From nobody Tue Jun 16 14:56:56 2026 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 363C542EEC7 for ; Tue, 16 Jun 2026 10:54:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607268; cv=none; b=UdaIl7NyFF80YTjDVyh3v6BKMUNtxYNeO23cCdlttopMXdQRYtj5oTsvlg6IbxswkcoECVpVPt0TJnMjNHChqYMAL9ZHNj9+tjCHFT8WEI5dF1A99Ihd1givJ+lqjjn+1CZheHRevB0ZPib1sfrtvRcW7fwRAygbxmthZumVbJg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607268; c=relaxed/simple; bh=AxhbvR2ZfFA+ZWiVMfIM4YJmysIERQasn9hcEH7J3YI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=AMYg/KRULwNkwu2K2+bsz59D5y2v1joOmOrJfCSu+ltoQ5XSecV17E7EO5QOS3cP2K0BuZ5FWvze+kd5M2xUW06VWpKPd7PgXZyqpuH7MgBOR/WACOMzD5BSSdOAkNooS4e8AE6yJH1VC7RKrGcQ7L/1kSWLQQ30sy3rAkVURUA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=UnbsARHm; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="UnbsARHm" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-460163035e3so2650909f8f.2 for ; Tue, 16 Jun 2026 03:54:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1781607266; x=1782212066; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=1MtrJN4EcerjeE6DHF17eBGjvGBuj7lWJfYdNgKlqOo=; b=UnbsARHmsPMxoxyrIqZg7DI9JqF+m/AzQLLl+TfURFc2L7NIwc79+7mbplXCSVbUhz LD0gJNGn4tzVFRCQOo2lVKWy2sqFoRZltW7Fr6cKGGptInHJEdHHDAhWwY+AmKbAPHyS zkXe71Jt27DF7muWTGX6gpESXxOGoTiekrImxzjfFqjz5sjTJk8sCnZicpsvfdvDHGtN jsaHnxn4Af0RsM8T00BSB3vvKCMqx2Fae1vwP0hm8fUttvNwZ5x2OG5ta6NLq1WOpdPM Dp7KWQnT2kO6egefvOkjzbY7Bya0L3FRP9aS9gy0UZ3m8t5v6GS7VSndobyVOEUq/hH4 DxRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781607266; x=1782212066; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1MtrJN4EcerjeE6DHF17eBGjvGBuj7lWJfYdNgKlqOo=; b=UIh2kQfIhJa5UCM0UtsDFLriQBvenHhdPEnRtKwtbAO7AqtbgCWUaQ756pNoHO31fp csWnEW5W3GqhhP64yZMN+YJpxJRBa38PK7WtzJJqABecA36H0BxHevYOiw+vKeVMvtV8 3zSz2dkqkotuwPMKKt6cwcSK1mW6bUdJ3ygW8Y7w9aQbQuSbwr05HBVIKWXkdXtWfpw+ kp3JQRE+7eEplTDxCJkWt09Q2bzM/akV1TFujchs3o96G88K1UHakYlOGED1IcBc96g1 WtR/lLogTtJoFR9KHZvnpUrcmPtRNpkyLQle4qrcEpYhuM/7k5v5gmM2+XjHOCTaNaL/ xQVg== X-Forwarded-Encrypted: i=1; AFNElJ/F1yZp1NehVOwOMCDs83jCQRIG+P/GBeflENPxzYW5eyJWUQN6fvbXj3wD7CkARhCFo2414V5dZC6XX8A=@vger.kernel.org X-Gm-Message-State: AOJu0YzLp1Xfp17daf7Y4i3T0oLiEOW/O/GY2WDxAqZ6fJOO4ngUdXIf oQp/9gc02/HWCe39rAMUXsBVJnpFYuiE8qZR8JVJjQVo5UbuJazlNEp9iV3XNib4h00fJkfFhW8 S0Vu6AI6XCYGM69ROEqfVsjwUTnnAWw== X-Received: from wmjv24.prod.google.com ([2002:a7b:cb58:0:b0:490:aeab:32d1]) (user=sebastianene job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:4e48:b0:490:e60b:6860 with SMTP id 5b1f17b1804b1-4922005e235mr182587895e9.7.1781607265338; Tue, 16 Jun 2026 03:54:25 -0700 (PDT) Date: Tue, 16 Jun 2026 10:54:09 +0000 In-Reply-To: <20260616105417.2578670-1-sebastianene@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260616105417.2578670-1-sebastianene@google.com> X-Mailer: git-send-email 2.54.0.1136.gdb2ca164c4-goog Message-ID: <20260616105417.2578670-3-sebastianene@google.com> Subject: [PATCH v3 1/7] KVM: arm64: Support FFA_NOTIFICATION_BITMAP_CREATE in host handler From: Sebastian Ene To: catalin.marinas@arm.com, maz@kernel.org, oupton@kernel.org, will@kernel.org Cc: joey.gouly@arm.com, korneld@google.com, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, android-kvm@google.com, mrigendra.chaubey@gmail.com, perlarsen@google.com, sebastianene@google.com, suzuki.poulose@arm.com, vdonnefort@google.com, yuzenghui@huawei.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Allow FF-A notification bitmap creation messages to be forwarded to Trustzone from the host and introduce a helper to check for SBZ register fields. Signed-off-by: Sebastian Ene --- arch/arm64/kvm/hyp/nvhe/ffa.c | 36 ++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index 1af722771178..b1e5f9ee86ef 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -71,6 +71,18 @@ static u32 hyp_ffa_version; static bool has_version_negotiated; static hyp_spinlock_t version_lock; =20 +static bool ffa_check_unused_args_sbz(struct kvm_cpu_context *ctxt, int fi= rst_reg) +{ + int reg; + + for (reg =3D first_reg; reg < 17; reg++) { + if (cpu_reg(ctxt, reg)) + return true; + } + + return false; +} + static void ffa_to_smccc_error(struct arm_smccc_1_2_regs *res, u64 ffa_err= no) { *res =3D (struct arm_smccc_1_2_regs) { @@ -676,7 +688,6 @@ static bool ffa_call_supported(u64 func_id) case FFA_MEM_DONATE: case FFA_MEM_RETRIEVE_REQ: /* Optional notification interfaces added in FF-A 1.1 */ - case FFA_NOTIFICATION_BITMAP_CREATE: case FFA_NOTIFICATION_BITMAP_DESTROY: case FFA_NOTIFICATION_BIND: case FFA_NOTIFICATION_UNBIND: @@ -862,6 +873,26 @@ static void do_ffa_part_get(struct arm_smccc_1_2_regs = *res, hyp_spin_unlock(&host_buffers.lock); } =20 +static void do_ffa_notif_bitmap(struct arm_smccc_1_2_regs *res, + struct kvm_cpu_context *ctxt) +{ + DECLARE_REG(u32, vmid, ctxt, 1); + struct arm_smccc_1_2_regs *args; + + if (ffa_check_unused_args_sbz(ctxt, 3)) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + + if (vmid !=3D HOST_FFA_ID) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + + args =3D (void *)&ctxt->regs.regs[0]; + hyp_smccc_1_2_smc(args, res); +} + bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id) { struct arm_smccc_1_2_regs res; @@ -920,6 +951,9 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *host_= ctxt, u32 func_id) case FFA_PARTITION_INFO_GET: do_ffa_part_get(&res, host_ctxt); goto out_handled; + case FFA_NOTIFICATION_BITMAP_CREATE: + do_ffa_notif_bitmap(&res, host_ctxt); + goto out_handled; } =20 if (ffa_call_supported(func_id)) --=20 2.54.0.1099.g489fc7bff1-goog From nobody Tue Jun 16 14:56:56 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 06C1E42EED9 for ; Tue, 16 Jun 2026 