1. Patchew
  2. linux
  3. [PATCH v3 0/2] KVM: arm64: Support FF-A direct messaging interfaces
  4. View patch

[PATCH v3 1/2] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ in host handler

Per Larsen via B4 Relay posted 2 patches 2 months, 3 weeks ago
There is a newer version of this series
[PATCH v3 1/2] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ in host handler
Posted by Per Larsen via B4 Relay 2 months, 3 weeks ago 
From: Sebastian Ene <sebastianene@google.com>

Allow direct messages to be forwarded from the host. The host should
not be sending framework messages so they are filtered out.

Signed-off-by: Sebastian Ene <sebastianene@google.com>
Reviewed-by: Yeoreum Yun <yeoreum.yun@arm.com>
Signed-off-by: Per Larsen <perlarsen@google.com>
---
 arch/arm64/kvm/hyp/nvhe/ffa.c | 22 ++++++++++++++++++++++
 include/linux/arm_ffa.h       |  3 +++
 2 files changed, 25 insertions(+)

diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
index 58b7d0c477d7fce235fc70d089d175c7879861b5..a38a3ab497e5eac11777109684a33f02d88d09a1 100644
--- a/arch/arm64/kvm/hyp/nvhe/ffa.c
+++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
@@ -862,6 +862,23 @@ static void do_ffa_part_get(struct arm_smccc_1_2_regs *res,
 	hyp_spin_unlock(&host_buffers.lock);
 }
 
+static void do_ffa_direct_msg(struct arm_smccc_1_2_regs *res,
+			      struct kvm_cpu_context *ctxt,
+			      u64 vm_handle)
+{
+	DECLARE_REG(u32, flags, ctxt, 2);
+
+	struct arm_smccc_1_2_regs *args = (void *)&ctxt->regs.regs[0];
+
+	/* filter out framework messages */
+	if (FIELD_GET(FFA_MSG_FLAGS_MSG_TYPE, flags)) {
+		ffa_to_smccc_error(res, FFA_RET_INVALID_PARAMETERS);
+		return;
+	}
+
+	arm_smccc_1_2_smc(args, res);
+}
+
 bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
 {
 	struct arm_smccc_1_2_regs res;
@@ -920,6 +937,11 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
 	case FFA_PARTITION_INFO_GET:
 		do_ffa_part_get(&res, host_ctxt);
 		goto out_handled;
+	case FFA_MSG_SEND_DIRECT_REQ:
+	case FFA_FN64_MSG_SEND_DIRECT_REQ:
+
+		do_ffa_direct_msg(&res, host_ctxt, HOST_FFA_ID);
+		goto out_handled;
 	}
 
 	if (ffa_call_supported(func_id))
diff --git a/include/linux/arm_ffa.h b/include/linux/arm_ffa.h
index 81e603839c4a51873090b7e22edbe7b33a7e94df..d209d0cdac1eb804be01e4607acac8f76cc99e40 100644
--- a/include/linux/arm_ffa.h
+++ b/include/linux/arm_ffa.h
@@ -130,6 +130,9 @@
 #define FFA_FEAT_RXTX_MIN_SZ_16K	2
 #define FFA_FEAT_RXTX_MIN_SZ_MASK	GENMASK(1, 0)
 
+/* FFA message flags */
+#define FFA_MSG_FLAGS_MSG_TYPE		BIT(31)
+
 /* FFA Bus/Device/Driver related */
 struct ffa_device {
 	u32 id;

