From nobody Sat Feb 7 19:41:38 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6D4A62620CA; Thu, 8 May 2025 08:39:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746693572; cv=none; b=PcQPeG0TB99OFtLzyooFvqel5H5tdEVRV2HIH/4HEKVv2lRoQnMSHBUSA2c/ianexfUFOuoVP5nl0eFCg1KW80l0/j+VcEuBHhxhYWnSneqFEJNfVy7dGvnde1SCpgpROL8kYqvWJg/J/5VEePDdW0QZWTRMtM2qa1zwhoYJAvo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746693572; c=relaxed/simple; bh=yuBweLnXJr+UlHoAeP0Vp5rW+zBWTBXlDB/S+fvgixg=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=FXxI7fQo27Mh4JB/mJ6fw2yO5A9TmXf//fcBVyawzHFFDPmvQfhc445mSHzsM+fXtLC5hkf5mZVkwgvbtZROyd+kInONGZmnqumHZ5V3hX9+nEW6PThuyrbSNerMIOEkM39rJGmY5fYAyT2/VtrNm0K4lEJ17mDJEplaaEKW9DA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=RCaXU2yy; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="RCaXU2yy" Received: by smtp.kernel.org (Postfix) with ESMTPS id EDA60C4CEEF; Thu, 8 May 2025 08:39:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1746693572; bh=yuBweLnXJr+UlHoAeP0Vp5rW+zBWTBXlDB/S+fvgixg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=RCaXU2yy1eGr0Ao8jVrCf4FS/Gj9dHBIGZOoYtF7QleJaVWX6f56MtZ37Pm4IYJI6 f97zAssJjYoRHFLmeIoqktFp7zrtbtgBHa1b5ADak76G58xUiK7w/Tm/6TSWHAABPe w5C5NkJYTrPOFsj/gbcEYSFh94VuY8xK+PvpNNL8PyyjvyYwrzxEhgABkatyxIidBs +08EvAJpyQi+JSdZJxT7uUoZKnO/+WXsqYDkjAAEPSTzEMfJTJkmJM6fwZ8prS35e1 3HLmpyS4PQVUT6OWHRYqsJReDWM+iue4WFnQyDevQpW2FtAmDD+ypVG5O/ySMWUkk/ 56L+6dgyFQEfw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DA856C3ABC5; Thu, 8 May 2025 08:39:31 +0000 (UTC) From: Per Larsen via B4 Relay Date: Thu, 08 May 2025 08:38:52 +0000 Subject: [PATCH v2 1/3] KVM: arm64: Restrict FF-A host version renegotiation Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250508-virtio-msg-ffa-v2-1-ed84f8053965@google.com> References: <20250508-virtio-msg-ffa-v2-0-ed84f8053965@google.com> In-Reply-To: <20250508-virtio-msg-ffa-v2-0-ed84f8053965@google.com> To: Marc Zyngier , Oliver Upton , Joey Gouly , Suzuki K Poulose , Zenghui Yu , Catalin Marinas , Will Deacon , Sudeep Holla Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org, arve@android.com, lpieralisi@kernel.org, qwandor@google.com, jean-philippe@linaro.org, james.morse@arm.com, perl@immunant.com, tabba@google.com, kernel-team@android.com, armellel@google.com, qperret@google.com, sebastianene@google.com, ahomescu@google.com, Per Larsen X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1746693571; l=1162; i=perlarsen@google.com; s=20250508; h=from:subject:message-id; bh=J3MWSM5x2/SDttpy5fJekCrept6pUn9foVmr8XHfbVs=; b=Tg7dgit3kVDTUX65R4PhEXNXxB3lmCZRYexlRi3hD5jNmaUMG4KAbKfgshhUz94xxl0AsCRLm EkblOHMrR3rCekrYx3uolLaOoJxg+OaWEnz+RuGNqykxMOnI9X5gOAm X-Developer-Key: i=perlarsen@google.com; a=ed25519; pk=jjc/Ta4VmrLRmMoahP6d1mBcKzvWU+nsmdtYe2oS2kQ= X-Endpoint-Received: by B4 Relay for