10:54:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607267; cv=none; b=bDJvQV/X3chJsJyVMCYZEAMIf5T2oL9vQcVPjXBee4I3ei5OWyDWHZPVdke0wUXIgQFRrEsHpwLg10F48gSxEJu6Bv/LgbQY5grwgGCtQ10rllIu11ltmYQRQAC7j1hv9wNDXCHoSocNC9Iw7Lexu4BwfaeJAaQC/uiIqDikn8E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607267; c=relaxed/simple; bh=aLy1aqQg9uKPDRV0yIlbf5EWWuvfUKXrVYINVrPNTmc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=d7OQHErdZP4EWW23aqfIOn3fSIO1oqtI9SmejfLdApyVe3knG3YroZowCWGEK5rig56jUKOPI1x4lbDbIo1sCbil2RVxT0U1I0zF6V5DlCapUHiocF+WU2xn/8c42yY6hyNz7V/MRfuI5k95RjeNjwU5sZ192vjyDY2xkNGtzEk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=McXQ88QO; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="McXQ88QO" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-490b79e6b94so41273895e9.2 for ; Tue, 16 Jun 2026 03:54:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1781607264; x=1782212064; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=b9YtP4kly16nC//zfpWqwF2dbg0H1K+4KeRXQuDtzJU=; b=McXQ88QO5S0rAPKZ3eZuMXaI6uzHdO8JJ0rC3zLcVZMP5iZ4oPX7+YNxNE1aTAUFyC Azagt2H1uU/+XHl24IAUXEDfyhDdx0EEgt/4z3kzqLeUrMoTyMypWRSHL3hYC4uVgOqf 4hW46TmQnCgJ3zNHPv/kv10V9hCSeN7hAbMcCnJabOodn8IQ24uANErTOOwSloJsDt3z 07KOYf1tfRTRtiRL2BLkDqODNrN9ijDeEZnzbU5LORDJk4HRm54/B5DQXRmMvhfeRSqr m5ZfC5m9Kn60+EqZNkdRVpp/+anWN3jqUxcGcBOQYZWJkQCwFDfc9lzzPAQlyRax6uOm g3Hw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781607264; x=1782212064; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=b9YtP4kly16nC//zfpWqwF2dbg0H1K+4KeRXQuDtzJU=; b=M5cgckIBQmWJI3N4Sy0dGBYN2S1CkbDAfgpUpoNKyHgKsZDbj6T5QH18XR8pJoADLi qj6FH9lIkWbQFRH4aDROSWMjQuliON3lBWMUqmktgS6LVD2shUcZmMQLhvZRnSNU4ueA 49rY66hA4zQNhIbPX/mej03LwQivyFVkvorXJX3DAoHdbXBgoStw03AhPAx4w1LkWI8G JSx37XeLWcrg3A9plARbtgPmAA4edCnCQoVEQP8/uWEDUK2jWCwxegSksl2MNYwqeuwP 1ulzzv8OPEgxdV7jT9OEy/F93V9iuxzYmFsgIJ0KFYOQkhELWZhVB6I+8Z8LXljlRmpd YTlw== X-Forwarded-Encrypted: i=1; AFNElJ9ED8NDZJbwyC+gGZrd8l2J6W4fA0WjqwnYuECuPwof5ncJQ/og4xLO9oVP9pSGSAhZnT+3p1wv87VqFFo=@vger.kernel.org X-Gm-Message-State: AOJu0Yx8tx1xiAbpTcKaT3JXrOVkm3/rHxcJBBCLwvLwpskR8+fXD/gP Li5/fFra6MHOU/GBr1axMKKH4aYM9xveMOlexxUpQjl9EgQAKvyHem1HvhPWSZKMSB7FH40VM3S 3vmlyhTrsAQSHG9mCYb9LNbzm/kZPAA== X-Received: from wmaw25.prod.google.com ([2002:a05:600c:6d59:b0:48a:5334:11e]) (user=sebastianene job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3f18:b0:490:c2a2:e91f with SMTP id 5b1f17b1804b1-4922ffc05f0mr43580905e9.35.1781607264086; Tue, 16 Jun 2026 03:54:24 -0700 (PDT) Date: Tue, 16 Jun 2026 10:54:08 +0000 In-Reply-To: <20260616105417.2578670-1-sebastianene@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260616105417.2578670-1-sebastianene@google.com> X-Mailer: git-send-email 2.54.0.1136.gdb2ca164c4-goog Message-ID: <20260616105417.2578670-2-sebastianene@google.com> Subject: [PATCH v3 1/7] KVM: arm64: Enforce strict SBZ checks in the FF-A proxy From: Sebastian Ene To: catalin.marinas@arm.com, maz@kernel.org, oupton@kernel.org, will@kernel.org Cc: joey.gouly@arm.com, korneld@google.com, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, android-kvm@google.com, mrigendra.chaubey@gmail.com, perlarsen@google.com, sebastianene@google.com, suzuki.poulose@arm.com, vdonnefort@google.com, yuzenghui@huawei.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Introduce a helper method ffa_check_unused_args_sbz to enforce strict arguments checking when the hypervisor acts as a relayer between the host and Trustzone. Signed-off-by: Sebastian Ene --- arch/arm64/kvm/hyp/nvhe/ffa.c | 47 +++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index 1af722771178..c723a21006aa 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -71,6 +71,18 @@ static u32 hyp_ffa_version; static bool has_version_negotiated; static hyp_spinlock_t version_lock; =20 +static bool ffa_check_unused_args_sbz(struct kvm_cpu_context *ctxt, int fi= rst_reg) +{ + int reg; + + for (reg =3D first_reg; reg < 17; reg++) { + if (cpu_reg(ctxt, reg)) + return true; + } + + return false; +} + static void ffa_to_smccc_error(struct arm_smccc_1_2_regs *res, u64 ffa_err= no) { *res =3D (struct arm_smccc_1_2_regs) { @@ -239,6 +251,11 @@ static void do_ffa_rxtx_map(struct arm_smccc_1_2_regs = *res, int ret =3D 0; void *rx_virt, *tx_virt; =20 + if (ffa_check_unused_args_sbz(ctxt, 4)) { + ret =3D FFA_RET_INVALID_PARAMETERS; + goto out; + } + if (npages !=3D (KVM_FFA_MBOX_NR_PAGES * PAGE_SIZE) / FFA_PAGE_SIZE) { ret =3D FFA_RET_INVALID_PARAMETERS; goto out; @@ -315,6 +332,11 @@ static void do_ffa_rxtx_unmap(struct arm_smccc_1_2_reg= s *res, DECLARE_REG(u32, id, ctxt, 1); int ret =3D 0; =20 + if (ffa_check_unused_args_sbz(ctxt, 2)) { + ret =3D FFA_RET_INVALID_PARAMETERS; + goto out; + } + if (id !=3D HOST_FFA_ID) { ret =3D FFA_RET_INVALID_PARAMETERS; goto out; @@ -421,6 +443,11 @@ static void do_ffa_mem_frag_tx(struct arm_smccc_1_2_re= gs *res, int ret =3D FFA_RET_INVALID_PARAMETERS; u32 nr_ranges; =20 + if (ffa_check_unused_args_sbz(ctxt, 5)) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + if (fraglen > KVM_FFA_MBOX_NR_PAGES * PAGE_SIZE) goto out; =20 @@ -482,6 +509,11 @@ static void __do_ffa_mem_xfer(const u64 func_id, u32 offset, nr_ranges, checked_offset; int ret =3D 0; =20 + if (ffa_check_unused_args_sbz(ctxt, 5)) { + ret =3D FFA_RET_INVALID_PARAMETERS; + goto out; + } + if (addr_mbz || npages_mbz || fraglen > len || fraglen > KVM_FFA_MBOX_NR_PAGES * PAGE_SIZE) { ret =3D FFA_RET_INVALID_PARAMETERS; @@ -581,6 +613,11 @@ static void do_ffa_mem_reclaim(struct arm_smccc_1_2_re= gs *res, int ret =3D 0; u64 handle; =20 + if (ffa_check_unused_args_sbz(ctxt, 4)) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + handle =3D PACK_HANDLE(handle_lo, handle_hi); =20 hyp_spin_lock(&host_buffers.lock); @@ -769,6 +806,11 @@ static void do_ffa_version(struct arm_smccc_1_2_regs *= res, { DECLARE_REG(u32, ffa_req_version, ctxt, 1); =20 + if (ffa_check_unused_args_sbz(ctxt, 2)) { + res->a0 =3D FFA_RET_NOT_SUPPORTED; + return; + } + if (FFA_MAJOR_VERSION(ffa_req_version) !=3D 1) { res->a0 =3D FFA_RET_NOT_SUPPORTED; return; @@ -818,6 +860,11 @@ static void do_ffa_part_get(struct arm_smccc_1_2_regs = *res, DECLARE_REG(u32, flags, ctxt, 5); u32 count, partition_sz, copy_sz; =20 + if (ffa_check_unused_args_sbz(ctxt, 6)) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + hyp_spin_lock(&host_buffers.lock); if (!host_buffers.rx) { ffa_to_smccc_res(res, FFA_RET_BUSY); --=20 2.54.0.1136.gdb2ca164c4-goog From nobody Tue Jun 16 14:56:56 2026 Received: from mail-ej1-f73.google.com (mail-ej1-f73.google.com [209.85.218.