[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 02/12] xen/arm: ffa: Fix MEM_SHARE NS attribute handling

  • To: Jens Wiklander <jens.wiklander@xxxxxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Fri, 6 Feb 2026 16:17:33 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 4.158.2.129) smtp.rcpttodomain=linaro.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uM+MsmT9gJMdqsLx2cZgzlibgHr5q5kJQWH0GYLA3xc=; b=kshrmkzjj8pVtKNoB8gU5bOuAXDwVX10uMBk32IPjh9Is1nO24uZEGT9NbEdUc1q5cN0RpQC1ciDfpEYqGmZaJlgB8nNSTrpbxyTqKorHPafRz5SPlB6Au/kLHupmw8y/z3WOCcy7aS6LBo/0KDdP/ZAHN42UJMuuyilLcxY5zEJLR7XB/SB6DHjicOIx4jHK8RZSgnpbDqoIxnUADpoJqJZngHQSEAcPFwuzc9Nr8/yOrBNqa6woixf1KcaHFcneU/FH13uPjx58cW9c1envcCjDS31d0tlEm2R5CqI4RnmckiIfdlEXFeZYveF0BjuM44RkrViKGXZ7SSjiJS1JQ==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uM+MsmT9gJMdqsLx2cZgzlibgHr5q5kJQWH0GYLA3xc=; b=XE2Q+XJE6uUwTJg9RkcEhV40YgN6hpGvM24K4af5YeMOXezjDijvpNTzVQZTmdjFTwp6stHNp2lbW4lBXNSMRfQuTns/JmCkDPbkcOSGcYZLd2vU/y+Lqcwe9784PDiy2vw9rJHRjulcdnX2UzFhpy0BEe8EvraER2wDn3UOmIC38UR98dOO7ZlppGWdOT3oFyt6bFoWS+BCAa72Row3xD4RCTKANVsh3VyOO0Ljb9aFInk0DutqWd3X53mJwumq/ACjulbTHNFc3IA/9x/G+m3+Wfuit03qDNlkLRy6gfVrOpwYvjmyCAB1om1lgQWhr56F/t9T/A7EOQqc/ezH6Q==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=GTUppB/BHbxz54Ar06VKNARHj3IUYtVvF/U47RuGYlBOz+h8LQ4Wg+ZD105XoNKufw01caFJqk4XF+dvz8R49Je4GrlQUeNmTswJgViu6GW995hzzsUY2WHbTwyj6I9y+aCdizalNNhb6BmKlB8gPx6bd6nkNsamSCg/Piu2bZrtWWoZcqTp5THOwX6fmxTo/dbqlNfIZgy6YlEKJayVrPWzeeCwZT5UONx2BElW/nDcVX4qJhkDACSQTyFMq5swomZMuNWcfj4pPeWbt31XFSvT1SDsIW9Eo+KzLV/9ZRGz4GwS9HUP5WJ3zKHa4hM+EwRBsQiOlCFDMgSuTF5ahg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jOnvKZuK+IoIv2mF4jujPb/N7XEnZjTB2BAL69UmxKC9TVVe2ldd9R9hOeqT9TGKZqY980cO9zjUVIy15wflkuJ0/yBymQdRcvhc09Gtk/JpnOmvK13OHqQBqUs6ugM5HDkfvtd1NdVkXhGzwxwUDRjS+6PLjO9GyHepj24dvvOEog4VLartD46710ipSxVGFrOXiVG5faIgC96/sWYDgj0qOi8TBcqMCUJoNjS7yOxP/lWStv7L4Jsjq3F2vmHXCHlST4OIAisoo5nVnrn0Y9xRCYrYyIJtMvVaq97whIN+pvY9JPwjadbDNVD48wGOApIv9/TUdCr55asxiX0Ktw==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>
  • Delivery-date: Fri, 06 Feb 2026 16:18:48 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Thread-index: AQHclTP7K3wg+ZaqtkSBKsmCVp4oSLV1a3IAgAByTIA=
  • Thread-topic: [PATCH 02/12] xen/arm: ffa: Fix MEM_SHARE NS attribute handling

