1. Patchew
  2. linux
  3. [PATCH 0/2] KVM: arm64: Support FF-A direct messaging interfaces
  4. View patch

[PATCH 1/2] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ in host handler

Per Larsen via B4 Relay posted 2 patches 3 months, 1 week ago
There is a newer version of this series
[PATCH 1/2] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ in host handler
Posted by Per Larsen via B4 Relay 3 months, 1 week ago 
From: Sebastian Ene <sebastianene@google.com>

Allow direct messages to be forwarded from the host.

Signed-off-by: Sebastian Ene <sebastianene@google.com>
Signed-off-by: Per Larsen <perlarsen@google.com>
---
 arch/arm64/kvm/hyp/nvhe/ffa.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
index 4e16f9b96f637599873b16148c6e40cf1210aa3e..191dcb301cca3986758fb6a49f15f1799de9f1d1 100644
--- a/arch/arm64/kvm/hyp/nvhe/ffa.c
+++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
@@ -857,6 +857,15 @@ static void do_ffa_part_get(struct arm_smccc_1_2_regs *res,
 	hyp_spin_unlock(&host_buffers.lock);
 }
 
+static void do_ffa_direct_msg(struct arm_smccc_1_2_regs *res,
+			      struct kvm_cpu_context *ctxt,
+			      u64 vm_handle)
+{
+	struct arm_smccc_1_2_regs *args = (void *)&ctxt->regs.regs[0];
+
+	arm_smccc_1_2_smc(args, res);
+}
+
 bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
 {
 	struct arm_smccc_1_2_regs res;
@@ -915,6 +924,13 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
 	case FFA_PARTITION_INFO_GET:
 		do_ffa_part_get(&res, host_ctxt);
 		goto out_handled;
+	case FFA_ID_GET:
+		ffa_to_smccc_res_prop(&res, FFA_RET_SUCCESS, HOST_FFA_ID);
+		goto out_handled;
+	case FFA_MSG_SEND_DIRECT_REQ:
+	case FFA_FN64_MSG_SEND_DIRECT_REQ:
+		do_ffa_direct_msg(&res, host_ctxt, HOST_FFA_ID);
+		goto out_handled;
 	}
 
 	if (ffa_call_supported(func_id))

-- 
2.51.1.851.g4ebd6896fd-goog
Re: [PATCH 1/2] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ in host handler
Posted by Yeoreum Yun 3 months, 1 week ago 
Hi Per and Sebasian,

>
> Allow direct messages to be forwarded from the host.
>
> Signed-off-by: Sebastian Ene <sebastianene@google.com>
> Signed-off-by: Per Larsen <perlarsen@google.com>
> ---
>  arch/arm64/kvm/hyp/nvhe/ffa.c | 16 ++++++++++++++++
>  1 file changed, 16 insertions(+)
>
> diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
> index 4e16f9b96f637599873b16148c6e40cf1210aa3e..191dcb301cca3986758fb6a49f15f1799de9f1d1 100644
> --- a/arch/arm64/kvm/hyp/nvhe/ffa.c
> +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
> @@ -857,6 +857,15 @@ static void do_ffa_part_get(struct arm_smccc_1_2_regs *res,
>  	hyp_spin_unlock(&host_buffers.lock);
>  }
>
> +static void do_ffa_direct_msg(struct arm_smccc_1_2_regs *res,
> +			      struct kvm_cpu_context *ctxt,
> +			      u64 vm_handle)
> +{
> +	struct arm_smccc_1_2_regs *args = (void *)&ctxt->regs.regs[0];
> +
> +	arm_smccc_1_2_smc(args, res);
> +}
> +

TBH, I don't have a strong comment for this but, I'm not sure why
it is necessary.
Since it calls just "smc" with the passed argments,
I think it can be handled by default_smc_handler() without adding this
function but return the ture for DIRECT MSG2 in ffa_call_support().

Am I missing something?

>  bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
>  {
>  	struct arm_smccc_1_2_regs res;
> @@ -915,6 +924,13 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
>  	case FFA_PARTITION_INFO_GET:
>  		do_ffa_part_get(&res, host_ctxt);
>  		goto out_handled;
> +	case FFA_ID_GET:
> +		ffa_to_smccc_res_prop(&res, FFA_RET_SUCCESS, HOST_FFA_ID);
> +		goto out_handled;

I think FFA_ID_GET should be a seperated patch?

> +	case FFA_MSG_SEND_DIRECT_REQ:
> +	case FFA_FN64_MSG_SEND_DIRECT_REQ:
> +		do_ffa_direct_msg(&res, host_ctxt, HOST_FFA_ID);
> +		goto out_handled;
>  	}
>
>  	if (ffa_call_supported(func_id))

Thanks.

