From b2dd8747125be413f9b8b7fd7e52f457cabd709c Mon Sep 17 00:00:00 2001
From: Jens Wiklander <jens.wiklander@linaro.org>
Date: Tue, 5 Feb 2019 13:05:29 +0100
Subject: [PATCH] Fix alignment of data for mempool_alloc_pool()

Upstream-Status: Submitted

Prior to this patch was _TEE_MathAPI_Init() in
lib/libutee/tee_api_arith_mpi.c supplying a data buffer which was only 4
byte aligned while mempool_alloc_pool() requires the alignment of long.
This will work in 32-bit mode, but could lead to alignment problem in
64-bit mode. The same problem can happen with
lib/libutee/tee_api_arith_mpa.c, but so far it has remained hidden.

Incorrect alignment can result in errors like:
E/TA:  assertion '!((vaddr_t)data & (POOL_ALIGN - 1))' failed at lib/libutils/ext/mempool.c:134 in mempool_alloc_pool()

This fix introduces MEMPOOL_ALIGN which specifies required alignment of
data supplied to mempool_alloc_pool().

Fixes: 062e3d01c039 ("ta: switch to to mbedtls for bignum")
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v8)
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
---
 core/lib/libtomcrypt/src/mpa_desc.c | 2 +-
 core/lib/libtomcrypt/src/mpi_desc.c | 2 +-
 lib/libutee/tee_api_arith_mpa.c     | 3 ++-
 lib/libutee/tee_api_arith_mpi.c     | 3 +--
 lib/libutils/ext/include/mempool.h  | 5 ++++-
 lib/libutils/ext/mempool.c          | 9 ++++-----
 6 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/core/lib/libtomcrypt/src/mpa_desc.c b/core/lib/libtomcrypt/src/mpa_desc.c
index b407f54..58aa242 100644
--- a/core/lib/libtomcrypt/src/mpa_desc.c
+++ b/core/lib/libtomcrypt/src/mpa_desc.c
@@ -40,7 +40,7 @@ static struct mempool *get_mpa_scratch_memory_pool(void)
 #else /* CFG_WITH_PAGER */
 static struct mempool *get_mpa_scratch_memory_pool(void)
 {
-	static uint32_t data[LTC_MEMPOOL_U32_SIZE] __aligned(__alignof__(long));
+	static uint32_t data[LTC_MEMPOOL_U32_SIZE] __aligned(MEMPOOL_ALIGN);
 
 	return mempool_alloc_pool(data, sizeof(data), NULL);
 }
diff --git a/core/lib/libtomcrypt/src/mpi_desc.c b/core/lib/libtomcrypt/src/mpi_desc.c
index a43fbb4..67bc3a7 100644
--- a/core/lib/libtomcrypt/src/mpi_desc.c
+++ b/core/lib/libtomcrypt/src/mpi_desc.c
@@ -38,7 +38,7 @@ static struct mempool *get_mp_scratch_memory_pool(void)
 #else /* CFG_WITH_PAGER */
 static struct mempool *get_mp_scratch_memory_pool(void)
 {
-	static uint8_t data[MPI_MEMPOOL_SIZE] __aligned(__alignof__(long));
+	static uint8_t data[MPI_MEMPOOL_SIZE] __aligned(MEMPOOL_ALIGN);
 
 	return mempool_alloc_pool(data, sizeof(data), NULL);
 }
diff --git a/lib/libutee/tee_api_arith_mpa.c b/lib/libutee/tee_api_arith_mpa.c
index 0f6c7f1..a8ca6aa 100644
--- a/lib/libutee/tee_api_arith_mpa.c
+++ b/lib/libutee/tee_api_arith_mpa.c
@@ -19,7 +19,8 @@
 
 static uint32_t mempool_u32[mpa_scratch_mem_size_in_U32(
 					    MPA_INTERNAL_MEM_POOL_SIZE,
-					    CFG_TA_BIGNUM_MAX_BITS)];
+					    CFG_TA_BIGNUM_MAX_BITS)]
+						__aligned(MEMPOOL_ALIGN);
 static mpa_scratch_mem mempool;
 
 /*************************************************************
diff --git a/lib/libutee/tee_api_arith_mpi.c b/lib/libutee/tee_api_arith_mpi.c
index 8e2751b..6b074e1 100644
--- a/lib/libutee/tee_api_arith_mpi.c
+++ b/lib/libutee/tee_api_arith_mpi.c
@@ -42,8 +42,7 @@ static void __noreturn mpi_panic(const char *func, int line, int rc)
 
 void _TEE_MathAPI_Init(void)
 {
-	static uint8_t data[MPI_MEMPOOL_SIZE]
-		__aligned(__alignof__(mbedtls_mpi_uint));
+	static uint8_t data[MPI_MEMPOOL_SIZE] __aligned(MEMPOOL_ALIGN);
 
 	mbedtls_mpi_mempool = mempool_alloc_pool(data, sizeof(data), NULL);
 	if (!mbedtls_mpi_mempool)
diff --git a/lib/libutils/ext/include/mempool.h b/lib/libutils/ext/include/mempool.h
index 62377df..2a60800 100644
--- a/lib/libutils/ext/include/mempool.h
+++ b/lib/libutils/ext/include/mempool.h
@@ -19,9 +19,12 @@ struct mempool_item {
 
 struct mempool;
 
+#define MEMPOOL_ALIGN	__alignof__(long)
+
 /*
  * mempool_alloc_pool() - Allocate a new memory pool
- * @data:		a block of memory to carve out items from
+ * @data:		a block of memory to carve out items from, must
+ *			have an alignment of MEMPOOL_ALIGN.
  * @size:		size fo the block of memory
  * @release_mem:	function to call when the pool has been emptied,
  *			ignored if NULL.
diff --git a/lib/libutils/ext/mempool.c b/lib/libutils/ext/mempool.c
index f977699..6d38590 100644
--- a/lib/libutils/ext/mempool.c
+++ b/lib/libutils/ext/mempool.c
@@ -53,7 +53,6 @@
  *   So the potential fragmentation is mitigated.
  */
 
-#define POOL_ALIGN	__alignof__(long)
 
 struct mempool {
 	size_t size;  /* size of the memory pool, in bytes */
@@ -130,8 +129,8 @@ mempool_alloc_pool(void *data, size_t size,
 {
 	struct mempool *pool = calloc(1, sizeof(*pool));
 
-	COMPILE_TIME_ASSERT(POOL_ALIGN >= __alignof__(struct mempool_item));
-	assert(!((vaddr_t)data & (POOL_ALIGN - 1)));
+	COMPILE_TIME_ASSERT(MEMPOOL_ALIGN >= __alignof__(struct mempool_item));
+	assert(!((vaddr_t)data & (MEMPOOL_ALIGN - 1)));
 
 	if (pool) {
 		pool->size = size;
@@ -163,13 +162,13 @@ void *mempool_alloc(struct mempool *pool, size_t size)
 						    pool->last_offset);
 		offset = pool->last_offset + last_item->size;
 
-		offset = ROUNDUP(offset, POOL_ALIGN);
+		offset = ROUNDUP(offset, MEMPOOL_ALIGN);
 		if (offset > pool->size)
 			goto error;
 	}
 
 	size = sizeof(struct mempool_item) + size;
-	size = ROUNDUP(size, POOL_ALIGN);
+	size = ROUNDUP(size, MEMPOOL_ALIGN);
 	if (offset + size > pool->size)
 		goto error;
 
-- 
2.7.4