From nobody Sun Jun 14 07:35:51 2026 Received: from mail-ed1-f74.google.com (mail-ed1-f74.google.com [209.85.208.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7EE41296BD3 for ; Fri, 1 May 2026 11:45:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777635922; cv=none; b=eTHsV4mGIESgL+/0T6+mtDxvIlVWlX2srzMyttmdU+nxA/5cTHJ7YodhWnxpP46tIvqSJlxRQ9Hrhl2siQKWBiyg30Qa/9Bf7ql3XLY2TV43+Z6O9IHcZxPkgGS2x8u2IUQ2o6jQAyy97yy7w5m59QeERbpnCEz1yNhO7JkZDkc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777635922; c=relaxed/simple; bh=PXr4pbDQjM8g61nqlSL4uG2waHwu49CNFEu9ciJNGUI=; h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=OGhGcaW6KvoTKlfNHRQ6tZYXJkmfBUwbxlG7ENfgibtu2/I8GQoks6Wutmu4Oc7Zpld08zxX9FKEmIdH15qkAjt/xlrJ75QlQ8xGXSRLgCFM/+RtAC9x2yVOt1Bt45GbYK5Te32zdJbIuEvAYhHAIVc87kFessLT3z4viZdtQkI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=a4R/Ce/j; arc=none smtp.client-ip=209.85.208.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="a4R/Ce/j" Received: by mail-ed1-f74.google.com with SMTP id 4fb4d7f45d1cf-67b9353942bso566774a12.0 for ; Fri, 01 May 2026 04:45:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1777635919; x=1778240719; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=7KgqZx+Fsyugile3PZCp4dg4EBjBcAxKu/8HH+dIz9w=; b=a4R/Ce/jODf/yTOgcEWqy/NGQwzyn/xO1kCk6qfuOVau+Q49tUc7gObVtLldK7kCBx wT/ikjmckuxrvv5hRZR2P+/XXgtsD/25vsPEpEiibmL/wzVSVO07PWXj809f1+zlP3N8 mReT9x3ksms0czxZCEgjdJq7xV4/h6R0DSPbt4ct5UVmiS6bnz2Eb4yzVoi3sihURy6p kTzOQTv63ZI47SrwGUjIKN6pm5NeeuyhUV4m9KLmAu2mqxD0/Kk0yov/6MNg32gYAC4f VX9YWQRFDBdVLrVlETtUrrFiA/vy5VWtQacGrVjyWJjKlCFof5BGKD/85vs4Oej2kB8x FnTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777635919; x=1778240719; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=7KgqZx+Fsyugile3PZCp4dg4EBjBcAxKu/8HH+dIz9w=; b=YoCqDr2rXmn3QIsVMFfjek5xBep0tv9YaN3hAswh6npRUmBASs/bdnC4ZeaDwaK+Uw SX7H9WfUD86ZiUytqveC4YCG+i6jW1DN4o27z17jdnV4ue86vdql1Wsc/PHJ7utRabyG RQKKSFGKU642anvWo7/dnK2fszDPZKDo0oGP8Y6YxK3PyiehJk0057j1arbxD8IkSIoX FrhNAi0weSrlAaApyTferGKENTNcB5ZAVlpLYTItreLOL9+HIVdsZNsYMqNRhEbmn5fC b86zInKAw3n7I/1bfHsCMyY9sAiTVom/mWjjAEi3QLXEN+NmQ7chnkxOcUI9SGsrmxHQ Sglw== X-Forwarded-Encrypted: i=1; AFNElJ9Yk0UzpGU1NRXyJNykc3wkDrZXw5Y73dIPlR1itlJu0foUzT6KQ6f2t3dGVLTendcI8TlOcmqdgUOwnvs=@vger.kernel.org X-Gm-Message-State: AOJu0YxIh/qLz13kl0PWUAPcEJoOdBH06RRtV6kZpNNfUgFmImwxkxrl qNnEq9z/aLzqz7RjRFv3wn4gWHUiFmbpwgnvP/v9P9xKDXsVjYZ7ToA7IarfhU5giYT8kAT8Ni4 8Ibk8IpAotZIRQsArfVEn7JMdMKywGQ== X-Received: from edbgy7.prod.google.com ([2002:a05:6402:5bc7:b0:674:dc48:b1f2]) (user=sebastianene job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6402:5209:b0:672:8f26:8aad with SMTP id 4fb4d7f45d1cf-67b96e73d68mr1282304a12.9.1777635918653; Fri, 01 May 2026 04:45:18 -0700 (PDT) Date: Fri, 1 May 2026 11:44:48 +0000 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog Message-ID: <20260501114447.2389222-2-sebastianene@google.com> Subject: [PATCH] KVM: arm64: Forward FFA_NOTIFICATION* calls to TrustZone From: Sebastian Ene To: catalin.marinas@arm.com, maz@kernel.org, oupton@kernel.org, will@kernel.org Cc: joey.gouly@arm.com, korneld@google.com, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, android-kvm@google.com, mrigendra.chaubey@gmail.com, perlarsen@google.com, sebastianene@google.com, suzuki.poulose@arm.com, vdonnefort@google.com, yuzenghui@huawei.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Remove the FFA_NOTIFICATION* calls from the blocklist used by the pKVM FF-A proxy. This restriction was preventing the use of asynchronous signaling mechanisms defined by the Arm FF-A specification to communicate with the secure services. While these calls are markes as optional, there is no reason why the hypervisor proxy would block them because: 1. Host is the Sole Non-Secure Endpoint: The Host operates as the only Non-Secure VM ID (VM ID 0) recognized by the Secure World. Because all forwarded notifications are inherently attributed to the Host by the SPMC, there is no risk of VM ID spoofing originating from the Normal World. 2. No Memory Pointers or Addresses: The FFA_NOTIFICATION_* ABIs operate strictly via register-based parameters, passing only VM IDs, VCPU IDs, flags, and bitmaps. Because these calls do not contain memory addresses, offsets, or pointers, forwarding them doesn't pose a risk of memory-based confused deputy attack (e.g., tricking the SPMC into overwriting protected memory). While the pKVM proxy behaves as a relayer, it doesn't currently have its own FF-A ID(only the host has the ID 0). The behavior of the setup flow is covered by the spec in the: '10.9 Notification support without a Hypervisor'. Signed-off-by: Sebastian Ene --- arch/arm64/kvm/hyp/nvhe/ffa.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index 1af722771178..a82d0cd22a17 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -675,14 +675,6 @@ static bool ffa_call_supported(u64 func_id) case FFA_RXTX_MAP: case FFA_MEM_DONATE: case FFA_MEM_RETRIEVE_REQ: - /* Optional notification interfaces added in FF-A 1.1 */ - case FFA_NOTIFICATION_BITMAP_CREATE: - case FFA_NOTIFICATION_BITMAP_DESTROY: - case FFA_NOTIFICATION_BIND: - case FFA_NOTIFICATION_UNBIND: - case FFA_NOTIFICATION_SET: - case FFA_NOTIFICATION_GET: - case FFA_NOTIFICATION_INFO_GET: /* Optional interfaces added in FF-A 1.2 */ case FFA_MSG_SEND_DIRECT_REQ2: /* Optional per 7.5.1 */ case FFA_MSG_SEND_DIRECT_RESP2: /* Optional per 7.5.1 */ --=20 2.54.0.545.g6539524ca2-goog