2 files changed, 149 insertions, 0 deletions
diff --git a/recipes-security/optee/optee-os-qoriq/0001-Fix-alignment-of-data-for-mempool_alloc_pool.patch b/recipes-security/optee/optee-os-qoriq/0001-Fix-alignment-of-data-for-mempool_alloc_pool.patch
new file mode 100644
index 00000000..e22bd6c0
--- /dev/null
+++ b/recipes-security/optee/optee-os-qoriq/0001-Fix-alignment-of-data-for-mempool_alloc_pool.patch
@@ -0,0 +1,148 @@
+From b2dd8747125be413f9b8b7fd7e52f457cabd709c Mon Sep 17 00:00:00 2001
+From: Jens Wiklander <jens.wiklander@linaro.org>
+Date: Tue, 5 Feb 2019 13:05:29 +0100
+Subject: [PATCH] Fix alignment of data for mempool_alloc_pool()
+Upstream-Status: Submitted
+Prior to this patch was _TEE_MathAPI_Init() in
+lib/libutee/tee_api_arith_mpi.c supplying a data buffer which was only 4
+byte aligned while mempool_alloc_pool() requires the alignment of long.
+This will work in 32-bit mode, but could lead to alignment problem in
+64-bit mode. The same problem can happen with
+lib/libutee/tee_api_arith_mpa.c, but so far it has remained hidden.
+Incorrect alignment can result in errors like:
+E/TA:  assertion '!((vaddr_t)data & (POOL_ALIGN - 1))' failed at lib/libutils/ext/mempool.c:134 in mempool_alloc_pool()
+This fix introduces MEMPOOL_ALIGN which specifies required alignment of
+data supplied to mempool_alloc_pool().
+Fixes: 062e3d01c039 ("ta: switch to to mbedtls for bignum")
+Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
+Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v8)
+Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
+Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ core/lib/libtomcrypt/src/mpa_desc.c | 2 +-
+ core/lib/libtomcrypt/src/mpi_desc.c | 2 +-
+ lib/libutee/tee_api_arith_mpa.c     | 3 ++-
+ lib/libutee/tee_api_arith_mpi.c     | 3 +--
+ lib/libutils/ext/include/mempool.h  | 5 ++++-
+ lib/libutils/ext/mempool.c          | 9 ++++-----
+ 6 files changed, 13 insertions(+), 11 deletions(-)
+diff --git a/core/lib/libtomcrypt/src/mpa_desc.c b/core/lib/libtomcrypt/src/mpa_desc.c
+index b407f54..58aa242 100644
+--- a/core/lib/libtomcrypt/src/mpa_desc.c
+++ b/core/lib/libtomcrypt/src/mpa_desc.c
+@@ -40,7 +40,7 @@ static struct mempool *get_mpa_scratch_memory_pool(void)
+ #else /* CFG_WITH_PAGER */
+ static struct mempool *get_mpa_scratch_memory_pool(void)
+ {
+-       static uint32_t data[LTC_MEMPOOL_U32_SIZE] __aligned(__alignof__(long));
+       static uint32_t data[LTC_MEMPOOL_U32_SIZE] __aligned(MEMPOOL_ALIGN);
+ 
+        return mempool_alloc_pool(data, sizeof(data), NULL);
+ }
+diff --git a/core/lib/libtomcrypt/src/mpi_desc.c b/core/lib/libtomcrypt/src/mpi_desc.c
+index a43fbb4..67bc3a7 100644
