[v4] KVM: arm64: Support FF-A 1.2 and SEND_DIRECT2 ABI

[PATCH v4 3/5] KVM: arm64: Mark FFA_NOTIFICATION_* calls as unsupported

Posted by Per Larsen via B4 Relay 7 months, 1 week ago

From: Per Larsen <perlarsen@google.com>

Prevent FFA_NOTIFICATION_* interfaces from being passed through to TZ.

Signed-off-by: Per Larsen <perlarsen@google.com>
---
 arch/arm64/kvm/hyp/nvhe/ffa.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
index b3d016bee404ce3f8c72cc57befb4ef4e6c1657f..a545d25002c85b79a8d281739479dab7838a7cd3 100644
--- a/arch/arm64/kvm/hyp/nvhe/ffa.c
+++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
@@ -632,6 +632,14 @@ static bool ffa_call_supported(u64 func_id)
 	case FFA_RXTX_MAP:
 	case FFA_MEM_DONATE:
 	case FFA_MEM_RETRIEVE_REQ:
+       /* Optional notification interfaces added in FF-A 1.1 */
+	case FFA_NOTIFICATION_BITMAP_CREATE:
+	case FFA_NOTIFICATION_BITMAP_DESTROY:
+	case FFA_NOTIFICATION_BIND:
+	case FFA_NOTIFICATION_UNBIND:
+	case FFA_NOTIFICATION_SET:
+	case FFA_NOTIFICATION_GET:
+	case FFA_NOTIFICATION_INFO_GET:
 		return false;
 	}
 

-- 
2.49.0.1101.gccaa498523-goog

Re: [PATCH v4 3/5] KVM: arm64: Mark FFA_NOTIFICATION_* calls as unsupported

Posted by Will Deacon 6 months, 3 weeks ago

On Fri, May 16, 2025 at 12:14:02PM +0000, Per Larsen via B4 Relay wrote:
> From: Per Larsen <perlarsen@google.com>
> 
> Prevent FFA_NOTIFICATION_* interfaces from being passed through to TZ.
> 
> Signed-off-by: Per Larsen <perlarsen@google.com>
> ---
>  arch/arm64/kvm/hyp/nvhe/ffa.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
> index b3d016bee404ce3f8c72cc57befb4ef4e6c1657f..a545d25002c85b79a8d281739479dab7838a7cd3 100644
> --- a/arch/arm64/kvm/hyp/nvhe/ffa.c
> +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
> @@ -632,6 +632,14 @@ static bool ffa_call_supported(u64 func_id)
>  	case FFA_RXTX_MAP:
>  	case FFA_MEM_DONATE:
>  	case FFA_MEM_RETRIEVE_REQ:
> +       /* Optional notification interfaces added in FF-A 1.1 */
> +	case FFA_NOTIFICATION_BITMAP_CREATE:
> +	case FFA_NOTIFICATION_BITMAP_DESTROY:
> +	case FFA_NOTIFICATION_BIND:
> +	case FFA_NOTIFICATION_UNBIND:
> +	case FFA_NOTIFICATION_SET:
> +	case FFA_NOTIFICATION_GET:
> +	case FFA_NOTIFICATION_INFO_GET:
>  		return false;

Acked-by: Will Deacon <will@kernel.org>

That said, I wonder if we should revisit this denylist along the lines
of the discussion with Oliver on the initial FF-A proxy series:

https://lore.kernel.org/kvmarm/ZGx0QBZzFCmm636r@linux.dev/

We check for is_ffa_call() already, so we could invert the above to be
an allow-list for calls within the FF-A range rather than a deny-list.

What do you think?

Will

[PATCH v4 1/5] KVM: arm64: Restrict FF-A host version renegotiation
[PATCH v4 2/5] KVM: arm64: Zero x4-x7 in ffa_set_retval
[PATCH v4 3/5] KVM: arm64: Mark FFA_NOTIFICATION_* calls as unsupported
[PATCH v4 4/5] KVM: arm64: Bump the supported version of FF-A to 1.2
[PATCH v4 5/5] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ2 in host handler