> On 6 Feb 2026, at 10:28, Jens Wiklander <jens.wiklander@xxxxxxxxxx> wrote:
> 
> Hi Bertrand,
> 
> On Tue, Feb 3, 2026 at 6:38 PM Bertrand Marquis
> <bertrand.marquis@xxxxxxx> wrote:
>> 
>> The FF-A memory attribute encoding is currently a literal value (0x2f),
>> which makes reviews and validation harder. In addition, MEM_SHARE
>> accepts the NS (non-secure) attribute bit even though the normal world
>> must not set it according to FF-A specification.
>> 
>> Introduce named attribute bit masks and express FFA_NORMAL_MEM_REG_ATTR
>> in terms of them for clarity.
>> 
>> Reject MEM_SHARE descriptors with the NS bit set, returning
>> INVALID_PARAMETERS to match FF-A v1.1 rules that prohibit normal world
>> from setting this bit.
>> 
>> Functional impact: MEM_SHARE now rejects descriptors with NS bit set,
>> which were previously accepted but violate FF-A specification.
> 
> To be fair, it was also rejected earlier, but with a different error code.

True, will adapt the impact comment to say:

Functional impact: MEM_SHARE now rejects descriptors with NS bit set
with the right error code, INVALID_PARAMETER.

Tell me if that would be ok for you and if it could be fixed on commit with
your R-b if it is the case.

> 
>> 
>> Signed-off-by: Bertrand Marquis <bertrand.marquis@xxxxxxx>
>> ---
>> xen/arch/arm/tee/ffa_private.h | 17 ++++++++++++++++-
>> xen/arch/arm/tee/ffa_shm.c     |  6 ++++++
>> 2 files changed, 22 insertions(+), 1 deletion(-)
>> 
>> diff --git a/xen/arch/arm/tee/ffa_private.h b/xen/arch/arm/tee/ffa_private.h
>> index cd7ecabc7eff..b625f1c72914 100644
>> --- a/xen/arch/arm/tee/ffa_private.h
>> +++ b/xen/arch/arm/tee/ffa_private.h
>> @@ -129,11 +129,26 @@
>> #define FFA_HANDLE_HYP_FLAG             BIT(63, ULL)
>> #define FFA_HANDLE_INVALID              0xffffffffffffffffULL
>> 
>> +/* NS attribute was introduced in v1.1 */
>> +#define FFA_MEM_ATTR_NS                 BIT(6, U)
>> +
>> +#define FFA_MEM_ATTR_TYPE_DEV           (1U << 3)
>> +#define FFA_MEM_ATTR_TYPE_MEM           (2U << 4)
>> +
>> +#define FFA_MEM_ATTR_NC                 (1U << 2)
>> +#define FFA_MEM_ATTR_WB                 (3U << 2)
>> +
>> +#define FFA_MEM_ATTR_NON_SHARE          (0U)
>> +#define FFA_MEM_ATTR_OUT_SHARE          (2U)
>> +#define FFA_MEM_ATTR_INN_SHARE          (3U)
>> +
>> /*
>>  * Memory attributes: Normal memory, Write-Back cacheable, Inner shareable
>>  * Defined in FF-A-1.1-REL0 Table 10.18 at page 175.
>>  */
>> -#define FFA_NORMAL_MEM_REG_ATTR         0x2fU
>> +#define FFA_NORMAL_MEM_REG_ATTR         (FFA_MEM_ATTR_TYPE_MEM | \
>> +                                         FFA_MEM_ATTR_WB | \
>> +                                         FFA_MEM_ATTR_INN_SHARE)
>> /*
>>  * Memory access permissions: Read-write
>>  * Defined in FF-A-1.1-REL0 Table 10.15 at page 168.
>> diff --git a/xen/arch/arm/tee/ffa_shm.c b/xen/arch/arm/tee/ffa_shm.c
>> index 8282bacf85d3..90800e44a86a 100644
>> --- a/xen/arch/arm/tee/ffa_shm.c
>> +++ b/xen/arch/arm/tee/ffa_shm.c
>> @@ -512,6 +512,12 @@ void ffa_handle_mem_share(struct cpu_user_regs *regs)
>>     if ( ret )
>>         goto out_unlock;
>> 
>> +    if ( trans.mem_reg_attr & FFA_MEM_ATTR_NS )
>> +    {
>> +        ret = FFA_RET_INVALID_PARAMETERS;
>> +        goto out_unlock;
>> +    }
>> +
>>     if ( trans.mem_reg_attr != FFA_NORMAL_MEM_REG_ATTR )
>>     {
>>         ret = FFA_RET_NOT_SUPPORTED;
>> --
>> 2.50.1 (Apple Git-155)
>> 
> 
> Looks good, but I think the commit message needs a small update or
> clarification.

Thanks.

Cheers
Bertrand

> 
> Cheers,
> Jens

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.