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D916A211A14 for ; Tue, 16 Jun 2026 10:54:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607272; cv=none; b=YYZcwjkCG0aOd7NuEn4MxGGoxThDdETJsw6XKd6zwk97quCP4YzkcQxaDj7e4TCXFDTTRJ4wKSM2DcEVBIwW57F0RhpLsutGvFUexnS7GkYFmU1moKKkGz5BlB/cKdWgFHH5Ruy7wJC3fFJziDqmX3oj5L9tyHs2XD9Dqq7+skU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607272; c=relaxed/simple; bh=R78PneW8eGr8V9PUCzE0jTXVbxXu0DJEAiZhgQ/397g=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=FXPw7/i2/jjtbQnM/CrqOz94YVKnDfKdHb4gWTdWkrdPvpPW2fnD634gZUpH4+NYZg4CCgcWQ7RUtM24LicRFm66qscBNnWk/3lDmnJ/SESWaifdUEoY1YCKQZhmAT75iRElllAk0IhAQakdC0FeiMipvf9N2uzjR9+gmVi4u50= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=P1gnIims; arc=none smtp.client-ip=209.85.218.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="P1gnIims" Received: by mail-ej1-f73.google.com with SMTP id a640c23a62f3a-bed16fc8424so385982266b.0 for ; Tue, 16 Jun 2026 03:54:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1781607268; x=1782212068; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=HynPX1bYuHPedGhayckv3uSerJnSLgHUWuE3kdOkpaY=; b=P1gnIimsAZqjt5sMMYKV0dXnUpB29gSFBrggCMNf43ck1zhhwMsRPhf7fmlkNykD49 geNPkAfieCfgU11PW84rouMA58QjBJB0OxQWTCidclFHKzc5xKGg42jbkPintGVMv0OB iFk3JQXYXz7P52hC3buY2PSInn7J3XqmclDabX5E0oLzYu5Pm4vzvLxujgaitGwN5iOf KVOly3NRvQsA95WN1tbEAR0JPOURMroUFGb5FHi1hTXmYIOgz1c8IXx3vLyKgtnqS0A6 YNuaaNx/OYagx/zASgndXizPLgQNSuH8NcjlW9gCIQ0IzodoelSR/ONfPPzwUtm7Y++b f9rA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781607268; x=1782212068; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=HynPX1bYuHPedGhayckv3uSerJnSLgHUWuE3kdOkpaY=; b=qKBvTz6PFlQzwjZsmNTGcZvuZGstorboPepjf94TYHVx61qxp1cxB7O+Qjwj5C7mDv wz5O97FQatMJcReZb0v60v3w8FIu7EbvWPMbL0rqAsXXjZ6shmQEMo4NZX0oUE8JyDYA aNkV8gUXrn5tvkRdw7YfmbjiPmqpjzyPzJKtBCX9+w057lLOb2goewncoonr2AsxplKv e4Wo3lJ2PKNa9w6YTKiuJrh661FzkrHYHPpVPlOFrXnScT4MhOVxFY8nR8sK2x7Dog5v JiPVTZ8R963iK4USdJv/umxQoiFvbJuMPUE8or5pLqOgEcnqvozxlsYSdEfi/pGXklxY rSHQ== X-Forwarded-Encrypted: i=1; AFNElJ8ec392yVUjoNIFtBF9vf16CY/fWfvqw0dqm/tN6nbChpojtG5/etCV5a+Emk3F8jtHR7e/MkwO/yKkTfo=@vger.kernel.org X-Gm-Message-State: AOJu0YwgAA+PF0nfbXZY1JQyyvr2wwtGX6+i2muAld5oKuPsV9E9pvdH sfblflKo/irV14TE0d3I3agRFWld9lh4B+uM2zAJ862nvZcldHOQXxQpC46yVGOj2uah85P6UCH 4PipEA8YiCLtWLeZFVNIgqh1V2VrJHw== X-Received: from ejbgh12.prod.google.com ([2002:a17:906:e08c:b0:beb:4d35:6d00]) (user=sebastianene job=prod-delivery.src-stubby-dispatcher) by 2002:a17:907:c78b:b0:bcb:8b03:9fc2 with SMTP id a640c23a62f3a-c04148ad606mr213039566b.15.1781607267865; Tue, 16 Jun 2026 03:54:27 -0700 (PDT) Date: Tue, 16 Jun 2026 10:54:11 +0000 In-Reply-To: <20260616105417.2578670-1-sebastianene@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260616105417.2578670-1-sebastianene@google.com> X-Mailer: git-send-email 2.54.0.1136.gdb2ca164c4-goog Message-ID: <20260616105417.2578670-5-sebastianene@google.com> Subject: [PATCH v3 2/7] KVM: arm64: Support FFA_NOTIFICATION_BITMAP_DESTROY in host handler From: Sebastian Ene To: catalin.marinas@arm.com, maz@kernel.org, oupton@kernel.org, will@kernel.org Cc: joey.gouly@arm.com, korneld@google.com, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, android-kvm@google.com, mrigendra.chaubey@gmail.com, perlarsen@google.com, sebastianene@google.com, suzuki.poulose@arm.com, vdonnefort@google.com, yuzenghui@huawei.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Allow FF-A notification bitmap destruction messages to be forwarded to Trustzone from the host. Signed-off-by: Sebastian Ene --- arch/arm64/kvm/hyp/nvhe/ffa.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index b1e5f9ee86ef..49a43c38a931 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -688,7 +688,6 @@ static bool ffa_call_supported(u64 func_id) case FFA_MEM_DONATE: case FFA_MEM_RETRIEVE_REQ: /* Optional notification interfaces added in FF-A 1.1 */ - case FFA_NOTIFICATION_BITMAP_DESTROY: case FFA_NOTIFICATION_BIND: case FFA_NOTIFICATION_UNBIND: case FFA_NOTIFICATION_SET: @@ -876,10 +875,12 @@ static void do_ffa_part_get(struct arm_smccc_1_2_regs= *res, static void do_ffa_notif_bitmap(struct arm_smccc_1_2_regs *res, struct kvm_cpu_context *ctxt) { + DECLARE_REG(u32, func_id, ctxt, 0); DECLARE_REG(u32, vmid, ctxt, 1); struct arm_smccc_1_2_regs *args; + u32 idx_unused_args =3D func_id =3D=3D FFA_NOTIFICATION_BITMAP_CREATE ? 3= : 2; =20 - if (ffa_check_unused_args_sbz(ctxt, 3)) { + if (ffa_check_unused_args_sbz(ctxt, idx_unused_args)) { ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); return; } @@ -952,6 +953,7 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *host_= ctxt, u32 func_id) do_ffa_part_get(&res, host_ctxt); goto out_handled; case FFA_NOTIFICATION_BITMAP_CREATE: + case FFA_NOTIFICATION_BITMAP_DESTROY: do_ffa_notif_bitmap(&res, host_ctxt); goto out_handled; } --=20 2.54.0.1099.g489fc7bff1-goog From nobody Tue Jun 16 14:56:56 2026 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 29F74439006 for ; Tue, 16 Jun 2026 10:54:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607272; cv=none; b=RIvcBD/M/c1qpR8ZtWID5D89IG8pizWLwMU5PN8lENiVMv4cC04+kX/sIy7Lr207cNTkAFp9g+lUolnA8knoF2xAYrEnFK2wxzgKTw6JM7gCV095eXEbPHzVw2UClF/q9NHErfQbPzlkTADx1F3DlPHV2K1AEpjF5AuQApVvnuY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607272; c=relaxed/simple; bh=/+fFnWAdvvrQwLBGBD1Dc3Dos7JM2b8RMhB7Aw0WOFk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=X9FJKmSkLFHq2KDvlVAxDP5/71yGkYKAs2TKeocQ5DeKJGaQlq+hsq95Q6j8JfWvIIQPP6Z5aEtnGorNT7ZCQv0kxZmbmImjZPNFY/CZHEOrzP95dwcrXHydgJ8fRcmkRhkrIjamEsFbfEsxj13kHGXFYAPpURfXAPVhbjUIwi0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=K91kbXLA; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="K91kbXLA" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-45ef0af9517so4156256f8f.3 for ; Tue, 16 Jun 2026 