--
Sincerely,
Yeoreum Yun
Re: [PATCH 1/2] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ in host handler
Posted by Per Larsen 3 months, 1 week ago 
Hi Yeoreum,

On 10/30/25 2:48 PM, Yeoreum Yun wrote:
> Hi Per and Sebasian,
> 
>>
>> Allow direct messages to be forwarded from the host.
>>
>> Signed-off-by: Sebastian Ene <sebastianene@google.com>
>> Signed-off-by: Per Larsen <perlarsen@google.com>
>> ---
>>   arch/arm64/kvm/hyp/nvhe/ffa.c | 16 ++++++++++++++++
>>   1 file changed, 16 insertions(+)
>>
>> diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
>> index 4e16f9b96f637599873b16148c6e40cf1210aa3e..191dcb301cca3986758fb6a49f15f1799de9f1d1 100644
>> --- a/arch/arm64/kvm/hyp/nvhe/ffa.c
>> +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
>> @@ -857,6 +857,15 @@ static void do_ffa_part_get(struct arm_smccc_1_2_regs *res,
>>   	hyp_spin_unlock(&host_buffers.lock);
>>   }
>>
>> +static void do_ffa_direct_msg(struct arm_smccc_1_2_regs *res,
>> +			      struct kvm_cpu_context *ctxt,
>> +			      u64 vm_handle)
>> +{
>> +	struct arm_smccc_1_2_regs *args = (void *)&ctxt->regs.regs[0];
>> +
>> +	arm_smccc_1_2_smc(args, res);
>> +}
>> +
> 
> TBH, I don't have a strong comment for this but, I'm not sure why
> it is necessary.
> Since it calls just "smc" with the passed argments,
> I think it can be handled by default_smc_handler() without adding this
> function but return the ture for DIRECT MSG2 in ffa_call_support().
> 
> Am I missing something?
Calling `do_ffa_direct_msg` from the host ffa proxy ensures that the 
caller has negotiated a FF-A version with the hypervisor first. In turn,
this means that `ffa_call_support` can use the negotiated version to 
decide whether to proxy this interface or not.

Moreover, `kvm_host_ffa_handler` currently proxies host FF-A calls. 
Android also proxies FF-A calls from guest VMs via a similar function: 
`kvm_guest_ffa_handler` so this function avoids duplication if/when 
adding a guest proxy. This function is also where one would check FFA 
IDs before forwarding messages (to prevent spoofing). You can see the 
downstream implementation here 
https://android-review.googlesource.com/c/kernel/common/+/3422040.

> 
>>   bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
>>   {
>>   	struct arm_smccc_1_2_regs res;
>> @@ -915,6 +924,13 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
>>   	case FFA_PARTITION_INFO_GET:
>>   		do_ffa_part_get(&res, host_ctxt);
>>   		goto out_handled;
>> +	case FFA_ID_GET:
>> +		ffa_to_smccc_res_prop(&res, FFA_RET_SUCCESS, HOST_FFA_ID);
>> +		goto out_handled;
> 
> I think FFA_ID_GET should be a seperated patch?
Agreed. I've dropped it from this patch set as I don't think we need it.>
>> +	case FFA_MSG_SEND_DIRECT_REQ:
>> +	case FFA_FN64_MSG_SEND_DIRECT_REQ:
>> +		do_ffa_direct_msg(&res, host_ctxt, HOST_FFA_ID);
>> +		goto out_handled;
>>   	}
>>
>>   	if (ffa_call_supported(func_id))

Thanks,Per
Re: [PATCH 1/2] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ in host handler
Posted by Yeoreum Yun 3 months, 1 week ago 
Hi,

> >
> > >
> > > Allow direct messages to be forwarded from the host.
> > >
> > > Signed-off-by: Sebastian Ene <sebastianene@google.com>
> > > Signed-off-by: Per Larsen <perlarsen@google.com>
> > > ---
> > >   arch/arm64/kvm/hyp/nvhe/ffa.c | 16 ++++++++++++++++
> > >   1 file changed, 16 insertions(+)
> > >
> > > diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
> > > index 4e16f9b96f637599873b16148c6e40cf1210aa3e..191dcb301cca3986758fb6a49f15f1799de9f1d1 100644
> > > --- a/arch/arm64/kvm/hyp/nvhe/ffa.c
> > > +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
> > > @@ -857,6 +857,15 @@ static void do_ffa_part_get(struct arm_smccc_1_2_regs *res,
> > >   	hyp_spin_unlock(&host_buffers.lock);
> > >   }
> > >
> > > +static void do_ffa_direct_msg(struct arm_smccc_1_2_regs *res,
> > > +			      struct kvm_cpu_context *ctxt,
> > > +			      u64 vm_handle)
> > > +{
> > > +	struct arm_smccc_1_2_regs *args = (void *)&ctxt->regs.regs[0];
> > > +
> > > +	arm_smccc_1_2_smc(args, res);
> > > +}
> > > +
> >
> > TBH, I don't have a strong comment for this but, I'm not sure why
> > it is necessary.
> > Since it calls just "smc" with the passed argments,
> > I think it can be handled by default_smc_handler() without adding this
> > function but return the ture for DIRECT MSG2 in ffa_call_support().
> >
> > Am I missing something?
> Calling `do_ffa_direct_msg` from the host ffa proxy ensures that the caller
> has negotiated a FF-A version with the hypervisor first. In turn,
> this means that `ffa_call_support` can use the negotiated version to decide
> whether to proxy this interface or not.
>
> Moreover, `kvm_host_ffa_handler` currently proxies host FF-A calls. Android
> also proxies FF-A calls from guest VMs via a similar function:
> `kvm_guest_ffa_handler` so this function avoids duplication if/when adding a
> guest proxy. This function is also where one would check FFA IDs before
> forwarding messages (to prevent spoofing). You can see the downstream
> implementation here
> https://android-review.googlesource.com/c/kernel/common/+/3422040.

Thanks for sharing and clarification.

[...]

Thanks.

--
Sincerely,
Yeoreum Yun

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.