+--- a/core/lib/libtomcrypt/src/mpi_desc.c
+++ b/core/lib/libtomcrypt/src/mpi_desc.c
+@@ -38,7 +38,7 @@ static struct mempool *get_mp_scratch_memory_pool(void)
+ #else /* CFG_WITH_PAGER */
+ static struct mempool *get_mp_scratch_memory_pool(void)
+ {
+-       static uint8_t data[MPI_MEMPOOL_SIZE] __aligned(__alignof__(long));
+       static uint8_t data[MPI_MEMPOOL_SIZE] __aligned(MEMPOOL_ALIGN);
+ 
+        return mempool_alloc_pool(data, sizeof(data), NULL);
+ }
+diff --git a/lib/libutee/tee_api_arith_mpa.c b/lib/libutee/tee_api_arith_mpa.c
+index 0f6c7f1..a8ca6aa 100644
+--- a/lib/libutee/tee_api_arith_mpa.c
+++ b/lib/libutee/tee_api_arith_mpa.c
+@@ -19,7 +19,8 @@
+ 
+ static uint32_t mempool_u32[mpa_scratch_mem_size_in_U32(
+                                            MPA_INTERNAL_MEM_POOL_SIZE,
+-                                           CFG_TA_BIGNUM_MAX_BITS)];
+                                           CFG_TA_BIGNUM_MAX_BITS)]
+                                               __aligned(MEMPOOL_ALIGN);
+ static mpa_scratch_mem mempool;
+ 
+ /*************************************************************
+diff --git a/lib/libutee/tee_api_arith_mpi.c b/lib/libutee/tee_api_arith_mpi.c
+index 8e2751b..6b074e1 100644
+--- a/lib/libutee/tee_api_arith_mpi.c
+++ b/lib/libutee/tee_api_arith_mpi.c
+@@ -42,8 +42,7 @@ static void __noreturn mpi_panic(const char *func, int line, int rc)
+ 
+ void _TEE_MathAPI_Init(void)
+ {
+-       static uint8_t data[MPI_MEMPOOL_SIZE]
+-               __aligned(__alignof__(mbedtls_mpi_uint));
+       static uint8_t data[MPI_MEMPOOL_SIZE] __aligned(MEMPOOL_ALIGN);
+ 
+        mbedtls_mpi_mempool = mempool_alloc_pool(data, sizeof(data), NULL);
+        if (!mbedtls_mpi_mempool)
+diff --git a/lib/libutils/ext/include/mempool.h b/lib/libutils/ext/include/mempool.h
+index 62377df..2a60800 100644
+--- a/lib/libutils/ext/include/mempool.h
+++ b/lib/libutils/ext/include/mempool.h
+@@ -19,9 +19,12 @@ struct mempool_item {
+ 
+ struct mempool;
+ 
+#define MEMPOOL_ALIGN  __alignof__(long)
+
+ /*
+  * mempool_alloc_pool() - Allocate a new memory pool
+- * @data:              a block of memory to carve out items from
+ * @data:              a block of memory to carve out items from, must
+ *                     have an alignment of MEMPOOL_ALIGN.
+  * @size:              size fo the block of memory
+  * @release_mem:       function to call when the pool has been emptied,
+  *                     ignored if NULL.
+diff --git a/lib/libutils/ext/mempool.c b/lib/libutils/ext/mempool.c
+index f977699..6d38590 100644
+--- a/lib/libutils/ext/mempool.c
+++ b/lib/libutils/ext/mempool.c
+@@ -53,7 +53,6 @@
+  *   So the potential fragmentation is mitigated.