03:54:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1781607267; x=1782212067; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=g0WGrmRhB1PbQdF9zTXmlnmdrKaIQ3QJcD0M000UG+0=; b=K91kbXLAiPGTjCnEqAu2+JZSnLhIEucP7OIlHtEuBJpcm2ZurzODWpfQTJQIgYhTYo kZaaq+wVbrCxAx3K3X/EDdgb2O2WrZuhjGH8hHXMf63p6HWgV4yTPni36x183w5amecE mFhSERBr6FnjIgqc5W7cSAqJboHA6GNGsSv5g6ok76ycjFMfAtup9SD/dP83woam4yB/ 4YgZi+L5kWs2v38keQ8qbpIVWPK8AResZpdsUWZBZAmAFJNp0XcNsdCqU+Qkcb5LAgcE 5w62GeGkyoU14YyYQ4q6+iBidMcx3DXroYS1kH42kxx59BYMOOLw2O1ZRKFxISRsJm2L /7GA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781607267; x=1782212067; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=g0WGrmRhB1PbQdF9zTXmlnmdrKaIQ3QJcD0M000UG+0=; b=X2jGOOoRtGPgXTxzc5FZ8XL3Xl/FMd2e6G82IacWA+DCb5Ywx2bWPE6b1q98CxR5W/ Kbl+/m/3UpY0PzfskhQzh3iu5d7dXXLZgXj76A6ngK5NsMiWobD8yf8O66joxQP9qEk/ w8hYTCWc7s0nV4t5D/6Zqv+V/wuGiWrzSNNlF5zhVa13ZTZTFakUIsgvrM0R3GztLMfE EU7V3RFoV0Ecrbifcw8SfzZGVnKxUuoyv3E50uxsmDLKZtX1EGuqo+0S6CBzf9pgvkJJ ApFREVIeumJuNgeVO7U/gUsijgS1uJ6uVTukAF+MRaT8ez0ETCYmr4j0tPBv//Ouvqsi wKxA== X-Forwarded-Encrypted: i=1; AFNElJ/eSdk1+eaFUE87fLiB/wT/DG1c6Us90P3wGotGrI7rSX0FR8n2yYbBUGgirolAiA/hrmDSTI3zyFRU36g=@vger.kernel.org X-Gm-Message-State: AOJu0YyP6ZuTf/DRrvuqFifyKJPdDEKeKdoW/9qAXOG4oKA8DdMF9kK2 vdHibr1ql6b5fzKEBhEglkmMIkSP4Pk0fmfVwYiQayyExA3TgZtav5d2+0NvHsvhmh7AHKrGCy4 KZIQULMmm55cfcDrgYYzoS2Ahw5n6lQ== X-Received: from wrqu16.prod.google.com ([2002:a5d:4690:0:b0:45e:ee20:c6d3]) (user=sebastianene job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:43d4:10b0:460:5a6f:c0df with SMTP id ffacd0b85a97d-4619f3afb82mr4361777f8f.22.1781607266611; Tue, 16 Jun 2026 03:54:26 -0700 (PDT) Date: Tue, 16 Jun 2026 10:54:10 +0000 In-Reply-To: <20260616105417.2578670-1-sebastianene@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260616105417.2578670-1-sebastianene@google.com> X-Mailer: git-send-email 2.54.0.1136.gdb2ca164c4-goog Message-ID: <20260616105417.2578670-4-sebastianene@google.com> Subject: [PATCH v3 2/7] KVM: arm64: Forward FFA_NOTIFICATION_BITMAP calls to Trustzone From: Sebastian Ene To: catalin.marinas@arm.com, maz@kernel.org, oupton@kernel.org, will@kernel.org Cc: joey.gouly@arm.com, korneld@google.com, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, android-kvm@google.com, mrigendra.chaubey@gmail.com, perlarsen@google.com, sebastianene@google.com, suzuki.poulose@arm.com, vdonnefort@google.com, yuzenghui@huawei.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Allow FF-A notification bitmap messages to be forwarded to Trustzone from the host kernel driver enforce checking for SBZ fields. Signed-off-by: Sebastian Ene --- arch/arm64/kvm/hyp/nvhe/ffa.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index c723a21006aa..dc7496ec295f 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -713,8 +713,6 @@ static bool ffa_call_supported(u64 func_id) case FFA_MEM_DONATE: case FFA_MEM_RETRIEVE_REQ: /* Optional notification interfaces added in FF-A 1.1 */ - case FFA_NOTIFICATION_BITMAP_CREATE: - case FFA_NOTIFICATION_BITMAP_DESTROY: case FFA_NOTIFICATION_BIND: case FFA_NOTIFICATION_UNBIND: case FFA_NOTIFICATION_SET: @@ -909,6 +907,28 @@ static void do_ffa_part_get(struct arm_smccc_1_2_regs = *res, hyp_spin_unlock(&host_buffers.lock); } =20 +static void do_ffa_notif_bitmap(struct arm_smccc_1_2_regs *res, + struct kvm_cpu_context *ctxt) +{ + DECLARE_REG(u32, func_id, ctxt, 0); + DECLARE_REG(u32, vmid, ctxt, 1); + struct arm_smccc_1_2_regs *args; + u32 idx_unused_args =3D func_id =3D=3D FFA_NOTIFICATION_BITMAP_CREATE ? 3= : 2; + + if (ffa_check_unused_args_sbz(ctxt, idx_unused_args)) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + + if (vmid !=3D HOST_FFA_ID) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + + args =3D (void *)&ctxt->regs.regs[0]; + hyp_smccc_1_2_smc(args, res); +} + bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id) { struct arm_smccc_1_2_regs res; @@ -967,6 +987,10 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *host= _ctxt, u32 func_id) case FFA_PARTITION_INFO_GET: do_ffa_part_get(&res, host_ctxt); goto out_handled; + case FFA_NOTIFICATION_BITMAP_CREATE: + case FFA_NOTIFICATION_BITMAP_DESTROY: + do_ffa_notif_bitmap(&res, host_ctxt); + goto out_handled; } =20 if (ffa_call_supported(func_id)) --=20 2.54.0.1136.gdb2ca164c4-goog From nobody Tue Jun 16 14:56:56 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F2876438FE4 for ; Tue, 16 Jun 2026 10:54:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607272; cv=none; b=olfA0QVLAHhlfSUqnuBDHUIH9VJHDpagOYwHwZunhF4L5z5O+v6If8SmASBqSfk02VxJNbS1Tc+olhH6KAlrCGUZjyjduJeDn3akLdge6a/ivhoI3uzPtYu7uAl1PJeo09qlcQFEsinkMJedaCb8shHpAS/UkTsCSnaXmTWqLdQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607272; c=relaxed/simple; bh=l0mZkdTN2VV+fsd6+4jp+5sV/7mjSvNKmnLNFvXoifk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=EptyOwoV/sOhbo9BHHqij0gC97d8rSgUmSSlNrlza9c6sKPXd1xBwqyT2TILY/JbW4ee+Qd5TgQbG/AtTBjRB8d4reUD/BQ5tXFL5g5oSlVtfxBycZtW6xa8JGEyOWgCu+elGO7t10CrbqziRHuOezDbaoWZmsHCnSsT/rO2yMw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=CkW8mpXV; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="CkW8mpXV" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-490b0682d2fso39123135e9.0 for ; Tue, 16 Jun 2026 03:54:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1781607269; x=1782212069; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=IvZ7xBVFaIWlfxl/3gfs4VKaw5Sr61chB3pwbJcfuUs=; b=CkW8mpXVO8uOLd5iwwTaKYEse3Ztw2QOLRR9Y6ELe7imm7dkil2guTnJ/E1noVsxnc CHrvENkAaKEucOCP3YiSfdxL2myI82OUz1p9ZbbMGc/24tohOkZxR/a6Vg2qoMGwFYEP AZoJeylpUgLPthneTl5PvasP98UeRfWFg98PLxMRVHz2/a/L0puj+ixwP42ABClrbWLN 93ZwQQO/02aSaiqSFmQgrUcj/0e9nUd18z1n7SLxTn89qMblZHzDX4CO2a2SaxHWL6Uf lkrMlkEaljAnX0vBJ/sDrBDQ+Yqj9j52NphmcWPPvuo7fF+BHJNcY2KNcRqJp/DXvuPz 3wRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781607269; x=1782212069; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=IvZ7xBVFaIWlfxl/3gfs4VKaw5Sr61chB3pwbJcfuUs=; b=LqnefmBcYrzqP/L9Smt20/KneKy8AGSytFWsTnl1UxGUtPZHMgF5ZC7tKr66+DQkYy