[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 2/5] xen/arm: ffa: Introduce VM to VM support

  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Mon, 24 Mar 2025 13:58:39 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MIhbcHI9JZDchcX+DEYk/gpB4DoxlNB+H+U4laZ6O6I=; b=f7B8yHYAbcNaJgbCOiMXd4hozTYKSu0xzjTvJoZKCPWBMywcdiyOvlMK9dYhQt4LGGkaCF2q0Xrf5Nb9cg/zGlShk1IeaAwItwA3o0pbHqGr1Df8EnB2Jgjm48+m5L7C+mKfXNTf5AazF/rqDScAT2GlnF66JKOx/4NIwV29843jNkNsI9E8VkESQ+zSbza0AxiEknCTtTOhKN9yXhE7pF3/92LJUFM5XUNjrmecjr8xGeiv+VG9LVBSzt++BC0eIQZzmDIR6wYpNxmEIa/AyV+G3f1ecMoJg7g2rd8Ko3heYBCwU2FGVODGHaQnA5CIOX/VSHFoldyaN1empduUhQ==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MIhbcHI9JZDchcX+DEYk/gpB4DoxlNB+H+U4laZ6O6I=; b=ZmM1Q4a1eJHgNUu/REh45i+iAM0QpETR+azDhmQUX8w/lZqMbidX48QANUwZfacvbFFDQOY3iXrxJgyU0d3E0OoOJSDe95VhVugqPyQ4CYVfwy6Zmp+JhpZ9rH5bXtzjFDDyqS/DFi8T00qxgvMipplyTXWqdo63nVNay5+qG04JKDkf1ZjINm3wtQWmRBuJwG3y0KlUh1UkV33JH7z8vAY68cfONjSvVy4nS+lWqRgbUg0OoEsHGY1PuGdmHLHLbtqotrpUvdNPGGIlfXsogsT8671I/1md//i3DVtzgFYi5Uw9fHdRh29DJv4C3OMd8XoQz0TrnLvQ9yHsZMUEcQ==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=KI5PAuSD/GKpXvpS3BL4X8oUcUWKETj4Xpg6PjMEoGvJAB1f5F2vJd0Rh7QEapafE8N686/8DnOIvTnscqTvMjixYiDZMKddX2fwRRKQbud/Zj29e67sQi8OqR2YhBLgrjfHLOL8kCcAAYN/ug6etcAglPRvahG1pOWQ9FULpgCjkL5x6uY7bj8fuw7qqw94FVij4uDnH90X9HJWvcbB7nvEqse+hPmV4xlyDMfntaKLYnlyGJ60ztZhPQmyGLRwVZ60z3LmUv+lhrCjHReUK7213WBGsK/JIcSz3MKkx9j3s+Iw9zK6m3HUMCWqyly5g6iSKStJn/RlD8Xs9N3mRw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=WmuJaM7ywbJ9z9GCwOgr4iEOh9WGdzBC7IYAeq+/67gcnIcBhnZLxulCZmiqIxka8x8PBcIgmOfM913/for21l8Tob4AdrSf1sek74rM13aJc96cRtT1Vqfg2Ir6Zl3YKGC3BB2fAjcBfysoBH+RqYAmzYfPJoftUC1rAnf470sucMfPUcbbmYu4+EY1RrcmoFF1UP3dsxzOI8cDktfjtVsrY+SkpQqRS0tztc08PK1IG+bsg3qDrob4A6gS1saR+BVIWM4QsouUBF8nyIKe4JhEHEpkfu+Et9l4hz0xXDui98EMbbYS8q+AR3j1Ijst5VtRqL5FgvHd7uCyZD0vkg==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: "jens.wiklander@xxxxxxxxxx" <jens.wiklander@xxxxxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>
  • Delivery-date: Mon, 24 Mar 2025 13:59:05 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHbnMQnVQCSJAleWkGtVlVLXLrx+bOCUBoA
  • Thread-topic: [PATCH v4 2/5] xen/arm: ffa: Introduce VM to VM support
Hi,

