lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <aJIZ4v0X74zox1xZ@willie-the-truck>
Date: Tue, 5 Aug 2025 15:49:06 +0100
From: Will Deacon <will@...nel.org>
To: Marc Zyngier <maz@...nel.org>
Cc: perlarsen@...gle.com, Oliver Upton <oliver.upton@...ux.dev>,
	Joey Gouly <joey.gouly@....com>,
	Suzuki K Poulose <suzuki.poulose@....com>,
	Zenghui Yu <yuzenghui@...wei.com>,
	Catalin Marinas <catalin.marinas@....com>,
	Sudeep Holla <sudeep.holla@....com>,
	linux-arm-kernel@...ts.infradead.org, kvmarm@...ts.linux.dev,
	linux-kernel@...r.kernel.org, ahomescu@...gle.com,
	armellel@...gle.com, arve@...roid.com, ayrton@...gle.com,
	qperret@...gle.com, sebastianene@...gle.com, qwandor@...gle.com
Subject: Re: [PATCH v7 4/5] KVM: arm64: Bump the supported version of FF-A to
 1.2

Hey Marc,

(we discussed this very briefly offline but I wanted to reply for the
benefit of everybody else and also because I don't recall quite where we
ended up)

On Thu, Jul 31, 2025 at 08:56:59AM +0100, Marc Zyngier wrote:
> On Fri, 18 Jul 2025 14:45:17 +0100,
> Will Deacon <will@...nel.org> wrote:
> > On Tue, Jul 01, 2025 at 10:06:37PM +0000, Per Larsen via B4 Relay wrote:
> > > From: Per Larsen <perlarsen@...gle.com>
> > > @@ -734,7 +741,10 @@ static int hyp_ffa_post_init(void)
> > >  	if (res.a0 != FFA_SUCCESS)
> > >  		return -EOPNOTSUPP;
> > >  
> > > -	switch (res.a2) {
> > > +	if ((res.a2 & GENMASK(15, 2)) != 0 || res.a3 != 0)
> > > +		return -EINVAL;
> > 
> > Why are you checking bits a2[15:2] and a3? The spec says they MBZ,
> > so we shouldn't care about enforcing that. In fact, adding the check
> > probably means we'll fail if those bits get allocated in future.
> 
> I have the exact opposite approach. If we don't check that they are 0
> for v1.2 and previous versions, we won't be able to tell what they
> mean when they are finally allocated to mean something in version
> 1.337.
> 
> Until we support such version, MBZ should be enforced, because we
> otherwise don't understand what the "client" is trying to say. And we
> don't understand, we're guaranteed to do the wrong thing.

We've lost a bunch of context in the diff here, but there are two
important things to keep in mind at this point:

  1. We've negotiated a known version of FF-A, so it won't be v1.337 and
     we _should_ be able rely on the spec authors not breaking stuff
     retrospectively (famous last words...)

  2. The response we're parsing here is something that has come back
     from TZ after we (the hypervisor) have called FFA_FEATURES. If
     those MBZ bits are non-zero, I think should just ignore them.

Cheers,

Will

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