kE+lzlNUEWOVZMbI76c28ox1/lcn4rCNgMCHUu/dmiIA/wAgWL7O6fYT634GwgDboHVD JzLrDDJz4ZGWmxHr9+2VFGiBbseMACpWpvvghvvvPuTJBgrz6HZzpAvkV7SmkTGYDvF/ 96lhdcL65X+pKt7P4lOuMLcdFPbOb7oFFLjc2itDI+x+SmZErBt58nSWt/m9a28WovBY WUeVL3OEzfNc7BCgBQtv64jDFo51jpApEFaAdBp603jVmSDjTJj8E3TvXP6Apupvbmnh MTRA== X-Forwarded-Encrypted: i=1; AFNElJ/ZDG+F6IzEXevVHVIAhqWQV26F63rC9Bn0A0Ojeccbc46rgLIPYR10k9bKmvDF4t8aICU6GhkYNVH+jGY=@vger.kernel.org X-Gm-Message-State: AOJu0YyTvgyCAz5K9/KAvdAMQ1tQDZ8Xdw6LVl07aGelM9uNTxED4OBV 3/SXPK+FUXPLT1PqR6XYuKWJbYaRmfdxIkV4PX3H7e39+KoHRJapv2zQ9hxCInuNP+hk9hJ3OkJ g44qXf28PAD8EewRbP93+zda8otEBtA== X-Received: from wmbg25.prod.google.com ([2002:a05:600c:a419:b0:48a:6051:b5af]) (user=sebastianene job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3512:b0:491:9969:739d with SMTP id 5b1f17b1804b1-4922011393fmr209070225e9.29.1781607269137; Tue, 16 Jun 2026 03:54:29 -0700 (PDT) Date: Tue, 16 Jun 2026 10:54:12 +0000 In-Reply-To: <20260616105417.2578670-1-sebastianene@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260616105417.2578670-1-sebastianene@google.com> X-Mailer: git-send-email 2.54.0.1136.gdb2ca164c4-goog Message-ID: <20260616105417.2578670-6-sebastianene@google.com> Subject: [PATCH v3 3/7] KVM: arm64: Support FFA_NOTIFICATION_BIND in host handler From: Sebastian Ene To: catalin.marinas@arm.com, maz@kernel.org, oupton@kernel.org, will@kernel.org Cc: joey.gouly@arm.com, korneld@google.com, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, android-kvm@google.com, mrigendra.chaubey@gmail.com, perlarsen@google.com, sebastianene@google.com, suzuki.poulose@arm.com, vdonnefort@google.com, yuzenghui@huawei.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Verify the arguments of the FF-A notification bind call and forward the message to Trustzone. Signed-off-by: Sebastian Ene --- arch/arm64/kvm/hyp/nvhe/ffa.c | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index dc7496ec295f..3d8ed829f558 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -42,6 +42,8 @@ */ #define HOST_FFA_ID 0 =20 +#define FFA_NOTIF_SENDER_ENDP_MASK GENMASK(31, 16) + /* * A buffer to hold the maximum descriptor size we can see from the host, * which is required when the SPMD returns a fragmented FFA_MEM_RETRIEVE_R= ESP @@ -713,7 +715,6 @@ static bool ffa_call_supported(u64 func_id) case FFA_MEM_DONATE: case FFA_MEM_RETRIEVE_REQ: /* Optional notification interfaces added in FF-A 1.1 */ - case FFA_NOTIFICATION_BIND: case FFA_NOTIFICATION_UNBIND: case FFA_NOTIFICATION_SET: case FFA_NOTIFICATION_GET: @@ -929,6 +930,32 @@ static void do_ffa_notif_bitmap(struct arm_smccc_1_2_r= egs *res, hyp_smccc_1_2_smc(args, res); } =20 +static void do_ffa_notif_bind(struct arm_smccc_1_2_regs *res, + struct kvm_cpu_context *ctxt) +{ + DECLARE_REG(u32, endp_id, ctxt, 1); + DECLARE_REG(u32, flags, ctxt, 2); + struct arm_smccc_1_2_regs *args; + + if (ffa_check_unused_args_sbz(ctxt, 5)) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + + if (FIELD_GET(FFA_NOTIF_SENDER_ENDP_MASK, endp_id) !=3D HOST_FFA_ID) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + + if (flags > 1) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + + args =3D (void *)&ctxt->regs.regs[0]; + hyp_smccc_1_2_smc(args, res); +} + bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id) { struct arm_smccc_1_2_regs res; @@ -991,6 +1018,9 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *host= _ctxt, u32 func_id) case FFA_NOTIFICATION_BITMAP_DESTROY: do_ffa_notif_bitmap(&res, host_ctxt); goto out_handled; + case FFA_NOTIFICATION_BIND: + do_ffa_notif_bind(&res, host_ctxt); + goto out_handled; } =20 if (ffa_call_supported(func_id)) --=20 2.54.0.1136.gdb2ca164c4-goog From nobody Tue Jun 16 14:56:56 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D3DD436379 for ; Tue, 16 Jun 2026 10:54:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607275; cv=none; b=k9aqDd02Y+cmrf8pmODkI4JHyuHvOO51FunjLUQtLbKKKD4D+32nZ5iq8hf/oNporBGSUK4Y5ZeVeOu2RfAwiQ4Y93wSjFpp62W6SEZoqBwT78Ut7y/cIFrH3hh4oZHSumxQ6AmmRjsHcxk08D0MIf9v6/9Z2bWnD6Y84ZF76V0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607275; c=relaxed/simple; bh=soqXRg7Xq6tEXhPI7rau7QKV1ExiKRib212yAMeripw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=okXU23JS7d71cigZweUcR2sH3JxjFHU/75s/DUMuyURhnQ247VPP7HQsm6AoVEVLFIhtJwyWd1bvF22oU88qfUhWMWWxVLOuRfibrXML1uO9SvcXWDrdgpQoWcvpF0hpkbpUGqzt8TGtpqG5zoaXyH8AdDlTn4SY3H85JchKDhk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=RcU/XeYH; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="RcU/XeYH" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-490aadb1386so27023105e9.0 for ; Tue, 16 Jun 2026 03:54:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1781607271; x=1782212071; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=YDR37+e/e3c1wPMzPsYmqv2c5CPvU7koE8nHI68hmNM=; b=RcU/XeYHVuCKCT+dTGvXNq3/TXYjNghldJGJoQKeIN0UMN4QHTLk4QnhlBOgesHg2y 5f3OJ57DJt1w1TUCVYH2UTWDaHD8OBDJ1h2TOK/iniIo/jM7hTcl1uHSzTKIlEg2gtwc 4YUP8dCJcPH4ALd0dNWMWE7JfnjeFaI7f2jNj6qrlRum8+Tg/iXx5MGopTTSrc4Vpv6p D/S8D/erxOOHkXnJeN9PXNJtZdyj5fIhl50uAV68GStZz24e0NKrGgOJQ6sb8N2+LWWE +9IlozActgWoJAqoFZzhmAqAQEI/vC0+w/3qSsASfA9MW7cGnTeL35v76zP/Vzcg7R6i ZP+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781607271; x=1782212071; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=YDR37+e/e3c1wPMzPsYmqv2c5CPvU7koE8nHI68hmNM=; b=kYKbSvXAIkfRRgfy99uSgBXe1r5EubE+J1dozFC0uPDfe6xZfBlnfBqOtPfIdbVgYt b/vl+BloBArCpgW1d8ptePQSm0jx5Sd+g8qNZIa/sur9W9y0UEuZkiIu3HJaBC6TTJKE RM/RSI7bgo3C9mpijz8GeBJosjutY1qLvF4JCIZgJtzb1esOKNhrHDIMfkc59vf+iMWW IPtkCERTrR4LdoNJaW3d/CIKH25ijDUqjp3spOGwpwOJkrcB3BM3N3ycfTbKtSHfb0Wo DZgGYAgA7MBTvSX+1nNau0MOk8/peT8udWz0WVq0HWBBVp9xXBTPd7jDerx5s0/RfR6f kZFw== X-Forwarded-Encrypted: i=1; AFNElJ+fTpepF8YODJbv58IEJvaq/69sMXsT+KDOrsakQvtUH80yvW70jRXZGpNQES84jEwvZtQBVGq7LrCKHbE=@vger.kernel.org X-Gm-Message-State: AOJu0YwDNhQnPrfTS2xJtm/mcoOZ3m9/PPy3VI5iPnFfnN4T7iGE/oXi 7mz4c/eeuS4ehWyBC7EXE8WUVrzoRqBFkJyPeTN/W3PrlSDRzjsLFgPisij54yFHfyqFNvP+sMS v00xpHToHRcLagKmgfNc+cTh4igNz7g== X-Received: from wmkg1.prod.google.com ([2002:a7b:c4c1:0:b0:490:d981:b3df]) (user=sebastianene job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:821a:b0:490:3cf0:8d81 with SMTP id 5b1f17b1804b1-4922faf12edmr43932515e9.13.1781607270458; Tue, 16 Jun 2026 03:54:30 -0700 (PDT) Date: Tue, 16 Jun 2026 10:54:13 +0000 In-Reply-To: <20260616105417.2578670-1-sebastianene@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260616105417.2578670-1-sebastianene@google.com> X-Mailer: git-send-email 2.54.0.1136.gdb2ca164c4-goog Message-ID: <20260616105417.2578670-7-sebastianene@google.com> Subject: [PATCH v3 4/7] KVM: arm64: Support FFA_NOTIFICATION_UNBIND in host handler From: Sebastian Ene To: catalin.marinas@arm.com, maz@kernel.org, oupton@kernel.org, will@kernel.org Cc: joey.gouly@arm.com, korneld@google.com, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, android-kvm@google.com, mrigendra.chaubey@gmail.com, perlarsen@google.com, sebastianene@google.com, suzuki.poulose@arm.com, vdonnefort@google.com, yuzenghui@huawei.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Verify the arguments of the FF-A notification unbind call and forward the message to Trustzone. Signed-off-by: Sebastian Ene --- arch/arm64/kvm/hyp/nvhe/ffa.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index 3d8ed829f558..9ec9bc9a8622 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -715,7 +715,6 @@ static bool ffa_call_supported(u64 func_id) case FFA_MEM_DONATE: case FFA_MEM_RETRIEVE_REQ: /* Optional notification interfaces added in FF-A 1.1 */ - case FFA_NOTIFICATION_UNBIND: case FFA_NOTIFICATION_SET: case FFA_NOTIFICATION_GET: case FFA_NOTIFICATION_INFO_GET: @@ -956,6 +955,27 @@ static void do_ffa_notif_bind(struct arm_smccc_1_2_reg= s *res, hyp_smccc_1_2_smc(args, res); } =20 +static void do_ffa_notif_unbind(struct arm_smccc_1_2_regs *res, + struct kvm_cpu_context *ctxt) +{ + DECLARE_REG(u32, endp_id, ctxt, 1); + DECLARE_REG(u32, reserved, ctxt, 2); + struct arm_smccc_1_2_regs *args; + + if (ffa_check_unused_args_sbz(ctxt, 5) || reserved) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + + if (FIELD_GET(FFA_NOTIF_SENDER_ENDP_MASK, endp_id) !=3D HOST_FFA_ID) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + + args =3D (void *)&ctxt->regs.regs[0]; + arm_smccc_1_2_smc(args, res); +} + bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id) { struct arm_smccc_1_2_regs res; @@ -1021,6 +1041,9 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *hos= t_ctxt, u32 func_id) case FFA_NOTIFICATION_BIND: do_ffa_notif_bind(&res, host_ctxt); goto out_handled; + case FFA_NOTIFICATION_UNBIND: + do_ffa_notif_unbind(&res, host_ctxt); + goto out_handled; } =20 if (ffa_call_supported(func_id)) --=20 2.54.0.1136.gdb2ca164c4-goog From nobody Tue Jun 16 14:56:56 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 64B22439009 for ; Tue, 16 Jun 2026 10:54:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607278; cv=none; b=CD4zKmnw8COBT3gwDEHJi97faiCeUGtjJdVfQceX6d5i9+5Am9LCemo+a4iEA61SNOuYQu1aMkmrlDUi4I5IqJ94WXXViL2602NFczEO28dWHxz/DB4S41jyvbKjRehjM517/xAJ5GnWkbIet2FtQfhA8k+C6oLaQX95eWZTfbE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607278; c=relaxed/simple; bh=Agm+Ctlat4H+3Nw+TepLaz7IWysNnstjoNGy/xNkUgc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=mZVCErF5GUFsR4aNhBVKzKLfd4LkLOYwcwdh/dFoelfFmRNqxrVhcuEvIqhadjlZkrqsVOC4/tW6GDSbl3g/Z8bpT2kUo3A3xnZwpW1PMJdIbtEPLuHSoNAlJW5sbdl7n5Esk4WNXBzWVTF+NQe5tmuIz8cOdcOSu7gE00BXxnI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=aUekd8Br; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="aUekd8Br" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-490bae3a39bso43565785e9.1 for ; Tue, 16 Jun 2026 03:54:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1781607272; x=1782212072; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=rOHLtsQ7Dkg79lD0jO5Fo0V8aU+vyRvk3bi+qkulMVA=; b=aUekd8Brov4aJBmNZ7lW5rXwY3naNP72eghZgddaWZFFCyooRt7rpFhTLtoaUjvT5z bHey9c5L7OXxXhgN+PZ9zlSdujgmTnaBW0rTldxggp6rxrMIt2TSM26z6mjkgAgs4uRc FRBCFaAws8nSDMgW9LpsMqW/EAP+dGr45iI8Zj7ETty113u4G6ozax3W1+VBDgYZ+hmT V/mPLB9mcsjd/sXCa/pc6Cv0MKxXtuvQbzF1rOQoSJifeqygE+WT9mLRiim8OZftBYGI DUP1rYwlQbExpTs5QTI82yJaqfWVaIh4RzjHrLpuyza0ofC/T5E6rkQwO5zhdpTiiSKR ioxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781607272; x=1782212072; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=rOHLtsQ7Dkg79lD0jO5Fo0V8aU+vyRvk3bi+qkulMVA=; b=BnvmFIhqJEWCXOD4+xjHUF1E4shXvcstqf9R8QLtSIN/3d5XttS6IS3lxAaShWyNv9 qoVkkP/8vkcnrow31QiM9DR3WPXj2hqaIbnewOb/PSP1sn/GXwHqPcrzOW8DrQabKq+A UXSkWie4JZ9cjjBhLYfYAL6UGvXG4cLSO8S5ELWX7HxJPi0rDLjvRABq2lv6IGQRwn5B jJiIR/oFEmdGVVSwE+SI4hrARYdbSRxr19vG3xB7hJlEPkryETBzIe2s8P8lEkvO1MAC 9fxY6L9db1Xmf7x06/t6AiUiTg1TGFMCCw6ozE2RcunYTl+ERDltmrQ1OnkTlJ+3BZNr F1CA== X-Forwarded-Encrypted: i=1; AFNElJ/7CtVWn17oueUs7Zlat7samFY3ZU6wBtoWOFNx/kCS7ozsnHtN70vobi9Un1rmVUDMrkKHiUiISWu/uOc=@vger.kernel.org X-Gm-Message-State: AOJu0YzjFg46Vm8YBRseR5s6DGs8Jo4/W/N8sJNwL3JQ4LdrrPKZYxOL eBGRl67GYrBlCaDDJUUtEKEeDV8uW0pDkhTGdtPFjFBaPWi3RXiX4gWIAcdKDEHqM3gcbjeN4Ik 0fCZrgT/vEpPa6BIt/p9TCRM/zPJefw== X-Received: from wmjq15.prod.google.com ([2002:a7b:ce8f:0:b0:490:7e29:9cea]) (user=sebastianene job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1d08:b0:492:2e93:1199 with SMTP id 5b1f17b1804b1-4922e9311a5mr65735675e9.15.1781607271681; Tue, 16 Jun 2026 03:54:31 -0700 (PDT) Date: Tue, 16 Jun 2026 10:54:14 +0000 In-Reply-To: <20260616105417.2578670-1-sebastianene@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260616105417.2578670-1-sebastianene@google.com> X-Mailer: git-send-email 2.54.0.1136.gdb2ca164c4-goog Message-ID: <20260616105417.2578670-8-sebastianene@google.com> Subject: [PATCH v3 5/7] KVM: arm64: Support FFA_NOTIFICATION_SET in host handler From: Sebastian Ene To: catalin.marinas@arm.com, maz@kernel.org, oupton@kernel.org, will@kernel.org Cc: joey.gouly@arm.com, korneld@google.com, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, android-kvm@google.com, mrigendra.chaubey@gmail.com, perlarsen@google.com, sebastianene@google.com, suzuki.poulose@arm.com, vdonnefort@google.com, yuzenghui@huawei.