summaryrefslogtreecommitdiffstats
path: root/recipes-security/optee-imx
diff options
context:
space:
mode:
authorPeter Griffin <peter.griffin@linaro.org>2019-10-25 11:30:40 +0200
committerOtavio Salvador <otavio@ossystems.com.br>2019-11-08 15:31:25 -0300
commitc8b32341043831f4e8933b00ddf83831e7d015ce (patch)
tree7620fb89932bd263814db8f0888419d3e6b54f7e /recipes-security/optee-imx
parent6397a6716be475deec08ae1bbb248be444e4bdb9 (diff)
downloadmeta-freescale-c8b32341043831f4e8933b00ddf83831e7d015ce.tar.gz
optee-test: add optee-test imx fork
This also includes some backported gcc 8 fixes from upstream. Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
Diffstat (limited to 'recipes-security/optee-imx')
-rw-r--r--recipes-security/optee-imx/optee-test/0001-regression-4011-correct-potential-overflow.patch72
-rw-r--r--recipes-security/optee-imx/optee-test/0001-xtest-prevent-unexpected-build-warning-with-strncpy.patch66
-rw-r--r--recipes-security/optee-imx/optee-test_3.2.0.imx.bb57
3 files changed, 195 insertions, 0 deletions
diff --git a/recipes-security/optee-imx/optee-test/0001-regression-4011-correct-potential-overflow.patch b/recipes-security/optee-imx/optee-test/0001-regression-4011-correct-potential-overflow.patch
new file mode 100644
index 00000000..0d853ed0
--- /dev/null
+++ b/recipes-security/optee-imx/optee-test/0001-regression-4011-correct-potential-overflow.patch
@@ -0,0 +1,72 @@
1Upstream-Status: Backport 3.4.0
2
3Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
4---
5From 0953bf0abb08fb98d24b7966001171a707fbb9b9 Mon Sep 17 00:00:00 2001
6From: Etienne Carriere <etienne.carriere@linaro.org>
7Date: Fri, 21 Dec 2018 15:36:25 +0100
8Subject: [PATCH] regression 4011: correct potential overflow
9MIME-Version: 1.0
10Content-Type: text/plain; charset=UTF-8
11Content-Transfer-Encoding: 8bit
12
13Fix issues reported by GCC 8.2.0.
14
15build/optee_test/host/xtest/regression_4000.c: In function ‘xtest_tee_test_4011’:
16build/optee_test/host/xtest/regression_4000.c:5029:3: error: ‘memmove’ pointer overflow between offset [0, 8] and size [4294967295, 2147483647] accessing array ‘tmp’ with type ‘uint8_t[1024]’ {aka ‘unsigned char[1024]’} [-Werror=array-bounds]
17 memmove(tmp + n + i, tmp + m, tmp_size - m);
18 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
19build/optee_test/host/xtest/regression_4000.c:4927:10: note: array ‘tmp’ declared here
20 uint8_t tmp[1024];
21 ^~~
22build/optee_test/host/xtest/regression_4000.c:5029:3: error: ‘memmove’ specified size 4294967295 exceeds maximum object size 2147483647 [-Werror=stringop-overflow=]
23 memmove(tmp + n + i, tmp + m, tmp_size - m);
24 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
25cc1: all warnings being treated as errors
26
27Reported-by: Simon Hughes <simon.hughes@arm.com>
28Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
29Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
30---
31 host/xtest/regression_4000.c | 16 +++++++++++++---
32 1 file changed, 13 insertions(+), 3 deletions(-)
33
34diff --git a/host/xtest/regression_4000.c b/host/xtest/regression_4000.c
35index 766aad2..205a226 100644
36--- a/host/xtest/regression_4000.c
37+++ b/host/xtest/regression_4000.c
38@@ -5018,18 +5018,28 @@ static void xtest_tee_test_4011(ADBG_Case_t *c)
39 out, out_size, tmp, &tmp_size)))
40 goto out;
41
42+ if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, tmp_size, <=, sizeof(tmp)))
43+ goto out;
44+
45 /* 4.1 */
46- for (n = 0; n < tmp_size; n++)
47+ for (n = 0; n < tmp_size - i; n++)
48 if (tmp[n] == 0xff)
49 break;
50+
51+ /* Shall find at least a padding start before buffer end */
52+ if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, <, tmp_size - i - 1))
53+ goto out;
54+
55 for (m = n + 1; m < tmp_size; m++)
56 if (tmp[m] != 0xff)
57 break;
58+
59 /* 4.2 */
60 memmove(tmp + n + i, tmp + m, tmp_size - m);
61+
62 /* 4.3 */
63- for (n = n + tmp_size - m + i; n < tmp_size; n++)
64- tmp[n] = 0;
65+ n = n + i + tmp_size - m;
66+ memset(tmp + n, 0, tmp_size - n);
67
68 /* 5 */
69 out_size = sizeof(out);
70--
712.7.4
72
diff --git a/recipes-security/optee-imx/optee-test/0001-xtest-prevent-unexpected-build-warning-with-strncpy.patch b/recipes-security/optee-imx/optee-test/0001-xtest-prevent-unexpected-build-warning-with-strncpy.patch
new file mode 100644
index 00000000..0c13dcfc
--- /dev/null
+++ b/recipes-security/optee-imx/optee-test/0001-xtest-prevent-unexpected-build-warning-with-strncpy.patch
@@ -0,0 +1,66 @@
1Upstream-Status: Backport 3.4.0
2
3Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
4---