perlarsen@google.com/20250508 with auth_id=402 X-Original-From: Per Larsen Reply-To: perlarsen@google.com From: Per Larsen Prevent the host from re-negotiating a lesser minor version with the hypervisor. Once the hypervisor negotiates a version, that should remain locked in. Fix the current behaviour by returning NOT_SUPPORTED to avoid the FF-A interoperability rules with lesser minor versions that allow the host version to downgrade. Signed-off-by: Per Larsen Signed-off-by: Per Larsen --- arch/arm64/kvm/hyp/nvhe/ffa.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index 3369dd0c4009f84ad3cf9481c747bdc57a162370..2c199d40811efb5bfae199c4a67= d8ae3d9307357 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -712,7 +712,10 @@ static void do_ffa_version(struct arm_smccc_res *res, =20 hyp_spin_lock(&version_lock); if (has_version_negotiated) { - res->a0 =3D hyp_ffa_version; + if (FFA_MINOR_VERSION(ffa_req_version) < FFA_MINOR_VERSION(hyp_ffa_versi= on)) + res->a0 =3D FFA_RET_NOT_SUPPORTED; + else + res->a0 =3D hyp_ffa_version; goto unlock; } =20 --=20 2.49.0.987.g0cc8ee98dc-goog From nobody Sat Feb 7 19:41:38 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 98AFA262FFA; Thu, 8 May 2025 08:39:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746693573; cv=none; b=RX8okjb5CpxREOKSmk54OQY29IrM9CTbfgPQUPvZp301BbL9v8i5/MqQBCzcrWCK8RPdlWAfVLQxNfeA2u+KStJu5rOAf6CgbckpFoP+wQEalF4D+ZUr/CEUQRxhOs2uPoKKfbl35GfudAifxByvZPjj2oXg8Ov4zMZ3plO6LhE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746693573; c=relaxed/simple; bh=rs0mFCDDTIYMQ6yNU6NBZKwXd2cRp1GG9xedpmFAkOg=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=LY78wLQDCppzXonMddRK3Wq0Mqx7rfZzKpP6igcLuH7/ELIJXM5hfIYfS9T9iMGEVW8//Az85poWVHIPk+DlCFHbmawu6AgnH49jBgfd1gubWJGs1sO8EFxPyNKnfE6gDAXw60ronnTU5xsZbcIE07JavoxfrYdsQjHGsIYkUUE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=KjUc3a6n; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="KjUc3a6n" Received: by smtp.kernel.org (Postfix) with ESMTPS id 03213C4CEED; Thu, 8 May 2025 08:39:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1746693573; bh=rs0mFCDDTIYMQ6yNU6NBZKwXd2cRp1GG9xedpmFAkOg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=KjUc3a6ngt56HCwSsIJXvXjH/Ax6ed6naTJvGJ0lLkNkDPQBGlxFwPQCiKyBcWSMp nMxzsdjoxK4G/zduF+CSQMVgLQzEPTkagL0Bey4IXicOJviZkV3tqS3O+1KNDlmSb9 zYhzCmrjZrGQwcqD6CWcZFBdu7FBSIZ5i/ALnky487Uu2pqu04jt7WrwopNgYGDhhV HnX35f13i3jUOFisE4gZeb3cJsyG7FmemkJ0kmPtI/rUmiHDi+/CrEIIyBbv7hiX41 30g1vXgxxOwDGONPPhUKeeaySxHqKLPyfALSCh4ERZZYlUS5obBnB3HS/QU19S268p 2MAAcStZHg8Zg== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8A54C3ABBE; Thu, 8 May 2025 08:39:31 +0000 (UTC) From: Per Larsen via B4 Relay Date: Thu, 08 May 2025 08:38:53 +0000 Subject: [PATCH v2 2/3] KVM: arm64: Bump the supported version of FF-A to 1.2 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250508-virtio-msg-ffa-v2-2-ed84f8053965@google.com> References: <20250508-virtio-msg-ffa-v2-0-ed84f8053965@google.com> In-Reply-To: <20250508-virtio-msg-ffa-v2-0-ed84f8053965@google.com> To: Marc Zyngier , Oliver Upton , Joey Gouly , Suzuki K Poulose , Zenghui Yu , Catalin Marinas , Will Deacon , Sudeep Holla Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org, arve@android.com, lpieralisi@kernel.org, qwandor@google.com, jean-philippe@linaro.org, james.morse@arm.com, perl@immunant.com, tabba@google.com, kernel-team@android.com, armellel@google.com, qperret@google.com, sebastianene@google.com, ahomescu@google.com, Ayrton Munoz , Per Larsen X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1746693571; l=6988; i=perlarsen@google.com; s=20250508; h=from:subject:message-id; bh=rdneVzDdgJnC0KDJn67CCo235olFHQ+wOu5HgJaQbUE=; b=jBgx4lYPHLKheNl3D2rM12b358xUAmOg45I0S9Bp5ASNGMyE2pzmyECO6XSQfHN4FWQO4eGYu kzSl+I8qiXfD61r8cOJJmcvBmOPW3UpD9nli2+idOR/F601X3x/9cgx X-Developer-Key: i=perlarsen@google.com; a=ed25519; pk=jjc/Ta4VmrLRmMoahP6d1mBcKzvWU+nsmdtYe2oS2kQ= X-Endpoint-Received: by B4 Relay for perlarsen@google.com/20250508 with auth_id=402 X-Original-From: Per Larsen Reply-To: perlarsen@google.com From: Per Larsen FF-A version 1.2 introduces the DIRECT_REQ2 ABI. Bump the FF-A version preferred by the hypervisor as a precursor to implementing the 1.2-only FFA_MSG_SEND_DIRECT_REQ2 and FFA_MSG_SEND_RESP2 messaging interfaces. We must also use SMCCC 1.2 for 64-bit SMCs if hypervisor negotiated FF-A 1.2, so ffa_set_retval is updated and a new function to call 64-bit smcs using SMCCC 1.2 with fallback to SMCCC 1.1 is introduced. Update deny-list in ffa_call_supported to mark FFA_NOTIFICATION_* and interfaces added in FF-A 1.2 as unsupported lest they get forwarded. Co-developed-by: Ayrton Munoz Signed-off-by: Ayrton Munoz Signed-off-by: Per Larsen Signed-off-by: Per Larsen --- arch/arm64/kvm/hyp/nvhe/Makefile | 1 + arch/arm64/kvm/hyp/nvhe/ffa.c | 86 ++++++++++++++++++++++++++++++++++++= +--- include/linux/arm_ffa.h | 1 + 3 files changed, 82 insertions(+), 6 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/Makefile b/arch/arm64/kvm/hyp/nvhe/Mak= efile index b43426a493df5a388caa920e259cc8c54d118a1b..95404ff16dac0389f45a3ee2c13= a93b3ebebaf6d 100644 --- a/arch/arm64/kvm/hyp/nvhe/Makefile +++ b/arch/arm64/kvm/hyp/nvhe/Makefile @@ -27,6 +27,7 @@ hyp-obj-y :=3D timer-sr.o sysreg-sr.o debug-sr.o switch.o= tlb.o hyp-init.o host.o cache.o setup.o mm.o mem_protect.o sys_regs.o pkvm.o stacktrace.o ffa.o hyp-obj-y +=3D ../vgic-v3-sr.o ../aarch32.o ../vgic-v2-cpuif-proxy.o ../en= try.o \ ../fpsimd.o ../hyp-entry.o ../exception.o ../pgtable.o +hyp-obj-y +=3D ../../../kernel/smccc-call.o hyp-obj-$(CONFIG_LIST_HARDENED) +=3D list_debug.o hyp-obj-y +=3D $(lib-objs) =20 diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index 