[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 2/5] xen/arm: ffa: Introduce VM to VM support


  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Mon, 24 Mar 2025 13:58:39 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MIhbcHI9JZDchcX+DEYk/gpB4DoxlNB+H+U4laZ6O6I=; b=f7B8yHYAbcNaJgbCOiMXd4hozTYKSu0xzjTvJoZKCPWBMywcdiyOvlMK9dYhQt4LGGkaCF2q0Xrf5Nb9cg/zGlShk1IeaAwItwA3o0pbHqGr1Df8EnB2Jgjm48+m5L7C+mKfXNTf5AazF/rqDScAT2GlnF66JKOx/4NIwV29843jNkNsI9E8VkESQ+zSbza0AxiEknCTtTOhKN9yXhE7pF3/92LJUFM5XUNjrmecjr8xGeiv+VG9LVBSzt++BC0eIQZzmDIR6wYpNxmEIa/AyV+G3f1ecMoJg7g2rd8Ko3heYBCwU2FGVODGHaQnA5CIOX/VSHFoldyaN1empduUhQ==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MIhbcHI9JZDchcX+DEYk/gpB4DoxlNB+H+U4laZ6O6I=; b=ZmM1Q4a1eJHgNUu/REh45i+iAM0QpETR+azDhmQUX8w/lZqMbidX48QANUwZfacvbFFDQOY3iXrxJgyU0d3E0OoOJSDe95VhVugqPyQ4CYVfwy6Zmp+JhpZ9rH5bXtzjFDDyqS/DFi8T00qxgvMipplyTXWqdo63nVNay5+qG04JKDkf1ZjINm3wtQWmRBuJwG3y0KlUh1UkV33JH7z8vAY68cfONjSvVy4nS+lWqRgbUg0OoEsHGY1PuGdmHLHLbtqotrpUvdNPGGIlfXsogsT8671I/1md//i3DVtzgFYi5Uw9fHdRh29DJv4C3OMd8XoQz0TrnLvQ9yHsZMUEcQ==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=KI5PAuSD/GKpXvpS3BL4X8oUcUWKETj4Xpg6PjMEoGvJAB1f5F2vJd0Rh7QEapafE8N686/8DnOIvTnscqTvMjixYiDZMKddX2fwRRKQbud/Zj29e67sQi8OqR2YhBLgrjfHLOL8kCcAAYN/ug6etcAglPRvahG1pOWQ9FULpgCjkL5x6uY7bj8fuw7qqw94FVij4uDnH90X9HJWvcbB7nvEqse+hPmV4xlyDMfntaKLYnlyGJ60ztZhPQmyGLRwVZ60z3LmUv+lhrCjHReUK7213WBGsK/JIcSz3MKkx9j3s+Iw9zK6m3HUMCWqyly5g6iSKStJn/RlD8Xs9N3mRw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=WmuJaM7ywbJ9z9GCwOgr4iEOh9WGdzBC7IYAeq+/67gcnIcBhnZLxulCZmiqIxka8x8PBcIgmOfM913/for21l8Tob4AdrSf1sek74rM13aJc96cRtT1Vqfg2Ir6Zl3YKGC3BB2fAjcBfysoBH+RqYAmzYfPJoftUC1rAnf470sucMfPUcbbmYu4+EY1RrcmoFF1UP3dsxzOI8cDktfjtVsrY+SkpQqRS0tztc08PK1IG+bsg3qDrob4A6gS1saR+BVIWM4QsouUBF8nyIKe4JhEHEpkfu+Et9l4hz0xXDui98EMbbYS8q+AR3j1Ijst5VtRqL5FgvHd7uCyZD0vkg==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: "jens.wiklander@xxxxxxxxxx" <jens.wiklander@xxxxxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>
  • Delivery-date: Mon, 24 Mar 2025 13:59:05 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHbnMQnVQCSJAleWkGtVlVLXLrx+bOCUBoA
  • Thread-topic: [PATCH v4 2/5] xen/arm: ffa: Introduce VM to VM support