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Allow FF-A notification SET messages to be proxied from the pKVM hypervisor to Trustzone and enforce MBZ/SBZ fields. Signed-off-by: Sebastian Ene --- arch/arm64/kvm/hyp/nvhe/ffa.c | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index 9ec9bc9a8622..fcfaa441770d 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -715,7 +715,6 @@ static bool ffa_call_supported(u64 func_id) case FFA_MEM_DONATE: case FFA_MEM_RETRIEVE_REQ: /* Optional notification interfaces added in FF-A 1.1 */ - case FFA_NOTIFICATION_SET: case FFA_NOTIFICATION_GET: case FFA_NOTIFICATION_INFO_GET: /* Optional interfaces added in FF-A 1.2 */ @@ -976,6 +975,32 @@ static void do_ffa_notif_unbind(struct arm_smccc_1_2_r= egs *res, arm_smccc_1_2_smc(args, res); } =20 +static void do_ffa_notif_set(struct arm_smccc_1_2_regs *res, + struct kvm_cpu_context *ctxt) +{ + DECLARE_REG(u32, endp_id, ctxt, 1); + DECLARE_REG(u32, flags, ctxt, 2); + struct arm_smccc_1_2_regs *args; + + if (FIELD_GET(FFA_NOTIF_SENDER_ENDP_MASK, endp_id) !=3D HOST_FFA_ID) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + + if (ffa_check_unused_args_sbz(ctxt, 5)) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + + if (flags & GENMASK(15, 2)) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + + args =3D (void *)&ctxt->regs.regs[0]; + arm_smccc_1_2_smc(args, res); +} + bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id) { struct arm_smccc_1_2_regs res; @@ -1044,6 +1069,9 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *hos= t_ctxt, u32 func_id) case FFA_NOTIFICATION_UNBIND: do_ffa_notif_unbind(&res, host_ctxt); goto out_handled; + case FFA_NOTIFICATION_SET: + do_ffa_notif_set(&res, host_ctxt); + goto out_handled; } =20 if (ffa_call_supported(func_id)) --=20 2.54.0.1136.gdb2ca164c4-goog From nobody Tue Jun 16 14:56:56 2026 Received: from mail-ej1-f73.google.com (mail-ej1-f73.google.com [209.85.218.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F0E9943C069 for ; Tue, 16 Jun 2026 10:54:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607278; cv=none; b=U5GqPbAFLx8N+OE2NQZCaEnY1cdiQ4iUKeDY6h6OYRSAulLk6kPfr9/6eOhua2ALU9gfL57nckUDNDLkD6oIHnMmOzIyEKI/xlCwILu5oJKnuu0XVUwxwMisXYOxATnl08r8CxNgFBcTlp6ABMq0J5lPPTkjp42JzHl4WC7sH9o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607278; c=relaxed/simple; bh=pGIm6ajCFKdAmh02tN2y3M1/MFCCXAAzmaRbbmmWEa8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=u/chjApniDq8HDcu5moQvDEKbpcUP+tCqBudPKhPNvkvfcm0DdfI1dkcHFPFvxp2Zq9zbEi0ckSPw6hyumPGcESnoy+Vfpj93QD9VZ0M+y/R8XirzfGa/3oBN+DIzB9qg+PCfAhAUnrWcBUH3kuzrvxshc3Wx4L6as/ff2I9AJE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=WC8S2Inv; arc=none smtp.client-ip=209.85.218.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="WC8S2Inv" Received: by mail-ej1-f73.google.com with SMTP id a640c23a62f3a-bee055582b7so338835366b.3 for ; Tue, 16 Jun 2026 03:54:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1781607273; x=1782212073; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=2TDzPlo+obG7Khugzgn+eWzESFaACPnZFWLiw8gSSDQ=; b=WC8S2InvpZxMwe3KdN3tRGJFPA0uWLida93dkfy4m9DThlrLME12GX948tR+ABPF1p xCU4lOpozOFvyPMoEC/dS/504W6bRAkwXge0omrhm2R3kiHhwTUfhvGA/+hmySEfnDtT g6pz1jozVVAb6+unEdwVLYuoiifxQisafJJF/E4q8dbQqE+xUprj+W4pY/o2SIIQoWhr feGUShqbO06velIWqormpApu5U8EEMLsdGeWDvo/U3VEntPZWoF5ieWEtHkIwrkqtf9v g3fICdeJzvNeNLeve8NKauzfB88qXcwEQHB4MNI89UwIgPTiuLsi3Rn2UU5ZaT5Csrow 3dng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781607273; x=1782212073; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2TDzPlo+obG7Khugzgn+eWzESFaACPnZFWLiw8gSSDQ=; b=T+czQy50szRFiD5rSTPP3HMFY6uK/yWeqzTD9Jpc1bAPnnVP9b/8R8kKx2QHXNhJIm csvZyo5Lrf8tZ6dqRC7PzSpXmIt6x7gJ5b6fwLYGjiQDRS1l16IMg7i0qlbDRUefx4jv dwSdRt8LG8RxHWqfye0Ipre1k+Rz7Ng4UxzrLgWY+jYDrxK8O3946oyn8XE6lnqJmSsa iawXzcchH3HsQN5tjxMcYNaRV4bhMnS2hPpdoQUlQwcXDt5Tz51/dUtZmfEYnTEq6KeN QZ6mflFqvU83PIW+CAvr3zLsMGsMPrLlgC+DkkQnEoiq7SLJkq9p3nF5lsfFficPEYaV th1Q== X-Forwarded-Encrypted: i=1; AFNElJ/HhB5zCLAtQI0OanKPsOiIgB1GiMkZTnCW6SoUejZY1e/1G6joL+01vdUcgqr6OJpCnUivDjgzOBUcY7I=@vger.kernel.org X-Gm-Message-State: AOJu0YyLBsOAHXs6kCTzB+EOnOynkmTrEXltm/Uj2Stt8ixr8x4gTsWm d89vucWGgb6gtTuVizFbB+yI/c67GzjP23Y261ESBfA5QCVnYHw+/YW9a2vAr2EtH/0GLWW2q5D wo1x2rquBPuRq/uShqvd7EQziS4uNoA== X-Received: from ejcjl3.prod.google.com ([2002:a17:907:75c3:b0:c04:5e68:2b37]) (user=sebastianene job=prod-delivery.src-stubby-dispatcher) by 2002:a17:906:8a72:b0:c00:f408:c8b7 with SMTP id a640c23a62f3a-c043ee23d0emr122018466b.28.1781607272779; Tue, 16 Jun 2026 03:54:32 -0700 (PDT) Date: Tue, 16 Jun 2026 10:54:15 +0000 In-Reply-To: <20260616105417.2578670-1-sebastianene@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260616105417.2578670-1-sebastianene@google.com> X-Mailer: git-send-email 2.54.0.1136.gdb2ca164c4-goog Message-ID: <20260616105417.2578670-9-sebastianene@google.com> Subject: [PATCH v3 6/7] KVM: arm64: Support FFA_NOTIFICATION_GET in host handler From: Sebastian Ene To: catalin.marinas@arm.com, maz@kernel.org, oupton@kernel.org, will@kernel.org Cc: joey.gouly@arm.com, korneld@google.com, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, android-kvm@google.com, mrigendra.chaubey@gmail.com, perlarsen@google.com, sebastianene@google.com, suzuki.poulose@arm.com, vdonnefort@google.com, yuzenghui@huawei.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Allow FF-A notification GET messages to be proxied from the pKVM hypervisor to Trustzone and enforce MBZ/SBZ fields. Signed-off-by: Sebastian Ene --- arch/arm64/kvm/hyp/nvhe/ffa.