2c199d40811efb5bfae199c4a67d8ae3d9307357..3fa5d1ae26c40fb96ad2deb8348= 82bb3e0af5637 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -94,6 +94,7 @@ static void ffa_to_smccc_res(struct arm_smccc_res *res, i= nt ret) ffa_to_smccc_res_prop(res, ret, 0); } =20 + static void ffa_set_retval(struct kvm_cpu_context *ctxt, struct arm_smccc_res *res) { @@ -101,6 +102,64 @@ static void ffa_set_retval(struct kvm_cpu_context *ctx= t, cpu_reg(ctxt, 1) =3D res->a1; cpu_reg(ctxt, 2) =3D res->a2; cpu_reg(ctxt, 3) =3D res->a3; + + /* + * Other result registers must be zero per DEN0077A but SMC32/HVC32 must + * preserve x8-x30 per DEN0028. + */ + cpu_reg(ctxt, 4) =3D 0; + cpu_reg(ctxt, 5) =3D 0; + cpu_reg(ctxt, 6) =3D 0; + cpu_reg(ctxt, 7) =3D 0; + + /* + * Per DEN0077A v1.2 11.2, the caller is expected to write zeroes to + * unused parameter registers. + */ + if (ARM_SMCCC_IS_64(res->a0)) { + hyp_spin_lock(&version_lock); + + if (hyp_ffa_version >=3D FFA_VERSION_1_2) { + cpu_reg(ctxt, 8) =3D 0; + cpu_reg(ctxt, 9) =3D 0; + cpu_reg(ctxt, 10) =3D 0; + cpu_reg(ctxt, 11) =3D 0; + cpu_reg(ctxt, 12) =3D 0; + cpu_reg(ctxt, 13) =3D 0; + cpu_reg(ctxt, 14) =3D 0; + cpu_reg(ctxt, 15) =3D 0; + cpu_reg(ctxt, 16) =3D 0; + cpu_reg(ctxt, 17) =3D 0; + } + + hyp_spin_unlock(&version_lock); + } +} + +/* Call SMC64 using SMCCC 1.2 if hyp negotiated FF-A 1.2 falling back to 1= .1 */ +static void arm_smccc_1_x_smc(u64 func_id, u64 a1, u64 a2, u64 a3, + u64 a4, u64 a5, u64 a6, u64 a7, + struct arm_smccc_res *res) +{ + struct arm_smccc_1_2_regs args, regs =3D {0}; + + if (ARM_SMCCC_IS_64(func_id)) + hyp_spin_lock(&version_lock); + + /* SMC64 only as SMC32 must preserve x8-x30 per DEN0028 1.6G Sec 2.6 */ + if (ARM_SMCCC_IS_64(func_id) && hyp_ffa_version >=3D FFA_VERSION_1_2) { + args =3D (struct arm_smccc_1_2_regs) { func_id, a1, a2, a3, a4, + a5, a6, a7 }; + arm_smccc_1_2_smc(&args, ®s); + *res =3D (struct arm_smccc_res) { .a0 =3D regs.a0, .a1 =3D regs.a1, + .a2 =3D regs.a2, .a3 =3D regs.a3 }; + goto unlock; + } + + arm_smccc_1_1_smc(func_id, a1, a2, a3, a4, a5, a6, a7, res); +unlock: + if (ARM_SMCCC_IS_64(func_id)) + hyp_spin_unlock(&version_lock); } =20 static bool is_ffa_call(u64 func_id) @@ -115,7 +174,7 @@ static int ffa_map_hyp_buffers(u64 ffa_page_count) { struct arm_smccc_res res; =20 - arm_smccc_1_1_smc(FFA_FN64_RXTX_MAP, + arm_smccc_1_x_smc(FFA_FN64_RXTX_MAP, hyp_virt_to_phys(hyp_buffers.tx), hyp_virt_to_phys(hyp_buffers.rx), ffa_page_count, @@ -174,7 +233,7 @@ static void ffa_mem_reclaim(struct arm_smccc_res *res, = u32 handle_lo, =20 static void ffa_retrieve_req(struct arm_smccc_res *res, u32 len) { - arm_smccc_1_1_smc(FFA_FN64_MEM_RETRIEVE_REQ, + arm_smccc_1_x_smc(FFA_FN64_MEM_RETRIEVE_REQ, len, len, 0, 0, 0, 0, 0, res); @@ -628,6 +687,20 @@ static bool ffa_call_supported(u64 func_id) case FFA_RXTX_MAP: case FFA_MEM_DONATE: case FFA_MEM_RETRIEVE_REQ: + /* Optional notification interfaces added in FF-A 1.1 */ + case FFA_NOTIFICATION_BITMAP_CREATE: + case FFA_NOTIFICATION_BITMAP_DESTROY: + case FFA_NOTIFICATION_BIND: + case FFA_NOTIFICATION_UNBIND: + case FFA_NOTIFICATION_SET: + case FFA_NOTIFICATION_GET: + case FFA_NOTIFICATION_INFO_GET: + /* Unimplemented interfaces added in FF-A 1.2 */ + case FFA_MSG_SEND_DIRECT_REQ2: + case FFA_MSG_SEND_DIRECT_RESP2: + case FFA_CONSOLE_LOG: + case FFA_PARTITION_INFO_GET_REGS: + case FFA_EL3_INTR_HANDLE: return false; } =20 @@ -680,7 +753,7 @@ static int hyp_ffa_post_init(void) if (res.a0 !=3D FFA_SUCCESS) return -EOPNOTSUPP; =20 - switch (res.a2) { + switch (res.a2 & FFA_FEAT_RXTX_MIN_SZ_MASK) { case FFA_FEAT_RXTX_MIN_SZ_4K: min_rxtx_sz =3D SZ_4K; break; @@ -869,7 +942,7 @@ int hyp_ffa_init(void *pages) if (kvm_host_psci_config.smccc_version < ARM_SMCCC_VERSION_1_2) return 0; =20 - arm_smccc_1_1_smc(FFA_VERSION, FFA_VERSION_1_1, 0, 0, 0, 0, 0, 0, &res); + arm_smccc_1_1_smc(FFA_VERSION, FFA_VERSION_1_2, 0, 0, 0, 0, 0, 0, &res); if (res.a0 =3D=3D FFA_RET_NOT_SUPPORTED) return 0; =20 @@ -889,10 +962,11 @@ int hyp_ffa_init(void *pages) if (FFA_MAJOR_VERSION(res.a0) !=3D 1) return -EOPNOTSUPP; =20 - if (FFA_MINOR_VERSION(res.a0) < FFA_MINOR_VERSION(FFA_VERSION_1_1)) + /* See do_ffa_guest_version before bumping maximum supported version. */ + if (FFA_MINOR_VERSION(res.a0) < FFA_MINOR_VERSION(FFA_VERSION_1_2)) hyp_ffa_version =3D res.a0; else - hyp_ffa_version =3D FFA_VERSION_1_1; + hyp_ffa_version =3D FFA_VERSION_1_2; =20 tx =3D pages; pages +=3D KVM_FFA_MBOX_NR_PAGES * PAGE_SIZE; diff --git a/include/linux/arm_ffa.h b/include/linux/arm_ffa.h index 5bded24dc24fea8cdcbe42bf79c7c025c3fa5f4b..c0dd6183d956043192114a522b7= eef465e7078ac 100644 --- a/include/linux/arm_ffa.h +++ b/include/linux/arm_ffa.h @@ -128,6 +128,7 @@ #define FFA_FEAT_RXTX_MIN_SZ_4K 0 #define FFA_FEAT_RXTX_MIN_SZ_64K 1 #define FFA_FEAT_RXTX_MIN_SZ_16K 2 +#define FFA_FEAT_RXTX_MIN_SZ_MASK 3 =20 /* FFA Bus/Device/Driver related */ struct ffa_device { --=20 2.49.0.987.g0cc8ee98dc-goog From nobody Sat Feb 7 19:41:38 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 92A942627F9; Thu, 8 May 2025 08:39:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746693572; cv=none; b=bvdDMtqmRG9Bf1nNy5PwJmED+EvPwLm4p7nSserHQ7WwrdMB7yp5l+ld8DeREHkQZwFEuH1+jzDvHUK8U1eg8br7shUFvxeISxu4JgnEvjDcw2Nx/faSbYAPGYxCAFsD/TL8/nazrVCsU5IJsT+SPExV75TsV9NjcLVzBI5MLYU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746693572; c=relaxed/simple; bh=MYodl63oUOljxj6damBOvFAO30dZBMEQaoMzfKiCR00=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=O4BYPIORZajAnT90TPTnJr6XCgNPcmULnhlULnrvs/SJ4oG6B5HkwqREqKAbDxYUPDQQr3yO9WjKIA/Js4AjdjBIhz8FGegpB/6nTozACZ9+PUQaVKFZ8enzRDOZv/fL7nkwARTtomQnUrJ8YoPkObDWYfY+7fHdMUzwfqfP7r8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=tR4VSj2F; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="tR4VSj2F" Received: