Hi,
I experienced a crash in code compiled with Clang 10.0.0 due to a
misaligned 64-bit data access. The (ARMv8) CPU is configured with SCTL.A
== 1 (alignment check enable). With SCTLR.A == 0 the code runs as expected.
After some investigation I came up with the following reproducer:
---8<-------8<-------8<-------8<-------8<-------8<-------8<-------
$ cat test.c
extern char *g;
int memcmp(const void *s1, const void *s2, unsigned long n);
int f(void *c)
{
return memcmp(g, c, 16);
}
$ clang --target=aarch64-linux-gnu -Os -mstrict-align -S test.c
$ cat test.s
.text
.file "test.c"
.globl f // -- Begin function f
.p2align 2
.type f,@function
f: // @f
// %bb.0:
adrp x8, g
ldr x10, [x8, :lo12:g]
ldr x9, [x0]
ldr x8, [x10]
rev x9, x9
rev x8, x8
cmp x8, x9
b.ne .LBB0_3
// %bb.1:
ldr x8, [x10, #8]
ldr x9, [x0, #8]
rev x8, x8
rev x9, x9
cmp x8, x9
b.ne .LBB0_3
// %bb.2:
mov w0, wzr
ret
.LBB0_3:
cmp x8, x9
mov w8, #-1
cneg w0, w8, hs
ret
.Lfunc_end0:
.size f, .Lfunc_end0-f
// -- End function
.ident "clang version 10.0.0-4ubuntu1 "
.section ".note.GNU-stack","",@progbits
.addrsig
---8<-------8<-------8<-------8<-------8<-------8<-------8<-------
Note the 'ldr x9, [x0]'. At this point there is no guarantee that x0 is
a multiple of 8, so why is Clang generating this code?
Thanks,
--
Jerome
FYI, the "80 column" rule has just evolved a bit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…
So it is now s "<= 80 columns preferred, but up to 100 is OK". Since we are
mostly following the Linux coding style, I think this should apply to
OP-TEE as well.
Personally, I think it's a good thing as it will help avoid some silly line
breaks in long debug messages for instance.
--
Jerome
[BCC all OP-TEE maintainers]
Hi OP-TEE maintainers & contributors,
We're about to make another OP-TEE release, namely: 3.9.0. Target is
Friday, May 22th which leaves us almost 3 weeks to finalize the
release.
Please start testing your favorite platform(s) and report any issue in
this pull request [1]. I will create a release candidate tag one week
before the release date, at which point we will do some more testing and
I will collect Tested-by tags in the same pull request.
[1] https://github.com/OP-TEE/optee_os/pull/3833
Thanks!
Regards,
Jens
TEE Client API defines that from user space only information needed for
specified login operations is group identifier for group based logins.
REE kernel is expected to formulate trustworthy client UUID and pass that
to TEE environment. REE kernel is required to verify that provided group
identifier for group based logins matches calling processes group
memberships.
TEE specification only defines that the information passed from REE
environment to TEE environment is encoded into on UUID.
In order to guarantee trustworthiness of client UUID user space is not
allowed to freely pass client UUID.
Vesa Jääskeläinen (3):
tee: add support for session's client UUID generation
tee: optee: Add support for session login client UUID generation
[RFC] tee: add support for app id for client UUID generation
drivers/tee/Kconfig | 1 +
drivers/tee/optee/call.c | 6 +-
drivers/tee/tee_core.c | 211 +++++++++++++++++++++++++++++++++++++++
include/linux/tee_drv.h | 16 +++
4 files changed, 233 insertions(+), 1 deletion(-)
--
2.17.1
Changes v1->v2:
* Changed goto labels to be more logical
* Capture error if formatted string for UUIDv5 does not fit into buffer
Notes:
This patcheset has been designed so that it can be iteratively intergrated
meaning that the application ID (RFC patch) part can be left for later when
there is agreed solution for that.
TEE specification leaves Linux behavior undefined. It does not define any
UUID value for name space. UUID in here is randomly generated with uuidgen
tool.
I have also include amdtee people as this method probably should also be
applied in there.
Using op-tee(a)lists.trustedfirmware.org instead of tee-dev(a)lists.linaro.org as
latter is deprecated old list.
Original issue in OP-TEE OS tracker:
https://github.com/OP-TEE/optee_os/issues/3642
Related reviews and demonstration for the concept:
https://github.com/linaro-swg/linux/pull/74https://github.com/OP-TEE/optee_client/pull/195https://github.com/OP-TEE/optee_test/pull/406
TEE Client API defines that from user space only information needed for
specified login operations is group identifier for group based logins.
REE kernel is expected to formulate trustworthy client UUID and pass that
to TEE environment. REE kernel is required to verify that provided group
identifier for group based logins matches calling processes group
memberships.
TEE specification only defines that the information passed from REE
environment to TEE environment is encoded into on UUID.
In order to guarantee trustworthiness of client UUID user space is not
allowed to freely pass client UUID.
Vesa Jääskeläinen (3):
tee: add support for session's client UUID generation
tee: optee: Add support for session login client UUID generation
[RFC] tee: add support for app id for client UUID generation
drivers/tee/Kconfig | 1 +
drivers/tee/optee/call.c | 6 +-
drivers/tee/tee_core.c | 188 +++++++++++++++++++++++++++++++++++++++
include/linux/tee_drv.h | 16 ++++
4 files changed, 210 insertions(+), 1 deletion(-)
--
2.17.1
Notes:
This patcheset has been designed so that it can be iteratively intergrated
meaning that the application ID (RFC patch) part can be left for later when
there is agreed solution for that.
TEE specification leaves Linux behavior undefined. It does not define any
UUID value for name space. UUID in here is randomly generated with uuidgen
tool.
I have also include amdtee people as this method probably should also be
applied in there.
Using op-tee(a)lists.trustedfirmware.org instead of tee-dev(a)lists.linaro.org as
latter is deprecated old list.
Original issue in OP-TEE OS tracker:
https://github.com/OP-TEE/optee_os/issues/3642
Related reviews and demonstration for the concept:
https://github.com/linaro-swg/linux/pull/74https://github.com/OP-TEE/optee_client/pull/195https://github.com/OP-TEE/optee_test/pull/406
This patchset creates the DT property /chosen/kaslr-seed which is used
by the OS for Address Space Layout Randomization. If the machine is
secure, a similar property is created under /secure-chosen.
Changes since v1:
- Move creation of /secure-chosen to create_fdt()
- Use qemu_guest_getrandom() instead of qcrypto_random_bytes()
- Create kaslr-seed for the non-secure OS too
Jerome Forissier (2):
hw/arm/virt: dt: move creation of /secure-chosen to create_fdt()
hw/arm/virt: dt: add kaslr-seed property
hw/arm/virt.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
--
2.20.1