE_MMU_PGDIR_SIZE * 10) @@ -946,21 +947,23 @@ static void check_pa_matches_va(void *va, paddr_t pa) core_mmu_get_user_va_range(&user_va_base, &user_va_size); if (v >= user_va_base && v <= (user_va_base - 1 + user_va_size)) { if (!core_mmu_user_mapping_is_active()) { - TEE_ASSERT(pa == 0); + if (pa) + panic(); return; } res = tee_mmu_user_va2pa_helper( to_user_ta_ctx(tee_mmu_get_ctx()), va, &p); - if (res == TEE_SUCCESS) - TEE_ASSERT(pa == p); - else - TEE_ASSERT(pa == 0); + if (res == TEE_SUCCESS && pa != p) + panic(); + if (res != TEE_SUCCESS && pa) + panic(); return; } #ifdef CFG_WITH_PAGER if (v >= CFG_TEE_LOAD_ADDR && v < core_mmu_linear_map_end) { - TEE_ASSERT(v == pa); + if (v != pa) + panic(); return; } if (v >= (CFG_TEE_LOAD_ADDR & ~CORE_MMU_PGDIR_MASK) && @@ -979,16 +982,21 @@ static void check_pa_matches_va(void *va, paddr_t pa) paddr_t mask = ((1 << ti->shift) - 1); p |= v & mask; - TEE_ASSERT(pa == p); + if (pa != p) + panic(); } else - TEE_ASSERT(pa == 0); + if (pa) + panic(); return; } #endif - if (!core_va2pa_helper(va, &p)) - TEE_ASSERT(pa == p); - else - TEE_ASSERT(pa == 0); + if (!core_va2pa_helper(va, &p)) { + if (pa != p) + panic(); + } else { + if (pa) + panic(); + } } #else static void check_pa_matches_va(void *va __unused, paddr_t pa __unused) @@ -1009,7 +1017,8 @@ paddr_t virt_to_phys(void *va) #if defined(CFG_TEE_CORE_DEBUG) && CFG_TEE_CORE_DEBUG != 0 static void check_va_matches_pa(paddr_t pa, void *va) { - TEE_ASSERT(!va || virt_to_phys(va) == pa); + if (va && virt_to_phys(va) != pa) + panic(); } #else static void check_va_matches_pa(paddr_t pa __unused, void *va __unused) diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c index 842ec73f..7912efac 100644 --- a/core/arch/arm/mm/core_mmu_lpae.c +++ b/core/arch/arm/mm/core_mmu_lpae.c @@ -392,7 +392,8 @@ static struct tee_mmap_region *init_xlation_table(struct tee_mmap_region *mm, /* Area not covered by a region so need finer table */ uint64_t *new_table = xlat_tables[next_xlat++]; /* Clear table before use */ - TEE_ASSERT(next_xlat <= MAX_XLAT_TABLES); + if (next_xlat > MAX_XLAT_TABLES) + panic(); memset(new_table, 0, XLAT_TABLE_SIZE); desc = TABLE_DESC | (uint64_t)(uintptr_t)new_table; @@ -450,8 +451,8 @@ void core_init_mmu_tables(struct tee_mmap_region *mm) debug_print(" %010" PRIxVA " %010" PRIxPA " %10zx %x", mm[n].va, mm[n].pa, mm[n].size, mm[n].attr); - TEE_ASSERT(IS_PAGE_ALIGNED(mm[n].pa)); - TEE_ASSERT(IS_PAGE_ALIGNED(mm[n].size)); + if (!IS_PAGE_ALIGNED(mm[n].pa) || !IS_PAGE_ALIGNED(mm[n].size)) + panic(); pa_end = mm[n].pa + mm[n].size - 1; va_end = mm[n].va + mm[n].size - 1; diff --git a/core/arch/arm/mm/core_mmu_v7.c b/core/arch/arm/mm/core_mmu_v7.c index ef3c21fe..7e3ab890 100644 --- a/core/arch/arm/mm/core_mmu_v7.c +++ b/core/arch/arm/mm/core_mmu_v7.c @@ -166,7 +166,8 @@ static paddr_t core_mmu_get_main_ttb_pa(void) /* Note that this depends on flat mapping of TEE Core */ paddr_t pa = (paddr_t)core_mmu_get_main_ttb_va(); - TEE_ASSERT(!(pa & ~TEE_MMU_TTB_L1_MASK)); + if (pa & ~TEE_MMU_TTB_L1_MASK) + panic(); return pa; } @@ -180,7 +181,8 @@ static paddr_t core_mmu_get_ul1_ttb_pa(void) /* Note that this depends on flat mapping of TEE Core */ paddr_t pa = (paddr_t)core_mmu_get_ul1_ttb_va(); - TEE_ASSERT(!