search

OP-TEE / optee_docs

This git contains the official documentation for the OP-TEE project
BSD 2-Clause "Simplified" License
58 stars 96 forks source link

Question: How work a Opensession call just before we execute TA entry point #131

Closed colinEP closed 3 years ago

colinEP commented 3 years ago

[edit]: sorry, bad git repository

Hi, I'm trying to debug a TA which crashes during Opensession. I get the following error messages. NOTE: I haven't the latest version of OPTEE-OS, I'm running with version 3.9.0 (from ST Microelectronics).

E/TC:? 0 E/TC:? 0 User TA data-abort at address 0x4002c088 (write permission fault) E/TC:? 0 fsr 0x00000a0f ttbr0 0x2ffd5020 ttbr1 0x00000000 cidr 0x0 E/TC:? 0 cpu #1 cpsr 0x60000130 E/TC:? 0 r0 0x00000017 r4 0x4000cf68 r8 0x00000001 r12 0x00000017 E/TC:? 0 r1 0x00010088 r5 0x00000003 r9 0x0000000a sp 0x40003f50 E/TC:? 0 r2 0x400332fc r6 0x40037040 r10 0x00000028 lr 0x4002c088 E/TC:? 0 r3 0x4001c000 r7 0x400340cc r11 0x400340fc pc 0x40006398 E/TC:? 0 region 0: va 0x40000000 pa 0x2ffc0000 size 0x001000 flags ---R-X E/TC:? 0 region 1: va 0x40002000 pa 0x00000000 size 0x002000 flags rw-RW- E/TC:? 0 region 2: va 0x40004000 pa 0x00000000 size 0x005000 flags r-x--- E/TC:? 0 region 3: va 0x40009000 pa 0x00000000 size 0x001000 flags rw-RW- E/TC:? 0 region 4: va 0x4000a000 pa 0x00000000 size 0x003000 flags rw-RW- E/TC:? 0 region 5: va 0x4000d000 pa 0x00000000 size 0x001000 flags r--R-- E/TC:? 0 region 6: va 0x4000e000 pa 0x00000000 size 0x001000 flags rw-RW- E/TC:? 0 region 7: va 0x4001c000 pa 0x00000000 size 0x001000 flags r--R-- E/TC:? 0 region 8: va 0x4002c000 pa 0x00000000 size 0x009000 flags r-xR-- E/TC:? 0 region 9: va 0x40035000 pa 0x00000000 size 0x018000 flags rw-RW- E/TC:? 0 init_with_ldelf:235 ldelf panicked E/TC:? 0 tee_ta_open_session:728 Failed. Return error 0xffff0000 simple_test: TEEC_Opensession failed with code 0xffff0000 origin 0x3

I think the problem comes from the ELF file of my TA which is badly defined because I don't get the ELF file in classical way. I'm trying to debug that, but I don't understand what is done, and where is this code (which source code file if there is one), between the first moment when it switches in user-mode (TEE side) and when the TA entry point (__ta_entry) is executed.

Especially after this following code (after the instruction bx r1): https://github.com/OP-TEE/optee_os/blob/845ecd82d575c1bc486e4f9ef9bca65fa6a58025/core/arch/arm/kernel/thread_a32.S#L811

eret_to_user_mode:
    write_tpidrprw r0
#if defined(CFG_CORE_UNMAP_CORE_AT_EL0) || defined(CFG_WITH_LPAE)
    write_tpidruro r1
#endif

#ifdef CFG_CORE_UNMAP_CORE_AT_EL0
    ldr r0, =thread_user_kcode_offset
    ldr r0, [r0]
    read_vbar r1
    sub r1, r1, r0
    write_vbar r1
    isb

    /* Jump into the reduced mapping before the full mapping is removed */
    ldr r1, =1f
    sub r1, r1, r0
    bx  r1

Thanks !

colinEP commented 3 years ago

sorry, bad git repository