Received: by 2002:a05:6358:53a8:b0:117:f937:c515 with SMTP id z40csp5337302rwe; Tue, 18 Apr 2023 05:42:51 -0700 (PDT) X-Google-Smtp-Source: AKy350aYTxeHzzSXGZoYJG0RwIu2kJ+LrFMJHwh1x5ffeURW5YwigOfLpbA3CH8uC/r81FBtqU2U X-Received: by 2002:a17:90b:388f:b0:23b:2f4a:57bb with SMTP id mu15-20020a17090b388f00b0023b2f4a57bbmr1971557pjb.10.1681821771718; Tue, 18 Apr 2023 05:42:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681821771; cv=none; d=google.com; s=arc-20160816; b=yM62bnGt7FVbsrqU0RqCqUqkL9YXstP5Y8uZidBfE9NrNmmcUC8qXuoiriKh2EdR0p fNnQgFlhSJnuAeNnaExaHvbAJDcPJwqUQInm7IGjV9WUuORyK6KjNPQNGOA7jVrOQqSd 7gVTFNiSu7GAUaClf8F4aL6mqN78uMnpxT5qWgNHn8c8gX4zSU+tETlsUx0C3O0mhxMH dEFiCxKvnmLXGtyi1gQoHYwbnkuwGXq6eBmiyawWd9iEPKdKTox2e3igdLifA+sjXsBK qgJx9t3wXR92KC4qkM7/LrVC7yxTilfCl6Y+UZzkGiobBceu4hOqn0/3c+TNeOkGyswt /6ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=P6XoXGbsbsS2XYxPb/TnfpZvHES4GR/z9r+EpGZSF1g=; b=ny1fS5qs6Ma6oiVL2A6+MsApv8Ta0pZJDtPqOLBw/h1/rWgLB19kDhg1Jgtvhdu+/M xpseM0qRv1R5XyFU25itonivqaLa2msJT7Kr8ktLOveDcuwkpikobB1HSziajJaoXDME U6tBHks9d+4Glghf0AWhu2grunFoEUUvSYJ5wOd/jU68ZOaSN7rfNjJ2+KQsp8osR0Pe 9Qo3IeAeFwXhLv34N/b7QrgX3PkWKS5QtgXt5bFG9DfDdhMNUz5zI9zqYjK0jiK/dNE3 ICanfTphPEJRh9bRhDO8exS3T1C8lKy9LlyMs4Iu5hUgyin8iyrqZDvtPrMKQEbjyNkb RdZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=W5qaWaUL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i12-20020a63e90c000000b0050bf5879be4si14401242pgh.209.2023.04.18.05.42.38; Tue, 18 Apr 2023 05:42:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=W5qaWaUL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231882AbjDRMmO (ORCPT + 99 others); Tue, 18 Apr 2023 08:42:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231874AbjDRMmL (ORCPT ); Tue, 18 Apr 2023 08:42:11 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3E94D14440 for ; Tue, 18 Apr 2023 05:41:56 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1E40C63329 for ; Tue, 18 Apr 2023 12:41:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 16C55C4339B; Tue, 18 Apr 2023 12:41:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1681821715; bh=N0aVjDEryHvsJG1EaYORnjTrCWS41XOE62Wonr7Z8Uw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=W5qaWaULjN6RRE5/LWN8qHwUEtdLd5gJDhMD+QYU8gScK53VFJwhFcXKAu8u/LdNj g3y6mbgI4WfAkWv3lWJ8fwgtqQngM6eg/+DVyRE9cBt5nO14FLa3V19aEpm54G3U+R TrKrX2pSngYRla8jomeaolBsoDvtmErHub2NgaAGnCC7JVa/NpdC3sODEoXhdWtIRu kxD34u8DRG/XMR6/MvGgIvf+0vLNNNKS4FpUZ/cYTyD7GkhyqTfT2+HfQO6JSLk2bk tSz6s8FHmHu9xjpEtQwShal70z8SC8RgZm0dFcnsoxYoypyrJDRqjM1MLJtP2Kw7nR DZAuGEsYOXugw== Date: Tue, 18 Apr 2023 13:41:49 +0100 From: Will Deacon To: Oliver Upton Cc: Quentin Perret , Marc Zyngier , James Morse , Alexandru Elisei , Suzuki K Poulose , Catalin Marinas , Sudeep Holla , Andrew Walbran , linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, kernel-team@android.com Subject: Re: [PATCH 03/12] KVM: arm64: Block unsafe FF-A calls from the host Message-ID: <20230418124147.GA32435@willie-the-truck> References: <20221116170335.2341003-1-qperret@google.com> <20221116170335.2341003-4-qperret@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 16, 2022 at 05:40:48PM +0000, Oliver Upton wrote: > On Wed, Nov 16, 2022 at 05:03:26PM +0000, Quentin Perret wrote: > > From: Will Deacon > > > > When KVM is initialised in protected mode, we must take care to filter > > certain FFA calls from the host kernel so that the integrity of guest > > and hypervisor memory is maintained and is not made available to the > > secure world. > > > > As a first step, intercept and block all memory-related FF-A SMC calls > > from the host to EL3. This puts the framework in place for handling them > > properly. > > Shouldn't FFA_FEATURES interception actually precede this patch? At this > point in the series we're outright lying about the supported features to > the host. FF-A is in a pretty sorry state after this patch as we block all the memory transactions, but I take your point that we should be consistent and not advertise the features that we're blocking. I'll return FFA_RET_NOT_SUPPORTED for all FFA_FEATURES calls until the interception patch comes in later and does something smarter. Will