From nobody Tue Feb 10 02:44:57 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=none dis=none) header.from=arm.com Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1770140872585913.3416677155207; Tue, 3 Feb 2026 09:47:52 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.1219623.1528512 (Exim 4.92) (envelope-from ) id 1vnKUs-0006wL-Vf; Tue, 03 Feb 2026 17:47:30 +0000 Received: by outflank-mailman (output) from mailman id 1219623.1528512; Tue, 03 Feb 2026 17:47:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vnKUs-0006w6-RC; Tue, 03 Feb 2026 17:47:30 +0000 Received: by outflank-mailman (input) for mailman id 1219623; Tue, 03 Feb 2026 17:47:29 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vnKMg-0000Zt-RN for xen-devel@lists.xenproject.org; Tue, 03 Feb 2026 17:39:02 +0000 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by se1-gles-flk1.inumbo.com (Halon) with ESMTP id 37c46894-0127-11f1-9ccf-f158ae23cfc8; Tue, 03 Feb 2026 18:38:57 +0100 (CET) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DB4B6150C; Tue, 3 Feb 2026 09:38:50 -0800 (PST) Received: from C3HXLD123V.arm.com (unknown [10.57.54.220]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 399083F632; Tue, 3 Feb 2026 09:38:56 -0800 (PST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 37c46894-0127-11f1-9ccf-f158ae23cfc8 From: Bertrand Marquis To: xen-devel@lists.xenproject.org Cc: Volodymyr Babchuk , Jens Wiklander , Stefano Stabellini , Julien Grall , Michal Orzel Subject: [PATCH 12/12] xen/arm: ffa: Add message parameter diagnostics Date: Tue, 3 Feb 2026 18:38:07 +0100 Message-ID: <209e5474e236737dd13e0f7ff8120b05cdb7eabe.1770115302.git.bertrand.marquis@arm.com> X-Mailer: git-send-email 2.51.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1770140880880158500 Content-Type: text/plain; charset="utf-8" MSG_SEND2 and direct request validation failures are silent, making it hard to diagnose invalid IDs, oversized messages, or unsupported destination types. Add debug logs for parameter validation failures: - invalid endpoint IDs - oversized messages - unsupported destination types - invalid sender/receiver combinations - ratelimit MSG_SEND2 busy failures to avoid log flooding No functional changes. Signed-off-by: Bertrand Marquis --- xen/arch/arm/tee/ffa_msg.c | 45 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/xen/arch/arm/tee/ffa_msg.c b/xen/arch/arm/tee/ffa_msg.c index 928f269f6c3a..cc273c9a8e80 100644 --- a/xen/arch/arm/tee/ffa_msg.c +++ b/xen/arch/arm/tee/ffa_msg.c @@ -4,6 +4,7 @@ */ =20 #include +#include #include #include =20 @@ -100,6 +101,7 @@ void ffa_handle_msg_send_direct_req(struct cpu_user_reg= s *regs, uint32_t fid) if ( !ffa_fw_supports_fid(fid) ) { ret =3D FFA_RET_NOT_SUPPORTED; + gdprintk(XENLOG_DEBUG, "ffa: direct req fid %#x not supported\n", = fid); goto out; } =20 @@ -108,6 +110,9 @@ void ffa_handle_msg_send_direct_req(struct cpu_user_reg= s *regs, uint32_t fid) (src_dst & GENMASK(15,0)) =3D=3D ffa_get_vm_id(d) ) { ret =3D FFA_RET_INVALID_PARAMETERS; + gdprintk(XENLOG_DEBUG, + "ffa: direct req invalid src/dst %#x\n", + (uint32_t)src_dst); goto out; } =20 @@ -115,6 +120,9 @@ void ffa_handle_msg_send_direct_req(struct cpu_user_reg= s *regs, uint32_t fid) if ( !FFA_ID_IS_SECURE(src_dst & GENMASK(15,0)) ) { ret =3D FFA_RET_NOT_SUPPORTED; + gdprintk(XENLOG_DEBUG, + "ffa: direct req to non-secure dst %#x\n", + (uint32_t)(src_dst & GENMASK(15, 0))); goto out; } =20 @@ -166,7 +174,12 @@ static int32_t ffa_msg_send2_vm(uint16_t dst_id, const= void *src_buf, /* This is also checking that dest is not src */ ret =3D ffa_endpoint_domain_lookup(dst_id, &dst_d, &dst_ctx); if ( ret ) + { + gdprintk(XENLOG_DEBUG, + "ffa: msg_send2 lookup failed: dst %#x ret %d\n", + dst_id, ret); return ret; + } =20 /* This also checks that destination has set a Rx buffer */ ret =3D ffa_rx_acquire(dst_ctx , &rx_buf, &rx_size); @@ -199,6 +212,12 @@ static int32_t ffa_msg_send2_vm(uint16_t dst_id, const= void *src_buf, /* receiver rx buffer will be released by the receiver*/ =20 out_unlock: + if ( ret ) + { + if ( ret !