(pa & ~TEE_MMU_TTB_UL1_MASK)); + if (pa & ~TEE_MMU_TTB_UL1_MASK) + panic(); return pa; } @@ -534,7 +536,8 @@ static paddr_t map_page_memarea(struct tee_mmap_region *mm) size_t pg_idx; uint32_t attr; - TEE_ASSERT(l2); + if (!l2) + panic(); attr = mattr_to_desc(2, mm->attr); @@ -588,11 +591,8 @@ static void map_memarea(struct tee_mmap_region *mm, uint32_t *ttb) * TODO: support mapping devices at a virtual address which isn't * the same as the physical address. */ - if (mm->va < (TEE_MMU_UL1_NUM_ENTRIES * SECTION_SIZE)) { - EMSG("va 0x%" PRIxVA " conflicts with user ta address!", - mm->va); + if (mm->va < (TEE_MMU_UL1_NUM_ENTRIES * SECTION_SIZE)) panic(); - } if ((mm->va | mm->pa | mm->size) & SECTION_MASK) { region_size = SMALL_PAGE_SIZE; @@ -601,11 +601,8 @@ static void map_memarea(struct tee_mmap_region *mm, uint32_t *ttb) * Need finer grained mapping, if small pages aren't * good enough, panic. */ - if ((mm->va | mm->pa | mm->size) & SMALL_PAGE_MASK) { - EMSG("va 0x%" PRIxVA " pa 0x%" PRIxPA " size 0x%x can't be mapped", - mm->va, mm->pa, mm->size); + if ((mm->va | mm->pa | mm->size) & SMALL_PAGE_MASK) panic(); - } attr = mattr_to_desc(1, mm->attr | TEE_MATTR_TABLE); pa = map_page_memarea(mm); diff --git a/core/arch/arm/mm/tee_mm.c b/core/arch/arm/mm/tee_mm.c index 35eb5b80..f200bab3 100644 --- a/core/arch/arm/mm/tee_mm.c +++ b/core/arch/arm/mm/tee_mm.c @@ -25,6 +25,7 @@ * POSSIBILITY OF SUCH DAMAGE. */ +#include <kernel/panic.h> #include <kernel/tee_common.h> #include <util.h> #include <trace.h> @@ -175,7 +176,8 @@ tee_mm_entry_t *tee_mm_alloc(tee_mm_pool_t *pool, uint32_t size) /* out of memory */ return NULL; } else { - TEE_ASSERT(pool->hi > pool->lo); + if (pool->hi <= pool->lo) + panic(); remaining = (pool->hi - pool->lo); remaining -= ((entry->offset + entry->size) << pool->shift); @@ -287,10 +289,8 @@ void tee_mm_free(tee_mm_entry_t *p) while (entry->next != NULL && entry->next != p) entry = entry->next; - if (entry->next == NULL) { - DMSG("invalid mm_entry %p", (void *)p); - TEE_ASSERT(0); - } + if (!entry->next) + panic(); entry->next = entry->next->next; free(p); diff --git a/core/arch/arm/mm/tee_mmu.c b/core/arch/arm/mm/tee_mmu.c index 0cb0d545..4cb0a923 100644 --- a/core/arch/arm/mm/tee_mmu.c +++ b/core/arch/arm/mm/tee_mmu.c @@ -620,7 +620,8 @@ uintptr_t tee_mmu_get_load_addr(const struct tee_ta_ctx *const ctx) const struct user_ta_ctx *utc = to_user_ta_ctx((void *)ctx); assert(utc->mmu && utc->mmu->table); - TEE_ASSERT(utc->mmu->size == TEE_MMU_UMAP_MAX_ENTRIES); + if (utc->mmu->size != TEE_MMU_UMAP_MAX_ENTRIES) + panic(); return utc->mmu->table[1].va; } @@ -636,16 +637,17 @@ void teecore_init_ta_ram(void) * shared mem allcated from teecore */ core_mmu_get_mem_by_type(MEM_AREA_TA_RAM, &s, &e); ps = virt_to_phys((void *)s); - TEE_ASSERT(ps); pe = virt_to_phys((void *)(e - 1)) + 1; - TEE_ASSERT(pe); - TEE_ASSERT((ps & (CORE_MMU_USER_CODE_SIZE - 1)) == 0); - TEE_ASSERT((pe & (CORE_MMU_USER_CODE_SIZE - 1)) == 0); + if (!ps || (ps & CORE_MMU_USER_CODE_MASK) || + !pe || (pe & CORE_MMU_USER_CODE_MASK)) + panic(); /* extra check: we could rely on core_mmu_get_mem_by_type() */ - TEE_ASSERT(tee_pbuf_is_sec(ps, pe - ps) == true); + if (!tee_pbuf_is_sec(ps, pe - ps)) + panic(); - TEE_ASSERT(tee_mm_is_empty(&tee_mm_sec_ddr)); + if (!tee_mm_is_empty(&tee_mm_sec_ddr)) + panic(); /* remove previous config and init TA ddr memory pool */ tee_mm_final(&tee_mm_sec_ddr); @@ -661,15 +663,15 @@ void teecore_init_pub_ram(void) /* get virtual addr/size of NSec shared mem allcated from teecore */ core_mmu_get_mem_by_type(MEM_AREA_NSEC_SHM, &s, &e); - TEE_ASSERT(s < e); - TEE_ASSERT((s & SMALL_PAGE_MASK) == 0); - TEE_ASSERT((e & SMALL_PAGE_MASK) == 0); + if (s >= e || s & SMALL_PAGE_MASK || e & SMALL_PAGE_MASK) + panic(); + /* extra check: we could rely on core_mmu_get_mem_by_type() */ - TEE_ASSERT(tee_vbuf_is_non_sec(s, e - s) == true); + if (!tee_vbuf_is_non_sec(s, e - s)) + panic(); #ifdef CFG_PL310 /* Allocate statically the l2cc mutex */ - TEE_ASSERT((e - s) > 0); tee_l2cc_store_mutex_boot_pa(s); s += sizeof(uint32_t); /* size of a pl310 mutex */ #endif @@ -683,7 +685,8 @@ uint32_t tee_mmu_user_get_cache_attr(struct user_ta_ctx *utc, void *va) paddr_t pa; uint32_t attr; - TEE_ASSERT(tee_mmu_user_va2pa_attr(utc, va, &pa, &attr) == TEE_SUCCESS); + if (tee_mmu_user_va2pa_attr(utc, va, &pa, &attr) != TEE_SUCCESS) + panic(); return (attr >> TEE_MATTR_CACHE_SHIFT) & TEE_MATTR_CACHE_MASK; } diff --git a/core/arch/arm/mm/tee_pager.c b/core/arch/arm/mm/tee_pager.c index 6758542b..ab236a8b 100644 --- a/core/arch/arm/mm/tee_pager.c +++ b/core/arch/arm/mm/tee_pager.c @@ -188,16 +188,13 @@ static void set_alias_area(tee_mm_entry_t *mm) DMSG("0x%" PRIxVA " - 0x%" PRIxVA, smem, smem + nbytes); - TEE_ASSERT(!pager_alias_area); - if (!ti->num_entries && !core_mmu_find_table(smem, UINT_MAX, ti)) { - DMSG("Can't find translation table"); + if (pager_alias_area) panic(); - } - if ((1 << ti->shift) != SMALL_PAGE_SIZE) { - DMSG("Unsupported page size in translation table %u", - 1 << ti->shift); + if (!ti->num_entries && !core_mmu_find_table(smem, UINT_MAX, ti)) + panic(); + + if ((1 << ti->shift) != SMALL_PAGE_SIZE) panic(); - } tbl_va_size = (1 << ti->shift) * ti->num_entries; if (!core_is_buffer_inside(smem, nbytes, @@ -207,8 +204,8 @@ static void set_alias_area(tee_mm_entry_t *mm) panic(); } - TEE_ASSERT(!(smem & SMALL_PAGE_MASK)); - TEE_ASSERT(!(nbytes & SMALL_PAGE_MASK)); + if (smem & SMALL_PAGE_MASK || nbytes & SMALL_PAGE_MASK) + panic(); pager_alias_area = mm; pager_alias_next_free = smem; @@ -225,10 +222,8 @@ static void set_alias_area(tee_mm_entry_t *mm) static void generate_ae_key(void) { - TEE_Result res; - - res = rng_generate(pager_ae_key, sizeof(pager_ae_key)); - TEE_ASSERT(res == TEE_SUCCESS); + if (rng_generate(pager_ae_key, sizeof(pager_ae_key)) != TEE_SUCCESS) + panic(); } void tee_pager_init(tee_mm_entry_t *mm_alias) @@ -247,7 +242,8 @@ static void *pager_add_alias_page(paddr_t pa) DMSG("0x%" PRIxPA, pa); - TEE_ASSERT(pager_alias_next_free && ti->num_entries); + if (!pager_alias_next_free || !ti->num_entries) + panic(); idx = core_mmu_va2idx(ti, pager_alias_next_free); core_mmu_set_entry(ti, idx, pa, attr); pager_alias_next_free += SMALL_PAGE_SIZE; @@ -319,16 +315,16 @@ bool tee_pager_add_core_area(vaddr_t base, size_t size, uint32_t flags, DMSG("0x%" PRIxPTR " - 0x%" PRIxPTR " : flags 0x%x, store %p, hashes %p", base, base + size, flags, store, hashes); - TEE_ASSERT(!(base & SMALL_PAGE_MASK) && - size && !(size & SMALL_PAGE_MASK)); + if (base & SMALL_PAGE_MASK || size & SMALL_PAGE_MASK || !size) { + EMSG("invalid pager area [%" PRIxVA " +0x%zx]", base, size); + panic(); + } - if (!(flags & TEE_MATTR_PW)) - TEE_ASSERT(store && hashes); - else if (flags & TEE_MATTR_PW) - TEE_ASSERT(!store && !hashes); - else + if (!