-- 
2.52.0.rc1.455.g30608eb744-goog
Re: [PATCH v3 1/2] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ in host handler
Posted by Will Deacon 1 month ago 
On Wed, Nov 19, 2025 at 02:07:53AM +0000, Per Larsen via B4 Relay wrote:
> From: Sebastian Ene <sebastianene@google.com>
> 
> Allow direct messages to be forwarded from the host. The host should
> not be sending framework messages so they are filtered out.
> 
> Signed-off-by: Sebastian Ene <sebastianene@google.com>
> Reviewed-by: Yeoreum Yun <yeoreum.yun@arm.com>
> Signed-off-by: Per Larsen <perlarsen@google.com>
> ---
>  arch/arm64/kvm/hyp/nvhe/ffa.c | 22 ++++++++++++++++++++++
>  include/linux/arm_ffa.h       |  3 +++
>  2 files changed, 25 insertions(+)
> 
> diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
> index 58b7d0c477d7fce235fc70d089d175c7879861b5..a38a3ab497e5eac11777109684a33f02d88d09a1 100644
> --- a/arch/arm64/kvm/hyp/nvhe/ffa.c
> +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
> @@ -862,6 +862,23 @@ static void do_ffa_part_get(struct arm_smccc_1_2_regs *res,
>  	hyp_spin_unlock(&host_buffers.lock);
>  }
>  
> +static void do_ffa_direct_msg(struct arm_smccc_1_2_regs *res,
> +			      struct kvm_cpu_context *ctxt,
> +			      u64 vm_handle)
> +{
> +	DECLARE_REG(u32, flags, ctxt, 2);
> +
> +	struct arm_smccc_1_2_regs *args = (void *)&ctxt->regs.regs[0];
> +
> +	/* filter out framework messages */
> +	if (FIELD_GET(FFA_MSG_FLAGS_MSG_TYPE, flags)) {

Wouldn't we be better off just checking that flags is 0? The rest of it
is SBZ or MBZ in the current spec.

> +		ffa_to_smccc_error(res, FFA_RET_INVALID_PARAMETERS);
> +		return;
> +	}
> +
> +	arm_smccc_1_2_smc(args, res);
> +}
> +
>  bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
>  {
>  	struct arm_smccc_1_2_regs res;
> @@ -920,6 +937,11 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
>  	case FFA_PARTITION_INFO_GET:
>  		do_ffa_part_get(&res, host_ctxt);
>  		goto out_handled;
> +	case FFA_MSG_SEND_DIRECT_REQ:
> +	case FFA_FN64_MSG_SEND_DIRECT_REQ:
> +

Weird whitespace addition ^^

> +		do_ffa_direct_msg(&res, host_ctxt, HOST_FFA_ID);

What's the point of passing HOST_FFA_ID here? Is that supposed to end up
in the Sender ID bits of W1?

Will
Re: [PATCH v3 1/2] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ in host handler
Posted by Sebastian Ene 1 month ago 
On Thu, Jan 08, 2026 at 03:26:21PM +0000, Will Deacon wrote:

Hi Will,

> On Wed, Nov 19, 2025 at 02:07:53AM +0000, Per Larsen via B4 Relay wrote:
> > From: Sebastian Ene <sebastianene@google.com>
> > 
> > Allow direct messages to be forwarded from the host. The host should
> > not be sending framework messages so they are filtered out.
> > 
> > Signed-off-by: Sebastian Ene <sebastianene@google.com>
> > Reviewed-by: Yeoreum Yun <yeoreum.yun@arm.com>
> > Signed-off-by: Per Larsen <perlarsen@google.com>
> > ---
> >  arch/arm64/kvm/hyp/nvhe/ffa.c | 22 ++++++++++++++++++++++
> >  include/linux/arm_ffa.h       |  3 +++
> >  2 files changed, 25 insertions(+)
> > 
> > diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
> > index 58b7d0c477d7fce235fc70d089d175c7879861b5..a38a3ab497e5eac11777109684a33f02d88d09a1 100644
> > --- a/arch/arm64/kvm/hyp/nvhe/ffa.c
> > +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
> > @@ -862,6 +862,23 @@ static void do_ffa_part_get(struct arm_smccc_1_2_regs *res,
> >  	hyp_spin_unlock(&host_buffers.lock);
> >  }
> >  
> > +static void do_ffa_direct_msg(struct arm_smccc_1_2_regs *res,
> > +			      struct kvm_cpu_context *ctxt,
> > +			      u64 vm_handle)
> > +{
> > +	DECLARE_REG(u32, flags, ctxt, 2);
> > +
> > +	struct arm_smccc_1_2_regs *args = (void *)&ctxt->regs.regs[0];
> > +
> > +	/* filter out framework messages */
> > +	if (FIELD_GET(FFA_MSG_FLAGS_MSG_TYPE, flags)) {
> 
> Wouldn't we be better off just checking that flags is 0? The rest of it
> is SBZ or MBZ in the current spec.