by smtp.kernel.org (Postfix) with ESMTPS id 113FEC4CEF0; Thu, 8 May 2025 08:39:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1746693572; bh=MYodl63oUOljxj6damBOvFAO30dZBMEQaoMzfKiCR00=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=tR4VSj2F/AvdRgmJ+WOB/PiIRmbpHvcZa1duu7AdzqFCcXgyWNVyfiITcA767VdPn 6ukP1Iw3U0N7Es5STtoRYzQ2PD0R5Zq+NeS4oRboL+dEpLDizFVAcktQUM3BV2FLHO SBFvIkonFKfNH1TdIVzkRPQsIcF7v2Z0hr2BSVd1cFyQyLfXQV9xtpgB7MfSPph9xu V3oC7VTYtOt89eAPAONJ0PpG20B4tupklKNKuE+jUt5TvuOJxVHW5bzuLgKObXZPBw M8cCcgzm46ySJKS9ZVIfAozK4m3/CXI7l4YCdg0tp36FCjfL1vZrXUk7nVJzuuPQok irIpZACjKKqjw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02856C3ABCB; Thu, 8 May 2025 08:39:32 +0000 (UTC) From: Per Larsen via B4 Relay Date: Thu, 08 May 2025 08:38:54 +0000 Subject: [PATCH v2 3/3] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ2 in host handler Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250508-virtio-msg-ffa-v2-3-ed84f8053965@google.com> References: <20250508-virtio-msg-ffa-v2-0-ed84f8053965@google.com> In-Reply-To: <20250508-virtio-msg-ffa-v2-0-ed84f8053965@google.com> To: Marc Zyngier , Oliver Upton , Joey Gouly , Suzuki K Poulose , Zenghui Yu , Catalin Marinas , Will Deacon , Sudeep Holla Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org, arve@android.com, lpieralisi@kernel.org, qwandor@google.com, jean-philippe@linaro.org, james.morse@arm.com, perl@immunant.com, tabba@google.com, kernel-team@android.com, armellel@google.com, qperret@google.com, sebastianene@google.com, ahomescu@google.com, Per Larsen X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1746693571; l=6782; i=perlarsen@google.com; s=20250508; h=from:subject:message-id; bh=IGMQIIrUrHG9Da+sVqUyprEmAlWez8rBv29B3RzV3og=; b=XZvdV1OUGgx7Sv1wa4rmaJQAuCcvIoOhh+OOXn/0sOBOvenTaWZVMJsf/w/XburA6om+Rh+mO qk5zng3THLGByuCONoKycEDMkV0Jre8taVX6hLE5dZpmFhruhHgsaNS X-Developer-Key: i=perlarsen@google.com; a=ed25519; pk=jjc/Ta4VmrLRmMoahP6d1mBcKzvWU+nsmdtYe2oS2kQ= X-Endpoint-Received: by B4 Relay for perlarsen@google.com/20250508 with auth_id=402 X-Original-From: Per Larsen Reply-To: perlarsen@google.com From: Per Larsen FF-A 1.2 adds the DIRECT_REQ2 messaging interface which is similar to the existing FFA_MSG_SEND_DIRECT_{REQ,RESP} functions except that it uses the SMC calling convention v1.2 which allows calls to use x4-x17 as argument and return registers. Add support for FFA_MSG_SEND_DIRECT_REQ2 in the host ffa handler. Signed-off-by: Per Larsen Signed-off-by: Per Larsen --- arch/arm64/kvm/hyp/nvhe/ffa.c | 114 ++++++++++++++++++++++++++++++++++++++= +++- include/linux/arm_ffa.h | 2 + 2 files changed, 114 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index 3fa5d1ae26c40fb96ad2deb834882bb3e0af5637..5ffbc0d496fca830a5f3af5bd9e= dd63b8e79b028 