optee-test: add optee-test imx fork

This also includes some backported gcc 8 fixes from upstream. Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
author: Peter Griffin <peter.griffin@linaro.org> 2019-10-25 11:30:40 +0200
committer: Otavio Salvador <otavio@ossystems.com.br> 2019-11-08 15:31:25 -0300
commit: c8b32341043831f4e8933b00ddf83831e7d015ce (patch)
tree: 7620fb89932bd263814db8f0888419d3e6b54f7e /recipes-security/optee-imx
parent: 6397a6716be475deec08ae1bbb248be444e4bdb9 (diff)
download: meta-freescale-c8b32341043831f4e8933b00ddf83831e7d015ce.tar.gz
3 files changed, 195 insertions, 0 deletions
diff --git a/recipes-security/optee-imx/optee-test/0001-regression-4011-correct-potential-overflow.patch b/recipes-security/optee-imx/optee-test/0001-regression-4011-correct-potential-overflow.patch
new file mode 100644
index 00000000..0d853ed0
--- /dev/null
+++ b/recipes-security/optee-imx/optee-test/0001-regression-4011-correct-potential-overflow.patch
@@ -0,0 +1,72 @@
+Upstream-Status: Backport 3.4.0
+Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
+---
+From 0953bf0abb08fb98d24b7966001171a707fbb9b9 Mon Sep 17 00:00:00 2001
+From: Etienne Carriere <etienne.carriere@linaro.org>
+Date: Fri, 21 Dec 2018 15:36:25 +0100
+Subject: [PATCH] regression 4011: correct potential overflow
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Fix issues reported by GCC 8.2.0.
+build/optee_test/host/xtest/regression_4000.c: In function ‘xtest_tee_test_4011’:
+build/optee_test/host/xtest/regression_4000.c:5029:3: error: ‘memmove’ pointer overflow between offset [0, 8] and size [4294967295, 2147483647] accessing array ‘tmp’ with type ‘uint8_t[1024]’ {aka ‘unsigned char[1024]’} [-Werror=array-bounds]
+   memmove(tmp + n + i, tmp + m, tmp_size - m);
+   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+build/optee_test/host/xtest/regression_4000.c:4927:10: note: array ‘tmp’ declared here
+  uint8_t tmp[1024];
+          ^~~
+build/optee_test/host/xtest/regression_4000.c:5029:3: error: ‘memmove’ specified size 4294967295 exceeds maximum object size 2147483647 [-Werror=stringop-overflow=]
+   memmove(tmp + n + i, tmp + m, tmp_size - m);
+   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+cc1: all warnings being treated as errors
+Reported-by: Simon Hughes <simon.hughes@arm.com>
+Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
+Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ host/xtest/regression_4000.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+diff --git a/host/xtest/regression_4000.c b/host/xtest/regression_4000.c
+index 766aad2..205a226 100644
+--- a/host/xtest/regression_4000.c
+++ b/host/xtest/regression_4000.c
+@@ -5018,18 +5018,28 @@ static void xtest_tee_test_4011(ADBG_Case_t *c)
+                                out, out_size, tmp, &tmp_size)))
+                        goto out;
+ 
+               if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, tmp_size, <=, sizeof(tmp)))
+                       goto out;
+
+                /* 4.1 */
+-               for (n = 0; n < tmp_size; n++)
+               for (n = 0; n < tmp_size - i; n++)
+                        if (tmp[n] == 0xff)
+                                break;
+
+               /* Shall find at least a padding start before buffer end */
