| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250529120523.GA29242@willie-the-truck> Date: Thu, 29 May 2025 13:05:24 +0100 From: Will Deacon <will@...nel.org> To: perlarsen@...gle.com Cc: Marc Zyngier <maz@...nel.org>, Oliver Upton <oliver.upton@...ux.dev>, Joey Gouly <joey.gouly@....com>, Suzuki K Poulose <suzuki.poulose@....com>, Zenghui Yu <yuzenghui@...wei.com>, Catalin Marinas <catalin.marinas@....com>, Sudeep Holla <sudeep.holla@....com>, linux-arm-kernel@...ts.infradead.org, kvmarm@...ts.linux.dev, linux-kernel@...r.kernel.org, sebastianene@...gle.com, qperret@...gle.com, qwandor@...gle.com, arve@...roid.com, perl@...unant.com, lpieralisi@...nel.org, kernel-team@...roid.com, tabba@...gle.com, james.morse@....com, armellel@...gle.com, jean-philippe@...aro.org, ahomescu@...gle.com Subject: Re: [PATCH v4 3/5] KVM: arm64: Mark FFA_NOTIFICATION_* calls as unsupported On Fri, May 16, 2025 at 12:14:02PM +0000, Per Larsen via B4 Relay wrote: > From: Per Larsen <perlarsen@...gle.com> > > Prevent FFA_NOTIFICATION_* interfaces from being passed through to TZ. > > Signed-off-by: Per Larsen <perlarsen@...gle.com> > --- > arch/arm64/kvm/hyp/nvhe/ffa.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c > index b3d016bee404ce3f8c72cc57befb4ef4e6c1657f..a545d25002c85b79a8d281739479dab7838a7cd3 100644 > --- a/arch/arm64/kvm/hyp/nvhe/ffa.c > +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c > @@ -632,6 +632,14 @@ static bool ffa_call_supported(u64 func_id) > case FFA_RXTX_MAP: > case FFA_MEM_DONATE: > case FFA_MEM_RETRIEVE_REQ: > + /* Optional notification interfaces added in FF-A 1.1 */ > + case FFA_NOTIFICATION_BITMAP_CREATE: > + case FFA_NOTIFICATION_BITMAP_DESTROY: > + case FFA_NOTIFICATION_BIND: > + case FFA_NOTIFICATION_UNBIND: > + case FFA_NOTIFICATION_SET: > + case FFA_NOTIFICATION_GET: > + case FFA_NOTIFICATION_INFO_GET: > return false; Acked-by: Will Deacon <will@...nel.org> That said, I wonder if we should revisit this denylist along the lines of the discussion with Oliver on the initial FF-A proxy series: https://lore.kernel.org/kvmarm/ZGx0QBZzFCmm636r@linux.dev/ We check for is_ffa_call() already, so we could invert the above to be an allow-list for calls within the FF-A range rather than a deny-list. What do you think? Will
Powered by blists - more mailing lists