+  */
+ 
+-#define POOL_ALIGN     __alignof__(long)
+ 
+ struct mempool {
+        size_t size;  /* size of the memory pool, in bytes */
+@@ -130,8 +129,8 @@ mempool_alloc_pool(void *data, size_t size,
+ {
+        struct mempool *pool = calloc(1, sizeof(*pool));
+ 
+-       COMPILE_TIME_ASSERT(POOL_ALIGN >= __alignof__(struct mempool_item));
+-       assert(!((vaddr_t)data & (POOL_ALIGN - 1)));
+       COMPILE_TIME_ASSERT(MEMPOOL_ALIGN >= __alignof__(struct mempool_item));
+       assert(!((vaddr_t)data & (MEMPOOL_ALIGN - 1)));
+ 
+        if (pool) {
+                pool->size = size;
+@@ -163,13 +162,13 @@ void *mempool_alloc(struct mempool *pool, size_t size)
+                                                    pool->last_offset);
+                offset = pool->last_offset + last_item->size;
+ 
+-               offset = ROUNDUP(offset, POOL_ALIGN);
+               offset = ROUNDUP(offset, MEMPOOL_ALIGN);
+                if (offset > pool->size)
+                        goto error;
+        }
+ 
+        size = sizeof(struct mempool_item) + size;
+-       size = ROUNDUP(size, POOL_ALIGN);
+       size = ROUNDUP(size, MEMPOOL_ALIGN);
+        if (offset + size > pool->size)
+                goto error;
+ 
+-- 
+2.7.4
diff --git a/recipes-security/optee/optee-os-qoriq_git.bb b/recipes-security/optee/optee-os-qoriq_git.bb
index 7ac00f01..fb27cf1a 100644
--- a/recipes-security/optee/optee-os-qoriq_git.bb
+++ b/recipes-security/optee/optee-os-qoriq_git.bb
@@ -11,6 +11,7 @@ inherit deploy pythonnative
 SRCREV = "b7a1527b42371e6c60bb4921c5389f1bc693f33b"
 SRC_URI = "git://source.codeaurora.org/external/qoriq/qoriq-components/optee_os;nobranch=1 \
           file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \
+           file://0001-Fix-alignment-of-data-for-mempool_alloc_pool.patch \
          "
 S = "${WORKDIR}/git"

diff --git a/recipes-security/optee/optee-os-qoriq/0001-Fix-alignment-of-data-for-mempool_alloc_pool.patch b/recipes-security/optee/optee-os-qoriq/0001-Fix-alignment-of-data-for-mempool_alloc_pool.patch new file mode 100644 index 00000000..e22bd6c0 --- /dev/null +++ b/recipes-security/optee/optee-os-qoriq/0001-Fix-alignment-of-data-for-mempool_alloc_pool.patch
@@ -0,0 +1,148 @@
		1	From b2dd8747125be413f9b8b7fd7e52f457cabd709c Mon Sep 17 00:00:00 2001
		2	From: Jens Wiklander <jens.wiklander@linaro.org>
		3	Date: Tue, 5 Feb 2019 13:05:29 +0100
		4	Subject: [PATCH] Fix alignment of data for mempool_alloc_pool()
		5
		6	Upstream-Status: Submitted
		7
		8	Prior to this patch was _TEE_MathAPI_Init() in
		9	lib/libutee/tee_api_arith_mpi.c supplying a data buffer which was only 4
		10	byte aligned while mempool_alloc_pool() requires the alignment of long.
		11	This will work in 32-bit mode, but could lead to alignment problem in
		12	64-bit mode. The same problem can happen with
		13	lib/libutee/tee_api_arith_mpa.c, but so far it has remained hidden.
		14
		15	Incorrect alignment can result in errors like:
		16	E/TA: assertion '!((vaddr_t)data & (POOL_ALIGN - 1))' failed at lib/libutils/ext/mempool.c:134 in mempool_alloc_pool()
		17
		18	This fix introduces MEMPOOL_ALIGN which specifies required alignment of
		19	data supplied to mempool_alloc_pool().