+               if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, <, tmp_size - i - 1))
+                       goto out;
+
+                for (m = n + 1; m < tmp_size; m++)
+                        if (tmp[m] != 0xff)
+                                break;
+
+                /* 4.2 */
+                memmove(tmp + n + i, tmp + m, tmp_size - m);
+
+                /* 4.3 */
+-               for (n = n + tmp_size - m + i; n < tmp_size; n++)
+-                       tmp[n] = 0;
+               n = n + i + tmp_size - m;
+               memset(tmp + n, 0, tmp_size - n);
+ 
+                /* 5 */
+                out_size = sizeof(out);
+-- 
+2.7.4
diff --git a/recipes-security/optee-imx/optee-test/0001-xtest-prevent-unexpected-build-warning-with-strncpy.patch b/recipes-security/optee-imx/optee-test/0001-xtest-prevent-unexpected-build-warning-with-strncpy.patch
new file mode 100644
index 00000000..0c13dcfc
--- /dev/null
+++ b/recipes-security/optee-imx/optee-test/0001-xtest-prevent-unexpected-build-warning-with-strncpy.patch
@@ -0,0 +1,66 @@
+Upstream-Status: Backport 3.4.0
+Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
+---
+From 493574ad1f4f56dd63097a652b87c25c507ce99c Mon Sep 17 00:00:00 2001
+From: Etienne Carriere <etienne.carriere@linaro.org>
+Date: Fri, 21 Dec 2018 15:36:00 +0100
+Subject: [PATCH] xtest: prevent unexpected build warning with strncpy
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+This change modifies adbg_run.c to prevent a false positive
+warning reported by GCC 8.2 on usage of strncpy():
+    build/optee_test/host/xtest/adbg/src/adbg_run.c: In function ‘Do_ADBG_AppendToSuite’:
+    build/optee_test/host/xtest/adbg/src/adbg_run.c:103:3: error: ‘strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
+       strncpy(p, Source_p->SuiteID_p, size);
+       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+    build/optee_test/host/xtest/adbg/src/adbg_run.c:88:9: note: length computed here
+      size = strlen(Source_p->SuiteID_p);
+             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
+    cc1: all warnings being treated as errors
+From [1]:
+  Using strncpy Safely
+  In general, it is not possible to avoid string truncation by strncpy
+  except by sizing the destination to be at least a byte larger than
+  the length of the source string. With that approach, however, using
+  strncpy becomes unnecessary and the function can be avoided in favor
+  of other APIs such as strcpy or (less preferably) memcpy. Much has
+  been written about the problems with strncpy and we recommend to
+  avoid it whenever possible. It is, however, worth keeping in mind
+  that unlike other standard string-handling functions, strncpy always
+  writes exactly as many characters as specified by the third argument;
+  if the source string is shorter, the function fills the remaining
+  bytes with NULs.
+This change prefers using a snprintf() as used in the alternate
+instruction block of the strncpy() call.
+[1] https://developers.redhat.com/blog/2018/05/24/detecting-string-truncation-with-gcc-8/
+Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
+Signed-off-by: Simon Hughes <simon.hughes@arm.com>
+Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ host/xtest/adbg/src/adbg_run.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/host/xtest/adbg/src/adbg_run.c b/host/xtest/adbg/src/adbg_run.c
+index 406e429..2739db5 100644
+--- a/host/xtest/adbg/src/adbg_run.c
+++ b/host/xtest/adbg/src/adbg_run.c
+@@ -100,7 +100,7 @@ int Do_ADBG_AppendToSuite(
+                snprintf(p, size, "%s+%s", Dest_p->SuiteID_p,
+                         Source_p->SuiteID_p);
+        else
+-               strncpy(p, Source_p->SuiteID_p, size);
+               snprintf(p, size, "%s", Source_p->SuiteID_p);
+        free((void *)Dest_p->SuiteID_p);
+        Dest_p->SuiteID_p = p;
+ 
+-- 
+2.7.4
diff --git a/recipes-security/optee-imx/optee-test_3.2.0.imx.bb b/recipes-security/optee-imx/optee-test_3.2.0.imx.bb
new file mode 100644
index 00000000..187c24a9
--- /dev/null
+++ b/recipes-security/optee-imx/optee-test_3.2.0.imx.bb
@@ -0,0 +1,57 @@
+# Copyright (C) 2017-2018 NXP
+SUMMARY = "OPTEE test"
+HOMEPAGE = "http://www.optee.org/"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa"
+DEPENDS = "optee-os optee-client python-pycrypto-native openssl"
+inherit pythonnative
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+SRCBRANCH = "imx_4.14.78_1.0.0_ga"
+OPTEE_TEST_SRC ?= "git://source.codeaurora.org/external/imx/imx-optee-test.git;protocol=https"
+SRC_URI = "${OPTEE_TEST_SRC};branch=${SRCBRANCH} \
+           file://0001-regression-4011-correct-potential-overflow.patch \
+           file://0001-xtest-prevent-unexpected-build-warning-with-strncpy.patch \
+"
+S = "${WORKDIR}/git"
+SRCREV = "eb7f698da9a7fa1587f96aa92ad8668abb0f0f48" 
+do_compile () {
+    if [ ${DEFAULTTUNE} = "aarch64" ];then
+        export TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_arm64/
+        export ARCH=arm64
+    else
+        export TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_arm32/
+        export ARCH=arm
+    fi
+    export OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}/usr
+    export CROSS_COMPILE_HOST=${HOST_PREFIX}
+    export CROSS_COMPILE_TA=${HOST_PREFIX}
+    export CROSS_COMPILE=${HOST_PREFIX}
+    export OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}/
+    oe_runmake V=1
+}
+do_install () {
+    install -d ${D}/usr/bin
+    install ${S}/out/xtest/xtest ${D}/usr/bin/
+    install -d ${D}/lib/optee_armtz
+    find ${S}/out/ta -name '*.ta' | while read name; do
+    install -m 444 $name ${D}/lib/optee_armtz/
+    done
+}
+FILES_${PN} = "/usr/bin/ /lib*/optee_armtz/"
+COMPATIBLE_MACHINE = "(mx6|mx7|mx8)"
author	Peter Griffin <peter.griffin@linaro.org>	2019-10-25 11:30:40 +0200
committer	Otavio Salvador <otavio@ossystems.com.br>	2019-11-08 15:31:25 -0300
commit	c8b32341043831f4e8933b00ddf83831e7d015ce (patch)
tree	7620fb89932bd263814db8f0888419d3e6b54f7e /recipes-security/optee-imx
parent	6397a6716be475deec08ae1bbb248be444e4bdb9 (diff)
download	meta-freescale-c8b32341043831f4e8933b00ddf83831e7d015ce.tar.gz

diff --git a/recipes-security/optee-imx/optee-test/0001-regression-4011-correct-potential-overflow.patch b/recipes-security/optee-imx/optee-test/0001-regression-4011-correct-potential-overflow.patch new file mode 100644 index 00000000..0d853ed0 --- /dev/null +++ b/recipes-security/optee-imx/optee-test/0001-regression-4011-correct-potential-overflow.patch