Hi,

> On 24 Mar 2025, at 14:53, Bertrand Marquis <Bertrand.Marquis@xxxxxxx> wrote:
> 
> Create a CONFIG_FFA_VM_TO_VM parameter to activate FFA communication
> between VMs.
> When activated list VMs in the system with FF-A support in part_info_get.
> 
> When VM to VM is activated, Xen will be tainted as Insecure and a
> message is displayed to the user during the boot as there is no
> filtering of VMs in FF-A so any VM can communicate or see any other VM
> in the system.
> 
> WARNING: There is no filtering for now and all VMs are listed !!
> 
> Signed-off-by: Bertrand Marquis <bertrand.marquis@xxxxxxx>
> ---
> Changes in v4:
> - properly handle SPMC version 1.0 header size case in partinfo_get
> - switch to local counting variables instead of *pointer += 1 form
> - coding style issue with missing spaces in if ()
> Changes in v3:
> - break partinfo_get in several sub functions to make the implementation
>  easier to understand and lock handling easier
> - rework implementation to check size along the way and prevent previous
>  implementation limits which had to check that the number of VMs or SPs
>  did not change
> - taint Xen as INSECURE when VM to VM is enabled
> Changes in v2:
> - Switch ifdef to IS_ENABLED
> - dom was not switched to d as requested by Jan because there is already
>  a variable d pointing to the current domain and it must not be
>  shadowed.
> ---
> xen/arch/arm/tee/Kconfig        |  11 ++
> xen/arch/arm/tee/ffa.c          |  12 ++
> xen/arch/arm/tee/ffa_partinfo.c | 274 +++++++++++++++++++++-----------
> xen/arch/arm/tee/ffa_private.h  |  12 ++
> 4 files changed, 218 insertions(+), 91 deletions(-)
> 
> diff --git a/xen/arch/arm/tee/Kconfig b/xen/arch/arm/tee/Kconfig
> index c5b0f88d7522..88a4c4c99154 100644
> --- a/xen/arch/arm/tee/Kconfig
> +++ b/xen/arch/arm/tee/Kconfig
> @@ -28,5 +28,16 @@ config FFA
> 
>  [1] https://developer.arm.com/documentation/den0077/latest
> 
> +config FFA_VM_TO_VM
> +    bool "Enable FF-A between VMs (UNSUPPORTED)" if UNSUPPORTED
> +    default n
> +    depends on FFA
> +    help
> +      This option enables to use FF-A between VMs.
> +      This is experimental and there is no access control so any
> +      guest can communicate with any other guest.
> +
> +      If unsure, say N.
> +
> endmenu
> 
> diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c
> index 3bbdd7168a6b..e41ab5f8ada6 100644
> --- a/xen/arch/arm/tee/ffa.c
> +++ b/xen/arch/arm/tee/ffa.c
> @@ -464,6 +464,18 @@ static bool ffa_probe(void)
>     printk(XENLOG_INFO "ARM FF-A Mediator version %u.%u\n",
>            FFA_MY_VERSION_MAJOR, FFA_MY_VERSION_MINOR);
> 
> +    if ( IS_ENABLED(CONFIG_FFA_VM_TO_VM) )
> +    {
> +        /*
> +         * When FFA VM to VM is enabled, the current implementation does not
> +         * offer any way to limit which VM can communicate with which VM 
> using
> +         * FF-A.
> +         * Signal this in the xen console and taint the system as insecure.
> +         * TODO: Introduce a solution to limit what a VM can do through FFA.
> +         */
> +        printk(XENLOG_ERR "ffa: VM to VM is enabled, system is insecure 
> !!\n");
> +        add_taint(TAINT_MACHINE_INSECURE);
> +    }
>     /*
>      * psci_init_smccc() updates this value with what's reported by EL-3
>      * or secure world.
> diff --git a/xen/arch/arm/tee/ffa_partinfo.c b/xen/arch/arm/tee/ffa_partinfo.c
> index c0510ceb8338..406c57b95f77 100644
> --- a/xen/arch/arm/tee/ffa_partinfo.c
> +++ b/xen/arch/arm/tee/ffa_partinfo.c
> @@ -63,9 +63,156 @@ static int32_t ffa_partition_info_get(uint32_t *uuid, 
> uint32_t flags,
>     return ret;
> }
> 
> -void ffa_handle_partition_info_get(struct cpu_user_regs *regs)
> +static int32_t ffa_get_sp_count(uint32_t *uuid, uint32_t *sp_count)
> +{
> +    uint32_t src_size;
> +
> +    return ffa_partition_info_get(uuid, FFA_PARTITION_INFO_GET_COUNT_FLAG,
> +                                  sp_count, &src_size);
> +}
> +
> +static int32_t ffa_get_sp_partinfo(uint32_t *uuid, uint32_t *sp_count,
> +                                   void *dst_buf, void *end_buf,
> +                                   uint32_t dst_size)
> {
>     int32_t ret;
> +    uint32_t src_size, real_sp_count;
> +    void *src_buf = ffa_rx;
> +    uint32_t count = 0;
> +
> +    /* Do we have a RX buffer with the SPMC */
> +    if ( !ffa_rx )
> +        return FFA_RET_DENIED;
> +
> +    /* We need to use the RX buffer to receive the list */
> +    spin_lock(&ffa_rx_buffer_lock);
> +
> +    ret = ffa_partition_info_get(uuid, 0, &real_sp_count, &src_size);
> +    if ( ret )
> +        goto out;
> +
> +    /* We now own the RX buffer */
> +
> +    /* We only support a 1.1 firmware version */

This comment should have been removed.
I will fix it on next version of might be possible to do on commit
if there are no further comments here.

Cheers
Bertrand




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.