Yes, we can simplify it in this way.

> 
> > +		ffa_to_smccc_error(res, FFA_RET_INVALID_PARAMETERS);
> > +		return;
> > +	}
> > +
> > +	arm_smccc_1_2_smc(args, res);
> > +}
> > +
> >  bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
> >  {
> >  	struct arm_smccc_1_2_regs res;
> > @@ -920,6 +937,11 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
> >  	case FFA_PARTITION_INFO_GET:
> >  		do_ffa_part_get(&res, host_ctxt);
> >  		goto out_handled;
> > +	case FFA_MSG_SEND_DIRECT_REQ:
> > +	case FFA_FN64_MSG_SEND_DIRECT_REQ:
> > +
> 
> Weird whitespace addition ^^
> 

Let me clear this space out.


> > +		do_ffa_direct_msg(&res, host_ctxt, HOST_FFA_ID);
> 
> What's the point of passing HOST_FFA_ID here? Is that supposed to end up
> in the Sender ID bits of W1?

I can remove it, this doesn't bring too much for upstream but on the
android kernel with guest-ffa it makes sense because we need to validate
the sender to prevent impersonation.

> 
> Will

Thanks,
Sebastian
Re: [PATCH v3 1/2] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ in host handler
Posted by Will Deacon 1 month ago 
Hey Seb,

Cheers for the reply.

On Fri, Jan 09, 2026 at 11:18:33AM +0000, Sebastian Ene wrote:
> On Thu, Jan 08, 2026 at 03:26:21PM +0000, Will Deacon wrote:
> > On Wed, Nov 19, 2025 at 02:07:53AM +0000, Per Larsen via B4 Relay wrote:
> > > From: Sebastian Ene <sebastianene@google.com>
> > > 
> > > Allow direct messages to be forwarded from the host. The host should
> > > not be sending framework messages so they are filtered out.
> > > 
> > > Signed-off-by: Sebastian Ene <sebastianene@google.com>
> > > Reviewed-by: Yeoreum Yun <yeoreum.yun@arm.com>
> > > Signed-off-by: Per Larsen <perlarsen@google.com>
> > > ---
> > >  arch/arm64/kvm/hyp/nvhe/ffa.c | 22 ++++++++++++++++++++++
> > >  include/linux/arm_ffa.h       |  3 +++
> > >  2 files changed, 25 insertions(+)
> > > 
> > > diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
> > > index 58b7d0c477d7fce235fc70d089d175c7879861b5..a38a3ab497e5eac11777109684a33f02d88d09a1 100644
> > > --- a/arch/arm64/kvm/hyp/nvhe/ffa.c
> > > +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
> > > @@ -862,6 +862,23 @@ static void do_ffa_part_get(struct arm_smccc_1_2_regs *res,
> > >  	hyp_spin_unlock(&host_buffers.lock);
> > >  }
> > >  
> > > +static void do_ffa_direct_msg(struct arm_smccc_1_2_regs *res,
> > > +			      struct kvm_cpu_context *ctxt,
> > > +			      u64 vm_handle)
> > > +{
> > > +	DECLARE_REG(u32, flags, ctxt, 2);
> > > +
> > > +	struct arm_smccc_1_2_regs *args = (void *)&ctxt->regs.regs[0];
> > > +
> > > +	/* filter out framework messages */
> > > +	if (FIELD_GET(FFA_MSG_FLAGS_MSG_TYPE, flags)) {
> > 
> > Wouldn't we be better off just checking that flags is 0? The rest of it
> > is SBZ or MBZ in the current spec.
> 
> Yes, we can simplify it in this way.

I think it would also be more robust if new messaging types are added
in future, as we would fail safe.

> > > +		do_ffa_direct_msg(&res, host_ctxt, HOST_FFA_ID);
> > 
> > What's the point of passing HOST_FFA_ID here? Is that supposed to end up
> > in the Sender ID bits of W1?
> 
> I can remove it, this doesn't bring too much for upstream but on the
> android kernel with guest-ffa it makes sense because we need to validate
> the sender to prevent impersonation.

We could also validate that the sender is HOST_FFA_ID in this case, but
that seems to be missing atm.

Cheers,

Will

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.