=3D FFA_RET_BUSY || printk_ratelimit() ) + gdprintk(XENLOG_DEBUG, "ffa: msg_send2 to %#x failed: %d\n", + dst_id, ret); + } rcu_unlock_domain(dst_d); if ( !ret ) ffa_raise_rx_buffer_full(dst_d); @@ -226,7 +245,11 @@ int32_t ffa_handle_msg_send2(struct cpu_user_regs *reg= s) =20 ret =3D ffa_tx_acquire(src_ctx, &tx_buf, &tx_size); if ( ret !=3D FFA_RET_OK ) + { + gdprintk(XENLOG_DEBUG, + "ffa: msg_send2 TX acquire failed: %d\n", ret); return ret; + } =20 /* create a copy of the message header */ memcpy(&src_msg, tx_buf, sizeof(src_msg)); @@ -238,6 +261,9 @@ int32_t ffa_handle_msg_send2(struct cpu_user_regs *regs) dst_id =3D=3D ffa_get_vm_id(src_d) ) { ret =3D FFA_RET_INVALID_PARAMETERS; + gdprintk(XENLOG_DEBUG, + "ffa: msg_send2 invalid src/dst src %#x dst %#x\n", + src_id, dst_id); goto out; } =20 @@ -246,6 +272,9 @@ int32_t ffa_handle_msg_send2(struct cpu_user_regs *regs) if (src_msg.msg_offset < sizeof(struct ffa_part_msg_rxtx_1_1)) { ret =3D FFA_RET_INVALID_PARAMETERS; + gdprintk(XENLOG_DEBUG, + "ffa: msg_send2 invalid msg_offset %u (v1.1)\n", + src_msg.msg_offset); goto out; } /* Set uuid to Nil UUID for v1.1 guests */ @@ -255,6 +284,9 @@ int32_t ffa_handle_msg_send2(struct cpu_user_regs *regs) else if ( src_msg.msg_offset < sizeof(struct ffa_part_msg_rxtx_1_2) ) { ret =3D FFA_RET_INVALID_PARAMETERS; + gdprintk(XENLOG_DEBUG, + "ffa: msg_send2 invalid msg_offset %u (v1.2)\n", + src_msg.msg_offset); goto out; } =20 @@ -263,6 +295,9 @@ int32_t ffa_handle_msg_send2(struct cpu_user_regs *regs) src_msg.msg_size > (tx_size - src_msg.msg_offset) ) { ret =3D FFA_RET_INVALID_PARAMETERS; + gdprintk(XENLOG_DEBUG, + "ffa: msg_send2 invalid msg_size %u offset %u tx %zu\n", + src_msg.msg_size, src_msg.msg_offset, tx_size); goto out; } =20 @@ -272,6 +307,8 @@ int32_t ffa_handle_msg_send2(struct cpu_user_regs *regs) if ( !ffa_fw_supports_fid(FFA_MSG_SEND2) ) { ret =3D FFA_RET_NOT_SUPPORTED; + gdprintk(XENLOG_DEBUG, + "ffa: msg_send2 to SP not supported\n"); goto out; } /* @@ -288,6 +325,8 @@ int32_t ffa_handle_msg_send2(struct cpu_user_regs *regs) =20 ret =3D ffa_simple_call(FFA_MSG_SEND2, ((uint32_t)ffa_get_vm_id(src_d)) << 16, 0, 0= , 0); + if ( ret ) + gdprintk(XENLOG_DEBUG, "ffa: msg_send2 to SP failed: %d\n", re= t); } else if ( IS_ENABLED(CONFIG_FFA_VM_TO_VM) ) { @@ -295,7 +334,11 @@ int32_t ffa_handle_msg_send2(struct cpu_user_regs *reg= s) ret =3D ffa_msg_send2_vm(dst_id, tx_buf, &src_msg); } else + { ret =3D FFA_RET_INVALID_PARAMETERS; + gdprintk(XENLOG_DEBUG, + "ffa: msg_send2 to VM disabled (dst %#x)\n", dst_id); + } =20 out: ffa_tx_release(src_ctx); @@ -311,6 +354,7 @@ void ffa_handle_run(struct cpu_user_regs *regs, uint32_= t fid) if ( !ffa_fw_supports_fid(fid) ) { ret =3D FFA_RET_NOT_SUPPORTED; + gdprintk(XENLOG_DEBUG, "ffa: run fid %#x not supported\n", fid); goto out; } =20 @@ -322,6 +366,7 @@ void ffa_handle_run(struct cpu_user_regs *regs, uint32_= t fid) if ( !FFA_ID_IS_SECURE(dst >> 16) ) { ret =3D FFA_RET_NOT_SUPPORTED; + gdprintk(XENLOG_DEBUG, "ffa: run to non-secure dst %#x\n", dst); goto out; } =20 --=20 2.50.1 (Apple Git-155)