Add support for FFA_MSG_SEND2 to send indirect messages from a VM to a
secure partition.
Signed-off-by: Bertrand Marquis <bertrand.marquis@arm.com>
---
Changes in v3:
- in ffa_handle_msg_send2 use ffa_get_vm_id instead of a local variable
to make sure that we use the right VM ID as source without having a
potential solution for the VM to give a wrong identity.
Changes in v2:
- rebase
---
xen/arch/arm/tee/ffa.c | 5 ++++
xen/arch/arm/tee/ffa_msg.c | 50 ++++++++++++++++++++++++++++++++++
xen/arch/arm/tee/ffa_private.h | 1 +
3 files changed, 56 insertions(+)
diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c
index 04d2403415fe..87775ed88ffd 100644
--- a/xen/arch/arm/tee/ffa.c
+++ b/xen/arch/arm/tee/ffa.c
@@ -101,6 +101,7 @@ static const struct ffa_fw_abi ffa_fw_abi_needed[] = {
FW_ABI(FFA_MEM_RECLAIM),
FW_ABI(FFA_MSG_SEND_DIRECT_REQ_32),
FW_ABI(FFA_MSG_SEND_DIRECT_REQ_64),
+ FW_ABI(FFA_MSG_SEND2),
};
/*
@@ -195,6 +196,7 @@ static void handle_features(struct cpu_user_regs *regs)
case FFA_PARTITION_INFO_GET:
case FFA_MSG_SEND_DIRECT_REQ_32:
case FFA_MSG_SEND_DIRECT_REQ_64:
+ case FFA_MSG_SEND2:
ffa_set_regs_success(regs, 0, 0);
break;
case FFA_MEM_SHARE_64:
@@ -275,6 +277,9 @@ static bool ffa_handle_call(struct cpu_user_regs *regs)
case FFA_MSG_SEND_DIRECT_REQ_64:
ffa_handle_msg_send_direct_req(regs, fid);
return true;
+ case FFA_MSG_SEND2:
+ e = ffa_handle_msg_send2(regs);
+ break;
case FFA_MEM_SHARE_32:
case FFA_MEM_SHARE_64:
ffa_handle_mem_share(regs);
diff --git a/xen/arch/arm/tee/ffa_msg.c b/xen/arch/arm/tee/ffa_msg.c
index ae263e54890e..ee594e737fc7 100644
--- a/xen/arch/arm/tee/ffa_msg.c
+++ b/xen/arch/arm/tee/ffa_msg.c
@@ -12,6 +12,15 @@
#include "ffa_private.h"
+/* Encoding of partition message in RX/TX buffer */
+struct ffa_part_msg_rxtx {
+ uint32_t flags;
+ uint32_t reserved;
+ uint32_t msg_offset;
+ uint32_t send_recv_id;
+ uint32_t msg_size;
+};
+
void ffa_handle_msg_send_direct_req(struct cpu_user_regs *regs, uint32_t fid)
{
struct arm_smccc_1_2_regs arg = { .a0 = fid, };
@@ -78,3 +87,44 @@ out:
resp.a4 & mask, resp.a5 & mask, resp.a6 & mask,
resp.a7 & mask);
}
+
+int32_t ffa_handle_msg_send2(struct cpu_user_regs *regs)
+{
+ struct domain *src_d = current->domain;
+ struct ffa_ctx *src_ctx = src_d->arch.tee;
+ const struct ffa_part_msg_rxtx *src_msg;
+ uint16_t dst_id, src_id;
+ int32_t ret;
+
+ if ( !ffa_fw_supports_fid(FFA_MSG_SEND2) )
+ return FFA_RET_NOT_SUPPORTED;
+
+ if ( !spin_trylock(&src_ctx->tx_lock) )
+ return FFA_RET_BUSY;
+
+ src_msg = src_ctx->tx;
+ src_id = src_msg->send_recv_id >> 16;
+ dst_id = src_msg->send_recv_id & GENMASK(15,0);
+