		20
		21	Fixes: 062e3d01c039 ("ta: switch to to mbedtls for bignum")
		22	Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
		23	Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v8)
		24	Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
		25	Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
		26	---
		27	core/lib/libtomcrypt/src/mpa_desc.c \| 2 +-
		28	core/lib/libtomcrypt/src/mpi_desc.c \| 2 +-
		29	lib/libutee/tee_api_arith_mpa.c \| 3 ++-
		30	lib/libutee/tee_api_arith_mpi.c \| 3 +--
		31	lib/libutils/ext/include/mempool.h \| 5 ++++-
		32	lib/libutils/ext/mempool.c \| 9 ++++-----
		33	6 files changed, 13 insertions(+), 11 deletions(-)
		34
		35	diff --git a/core/lib/libtomcrypt/src/mpa_desc.c b/core/lib/libtomcrypt/src/mpa_desc.c
		36	index b407f54..58aa242 100644
		37	--- a/core/lib/libtomcrypt/src/mpa_desc.c
		38	+++ b/core/lib/libtomcrypt/src/mpa_desc.c
		39	@@ -40,7 +40,7 @@ static struct mempool *get_mpa_scratch_memory_pool(void)
		40	#else /* CFG_WITH_PAGER */
		41	static struct mempool *get_mpa_scratch_memory_pool(void)
		42	{
		43	- static uint32_t data[LTC_MEMPOOL_U32_SIZE] __aligned(__alignof__(long));
		44	+ static uint32_t data[LTC_MEMPOOL_U32_SIZE] __aligned(MEMPOOL_ALIGN);
		45
		46	return mempool_alloc_pool(data, sizeof(data), NULL);
		47	}
		48	diff --git a/core/lib/libtomcrypt/src/mpi_desc.c b/core/lib/libtomcrypt/src/mpi_desc.c
		49	index a43fbb4..67bc3a7 100644
		50	--- a/core/lib/libtomcrypt/src/mpi_desc.c
		51	+++ b/core/lib/libtomcrypt/src/mpi_desc.c
		52	@@ -38,7 +38,7 @@ static struct mempool *get_mp_scratch_memory_pool(void)
		53	#else /* CFG_WITH_PAGER */
		54	static struct mempool *get_mp_scratch_memory_pool(void)
		55	{
		56	- static uint8_t data[MPI_MEMPOOL_SIZE] __aligned(__alignof__(long));
		57	+ static uint8_t data[MPI_MEMPOOL_SIZE] __aligned(MEMPOOL_ALIGN);
		58
		59	return mempool_alloc_pool(data, sizeof(data), NULL);
		60	}
		61	diff --git a/lib/libutee/tee_api_arith_mpa.c b/lib/libutee/tee_api_arith_mpa.c
		62	index 0f6c7f1..a8ca6aa 100644
		63	--- a/lib/libutee/tee_api_arith_mpa.c
		64	+++ b/lib/libutee/tee_api_arith_mpa.c
		65	@@ -19,7 +19,8 @@
		66
		67	static uint32_t mempool_u32[mpa_scratch_mem_size_in_U32(
		68	MPA_INTERNAL_MEM_POOL_SIZE,
		69	- CFG_TA_BIGNUM_MAX_BITS)];
		70	+ CFG_TA_BIGNUM_MAX_BITS)]
		71	+ __aligned(MEMPOOL_ALIGN);
		72	static mpa_scratch_mem mempool;
		73
		74	/*************************************************************
		75	diff --git a/lib/libutee/tee_api_arith_mpi.c b/lib/libutee/tee_api_arith_mpi.c
		76	index 8e2751b..6b074e1 100644
		77	--- a/lib/libutee/tee_api_arith_mpi.c
		78	+++ b/lib/libutee/tee_api_arith_mpi.c
		79	@@ -42,8 +42,7 @@ static void __noreturn mpi_panic(const char *func, int line, int rc)
		80
		81	void _TEE_MathAPI_Init(void)
		82	{
		83	- static uint8_t data[MPI_MEMPOOL_SIZE]
		84	- __aligned(__alignof__(mbedtls_mpi_uint));
		85	+ static uint8_t data[MPI_MEMPOOL_SIZE] __aligned(MEMPOOL_ALIGN);
		86
		87	mbedtls_mpi_mempool = mempool_alloc_pool(data, sizeof(data), NULL);
		88	if (!mbedtls_mpi_mempool)
		89	diff --git a/lib/libutils/ext/include/mempool.h b/lib/libutils/ext/include/mempool.h
		90	index 62377df..2a60800 100644
		91	--- a/lib/libutils/ext/include/mempool.h
		92	+++ b/lib/libutils/ext/include/mempool.h
		93	@@ -19,9 +19,12 @@ struct mempool_item {
		94
		95	struct mempool;
		96
		97	+#define MEMPOOL_ALIGN __alignof__(long)
		98	+
		99	/*
		100	* mempool_alloc_pool() - Allocate a new memory pool
		101	- * @data: a block of memory to carve out items from
		102	+ * @data: a block of memory to carve out items from, must
		103	+ * have an alignment of MEMPOOL_ALIGN.