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index fcfaa441770d..549250ff8f82 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -715,7 +715,6 @@ static bool ffa_call_supported(u64 func_id) case FFA_MEM_DONATE: case FFA_MEM_RETRIEVE_REQ: /* Optional notification interfaces added in FF-A 1.1 */ - case FFA_NOTIFICATION_GET: case FFA_NOTIFICATION_INFO_GET: /* Optional interfaces added in FF-A 1.2 */ case FFA_MSG_SEND_DIRECT_REQ2: /* Optional per 7.5.1 */ @@ -1001,6 +1000,26 @@ static void do_ffa_notif_set(struct arm_smccc_1_2_re= gs *res, arm_smccc_1_2_smc(args, res); } =20 +static void do_ffa_notif_get(struct arm_smccc_1_2_regs *res, + struct kvm_cpu_context *ctxt) +{ + DECLARE_REG(u32, flags, ctxt, 2); + struct arm_smccc_1_2_regs *args; + + if (ffa_check_unused_args_sbz(ctxt, 3)) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + + if (flags & GENMASK(31, 4)) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + + args =3D (void *)&ctxt->regs.regs[0]; + arm_smccc_1_2_smc(args, res); +} + bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id) { struct arm_smccc_1_2_regs res; @@ -1072,6 +1091,9 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *hos= t_ctxt, u32 func_id) case FFA_NOTIFICATION_SET: do_ffa_notif_set(&res, host_ctxt); goto out_handled; + case FFA_NOTIFICATION_GET: + do_ffa_notif_get(&res, host_ctxt); + goto out_handled; } =20 if (ffa_call_supported(func_id)) --=20 2.54.0.1136.gdb2ca164c4-goog From nobody Tue Jun 16 14:56:56 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F398043C06A for ; Tue, 16 Jun 2026 10:54:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607277; cv=none; b=dT2A8Ximih+PzY4sgCYyyurH0J0zww6noOYqKEoveS1n+UImUBa4hqfKOUB5KQUp0uI7c7iFXVuBvBOEVaqFeaWNsdmLprFY6sSSXjuNZEJqy8CdzwcYWCXgmFLZkWPJi0/zSyQZYqAO7p/Ea5t5LHvEo0aLSO9hFZ83x0I0muo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781607277; c=relaxed/simple; bh=j1mQ8kdXaAUSyoc7CFE8/gvR2NiSPeNLQiAPubEZ/GY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=f/EcL/4Oh2hinrtvtJeU/yZEMWq7lRfFl6FPR+9Ndyq2JeXKdMcQZd5n9n91fCSfIGgJ1cRkHsawzgIhx9dZWkwlFHvW6TRSmV2y7tqnppp0xFK7L22nUaSIefAOWCAWjr6QwnNBf4p81P4k5LKygwE+dHEtCDCfNcBog5qjIv0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=UY1tQQCz; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="UY1tQQCz" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-490b7959b9fso45010545e9.2 for ; Tue, 16 Jun 2026 03:54:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1781607274; x=1782212074; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ZkEKjP1Wo3utwvpO8El//6ig/85bmiEc+30pFMiWQQA=; b=UY1tQQCzrpZ2a9pFR/EoPpIoEe2bkfrwcVMFnfzL7zAZ49unIVfbGxaC7vxrB1H7bG A7ysxYUYEupBtmyimVDyfI29HdY670xeBMP3rGNlc3C0nSOS32+3GDFzzdxRYq15Pw/V Ofkafgh6ld3EkT1KWQaBx7euqYOi0KRJa6ENAHbyCBwFPOomXezFgJPiRU5xTssh0nlv pBYv/uqSsD1czS+DV8I+BzvQYwnaeEeDRyg2lCnOu++StCLsAWBecKpy96RlLyVaPZDn vlhLtvyRLCTDtfc3ONcIiO99tkucp6WwqbfNT4ED0PaZcOW58ODwdkELmTapg8ofl5r3 RT7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781607274; x=1782212074; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ZkEKjP1Wo3utwvpO8El//6ig/85bmiEc+30pFMiWQQA=; b=N3JatqAHeKEaiIgY+3KjnBUx7fBbfRXuH8qK/CNJm5pU0CUZvzwTDr7xbJ0BcrmxtV PqIAJ0gZOUO1kkBwAtKjfbAhXD+q27s+S0g8NU+ZRQbeLhLOFy5RgOklwoQR21SnVpdo 9cYUdiYG8nOQRLOE+bbBd2Dfab1aeT/ummYt9bRkOh4fc4N5lKkDeTwj/Y7cgEPwLLn4 d3JHHNGIN+9/q2sbYmTEtB9Ekg4rw89cox5mnCKFl7jmh14kVKfvMtBZ4Ff+1/cXIMMm RuqqBZikauKZp5nAVHzsbKvWEwoV7C3DNGMNUINsRwnL+OaNIY+NLNZIFuRM0v0yAbkP Dlcg== X-Forwarded-Encrypted: i=1; AFNElJ+ccLM91imS3wVbq1+15nDhI4TtnvcYMHsLerGTUaV2MNFz6PmXlLcknZMCjWjoOnpWql04KtcQk2u9sEk=@vger.kernel.org X-Gm-Message-State: AOJu0YyFtjXbQdHZaai3I9Mc5GgCHSb2qWgH5s72udNtV37XEORSr7mV db3Oeld47eSIji93Eo/cqspRE/6l2gMqp8HKWiGMPW9yBrSRorCB3ua/OffDP+torb7HZHLFJVo TCGFOq/BjWYrr4MxRGBe1i6zpKvflKg== X-Received: from wmsk20-n2.prod.google.com ([2002:a05:600d:8494:20b0:490:b475:af3a]) (user=sebastianene job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:6214:b0:48f:d612:3c59 with SMTP id 5b1f17b1804b1-4922ff93874mr45013535e9.9.1781607274059; Tue, 16 Jun 2026 03:54:34 -0700 (PDT) Date: Tue, 16 Jun 2026 10:54:16 +0000 In-Reply-To: <20260616105417.2578670-1-sebastianene@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260616105417.2578670-1-sebastianene@google.com> X-Mailer: git-send-email 2.54.0.1136.gdb2ca164c4-goog Message-ID: <20260616105417.2578670-10-sebastianene@google.com> Subject: [PATCH v3 7/7] KVM: arm64: Support FFA_NOTIFICATION_INFO_GET in host handler From: Sebastian Ene To: catalin.marinas@arm.com, maz@kernel.org, oupton@kernel.org, will@kernel.org Cc: joey.gouly@arm.com, korneld@google.com, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, android-kvm@google.com, mrigendra.chaubey@gmail.com, perlarsen@google.com, sebastianene@google.com, suzuki.poulose@arm.com, vdonnefort@google.com, yuzenghui@huawei.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Allow the host to query the FF-A notifiction status and proxy the info get message to Trustzone. Make sure that the SBZ fields are enforced. Signed-off-by: Sebastian Ene --- arch/arm64/kvm/hyp/nvhe/ffa.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index 549250ff8f82..dac30a5fcf5a 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -714,8 +714,6 @@ static bool ffa_call_supported(u64 func_id) case FFA_RXTX_MAP: case FFA_MEM_DONATE: case FFA_MEM_RETRIEVE_REQ: - /* Optional notification interfaces added in FF-A 1.1 */ - case FFA_NOTIFICATION_INFO_GET: /* Optional interfaces added in FF-A 1.2 */ case FFA_MSG_SEND_DIRECT_REQ2: /* Optional per 7.5.1 */ case FFA_MSG_SEND_DIRECT_RESP2: /* Optional per 7.5.1 */ @@ -1020,6 +1018,20 @@ static void do_ffa_notif_get(struct arm_smccc_1_2_re= gs *res, arm_smccc_1_2_smc(args, res); } =20 +static void do_ffa_notif_info_get(struct arm_smccc_1_2_regs *res, + struct kvm_cpu_context *ctxt) +{ + struct arm_smccc_1_2_regs *args; + + if (ffa_check_unused_args_sbz(ctxt, 1)) { + ffa_to_smccc_res(res, FFA_RET_INVALID_PARAMETERS); + return; + } + + args =3D (void *)&ctxt->regs.regs[0]; + arm_smccc_1_2_smc(args, res); +} + bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id) { struct arm_smccc_1_2_regs res; @@ -1094,6 +1106,9 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *hos= t_ctxt, u32 func_id) case FFA_NOTIFICATION_GET: do_ffa_notif_get(&res, host_ctxt); goto out_handled; + case FFA_NOTIFICATION_INFO_GET: + do_ffa_notif_info_get(&res, host_ctxt); + goto out_handled; } =20 if (ffa_call_supported(func_id)) --=20 2.54.0.1136.gdb2ca164c4-goog