5From 493574ad1f4f56dd63097a652b87c25c507ce99c Mon Sep 17 00:00:00 2001
6From: Etienne Carriere <etienne.carriere@linaro.org>
7Date: Fri, 21 Dec 2018 15:36:00 +0100
8Subject: [PATCH] xtest: prevent unexpected build warning with strncpy
9MIME-Version: 1.0
10Content-Type: text/plain; charset=UTF-8
11Content-Transfer-Encoding: 8bit
12
13This change modifies adbg_run.c to prevent a false positive
14warning reported by GCC 8.2 on usage of strncpy():
15
16 build/optee_test/host/xtest/adbg/src/adbg_run.c: In function ‘Do_ADBG_AppendToSuite’:
17 build/optee_test/host/xtest/adbg/src/adbg_run.c:103:3: error: ‘strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
18 strncpy(p, Source_p->SuiteID_p, size);
19 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
20 build/optee_test/host/xtest/adbg/src/adbg_run.c:88:9: note: length computed here
21 size = strlen(Source_p->SuiteID_p);
22 ^~~~~~~~~~~~~~~~~~~~~~~~~~~
23 cc1: all warnings being treated as errors
24
25From [1]:
26 Using strncpy Safely
27 In general, it is not possible to avoid string truncation by strncpy
28 except by sizing the destination to be at least a byte larger than
29 the length of the source string. With that approach, however, using
30 strncpy becomes unnecessary and the function can be avoided in favor
31 of other APIs such as strcpy or (less preferably) memcpy. Much has
32 been written about the problems with strncpy and we recommend to
33 avoid it whenever possible. It is, however, worth keeping in mind
34 that unlike other standard string-handling functions, strncpy always
35 writes exactly as many characters as specified by the third argument;
36 if the source string is shorter, the function fills the remaining
37 bytes with NULs.
38
39This change prefers using a snprintf() as used in the alternate
40instruction block of the strncpy() call.
41
42[1] https://developers.redhat.com/blog/2018/05/24/detecting-string-truncation-with-gcc-8/
43
44Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
45Signed-off-by: Simon Hughes <simon.hughes@arm.com>
46Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
47---
48 host/xtest/adbg/src/adbg_run.c | 2 +-
49 1 file changed, 1 insertion(+), 1 deletion(-)
50
51diff --git a/host/xtest/adbg/src/adbg_run.c b/host/xtest/adbg/src/adbg_run.c
52index 406e429..2739db5 100644
53--- a/host/xtest/adbg/src/adbg_run.c
54+++ b/host/xtest/adbg/src/adbg_run.c
55@@ -100,7 +100,7 @@ int Do_ADBG_AppendToSuite(
56 snprintf(p, size, "%s+%s", Dest_p->SuiteID_p,
57 Source_p->SuiteID_p);
58 else
59- strncpy(p, Source_p->SuiteID_p, size);
60+ snprintf(p, size, "%s", Source_p->SuiteID_p);
61 free((void *)Dest_p->SuiteID_p);
62 Dest_p->SuiteID_p = p;
63
64--
652.7.4
66
diff --git a/recipes-security/optee-imx/optee-test_3.2.0.imx.bb b/recipes-security/optee-imx/optee-test_3.2.0.imx.bb
new file mode 100644
index 00000000..187c24a9
--- /dev/null
+++ b/recipes-security/optee-imx/optee-test_3.2.0.imx.bb
@@ -0,0 +1,57 @@
1# Copyright (C) 2017-2018 NXP
2
3SUMMARY = "OPTEE test"
4HOMEPAGE = "http://www.optee.org/"
5
6LICENSE = "BSD"
7LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa"
8
9DEPENDS = "optee-os optee-client python-pycrypto-native openssl"
10inherit pythonnative
11
12FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
13
14SRCBRANCH = "imx_4.14.78_1.0.0_ga"
15OPTEE_TEST_SRC ?= "git://source.codeaurora.org/external/imx/imx-optee-test.git;protocol=https"
16
17SRC_URI = "${OPTEE_TEST_SRC};branch=${SRCBRANCH} \
18 file://0001-regression-4011-correct-potential-overflow.patch \
19 file://0001-xtest-prevent-unexpected-build-warning-with-strncpy.patch \
20"
21
22S = "${WORKDIR}/git"
23
24SRCREV = "eb7f698da9a7fa1587f96aa92ad8668abb0f0f48"
25
26
27
28do_compile () {
29 if [ ${DEFAULTTUNE} = "aarch64" ];then
30 export TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_arm64/
31 export ARCH=arm64
32 else
33 export TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_arm32/
34 export ARCH=arm
35 fi
36 export OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}/usr
37 export CROSS_COMPILE_HOST=${HOST_PREFIX}
38 export CROSS_COMPILE_TA=${HOST_PREFIX}
39 export CROSS_COMPILE=${HOST_PREFIX}
40 export OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}/
41 oe_runmake V=1
42}
43
44do_install () {
45 install -d ${D}/usr/bin
46 install ${S}/out/xtest/xtest ${D}/usr/bin/
47
48 install -d ${D}/lib/optee_armtz
49 find ${S}/out/ta -name '*.ta' | while read name; do
50 install -m 444 $name ${D}/lib/optee_armtz/
51 done
52
53}
54
55FILES_${PN} = "/usr/bin/ /lib*/optee_armtz/"
56
57COMPATIBLE_MACHINE = "(mx6|mx7|mx8)"