> On 24 Mar 2025, at 14:53, Bertrand Marquis <Bertrand.Marquis@xxxxxxx> wrote:
> 
> Create a CONFIG_FFA_VM_TO_VM parameter to activate FFA communication
> between VMs.
> When activated list VMs in the system with FF-A support in part_info_get.
> 
> When VM to VM is activated, Xen will be tainted as Insecure and a
> message is displayed to the user during the boot as there is no
> filtering of VMs in FF-A so any VM can communicate or see any other VM
> in the system.
> 
> WARNING: There is no filtering for now and all VMs are listed !!
> 
> Signed-off-by: Bertrand Marquis <bertrand.marquis@xxxxxxx>
> ---
> Changes in v4:
> - properly handle SPMC version 1.0 header size case in partinfo_get
> - switch to local counting variables instead of *pointer += 1 form
> - coding style issue with missing spaces in if ()
> Changes in v3:
> - break partinfo_get in several sub functions to make the implementation
>  easier to understand and lock handling easier
> - rework implementation to check size along the way and prevent previous
>  implementation limits which had to check that the number of VMs or SPs
>  did not change
> - taint Xen as INSECURE when VM to VM is enabled
> Changes in v2:
> - Switch ifdef to IS_ENABLED
> - dom was not switched to d as requested by Jan because there is already
>  a variable d pointing to the current domain and it must not be
>  shadowed.
> ---
> xen/arch/arm/tee/Kconfig        |  11 ++
> xen/arch/arm/tee/ffa.c          |  12 ++
> xen/arch/arm/tee/ffa_partinfo.c | 274 +++++++++++++++++++++-----------
> xen/arch/arm/tee/ffa_private.h  |  12 ++
> 4 files changed, 218 insertions(+), 91 deletions(-)
> 
> diff --git a/xen/arch/arm/tee/Kconfig b/xen/arch/arm/tee/Kconfig
> index c5b0f88d7522..88a4c4c99154 100644
> --- a/xen/arch/arm/tee/Kconfig
> +++ b/xen/arch/arm/tee/Kconfig
> @@ -28,5 +28,16 @@ config FFA
> 
>  [1] https://developer.arm.com/documentation/den0077/latest
> 
> +config FFA_VM_TO_VM
> +    bool "Enable FF-A between VMs (UNSUPPORTED)" if UNSUPPORTED
> +    default n
> +    depends on FFA
> +    help
> +      This option enables to use FF-A between VMs.
> +      This is experimental and there is no access control so any
> +      guest can communicate with any other guest.
> +
> +      If unsure, say N.
> +
> endmenu
> 
> diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c
> index 3bbdd7168a6b..e41ab5f8ada6 100644
> --- a/xen/arch/arm/tee/ffa.c
> +++ b/xen/arch/arm/tee/ffa.c
> @@ -464,6 +464,18 @@ static bool ffa_probe(void)
>     printk(XENLOG_INFO "ARM FF-A Mediator version %u.%u\n",
>            FFA_MY_VERSION_MAJOR, FFA_MY_VERSION_MINOR);
> 
> +    if ( IS_ENABLED(CONFIG_FFA_VM_TO_VM) )
> +    {
> +        /*
> +         * When FFA VM to VM is enabled, the current implementation does not
> +         * offer any way to limit which VM can communicate with which VM 
> using
> +         * FF-A.
> +         * Signal this in the xen console and taint the system as insecure.
> +         * TODO: Introduce a solution to limit what a VM can do through FFA.
> +         */
> +        printk(XENLOG_ERR "ffa: VM to VM is enabled, system is insecure 
> !!\n");
> +        add_taint(TAINT_MACHINE_INSECURE);
> +    }
>     /*
>      * psci_init_smccc() updates this value with what's reported by EL-3
>      * or secure world.
> diff --git a/xen/arch/arm/tee/ffa_partinfo.c b/xen/arch/arm/tee/ffa_partinfo.c
> index c0510ceb8338..406c57b95f77 100644
> --- a/xen/arch/arm/tee/ffa_partinfo.c
> +++ b/xen/arch/arm/tee/ffa_partinfo.c
> @@ -63,9 +63,156 @@ static int32_t ffa_partition_info_get(uint32_t *uuid, 
> uint32_t flags,
>     return ret;
> }
> 
> -void ffa_handle_partition_info_get(struct cpu_user_regs *regs)
> +static int32_t ffa_get_sp_count(uint32_t *uuid, uint32_t *sp_count)
> +{
> +    uint32_t src_size;
> +
> +    return ffa_partition_info_get(uuid, FFA_PARTITION_INFO_GET_COUNT_FLAG,
> +                                  sp_count, &src_size);
> +}
> +
> +static int32_t ffa_get_sp_partinfo(uint32_t *uuid, uint32_t *sp_count,
> +                                   void *dst_buf, void *end_buf,
> +                                   uint32_t dst_size)
> {
>     int32_t ret;
> +    uint32_t src_size, real_sp_count;
> +    void *src_buf = ffa_rx;
> +    uint32_t count = 0;
> +
> +    /* Do we have a RX buffer with the SPMC */
> +    if ( !ffa_rx )
> +        return FFA_RET_DENIED;
> +
> +    /* We need to use the RX buffer to receive the list */
> +    spin_lock(&ffa_rx_buffer_lock);
> +
> +    ret = ffa_partition_info_get(uuid, 0, &real_sp_count, &src_size);
> +    if ( ret )
> +        goto out;
> +
> +    /* We now own the RX buffer */
> +
> +    /* We only support a 1.1 firmware version */

This comment should have been removed.
I will fix it on next version of might be possible to do on commit
if there are no further comments here.

Cheers
Bertrand

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.