[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 02/12] xen/arm: ffa: Fix MEM_SHARE NS attribute handling

  • To: Bertrand Marquis <bertrand.marquis@xxxxxxx>
  • From: Jens Wiklander <jens.wiklander@xxxxxxxxxx>
  • Date: Fri, 6 Feb 2026 10:28:18 +0100
  • Arc-authentication-results: i=1; mx.google.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=PfsQd9prHj4PEJxEoECC3VAkgFIlM0CLps+3qg6UKmA=; fh=wNLC6Hyb5Ukz/ErppBRQBwv8vwa/OMsdh6R8bnNsiPU=; b=fggTYgYyGfqReSVHSHXR6SZ/sfeq3GvsMkPvVmyrBm5LWHAcXaCeAnopTvU1QxTtCd VFBS4Z5aLq0YgO2Zec9rO1BusUSCWtWNkfDIUsrgbB7ohzqdGHoUxCNGc58GvOtUp5zB bPLGNdkATmL45zIG2G/YjHeiRd3UDumUpcO28t4lUQUt7KZTpYFmmKnt/0d+McKcyp03 JVVhNKjpbELs4s0eXHTiJFOYrqGhsOZsyYO6V9Mb+krN5zD2SpUd3P/QYcEkgKP9LQvz z1iC8cYKJKbwfbov15VbPRg6yEf7jw+IVKix7q+l0PPHOnUSfBDy44cpOwQQn5GzhVIV c/UA==; darn=lists.xenproject.org
  • Arc-seal: i=1; a=rsa-sha256; t=1770370110; cv=none; d=google.com; s=arc-20240605; b=Ch2pY/72oBmRxDpABZHLm7w/H4Tz9rf/XPOOHe/p6QR9PeCI90OTDHzYaXI2PP/As+ cYfJxHAbL7C2WipIJH0x6c9GCaxZQvYlIzHiQhLBDauO6B/MArApIoBaZb8U+/ag51Gz 1KA7umAQ46bj7AYqHm5riNRagCiH1/DhoqfOhqIAgDeER4OpgUnNlXWbmyUbMoPEE6No E8ekFOrAvDrOPWPixt9tDl2gTDFWcwesvXEOlZHt2YaqBeAlIes13ft7b05FrCyvx7zy vMOUteUsuvS8jRb+Si1pE2JJXwTHpyzFhptHZ5UIUyjfHNLe4/9cMcTTsKkswMD0t+F3 2NeA==
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>
  • Delivery-date: Fri, 06 Feb 2026 09:28:35 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Hi Bertrand,

On Tue, Feb 3, 2026 at 6:38 PM Bertrand Marquis
<bertrand.marquis@xxxxxxx> wrote:
>
> The FF-A memory attribute encoding is currently a literal value (0x2f),
> which makes reviews and validation harder. In addition, MEM_SHARE
> accepts the NS (non-secure) attribute bit even though the normal world
> must not set it according to FF-A specification.
>
> Introduce named attribute bit masks and express FFA_NORMAL_MEM_REG_ATTR
> in terms of them for clarity.
>
> Reject MEM_SHARE descriptors with the NS bit set, returning
> INVALID_PARAMETERS to match FF-A v1.1 rules that prohibit normal world
> from setting this bit.
>
> Functional impact: MEM_SHARE now rejects descriptors with NS bit set,
> which were previously accepted but violate FF-A specification.

To be fair, it was also rejected earlier, but with a different error code.

>
> Signed-off-by: Bertrand Marquis <bertrand.marquis@xxxxxxx>
> ---
>  xen/arch/arm/tee/ffa_private.h | 17 ++++++++++++++++-
>  xen/arch/arm/tee/ffa_shm.c     |  6 ++++++
>  2 files changed, 22 insertions(+), 1 deletion(-)
>
> diff --git a/xen/arch/arm/tee/ffa_private.h b/xen/arch/arm/tee/ffa_private.h
> index cd7ecabc7eff..b625f1c72914 100644
> --- a/xen/arch/arm/tee/ffa_private.h
> +++ b/xen/arch/arm/tee/ffa_private.h
> @@ -129,11 +129,26 @@
>  #define FFA_HANDLE_HYP_FLAG             BIT(63, ULL)
>  #define FFA_HANDLE_INVALID              0xffffffffffffffffULL
>
> +/* NS attribute was introduced in v1.1 */
> +#define FFA_MEM_ATTR_NS                 BIT(6, U)
> +
> +#define FFA_MEM_ATTR_TYPE_DEV           (1U << 3)
> +#define FFA_MEM_ATTR_TYPE_MEM           (2U << 4)
> +
> +#define FFA_MEM_ATTR_NC                 (1U << 2)
> +#define FFA_MEM_ATTR_WB                 (3U << 2)
> +
> +#define FFA_MEM_ATTR_NON_SHARE          (0U)
> +#define FFA_MEM_ATTR_OUT_SHARE          (2U)
> +#define FFA_MEM_ATTR_INN_SHARE          (3U)
> +
>  /*
>   * Memory attributes: Normal memory, Write-Back cacheable, Inner shareable
>   * Defined in FF-A-1.1-REL0 Table 10.18 at page 175.
>   */
> -#define FFA_NORMAL_MEM_REG_ATTR         0x2fU
> +#define FFA_NORMAL_MEM_REG_ATTR         (FFA_MEM_ATTR_TYPE_MEM | \
> +                                         FFA_MEM_ATTR_WB | \
> +                                         FFA_MEM_ATTR_INN_SHARE)
>  /*
>   * Memory access permissions: Read-write
>   * Defined in FF-A-1.1-REL0 Table 10.15 at page 168.
> diff --git a/xen/arch/arm/tee/ffa_shm.c b/xen/arch/arm/tee/ffa_shm.c
> index 8282bacf85d3..90800e44a86a 100644
> --- a/xen/arch/arm/tee/ffa_shm.c
> +++ b/xen/arch/arm/tee/ffa_shm.c
> @@ -512,6 +512,12 @@ void ffa_handle_mem_share(struct cpu_user_regs *regs)
>      if ( ret )
>          goto out_unlock;
>
> +    if ( trans.mem_reg_attr & FFA_MEM_ATTR_NS )
> +    {
> +        ret = FFA_RET_INVALID_PARAMETERS;
> +        goto out_unlock;
> +    }
> +
>      if ( trans.mem_reg_attr != FFA_NORMAL_MEM_REG_ATTR )
>      {
>          ret = FFA_RET_NOT_SUPPORTED;
> --
> 2.50.1 (Apple Git-155)
>

Looks good, but I think the commit message needs a small update or
clarification.

Cheers,
Jens

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.