(flags & TEE_MATTR_PW) && (!store || !hashes)) panic(); + if ((flags & TEE_MATTR_PW) && (store || hashes)) + panic(); tbl_va_size = (1 << ti->shift) * ti->num_entries; if (!core_is_buffer_inside(base, size, ti->va_base, tbl_va_size)) { @@ -402,7 +398,8 @@ static void encrypt_page(struct pager_rw_pstate *rwp, void *src, void *dst) iv.iv[2] = rwp->iv; if (!pager_aes_gcm_encrypt(pager_ae_key, sizeof(pager_ae_key), - &iv, rwp->tag, src, dst, SMALL_PAGE_SIZE)) + &iv, rwp->tag, + src, dst, SMALL_PAGE_SIZE)) panic(); } @@ -485,7 +482,8 @@ static bool tee_pager_unhide_page(vaddr_t page_va) uint32_t a = get_area_mattr(pmem->area); /* page is hidden, show and move to back */ - TEE_ASSERT(pa == get_pmem_pa(pmem)); + if (pa != get_pmem_pa(pmem)) + panic(); /* * If it's not a dirty block, then it should be * read only. @@ -613,7 +611,8 @@ static struct tee_pager_pmem *tee_pager_get_page(uint32_t next_area_flags) pmem->area = NULL; if (next_area_flags & TEE_MATTR_LOCKED) { /* Move page to lock list */ - TEE_ASSERT(tee_pager_npages > 0); + if (tee_pager_npages <= 0) + panic(); tee_pager_npages--; set_npages(); TAILQ_INSERT_TAIL(&tee_pager_lock_pmem_head, pmem, link); @@ -832,10 +831,8 @@ void tee_pager_add_pages(vaddr_t vaddr, size_t npages, bool unmap) continue; pmem = malloc(sizeof(struct tee_pager_pmem)); - if (pmem == NULL) { - EMSG("Can't allocate memory"); + if (!pmem) panic(); - } pmem->va_alias = pager_add_alias_page(pa); diff --git a/core/arch/arm/plat-sprd/main.c b/core/arch/arm/plat-sprd/main.c index 4e6beb3d..bf3a62d3 100644 --- a/core/arch/arm/plat-sprd/main.c +++ b/core/arch/arm/plat-sprd/main.c @@ -27,6 +27,7 @@ #include <drivers/gic.h> #include <kernel/generic_boot.h> +#include <kernel/panic.h> #include <kernel/pm_stubs.h> #include <mm/core_memprot.h> #include <platform_config.h> @@ -64,7 +65,8 @@ void main_init_gic(void) MEM_AREA_IO_SEC); gicd_base = (vaddr_t)phys_to_virt(GIC_BASE + GICD_OFFSET, MEM_AREA_IO_SEC); - TEE_ASSERT(gicc_base && gicd_base); + if (!gicc_base || !gicd_base) + panic(); gic_init_base_addr(&gic_data, gicc_base, gicd_base); diff --git a/core/arch/arm/plat-sunxi/platform.c b/core/arch/arm/plat-sunxi/platform.c index 69ee784b..a6b4def3 100644 --- a/core/arch/arm/plat-sunxi/platform.c +++ b/core/arch/arm/plat-sunxi/platform.c @@ -79,7 +79,8 @@ void platform_init(void) gicd_base = (vaddr_t)phys_to_virt(GIC_BASE + GICD_OFFSET, MEM_AREA_IO_SEC); cci400_base = (vaddr_t)phys_to_virt(CCI400_BASE, MEM_AREA_IO_SEC); - TEE_ASSERT(gicc_base && gicd_base && cci400_base); + if (!gicc_base || !gicd_base || !cci400_base) + panic(); /* * GIC configuration is initialized in Secure bootloader, @@ -90,7 +91,7 @@ void platform_init(void) /* platform smp initialize */ platform_smp_init(); - + /* enable non-secure access cci-400 registers */ write32(0x1, cci400_base + CCI400_SECURE_ACCESS_REG); diff --git a/core/arch/arm/plat-vexpress/main.c b/core/arch/arm/plat-vexpress/main.c index 5099eb2f..5934c8ce 100644 --- a/core/arch/arm/plat-vexpress/main.c +++ b/core/arch/arm/plat-vexpress/main.c @@ -39,6 +39,7 @@ #include <kernel/pm_stubs.h> #include <trace.h> #include <kernel/misc.h> +#include <kernel/panic.h> #include <kernel/tee_time.h> #include <tee/entry_fast.h> #include <tee/entry_std.h> @@ -94,7 +95,8 @@ void main_init_gic(void) MEM_AREA_IO_SEC); gicd_base = (vaddr_t)phys_to_virt(GIC_BASE + GICD_OFFSET, MEM_AREA_IO_SEC); - TEE_ASSERT(gicc_base && gicd_base); + if (!gicc_base || !gicd_base) + panic(); #if defined(PLATFORM_FLAVOR_fvp) || defined(PLATFORM_FLAVOR_juno) || \ defined(PLATFORM_FLAVOR_qemu_armv8a) diff --git a/core/arch/arm/sta/se_api_self_tests.c b/core/arch/arm/sta/se_api_self_tests.c index 1460d5a8..7b5547a0 100644 --- a/core/arch/arm/sta/se_api_self_tests.c +++ b/core/arch/arm/sta/se_api_self_tests.c @@ -30,7 +30,7 @@ #include <tee_api_types.h> #include <tee_api_defines.h> #include <trace.h> -#include <kernel/tee_common_unpg.h> + #include <tee/se/manager.h> #include <tee/se/reader.h> #include <tee/se/session.h> diff --git a/core/arch/arm/sta/tee_fs_key_manager_tests.c b/core/arch/arm/sta/tee_fs_key_manager_tests.c index 677c6c08..86804201 100644 --- a/core/arch/arm/sta/tee_fs_key_manager_tests.c +++ b/core/arch/arm/sta/tee_fs_key_manager_tests.c @@ -25,13 +25,12 @@ * POSSIBILITY OF SUCH DAMAGE. */ +#include <kernel/static_ta.h> #include <stdio.h> #include <stdlib.h> -#include <kernel/static_ta.h> -#include <trace.h> -#include <kernel/tee_common_unpg.h> +#include <string.h> #include <tee/tee_fs_key_manager.h> - +#include <trace.h> #define TA_NAME "tee_fs_key_manager_tests.ta" diff --git a/core/drivers/gic.c b/core/drivers/gic.c index 4ec581fc..01037fd9 100644 --- a/core/drivers/gic.c +++ b/core/drivers/gic.c @@ -29,7 +29,7 @@ #include <assert.h> #include <drivers/gic.h> #include <kernel/interrupt.h> -#include <kernel/tee_common_unpg.h> +#include <kernel/panic.h> #include <util.h> #include <io.h> #include <trace.h> @@ -340,7 +340,9 @@ static void gic_op_add(struct itr_chip *chip, size_t it, { struct gic_data *gd = container_of(chip, struct gic_data, chip); - TEE_ASSERT(it < gd->max_it); + if (it >= gd->max_it) + panic(); + gic_it_add(gd, it); /* Set the CPU mask to deliver interrupts to any online core */ gic_it_set_cpu_mask(gd, it, 0xff); @@ -351,7 +353,9 @@ static void gic_op_enable(struct itr_chip *chip, size_t it) { struct gic_data *gd = container_of(chip, struct gic_data, chip); - TEE_ASSERT(it < gd->max_it); + if (it >= gd->max_it) + panic(); + gic_it_enable(gd, it); } @@ -359,6 +363,8 @@ static void gic_op_disable(struct itr_chip *chip, size_t it) { struct gic_data *gd = container_of(chip, struct gic_data, chip); - TEE_ASSERT(it < gd->max_it); + if (it >= gd->max_it) + panic(); + gic_it_disable(gd, it); } diff --git a/core/include/kernel/tee_common.h b/core/include/kernel/tee_common.h index f7cf0f4a..74354b30 100644 --- a/core/include/kernel/tee_common.h +++ b/core/include/kernel/tee_common.h @@ -27,7 +27,6 @@ #ifndef TEE_COMMON_H #define TEE_COMMON_H -#include <kernel/tee_common_unpg.h> #include <stdlib.h> #ifdef MEASURE_TIME diff --git a/core/include/kernel/tee_common_unpg.h b/core/include/kernel/tee_common_unpg.h index 023c0191..5d4140eb 100644 --- a/core/include/kernel/tee_common_unpg.h +++ b/core/include/kernel/tee_common_unpg.h @@ -32,7 +32,6 @@ #include <stdint.h> #include <stdbool.h> #include <tee_api_types.h> -#include <kernel/panic.h> #define TEE_MEMBER_SIZE(type, member) sizeof(((type *)0)->member) @@ -44,30 +43,6 @@ typedef uintptr_t tee_vaddr_t; /* Virtual address valid in user mode */ typedef uintptr_t tee_uaddr_t; - -#if (CFG_TEE_CORE_DEBUG == 0) - -#define TEE_ASSERT(expr) \ - do { \ - if (!(expr)) { \ - DMSG("assertion failed"); \ - panic(); \ - } \ - } while (0) - -#else - -#define TEE_ASSERT(expr) \ - do { \ - if (!