		104	* @size: size fo the block of memory
		105	* @release_mem: function to call when the pool has been emptied,
		106	* ignored if NULL.
		107	diff --git a/lib/libutils/ext/mempool.c b/lib/libutils/ext/mempool.c
		108	index f977699..6d38590 100644
		109	--- a/lib/libutils/ext/mempool.c
		110	+++ b/lib/libutils/ext/mempool.c
		111	@@ -53,7 +53,6 @@
		112	* So the potential fragmentation is mitigated.
		113	*/
		114
		115	-#define POOL_ALIGN __alignof__(long)
		116
		117	struct mempool {
		118	size_t size; /* size of the memory pool, in bytes */
		119	@@ -130,8 +129,8 @@ mempool_alloc_pool(void *data, size_t size,
		120	{
		121	struct mempool pool = calloc(1, sizeof(pool));
		122
		123	- COMPILE_TIME_ASSERT(POOL_ALIGN >= __alignof__(struct mempool_item));
		124	- assert(!((vaddr_t)data & (POOL_ALIGN - 1)));
		125	+ COMPILE_TIME_ASSERT(MEMPOOL_ALIGN >= __alignof__(struct mempool_item));
		126	+ assert(!((vaddr_t)data & (MEMPOOL_ALIGN - 1)));
		127
		128	if (pool) {
		129	pool->size = size;
		130	@@ -163,13 +162,13 @@ void mempool_alloc(struct mempool pool, size_t size)
		131	pool->last_offset);
		132	offset = pool->last_offset + last_item->size;
		133
		134	- offset = ROUNDUP(offset, POOL_ALIGN);
		135	+ offset = ROUNDUP(offset, MEMPOOL_ALIGN);
		136	if (offset > pool->size)
		137	goto error;
		138	}
		139
		140	size = sizeof(struct mempool_item) + size;
		141	- size = ROUNDUP(size, POOL_ALIGN);
		142	+ size = ROUNDUP(size, MEMPOOL_ALIGN);
		143	if (offset + size > pool->size)
		144	goto error;
		145
		146	--
		147	2.7.4
		148


diff --git a/recipes-security/optee/optee-os-qoriq_git.bb b/recipes-security/optee/optee-os-qoriq_git.bb index 7ac00f01..fb27cf1a 100644 --- a/recipes-security/optee/optee-os-qoriq_git.bb +++ b/recipes-security/optee/optee-os-qoriq_git.bb
@@ -11,6 +11,7 @@ inherit deploy pythonnative
11	SRCREV = "b7a1527b42371e6c60bb4921c5389f1bc693f33b"	11	SRCREV = "b7a1527b42371e6c60bb4921c5389f1bc693f33b"
12	SRC_URI = "git://source.codeaurora.org/external/qoriq/qoriq-components/optee_os;nobranch=1 \	12	SRC_URI = "git://source.codeaurora.org/external/qoriq/qoriq-components/optee_os;nobranch=1 \
13	file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \	13	file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \
		14	file://0001-Fix-alignment-of-data-for-mempool_alloc_pool.patch \
14	"	15	"
15	S = "${WORKDIR}/git"	16	S = "${WORKDIR}/git"
16		17