lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aQOX06LzMlMm9o67@e129823.arm.com>
Date: Thu, 30 Oct 2025 16:52:35 +0000
From: Yeoreum Yun <yeoreum.yun@....com>
To: Per Larsen <perl@...unant.com>
Cc: perlarsen@...gle.com, Marc Zyngier <maz@...nel.org>,
	Oliver Upton <oliver.upton@...ux.dev>,
	Joey Gouly <joey.gouly@....com>,
	Suzuki K Poulose <suzuki.poulose@....com>,
	Zenghui Yu <yuzenghui@...wei.com>,
	Catalin Marinas <catalin.marinas@....com>,
	Will Deacon <will@...nel.org>, Ben Horgan <ben.horgan@....com>,
	Armelle Laine <armellel@...gle.com>,
	Sebastien Ene <sebastianene@...gle.com>,
	linux-arm-kernel@...ts.infradead.org, kvmarm@...ts.linux.dev,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ in host
 handler

Hi,

> >
> > >
> > > Allow direct messages to be forwarded from the host.
> > >
> > > Signed-off-by: Sebastian Ene <sebastianene@...gle.com>
> > > Signed-off-by: Per Larsen <perlarsen@...gle.com>
> > > ---
> > >   arch/arm64/kvm/hyp/nvhe/ffa.c | 16 ++++++++++++++++
> > >   1 file changed, 16 insertions(+)
> > >
> > > diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
> > > index 4e16f9b96f637599873b16148c6e40cf1210aa3e..191dcb301cca3986758fb6a49f15f1799de9f1d1 100644
> > > --- a/arch/arm64/kvm/hyp/nvhe/ffa.c
> > > +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
> > > @@ -857,6 +857,15 @@ static void do_ffa_part_get(struct arm_smccc_1_2_regs *res,
> > >   	hyp_spin_unlock(&host_buffers.lock);
> > >   }
> > >
> > > +static void do_ffa_direct_msg(struct arm_smccc_1_2_regs *res,
> > > +			      struct kvm_cpu_context *ctxt,
> > > +			      u64 vm_handle)
> > > +{
> > > +	struct arm_smccc_1_2_regs *args = (void *)&ctxt->regs.regs[0];
> > > +
> > > +	arm_smccc_1_2_smc(args, res);
> > > +}
> > > +
> >
> > TBH, I don't have a strong comment for this but, I'm not sure why
> > it is necessary.
> > Since it calls just "smc" with the passed argments,
> > I think it can be handled by default_smc_handler() without adding this
> > function but return the ture for DIRECT MSG2 in ffa_call_support().
> >
> > Am I missing something?
> Calling `do_ffa_direct_msg` from the host ffa proxy ensures that the caller
> has negotiated a FF-A version with the hypervisor first. In turn,
> this means that `ffa_call_support` can use the negotiated version to decide
> whether to proxy this interface or not.
>
> Moreover, `kvm_host_ffa_handler` currently proxies host FF-A calls. Android
> also proxies FF-A calls from guest VMs via a similar function:
> `kvm_guest_ffa_handler` so this function avoids duplication if/when adding a
> guest proxy. This function is also where one would check FFA IDs before
> forwarding messages (to prevent spoofing). You can see the downstream
> implementation here
> https://android-review.googlesource.com/c/kernel/common/+/3422040.

Thanks for sharing and clarification.

[...]

Thanks.

--
Sincerely,
Yeoreum Yun

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