core: OCALL capability

Adds a new capability that reports whether OP-TEE was built with OCALL support. Signed-off-by: Hernan Gatta <hegatta@microsoft.com>
OP-TEE · Apr 11, 2020 · 4b5a6b6 · 4b5a6b6
1 parent 9905099
commit 4b5a6b6
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 3 deletions.
diff --git a/core/arch/arm/include/sm/optee_smc.h b/core/arch/arm/include/sm/optee_smc.h
@@ -278,6 +278,8 @@
 #define OPTEE_SMC_SEC_CAP_VIRTUALIZATION	BIT(3)
 /* Secure world supports Shared Memory with a NULL reference */
 #define OPTEE_SMC_SEC_CAP_MEMREF_NULL		BIT(4)
+/* Secure world is built with OCALL support */
+#define OPTEE_SMC_SEC_CAP_OCALL			BIT(5)
 
 #define OPTEE_SMC_FUNCID_EXCHANGE_CAPABILITIES	9
 #define OPTEE_SMC_EXCHANGE_CAPABILITIES \

diff --git a/core/arch/arm/tee/entry_fast.c b/core/arch/arm/tee/entry_fast.c
@@ -92,6 +92,9 @@ static void tee_entry_exchange_capabilities(struct thread_smc_args *args)
 	args->a1 |= OPTEE_SMC_SEC_CAP_VIRTUALIZATION;
 #endif
 	args->a1 |= OPTEE_SMC_SEC_CAP_MEMREF_NULL;
+#if defined(CFG_OCALL)
+	args->a1 |= OPTEE_SMC_SEC_CAP_OCALL;
+#endif
 
 #if defined(CFG_CORE_DYN_SHM)
 	dyn_shm_en = core_mmu_nsec_ddr_is_defined();

diff --git a/core/pta/ocall.c b/core/pta/ocall.c
@@ -332,7 +332,7 @@ static TEE_Result ocall_send(struct tee_ta_session *session,
 			thread_rpc_free_client_app_payload(mobj);
 	}
 
-	return TEE_SUCCESS;
+	return res;
 }
 
 static TEE_Result ocall_invoke_command(void *session_ctx __unused,
@@ -362,5 +362,5 @@ static TEE_Result ocall_invoke_command(void *session_ctx __unused,
 }
 
 pseudo_ta_register(.uuid = PTA_UUID, .name = PTA_NAME,
-		   .flags = PTA_DEFAULT_FLAGS,
+		   .flags = PTA_DEFAULT_FLAGS | TA_FLAG_CONCURRENT,
 		   .invoke_command_entry_point = ocall_invoke_command);
diff --git a/lib/libutee/tee_api.c b/lib/libutee/tee_api.c
@@ -304,6 +304,30 @@ TEE_Result TEE_InvokeCACommand(uint32_t cancellationRequestTimeout,
 	if (res != TEE_SUCCESS)
 		goto exit;
 
+	/* Convert the utee_params structure into the OCALL's parameters */
+	for (n = 0; n < TEE_NUM_PARAMS; n++) {
+		switch (TEE_PARAM_TYPE_GET(paramTypes, n)) {
+		case TEE_PARAM_TYPE_VALUE_OUTPUT:
+		case TEE_PARAM_TYPE_VALUE_INOUT:
+			params[n].value.a = ocall_up.vals[n * 2];
+			params[n].value.b = ocall_up.vals[n * 2 + 1];
+			break;
+		case TEE_PARAM_TYPE_MEMREF_OUTPUT:
+		case TEE_PARAM_TYPE_MEMREF_INOUT:
+			if (ocall_up.vals[n * 2] !=
+			    (vaddr_t)params[n].memref.buffer ||
+			    ocall_up.vals[n * 2 + 1] > params[n].memref.size) {
+				res = TEE_ERROR_BAD_PARAMETERS;
+				ret_origin = TEE_ORIGIN_API;
+				goto exit;
+			}
+			params[n].memref.size = ocall_up.vals[n * 2 + 1];
+			break;
+		default:
+			break;
+		}
+	}
+
 	/* Extract the OCALL return value and error origin */
 	res = (TEE_Result)pta_up.vals[0];
 	ret_origin = (uint32_t)pta_up.vals[1];
@@ -314,7 +338,8 @@ TEE_Result TEE_InvokeCACommand(uint32_t cancellationRequestTimeout,
 
 	if (ret_origin == TEE_ORIGIN_TRUSTED_APP ||
 	    ret_origin == TEE_ORIGIN_CLIENT_APP ||
-	    ret_origin == TEE_ORIGIN_COMMS)
+	    ret_origin == TEE_ORIGIN_COMMS ||
+	    ret_origin == TEE_ORIGIN_API)
 		return res;
 
 	if (res != TEE_SUCCESS &&