Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp1096931lqp; Fri, 22 Mar 2024 05:44:27 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXV4033ipWv/ddBqb0/Aeh7afAkl34Gg0p+UcJkxH8i278DMrNs2u5mkzw3rDNBmC+bEa9I7LkuScQQ0S+rJNFXjtV4QaZO+Lf+8LOR+A== X-Google-Smtp-Source: AGHT+IFe8EZ4DPYwFlfIFqM5XgPXAWTDbRchbnmyixqoQFhXTmggXARPLSA/2a2BxhRW2l7cfVA7 X-Received: by 2002:a17:906:7183:b0:a46:e921:ae3f with SMTP id h3-20020a170906718300b00a46e921ae3fmr1619424ejk.13.1711111467507; Fri, 22 Mar 2024 05:44:27 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711111467; cv=pass; d=google.com; s=arc-20160816; b=C6NzPBFSqkT7JVw0PEj68gxVdCPtYsg/QRo4Z2tTfxl13wy4qCTmTDMNfunLMRhlbI CwoDbEkCk/a7q51CfEnj+5ECKoTtgxzfs/G1n5AfC5ha6vvhobIRTgXIL4MVJRdvvZs2 GOp+29qxCpTIn9ge8vCt8vsgT0gKvX91zqcVfO7yjQHC0ri/gb0T28l/lSxwU1K2DXns YVUk3XtMyNB13aVUdvslWUINghM8nsrBI84X8LncUsEKGQgaQHpZFrFpQsSvpHEsdIR9 tsXP0TY6tf/J0s7ih8RDQtJToND1kqX43be2rFPseDWZQWG0q7yPX+RrRHXy0bDSS56W ZonQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=+8cb/JElUFHNMOSO0hj2Q7csN4h6JfrSorkGcltJjfs=; fh=uEzU1u8mhhgnA8qdURAZWrffi+/rwZ8pkg0lEziH88E=; b=iqb199s3/Bacu6inmymBT/hVlgB5xBTzV5w/i00SNGoXWGSBDoFW6eXf9wmSDIDUmV kQ0njqz1/oSYiRr4BlDVcl/aW1qGz2+vZpXuXuowrfZh3sqb6BFeGH2BCp9SYFcMcyC5 I5fOdoAaNDpX8M3I0Dvv36o1S/+ItoF1vbgpUTNah1mA5GIVuPHMA2AcRGDWd8K2kDul 6Pvu0PRLOWPLCujXgrIpXKCnSFlrkUuArphJ+YPFTs+XSct6akXOFoo2hqPycLi7zjuO sHrOv1ah4UZn165IT94dGicelGwEGUGh8EhP6YCDurE59gSGBVfGSJVL5PkLtizs+0/u 4D7A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=BNNndBhc; arc=pass (i=1 spf=pass spfdomain=flex--sebastianene.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-111435-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-111435-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id x5-20020a170906710500b00a43b0e7d8cbsi817324ejj.584.2024.03.22.05.44.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Mar 2024 05:44:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-111435-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=BNNndBhc; arc=pass (i=1 spf=pass spfdomain=flex--sebastianene.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-111435-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-111435-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 106D41F22777 for ; Fri, 22 Mar 2024 12:44:27 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A5D8945BED; Fri, 22 Mar 2024 12:44:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="BNNndBhc" Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 33A35446B6 for ; Fri, 22 Mar 2024 12:44:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711111447; cv=none; b=fsURCcxCmrEKz3B8oHPfOWSxY4tB9aMvG3QObpKIlIC7N4xLfY9Y7tdYIo/0Ea6rD9jwjNKQ1F1gAAkPsQ+VXPRuOA45BdxPKeBOqQQgNe3bjKaY0ee/rWNi1N6c+zOnakPlOj5O90k4wPk9yfGP6ClhQY+s6xdbCBR8VTchOpk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711111447; c=relaxed/simple; bh=KFDyqz+2NM43tMXZpH+HM+iW4o2u46W6ALODy+oGMbI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Hz+LjGcHhpGxCbqKDnJHBC3lxd09VwpCr9z6SSyxTNMbogrisXJFy9fUTMa75Z4jHrQWgZVpgM14Lswae6ZBhLOwkuLkTukSyVx+lQFr/4CT4xOTkwDnhw+SyO8ZNwK/1+Oec0E2M0vK8a/UNcRPGOXuvuBXliNUoZwIaijeslc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=BNNndBhc; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-33ec0700091so964320f8f.0 for ; Fri, 22 Mar 2024 05:44:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1711111444; x=1711716244; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=+8cb/JElUFHNMOSO0hj2Q7csN4h6JfrSorkGcltJjfs=; b=BNNndBhcidk2hEw3ybg0A6OQ2sPHFwluLWV6I6w03Sm4BV9IH2QqviTUHzhtKFB/XH 4VQKkVdsQaPZVEDkLFE4T4JYtHygNKQir6RDdlLd9VH1RXaMlBuxyJczC9hkwQRo7Vhn atIdeJnR0TibR+g301H0DxUJ40spoa0FXwbILfWseWfVmNThp8q4aN9/BwAkeIDqtwzd F3arB+x9WLPri6P4w3gvsR7hUjGxSbo0e4Ai/hxBxpd5xcGxoixSepesm3uOEIfYvLUY Hf4VpcIPRpF/lfXbwlXDRXW2JqQGz+e1A90RV2cjlaW0kI3BMGg7tYpWzrguo5Pwnr/K IEuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711111444; x=1711716244; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+8cb/JElUFHNMOSO0hj2Q7csN4h6JfrSorkGcltJjfs=; b=ftYWuwla1+jbgRLK6w2r6ctM8j9YsiaHIvAo4VH9VpFbDtApzNg2oyfglXPr+IcpSJ UbtMGIfYPQyy25dyeILkLs9dpufpqNwAbHBOAWU2Ye/hy1ObQfLJrwzQ+vu/ipYBA1Q5 ARDxtL/d8VSd/iVjSWseiJr10sGjsAK4lt4Jk05iVOC7/8Nr7IymhBx8xSmtaXMj1UDg qX73PkU2aa4JowYLA9Px9TFi04OoK0zmoNSuozp5bBjuwKSkzh4x86B01qf30QFbisY2 qHwP6O1q3IgeCCvYcfbeIXCswlRkdgYb2ulEcD7XTdMskYzE45xxd/xcTi1s/fJ69dTL TAqA== X-Forwarded-Encrypted: i=1; AJvYcCVABCQHMb87z9VL/Ob/53L+An74rQxr/sihfzvLVE7GsorY0R4cAt3SgbbYhZW2Y4oUEQpim7xv6NWxhsve2GP+m8vcyQBgKQ9engJK X-Gm-Message-State: AOJu0Yx29i8b+PuC3hQzL4vdJiCwO9DzJi6C17jeSBc2ccOrdMASpUqS hWIKi92enLbGFxRdJyDK/mgYBbS1auxNAnfvrkctLWBoTEWupWRPKEQr16DhYMtmie0oCXtqasC HzGYHsUHgfl1q7s/zi/XZsfKs3g== X-Received: from sebkvm.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:cd5]) (user=sebastianene job=sendgmr) by 2002:adf:f50b:0:b0:341:ba6a:6996 with SMTP id q11-20020adff50b000000b00341ba6a6996mr1855wro.7.1711111444641; Fri, 22 Mar 2024 05:44:04 -0700 (PDT) Date: Fri, 22 Mar 2024 12:43:03 +0000 In-Reply-To: <20240322124303.309423-1-sebastianene@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240322124303.309423-1-sebastianene@google.com> X-Mailer: git-send-email 2.44.0.396.g6e790dbe36-goog Message-ID: <20240322124303.309423-2-sebastianene@google.com> Subject: [PATCH 2/2] KVM: arm64: Allow only the specified FF-A calls to be forwarded to TZ From: Sebastian Ene To: catalin.marinas@arm.com, james.morse@arm.com, jean-philippe@linaro.org, maz@kernel.org, oliver.upton@linux.dev, qperret@google.com, qwandor@google.com, sebastianene@google.com, suzuki.poulose@arm.com, tabba@google.com, will@kernel.org, yuzenghui@huawei.com Cc: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, kernel-team@android.com Content-Type: text/plain; charset="UTF-8" The previous logic used a deny list to filter the FF-A calls. Because of this, some of the calls escaped the check and they were forwarded by default to Trustzone. (eg. FFA_MSG_SEND_DIRECT_REQ was denied but the 64 bit version of the call was not). Modify the logic to use an allowlist and allow only the calls specified in the filter function to be proxied to TZ from the hypervisor. Signed-off-by: Sebastian Ene --- arch/arm64/kvm/hyp/nvhe/ffa.c | 46 +++++++++++++++++------------------ 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index 320f2eaa14a9..fc4f04209618 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -580,35 +580,35 @@ static void do_ffa_mem_reclaim(struct arm_smccc_res *res, ffa_to_smccc_res(res, ret); } -/* - * Is a given FFA function supported, either by forwarding on directly - * or by handling at EL2? - */ static bool ffa_call_supported(u64 func_id) { switch (func_id) { - /* Unsupported memory management calls */ - case FFA_FN64_MEM_RETRIEVE_REQ: - case FFA_MEM_RETRIEVE_RESP: - case FFA_MEM_RELINQUISH: - case FFA_MEM_OP_PAUSE: - case FFA_MEM_OP_RESUME: - case FFA_MEM_FRAG_RX: - case FFA_FN64_MEM_DONATE: - /* Indirect message passing via RX/TX buffers */ - case FFA_MSG_SEND: - case FFA_MSG_POLL: - case FFA_MSG_WAIT: - /* 32-bit variants of 64-bit calls */ + /* Discovery functions */ + case FFA_FEATURES: + case FFA_ID_GET: + case FFA_VERSION: + case FFA_PARTITION_INFO_GET: + + /* Memory management calls */ + case FFA_FN64_RXTX_MAP: + case FFA_RXTX_UNMAP: + case FFA_MEM_SHARE: + case FFA_FN64_MEM_SHARE: + case FFA_MEM_RECLAIM: + case FFA_MEM_LEND: + case FFA_FN64_MEM_LEND: + case FFA_MEM_FRAG_TX: + + /* State management */ + case FFA_RUN: + + /* Message passing */ case FFA_MSG_SEND_DIRECT_REQ: - case FFA_MSG_SEND_DIRECT_RESP: - case FFA_RXTX_MAP: - case FFA_MEM_DONATE: - case FFA_MEM_RETRIEVE_REQ: - return false; + case FFA_FN64_MSG_SEND_DIRECT_REQ: + return true; } - return true; + return false; } static bool do_ffa_features(struct arm_smccc_res *res, -- 2.44.0.396.g6e790dbe36-goog