(expr)) { \ - EMSG("assertion '%s' failed at %s:%d (func '%s')", \ - #expr, __FILE__, __LINE__, __func__); \ - panic(); \ - } \ - } while (0) - -#endif - /*----------------------------------------------------------------------------- * tee_ta_load_page - Loads a page at address va_addr * Parameters: diff --git a/core/include/kernel/tee_dispatch.h b/core/include/kernel/tee_dispatch.h index 907c2e4d..51b66976 100644 --- a/core/include/kernel/tee_dispatch.h +++ b/core/include/kernel/tee_dispatch.h @@ -28,9 +28,7 @@ #define TEE_DISPATCH_H #include <stdarg.h> -#include <kernel/tee_common_unpg.h> #include <tee_api_types.h> - #include <trace.h> /* diff --git a/core/include/kernel/tee_misc.h b/core/include/kernel/tee_misc.h index 88aa4b3c..14c6ddbd 100644 --- a/core/include/kernel/tee_misc.h +++ b/core/include/kernel/tee_misc.h @@ -27,7 +27,6 @@ #ifndef TEE_MISC_H #define TEE_MISC_H -#include <kernel/tee_common_unpg.h> #include <types_ext.h> /* diff --git a/core/include/kernel/tee_ta_manager.h b/core/include/kernel/tee_ta_manager.h index 67c6cdb9..2500312b 100644 --- a/core/include/kernel/tee_ta_manager.h +++ b/core/include/kernel/tee_ta_manager.h @@ -33,7 +33,6 @@ #include <tee_api_types.h> #include <utee_types.h> #include <kernel/tee_common.h> -#include <kernel/tee_common_unpg.h> #include <kernel/mutex.h> #include <tee_api_types.h> #include <user_ta_header.h> diff --git a/core/include/tee/tee_svc.h b/core/include/tee/tee_svc.h index 331d751a..190c50f9 100644 --- a/core/include/tee/tee_svc.h +++ b/core/include/tee/tee_svc.h @@ -27,12 +27,11 @@ #ifndef TEE_SVC_H #define TEE_SVC_H +#include <assert.h> #include <stdint.h> -#include <kernel/tee_common_unpg.h> /* tee_uaddr_t */ +#include <types_ext.h> #include <tee_api_types.h> #include <utee_types.h> -#include <assert.h> -#include <types_ext.h> extern vaddr_t tee_svc_uref_base; diff --git a/core/kernel/tee_ta_manager.c b/core/kernel/tee_ta_manager.c index 910a8b8e..7030b457 100644 --- a/core/kernel/tee_ta_manager.c +++ b/core/kernel/tee_ta_manager.c @@ -350,7 +350,9 @@ TEE_Result tee_ta_close_session(struct tee_ta_session *csess, mutex_lock(&tee_ta_mutex); - TEE_ASSERT(ctx->ref_count > 0); + if (ctx->ref_count <= 0) + panic(); + ctx->ref_count--; if (!ctx->ref_count && !(ctx->flags & TA_FLAG_INSTANCE_KEEP_ALIVE)) { DMSG(" ... Destroy TA ctx"); @@ -622,9 +624,10 @@ static void update_current_ctx(struct thread_specific_data *tsd) * If ctx->mmu == NULL we must not have user mapping active, * if ctx->mmu != NULL we must have user mapping active. */ - TEE_ASSERT(((ctx && is_user_ta_ctx(ctx) ? + if (((ctx && is_user_ta_ctx(ctx) ? to_user_ta_ctx(ctx)->mmu : NULL) == NULL) == - !core_mmu_user_mapping_is_active()); + core_mmu_user_mapping_is_active()) + panic(); } void tee_ta_push_current_session(struct tee_ta_session *sess) diff --git a/core/lib/libtomcrypt/src/tee_ltc_provider.c b/core/lib/libtomcrypt/src/tee_ltc_provider.c index fb4c4bf5..773ee9ae 100644 --- a/core/lib/libtomcrypt/src/tee_ltc_provider.c +++ b/core/lib/libtomcrypt/src/tee_ltc_provider.c @@ -28,7 +28,6 @@ #include <assert.h> #include <tee/tee_cryp_provider.h> #include <tee/tee_cryp_utl.h> -#include <kernel/tee_common_unpg.h> #include <tomcrypt.h> #include <mpalib.h> @@ -39,6 +38,7 @@ #include <tee_api_types.h> #include <string_ext.h> #include <util.h> +#include <kernel/panic.h> #include "tomcrypt_mpa.h" #if defined(CFG_WITH_VFP) @@ -481,7 +481,6 @@ static TEE_Result hash_final(void *ctx, uint32_t algo, uint8_t *digest, #if defined(CFG_WITH_PAGER) #include <mm/tee_pager.h> #include <util.h> -#include <kernel/panic.h> #include <mm/core_mmu.h> static uint32_t *_ltc_mempool_u32; @@ -547,7 +546,8 @@ static void pool_postactions(void) { mpa_scratch_mem pool = (void *)_ltc_mempool_u32; - TEE_ASSERT(pool->last_offset == 0); + if (pool->last_offset) + panic(); release_unused_mpa_scratch_memory(); } diff --git a/core/tee/se/aid.c b/core/tee/se/aid.c index 5cb0cf11..690fbe84 100644 --- a/core/tee/se/aid.c +++ b/core/tee/se/aid.c @@ -27,7 +27,6 @@ #include <assert.h> #include <kernel/panic.h> -#include <kernel/tee_common_unpg.h> #include <stdlib.h> #include <string.h> #include <tee_api_types.h> @@ -44,7 +43,8 @@ TEE_Result tee_se_aid_create(const char *name, struct tee_se_aid **aid) size_t aid_length = str_length / 2; assert(aid); - TEE_ASSERT(!*aid); + if (*aid) + panic(); if (str_length < MIN_AID_LENGTH || str_length > MAX_AID_LENGTH) return TEE_ERROR_BAD_PARAMETERS; @@ -86,7 +86,8 @@ int tee_se_aid_get_refcnt(struct tee_se_aid *aid) void tee_se_aid_release(struct tee_se_aid *aid) { assert(aid); - TEE_ASSERT(aid->refcnt > 0); + if (aid->refcnt <= 0) + panic(); aid->refcnt--; if (!aid->refcnt) free(aid); diff --git a/core/tee/se/iso7816.c b/core/tee/se/iso7816.c index 2bf19d6b..4fbd5ced 100644 --- a/core/tee/se/iso7816.c +++ b/core/tee/se/iso7816.c @@ -27,7 +27,6 @@ #include <assert.h> #include <kernel/panic.h> -#include <kernel/tee_common_unpg.h> #include <malloc.h> #include <stdlib.h> #include <string.h> @@ -95,7 +94,8 @@ static TEE_Result internal_select(struct tee_se_channel *c, s = tee_se_channel_get_session(c); channel_id = tee_se_channel_get_id(c); - TEE_ASSERT(channel_id < MAX_LOGICAL_CHANNEL); + if (channel_id >= MAX_LOGICAL_CHANNEL) + panic(); cla_channel = iso7816_get_cla_channel(channel_id); if (select_ops == FIRST_OR_ONLY_OCCURRENCE) { diff --git a/core/tee/se/manager.c b/core/tee/se/manager.c index 144ea026..30b35f61 100644 --- a/core/tee/se/manager.c +++ b/core/tee/se/manager.c @@ -27,7 +27,6 @@ #include <initcall.h> #include <trace.h> -#include <kernel/tee_common_unpg.h> #include <kernel/mutex.h> #include <tee/se/manager.h> #include <tee/se/session.h> diff --git a/core/tee/se/reader.c b/core/tee/se/reader.c index 450571d9..5b383ef8 100644 --- a/core/tee/se/reader.c +++ b/core/tee/se/reader.c @@ -28,7 +28,6 @@ #include <assert.h> #include <kernel/mutex.h> #include <kernel/panic.h> -#include <kernel/tee_common_unpg.h> #include <string.h> #include <tee_api_types.h> #include <trace.h> @@ -110,7 +109,8 @@ TEE_Result tee_se_reader_attach(struct tee_se_reader_proxy *proxy) void tee_se_reader_detach(struct tee_se_reader_proxy *proxy) { - TEE_ASSERT(proxy->refcnt > 0); + if (proxy->refcnt <= 0) + panic(); mutex_lock(&proxy->mutex); proxy->refcnt--; diff --git a/core/tee/se/reader/passthru_reader/reader.c b/core/tee/se/reader/passthru_reader/reader.c index 45fe190d..4cb13e15 100644 --- a/core/tee/se/reader/passthru_reader/reader.c +++ b/core/tee/se/reader/passthru_reader/reader.c @@ -26,15 +26,14 @@ */ #include <io.h> -#include <trace.h> -#include <kernel/tee_common_unpg.h> +#include <kernel/panic.h> #include <mm/core_memprot.h> +#include <stdio.h> +#include <trace.h> #include <tee/se/util.h> #include <tee/se/reader/interface.h> -#include <stdio.h> - #include "pcsc.h" #include "reader.h" @@ -113,7 +112,8 @@ static void pcsc_reader_get_atr(struct pcsc_reader *r) static void pcsc_reader_connect(struct pcsc_reader *r) { - TEE_ASSERT(!r->connected); + if (r->connected) + panic(); pcsc_reader_write_reg(r, PCSC_REG_READER_CONTROL, PCSC_READER_CTL_CONNECT | @@ -125,7 +125,8 @@ static void pcsc_reader_connect(struct pcsc_reader *r) static void pcsc_reader_disconnect(struct pcsc_reader *r) { - TEE_ASSERT(r->connected); + if (!r->connected) + panic(); pcsc_reader_write_reg(r, PCSC_REG_READER_CONTROL, PCSC_READER_CTL_DISCONNECT | @@ -139,7 +140,8 @@ static TEE_Result pcsc_reader_transmit(struct pcsc_reader *r, uint8_t *tx_buf, { uint32_t tx_buf_paddr = 0, rx_buf_paddr = 0; - TEE_ASSERT(r->connected); + if (!r->connected) + panic(); tx_buf_paddr = virt_to_phys((void *)tx_buf); rx_buf_paddr = virt_to_phys((void *)rx_buf); diff --git a/core/tee/tee_fs_key_manager.c b/core/tee/tee_fs_key_manager.c index 8fa22828..6636554c 100644 --- a/core/tee/tee_fs_key_manager.c +++ b/core/tee/tee_fs_key_manager.c @@ -40,8 +40,8 @@ #include <initcall.h> #include <stdlib.h> #include <string.h> +#include <kernel/panic.h> #include <kernel/tee_common_otp.h> -#include <kernel/tee_common_unpg.h> #include <kernel/tee_ta_manager.h> #include <tee/tee_cryp_utl.h> #include <tee/tee_cryp_provider.h> @@ -286,8 +286,7 @@ size_t tee_fs_get_header_size(enum tee_fs_file_type type) header_size = sizeof(struct block_header); break; default: - EMSG("Unknown file type, type=%d", type); - TEE_ASSERT(0); + panic(); } return header_size; diff --git a/core/tee/tee_ree_fs.c b/core/tee/tee_ree_fs.c index b60d8ede..4ef07ffd 100644 --- a/core/tee/tee_ree_fs.c +++ b/core/tee/tee_ree_fs.c @@ -26,10 +26,10 @@ */ #include <assert.h> -#include <kernel/tee_common_unpg.h> #include <kernel/thread.h> #include <kernel/handle.h> #include <kernel/mutex.h> +#include <kernel/panic.h> #include <mm/core_memprot.h> #include <optee_msg.h> #include <stdio.h> @@ -744,7 +744,8 @@ static int read_and_decrypt_file(int fd, if (res < 0) return res; - TEE_ASSERT(file_size >= header_size); + if (file_size < header_size) + panic(); ciphertext = malloc(file_size); if (!ciphertext) { @@ -1995,7 +1996,8 @@ static int ree_fs_rename(const char *old, const char *new) } /* finally, link the meta file, rename operation completed */ - TEE_ASSERT(meta_filename); + if (!meta_filename) + panic(); /* * TODO: This will cause memory leakage at previous strdup() diff --git a/core/tee/tee_rpmb_fs.c b/core/tee/tee_rpmb_fs.c index c1b284f9..a7755777 100644 --- a/core/tee/tee_rpmb_fs.c +++ b/core/tee/tee_rpmb_fs.c @@ -29,6 +29,7 @@ #include <kernel/tee_common.h> #include <kernel/handle.h> #include <kernel/mutex.h> +#include <kernel/panic.h> #include <kernel/tee_common_otp.h> #include <kernel/thread.h> #include <optee_msg.h> @@ -538,7 +539,9 @@ static TEE_Result decrypt(uint8_t *out, const struct rpmb_data_frame *frm, { uint8_t *tmp __maybe_unused; - TEE_ASSERT(size + offset <= RPMB_DATA_SIZE); + + if ((size + offset < size) || (size + offset > RPMB_DATA_SIZE)) + panic(); if (!fek) { /* Block is not encrypted (not a file data block) */ @@ -568,7 +571,6 @@ static TEE_Result decrypt(uint8_t *out, const struct rpmb_data_frame *frm, memcpy(out, tmp + offset, size); free(tmp); } else { - TEE_ASSERT(!offset); decrypt_block(out, frm->data, blk_idx, fek); } #else @@ -2180,7 +2182,8 @@ static int rpmb_fs_write(TEE_Result *errno, int fd, const void *buf, if (res != TEE_SUCCESS) goto out; - TEE_ASSERT(!(fh->fat_entry.flags & FILE_IS_LAST_ENTRY)); + if (fh->fat_entry.flags & FILE_IS_LAST_ENTRY) + panic(); end = fh->pos + size; start_addr = fh->fat_entry.start_address + fh->pos; |