xen/arm: ffa: v1.2 improvements

[PATCH 00/12] xen/arm: ffa: v1.2 improvements

Bertrand Marquis posted 12 patches 3 days, 12 hours ago

Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/cover.1770115301.git.bertrand.marquis@arm.com

xen/arch/arm/tee/ffa.c          | 124 +++++++++++++++--
xen/arch/arm/tee/ffa_msg.c      |  76 +++++++---
xen/arch/arm/tee/ffa_notif.c    |  11 +-
xen/arch/arm/tee/ffa_partinfo.c |  29 ++--
xen/arch/arm/tee/ffa_private.h  |  33 ++++-
xen/arch/arm/tee/ffa_rxtx.c     |  84 +++++++++--
xen/arch/arm/tee/ffa_shm.c      | 240 ++++++++++++++++++++++++--------
7 files changed, 479 insertions(+), 118 deletions(-)

Expand all Fold all

[PATCH 00/12] xen/arm: ffa: v1.2 improvements

Posted by Bertrand Marquis 3 days, 12 hours ago

This series tightens Xen's FF-A mediator after the v1.2 enablement work,
focusing on correctness, validation, and diagnostics while keeping
existing v1.0/v1.1 guests working.

Hardening and validation (Patches 1-3):
  1) centralize endpoint lookup validation for messaging paths
  2) reject NS MEM_SHARE attributes and name normal memory encoding
  3) tighten MEM_SHARE page parsing with overflow/alignment checks

FF-A 1.2 support (Patch 4):
  4) accept 1.2 EMADs in MEM_SHARE and forward IMPDEF while allowing 1.1 layouts

Correctness fixes (Patches 5-9):
  5) avoid spurious SPMC RX releases on PARTINFO failures
  6) align RX/TX map descriptor layout and return NO_MEMORY on map failures
  7) deny RXTX_UNMAP while a VM owns the RX buffer and close the race
  8) validate FFA_FEATURES properties and gate ABIs, with RX_ACQUIRE workaround
  9) gate SEND2 SP support on RX_ACQUIRE

Code quality and diagnostics (Patches 10-12):
  10) reduce log noise and ratelimit expected failures
  11) add MEM_SHARE page diagnostics for malformed ranges and mapping issues
  12) add message parameter diagnostics for SEND2 and direct requests

Backward compatibility: v1.0/v1.1 guests continue to use their ABI unchanged;
v1.2 guests use EMADs and negotiated ABI features.

The implementation passes the FF-A Architecture Compliance Suite.

This serie was validated through gitlab-ci here:
https://gitlab.com/xen-project/people/bmarquis/xen-ffa-research/-/tree/ffa-v12-improve/v1
Build pipeline for the serie:
https://gitlab.com/xen-project/people/bmarquis/xen-ffa-research/-/pipelines/2303128986

Bertrand Marquis (12):
  xen/arm: ffa: Add endpoint lookup helper
  xen/arm: ffa: Fix MEM_SHARE NS attribute handling
  xen/arm: ffa: Harden shm page parsing
  xen/arm: ffa: Add FF-A 1.2 endpoint memory access descriptors
  xen/arm: ffa: Fix PARTINFO RX release errors
  xen/arm: ffa: Fix RX/TX map layout and errors
  xen/arm: ffa: Fix RXTX_UNMAP ownership race
  xen/arm: ffa: Fix FFA_FEATURES validation
  xen/arm: ffa: Fix SEND2 SP support gating
  xen/arm: ffa: Reduce logging noise
  xen/arm: ffa: Add MEM_SHARE page diagnostics
  xen/arm: ffa: Add message parameter diagnostics

 xen/arch/arm/tee/ffa.c          | 124 +++++++++++++++--
 xen/arch/arm/tee/ffa_msg.c      |  76 +++++++---
 xen/arch/arm/tee/ffa_notif.c    |  11 +-
 xen/arch/arm/tee/ffa_partinfo.c |  29 ++--
 xen/arch/arm/tee/ffa_private.h  |  33 ++++-
 xen/arch/arm/tee/ffa_rxtx.c     |  84 +++++++++--
 xen/arch/arm/tee/ffa_shm.c      | 240 ++++++++++++++++++++++++--------
 7 files changed, 479 insertions(+), 118 deletions(-)

-- 
2.50.1 (Apple Git-155)