+ if ( src_id != ffa_get_vm_id(src_d) || !FFA_ID_IS_SECURE(dst_id) )
+ {
+ ret = FFA_RET_INVALID_PARAMETERS;
+ goto out_unlock_tx;
+ }
+
+ /* check source message fits in buffer */
+ if ( src_ctx->page_count * FFA_PAGE_SIZE <
+ src_msg->msg_offset + src_msg->msg_size ||
+ src_msg->msg_offset < sizeof(struct ffa_part_msg_rxtx) )
+ {
+ ret = FFA_RET_INVALID_PARAMETERS;
+ goto out_unlock_tx;
+ }
+
+ ret = ffa_simple_call(FFA_MSG_SEND2,
+ ((uint32_t)ffa_get_vm_id(src_d)) << 16, 0, 0, 0);
+
+out_unlock_tx:
+ spin_unlock(&src_ctx->tx_lock);
+ return ret;
+}
diff --git a/xen/arch/arm/tee/ffa_private.h b/xen/arch/arm/tee/ffa_private.h
index 973ee55be09b..d441c0ca5598 100644
--- a/xen/arch/arm/tee/ffa_private.h
+++ b/xen/arch/arm/tee/ffa_private.h
@@ -359,6 +359,7 @@ void ffa_handle_notification_get(struct cpu_user_regs *regs);
int ffa_handle_notification_set(struct cpu_user_regs *regs);
void ffa_handle_msg_send_direct_req(struct cpu_user_regs *regs, uint32_t fid);
+int32_t ffa_handle_msg_send2(struct cpu_user_regs *regs);
static inline uint16_t ffa_get_vm_id(const struct domain *d)
{
--
2.47.0Hi Bertrand,
On Wed, Nov 27, 2024 at 5:08 PM Bertrand Marquis
<bertrand.marquis@arm.com> wrote:
>
> Add support for FFA_MSG_SEND2 to send indirect messages from a VM to a
> secure partition.
>
> Signed-off-by: Bertrand Marquis <bertrand.marquis@arm.com>
> ---
> Changes in v3:
> - in ffa_handle_msg_send2 use ffa_get_vm_id instead of a local variable
> to make sure that we use the right VM ID as source without having a
> potential solution for the VM to give a wrong identity.
> Changes in v2:
> - rebase
> ---
> xen/arch/arm/tee/ffa.c | 5 ++++
> xen/arch/arm/tee/ffa_msg.c | 50 ++++++++++++++++++++++++++++++++++
> xen/arch/arm/tee/ffa_private.h | 1 +
> 3 files changed, 56 insertions(+)
Looks good.
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Cheers,
Jens
>
> diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c
> index 04d2403415fe..87775ed88ffd 100644
> --- a/xen/arch/arm/tee/ffa.c
> +++ b/xen/arch/arm/tee/ffa.c
> @@ -101,6 +101,7 @@ static const struct ffa_fw_abi ffa_fw_abi_needed[] = {
> FW_ABI(FFA_MEM_RECLAIM),
> FW_ABI(FFA_MSG_SEND_DIRECT_REQ_32),
> FW_ABI(FFA_MSG_SEND_DIRECT_REQ_64),
> + FW_ABI(FFA_MSG_SEND2),
> };
>
> /*
> @@ -195,6 +196,7 @@ static void handle_features(struct cpu_user_regs *regs)
> case FFA_PARTITION_INFO_GET:
> case FFA_MSG_SEND_DIRECT_REQ_32:
> case FFA_MSG_SEND_DIRECT_REQ_64:
> + case FFA_MSG_SEND2:
> ffa_set_regs_success(regs, 0, 0);
> break;
> case FFA_MEM_SHARE_64:
> @@ -275,6 +277,9 @@ static bool ffa_handle_call(struct cpu_user_regs *regs)
> case FFA_MSG_SEND_DIRECT_REQ_64:
> ffa_handle_msg_send_direct_req(regs, fid);
> return true;
> + case FFA_MSG_SEND2:
> + e = ffa_handle_msg_send2(regs);
> + break;
> case FFA_MEM_SHARE_32:
> case FFA_MEM_SHARE_64:
> ffa_handle_mem_share(regs);
> diff --git a/xen/arch/arm/tee/ffa_msg.c b/xen/arch/arm/tee/ffa_msg.c
> index ae263e54890e..ee594e737fc7 100644
> --- a/xen/arch/arm/tee/ffa_msg.c
> +++ b/xen/arch/arm/tee/ffa_msg.c
> @@ -12,6 +12,15 @@
>
> #include "ffa_private.h"
>
> +/* Encoding of partition message in RX/TX buffer */
> +struct ffa_part_msg_rxtx {
> + uint32_t flags;
> + uint32_t reserved;
> + uint32_t msg_offset;
> + uint32_t send_recv_id;
> + uint32_t msg_size;
> +};
> +
> void ffa_handle_msg_send_direct_req(struct cpu_user_regs *regs, uint32_t fid)
> {
> struct arm_smccc_1_2_regs arg = { .a0 = fid, };
> @@ -78,3 +87,44 @@ out:
> resp.a4 & mask, resp.a5 & mask, resp.a6 & mask,
> resp.a7 & mask);
> }
> +
> +int32_t ffa_handle_msg_send2(struct cpu_user_regs *regs)
> +{
> + struct domain *src_d = current->domain;
> + struct ffa_ctx *src_ctx = src_d->arch.tee;
> + const struct ffa_part_msg_rxtx *src_msg;
> + uint16_t dst_id, src_id;
> + int32_t ret;
> +
> + if ( !ffa_fw_supports_fid(FFA_MSG_SEND2) )
> + return FFA_RET_NOT_SUPPORTED;
> +
> + if ( !spin_trylock(&src_ctx->tx_lock) )
> + return FFA_RET_BUSY;
> +
> + src_msg = src_ctx->tx;
> + src_id = src_msg->send_recv_id >> 16;
> + dst_id = src_msg->send_recv_id & GENMASK(15,0);
> +
> + if ( src_id != ffa_get_vm_id(src_d) || !FFA_ID_IS_SECURE(dst_id) )
> + {
> + ret = FFA_RET_INVALID_PARAMETERS;
> + goto out_unlock_tx;
> + }
> +
> + /* check source message fits in buffer */
> + if ( src_ctx->page_count * FFA_PAGE_SIZE <
> + src_msg->msg_offset + src_msg->msg_size ||
> + src_msg->msg_offset < sizeof(struct ffa_part_msg_rxtx) )
> + {
> + ret = FFA_RET_INVALID_PARAMETERS;
> + goto out_unlock_tx;
> + }
> +
> + ret = ffa_simple_call(FFA_MSG_SEND2,
> + ((uint32_t)ffa_get_vm_id(src_d)) << 16, 0, 0, 0);
> +
> +out_unlock_tx:
> + spin_unlock(&src_ctx->tx_lock);
> + return ret;
> +}
> diff --git a/xen/arch/arm/tee/ffa_private.h b/xen/arch/arm/tee/ffa_private.h
> index 973ee55be09b..d441c0ca5598 100644
> --- a/xen/arch/arm/tee/ffa_private.h
> +++ b/xen/arch/arm/tee/ffa_private.h
> @@ -359,6 +359,7 @@ void ffa_handle_notification_get(struct cpu_user_regs *regs);
> int ffa_handle_notification_set(struct cpu_user_regs *regs);
>
> void ffa_handle_msg_send_direct_req(struct cpu_user_regs *regs, uint32_t fid);
> +int32_t ffa_handle_msg_send2(struct cpu_user_regs *regs);
>
> static inline uint16_t ffa_get_vm_id(const struct domain *d)
> {
> --
> 2.47.0
>
© 2016 - 2025 Red Hat, Inc.