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -79,6 +79,14 @@ static void ffa_to_smccc_error(struct arm_smccc_res *res= , u64 ffa_errno) }; } =20 +static void ffa_to_smccc_1_2_error(struct arm_smccc_1_2_regs *regs, u64 ff= a_errno) +{ + *regs =3D (struct arm_smccc_1_2_regs) { + .a0 =3D FFA_ERROR, + .a2 =3D ffa_errno, + }; +} + static void ffa_to_smccc_res_prop(struct arm_smccc_res *res, int ret, u64 = prop) { if (ret =3D=3D FFA_RET_SUCCESS) { @@ -89,11 +97,24 @@ static void ffa_to_smccc_res_prop(struct arm_smccc_res = *res, int ret, u64 prop) } } =20 +static void ffa_to_smccc_1_2_regs_prop(struct arm_smccc_1_2_regs *regs, in= t ret, u64 prop) +{ + if (ret =3D=3D FFA_RET_SUCCESS) + *regs =3D (struct arm_smccc_1_2_regs) { .a0 =3D FFA_SUCCESS, + .a2 =3D prop }; + else + ffa_to_smccc_1_2_error(regs, ret); +} + static void ffa_to_smccc_res(struct arm_smccc_res *res, int ret) { ffa_to_smccc_res_prop(res, ret, 0); } =20 +static void ffa_to_smccc_1_2_regs(struct arm_smccc_1_2_regs *regs, int ret) +{ + ffa_to_smccc_1_2_regs_prop(regs, ret, 0); +} =20 static void ffa_set_retval(struct kvm_cpu_context *ctxt, struct arm_smccc_res *res) @@ -136,6 +157,29 @@ static void ffa_set_retval(struct kvm_cpu_context *ctx= t, } } =20 +static void ffa_set_retval_smccc_1_2(struct kvm_cpu_context *ctxt, + struct arm_smccc_1_2_regs *regs) +{ + cpu_reg(ctxt, 0) =3D regs->a0; + cpu_reg(ctxt, 1) =3D regs->a1; + cpu_reg(ctxt, 2) =3D regs->a2; + cpu_reg(ctxt, 3) =3D regs->a3; + cpu_reg(ctxt, 4) =3D regs->a4; + cpu_reg(ctxt, 5) =3D regs->a5; + cpu_reg(ctxt, 6) =3D regs->a6; + cpu_reg(ctxt, 7) =3D regs->a7; + cpu_reg(ctxt, 8) =3D regs->a8; + cpu_reg(ctxt, 9) =3D regs->a9; + cpu_reg(ctxt, 10) =3D regs->a10; + cpu_reg(ctxt, 11) =3D regs->a11; + cpu_reg(ctxt, 12) =3D regs->a12; + cpu_reg(ctxt, 13) =3D regs->a13; + cpu_reg(ctxt, 14) =3D regs->a14; + cpu_reg(ctxt, 15) =3D regs->a15; + cpu_reg(ctxt, 16) =3D regs->a16; + cpu_reg(ctxt, 17) =3D regs->a17; +} + /* Call SMC64 using SMCCC 1.2 if hyp negotiated FF-A 1.2 falling back to 1= .1 */ static void arm_smccc_1_x_smc(u64 func_id, u64 a1, u64 a2, u64 a3, u64 a4, u64 a5, u64 a6, u64 a7, @@ -696,7 +740,6 @@ static bool ffa_call_supported(u64 func_id) case FFA_NOTIFICATION_GET: case FFA_NOTIFICATION_INFO_GET: /* Unimplemented interfaces added in FF-A 1.2 */ - case FFA_MSG_SEND_DIRECT_REQ2: case FFA_MSG_SEND_DIRECT_RESP2: case FFA_CONSOLE_LOG: case FFA_PARTITION_INFO_GET_REGS: @@ -707,6 +750,21 @@ static bool ffa_call_supported(u64 func_id) return true; } =20 +/* + * Must a given FFA function use the SMC calling convention v1.2? + */ +static bool ffa_call_needs_smccc_1_2(u64 func_id) +{ + switch (func_id) { + case FFA_MSG_SEND_DIRECT_REQ2: + case FFA_MSG_SEND_DIRECT_RESP2: + case FFA_PARTITION_INFO_GET_REGS: + return true; + } + + return false; +} + static bool do_ffa_features(struct arm_smccc_res *res, struct kvm_cpu_context *ctxt) { @@ -865,9 +923,47 @@ static void do_ffa_part_get(struct arm_smccc_res *res, hyp_spin_unlock(&host_buffers.lock); } =20 +static void do_ffa_direct_msg2(struct arm_smccc_1_2_regs *regs, + struct kvm_cpu_context *ctxt, + u64 vm_handle) +{ + DECLARE_REG(u32, func_id, ctxt, 0); + DECLARE_REG(u32, endp, ctxt, 1); + DECLARE_REG(u64, uuid_lo, ctxt, 2); + DECLARE_REG(u64, uuid_hi, ctxt, 3); + DECLARE_REG(u64, x4, ctxt, 4); + DECLARE_REG(u64, x5, ctxt, 5); + DECLARE_REG(u64, x6, ctxt, 6); + DECLARE_REG(u64, x7, ctxt, 7); + DECLARE_REG(u64, x8, ctxt, 8); + DECLARE_REG(u64, x9, ctxt, 9); + DECLARE_REG(u64, x10, ctxt, 10); + DECLARE_REG(u64, x11, ctxt, 11); + DECLARE_REG(u64, x12, ctxt, 12); + DECLARE_REG(u64, x13, ctxt, 13); + DECLARE_REG(u64, x14, ctxt, 14); + DECLARE_REG(u64, x15, ctxt, 15); + DECLARE_REG(u64, x16, ctxt, 16); + DECLARE_REG(u64, x17, ctxt, 17); + + if (FIELD_GET(FFA_SRC_ENDPOINT_MASK, endp) !=3D vm_handle) { + ffa_to_smccc_1_2_regs(regs, FFA_RET_INVALID_PARAMETERS); + return; + } + + struct arm_smccc_1_2_regs args =3D { + func_id, endp, uuid_lo, uuid_hi, + x4, x5, x6, x7, x8, x9, x10, + x11, x12, x13, x14, x15, x16, x17 + }; + + arm_smccc_1_2_smc(&args, regs); +} + bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id) { struct arm_smccc_res res; + struct arm_smccc_1_2_regs regs; =20 /* * There's no way we can tell what a non-standard SMC call might @@ -923,14 +1019,28 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *ho= st_ctxt, u32 func_id) case FFA_PARTITION_INFO_GET: do_ffa_part_get(&res, host_ctxt); goto out_handled; + case FFA_MSG_SEND_DIRECT_REQ2: + hyp_spin_lock(&version_lock); + if (hyp_ffa_version >=3D FFA_VERSION_1_2) { + do_ffa_direct_msg2(®s, host_ctxt, HOST_FFA_ID); + hyp_spin_unlock(&version_lock); + goto out_handled; + } + + hyp_spin_unlock(&version_lock); + goto out_not_supported; } =20 if (ffa_call_supported(func_id)) return false; /* Pass through */ =20 +out_not_supported: ffa_to_smccc_error(&res, FFA_RET_NOT_SUPPORTED); out_handled: - ffa_set_retval(host_ctxt, &res); + if (ffa_call_needs_smccc_1_2(func_id)) + ffa_set_retval_smccc_1_2(host_ctxt, ®s); + else + ffa_set_retval(host_ctxt, &res); return true; } =20 diff --git a/include/linux/arm_ffa.h b/include/linux/arm_ffa.h index c0dd6183d956043192114a522b7eef465e7078ac..82a35a3b22de426f7e9a8894e76= fdf1e933b3d6b 100644 --- a/include/linux/arm_ffa.h +++ b/include/linux/arm_ffa.h @@ -269,6 +269,8 @@ bool ffa_partition_check_property(struct ffa_device *de= v, u32 property) (ffa_partition_check_property(dev, FFA_PARTITION_DIRECT_REQ2_RECV) && \ !dev->mode_32bit) =20 +#define FFA_SRC_ENDPOINT_MASK GENMASK(31, 16) + /* For use with FFA_MSG_SEND_DIRECT_{REQ,RESP} which pass data via registe= rs */ struct ffa_send_direct_data { unsigned long data0; /* w3/x3 */ --=20 2.49.0.987.g0cc8ee98dc-goog