@@ -0,0 +1,72 @@
	1	Upstream-Status: Backport 3.4.0
	2
	3	Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
	4	---
	5	From 0953bf0abb08fb98d24b7966001171a707fbb9b9 Mon Sep 17 00:00:00 2001
	6	From: Etienne Carriere <etienne.carriere@linaro.org>
	7	Date: Fri, 21 Dec 2018 15:36:25 +0100
	8	Subject: [PATCH] regression 4011: correct potential overflow
	9	MIME-Version: 1.0
	10	Content-Type: text/plain; charset=UTF-8
	11	Content-Transfer-Encoding: 8bit
	12
	13	Fix issues reported by GCC 8.2.0.
	14
	15	build/optee_test/host/xtest/regression_4000.c: In function ‘xtest_tee_test_4011’:
	16	build/optee_test/host/xtest/regression_4000.c:5029:3: error: ‘memmove’ pointer overflow between offset [0, 8] and size [4294967295, 2147483647] accessing array ‘tmp’ with type ‘uint8_t[1024]’ {aka ‘unsigned char[1024]’} [-Werror=array-bounds]
	17	memmove(tmp + n + i, tmp + m, tmp_size - m);
	18	^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	19	build/optee_test/host/xtest/regression_4000.c:4927:10: note: array ‘tmp’ declared here
	20	uint8_t tmp[1024];
	21	^~~
	22	build/optee_test/host/xtest/regression_4000.c:5029:3: error: ‘memmove’ specified size 4294967295 exceeds maximum object size 2147483647 [-Werror=stringop-overflow=]
	23	memmove(tmp + n + i, tmp + m, tmp_size - m);
	24	^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	25	cc1: all warnings being treated as errors
	26
	27	Reported-by: Simon Hughes <simon.hughes@arm.com>
	28	Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
	29	Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
	30	---
	31	host/xtest/regression_4000.c \| 16 +++++++++++++---
	32	1 file changed, 13 insertions(+), 3 deletions(-)
	33
	34	diff --git a/host/xtest/regression_4000.c b/host/xtest/regression_4000.c
	35	index 766aad2..205a226 100644
	36	--- a/host/xtest/regression_4000.c
	37	+++ b/host/xtest/regression_4000.c
	38	@@ -5018,18 +5018,28 @@ static void xtest_tee_test_4011(ADBG_Case_t *c)
	39	out, out_size, tmp, &tmp_size)))
	40	goto out;
	41
	42	+ if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, tmp_size, <=, sizeof(tmp)))
	43	+ goto out;
	44	+
	45	/* 4.1 */
	46	- for (n = 0; n < tmp_size; n++)
	47	+ for (n = 0; n < tmp_size - i; n++)
	48	if (tmp[n] == 0xff)
	49	break;
	50	+
	51	+ /* Shall find at least a padding start before buffer end */
	52	+ if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, <, tmp_size - i - 1))
	53	+ goto out;
	54	+
	55	for (m = n + 1; m < tmp_size; m++)
	56	if (tmp[m] != 0xff)
	57	break;
	58	+
	59	/* 4.2 */
	60	memmove(tmp + n + i, tmp + m, tmp_size - m);
	61	+
	62	/* 4.3 */
	63	- for (n = n + tmp_size - m + i; n < tmp_size; n++)
	64	- tmp[n] = 0;
	65	+ n = n + i + tmp_size - m;
	66	+ memset(tmp + n, 0, tmp_size - n);
	67
	68	/* 5 */
	69	out_size = sizeof(out);
	70	--
	71	2.7.4
	72


diff --git a/recipes-security/optee-imx/optee-test/0001-xtest-prevent-unexpected-build-warning-with-strncpy.patch b/recipes-security/optee-imx/optee-test/0001-xtest-prevent-unexpected-build-warning-with-strncpy.patch new file mode 100644 index 00000000..0c13dcfc --- /dev/null +++ b/recipes-security/optee-imx/optee-test/0001-xtest-prevent-unexpected-build-warning-with-strncpy.patch
@@ -0,0 +1,66 @@
	1	Upstream-Status: Backport 3.4.0
	2
	3	Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
	4	---
	5	From 493574ad1f4f56dd63097a652b87c25c507ce99c Mon Sep 17 00:00:00 2001
	6	From: Etienne Carriere <etienne.carriere@linaro.org>
	7	Date: Fri, 21 Dec 2018 15:36:00 +0100
	8	Subject: [PATCH] xtest: prevent unexpected build warning with strncpy
	9	MIME-Version: 1.0
	10	Content-Type: text/plain; charset=UTF-8
	11	Content-Transfer-Encoding: 8bit
	12
	13	This change modifies adbg_run.c to prevent a false positive
	14	warning reported by GCC 8.2 on usage of strncpy():
	15
	16	build/optee_test/host/xtest/adbg/src/adbg_run.c: In function ‘Do_ADBG_AppendToSuite’:
	17	build/optee_test/host/xtest/adbg/src/adbg_run.c:103:3: error: ‘strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
	18	strncpy(p, Source_p->SuiteID_p, size);
	19	^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	20	build/optee_test/host/xtest/adbg/src/adbg_run.c:88:9: note: length computed here
	21	size = strlen(Source_p->SuiteID_p);
	22	^~~~~~~~~~~~~~~~~~~~~~~~~~~
	23	cc1: all warnings being treated as errors
	24
	25	From [1]:
	26	Using strncpy Safely
	27	In general, it is not possible to avoid string truncation by strncpy
	28	except by sizing the destination to be at least a byte larger than
	29	the length of the source string. With that approach, however, using
	30	strncpy becomes unnecessary and the function can be avoided in favor
	31	of other APIs such as strcpy or (less preferably) memcpy. Much has
	32	been written about the problems with strncpy and we recommend to
	33	avoid it whenever possible. It is, however, worth keeping in mind
	34	that unlike other standard string-handling functions, strncpy always
	35	writes exactly as many characters as specified by the third argument;
	36	if the source string is shorter, the function fills the remaining
	37	bytes with NULs.
	38
	39	This change prefers using a snprintf() as used in the alternate
	40	instruction block of the strncpy() call.
	41
	42	[1] https://developers.redhat.com/blog/2018/05/24/detecting-string-truncation-with-gcc-8/
	43
	44	Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
	45	Signed-off-by: Simon Hughes <simon.hughes@arm.com>
	46	Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
	47	---
	48	host/xtest/adbg/src/adbg_run.c \| 2 +-
	49	1 file changed, 1 insertion(+), 1 deletion(-)
	50
	51	diff --git a/host/xtest/adbg/src/adbg_run.c b/host/xtest/adbg/src/adbg_run.c
	52	index 406e429..2739db5 100644
	53	--- a/host/xtest/adbg/src/adbg_run.c
	54	+++ b/host/xtest/adbg/src/adbg_run.c
	55	@@ -100,7 +100,7 @@ int Do_ADBG_AppendToSuite(
	56	snprintf(p, size, "%s+%s", Dest_p->SuiteID_p,
	57	Source_p->SuiteID_p);
	58	else
	59	- strncpy(p, Source_p->SuiteID_p, size);
	60	+ snprintf(p, size, "%s", Source_p->SuiteID_p);
	61	free((void *)Dest_p->SuiteID_p);
	62	Dest_p->SuiteID_p = p;
	63
	64	--
	65	2.7.4
	66


diff --git a/recipes-security/optee-imx/optee-test_3.2.0.imx.bb b/recipes-security/optee-imx/optee-test_3.2.0.imx.bb new file mode 100644 index 00000000..187c24a9 --- /dev/null +++ b/recipes-security/optee-imx/optee-test_3.2.0.imx.bb
@@ -0,0 +1,57 @@
	1	# Copyright (C) 2017-2018 NXP
	2
	3	SUMMARY = "OPTEE test"
	4	HOMEPAGE = "http://www.optee.org/"
	5
	6	LICENSE = "BSD"
	7	LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa"
	8
	9	DEPENDS = "optee-os optee-client python-pycrypto-native openssl"
	10	inherit pythonnative
	11
	12	FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
	13
	14	SRCBRANCH = "imx_4.14.78_1.0.0_ga"
	15	OPTEE_TEST_SRC ?= "git://source.codeaurora.org/external/imx/imx-optee-test.git;protocol=https"
	16
	17	SRC_URI = "${OPTEE_TEST_SRC};branch=${SRCBRANCH} \
	18	file://0001-regression-4011-correct-potential-overflow.patch \
	19	file://0001-xtest-prevent-unexpected-build-warning-with-strncpy.patch \
	20	"
	21
	22	S = "${WORKDIR}/git"
	23
	24	SRCREV = "eb7f698da9a7fa1587f96aa92ad8668abb0f0f48"
	25
	26
	27
	28	do_compile () {
	29	if [ ${DEFAULTTUNE} = "aarch64" ];then
	30	export TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_arm64/
	31	export ARCH=arm64
	32	else
	33	export TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_arm32/
	34	export ARCH=arm
	35	fi
	36	export OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}/usr
	37	export CROSS_COMPILE_HOST=${HOST_PREFIX}
	38	export CROSS_COMPILE_TA=${HOST_PREFIX}
	39	export CROSS_COMPILE=${HOST_PREFIX}
	40	export OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}/
	41	oe_runmake V=1
	42	}
	43
	44	do_install () {
	45	install -d ${D}/usr/bin
	46	install ${S}/out/xtest/xtest ${D}/usr/bin/
	47
	48	install -d ${D}/lib/optee_armtz
	49	find ${S}/out/ta -name '*.ta' \| while read name; do
	50	install -m 444 $name ${D}/lib/optee_armtz/
	51	done
	52
	53	}
	54
	55	FILES_${PN} = "/usr/bin/ /lib*/optee_armtz/"
	56
	57	COMPATIBLE_MACHINE = "(mx6\|mx7\|mx8)"