Xen project Mailing List

Re: [PATCH v6 3/6] xen/arm: ffa: Introduce VM to VM support

To: Bertrand Marquis <bertrand.marquis@xxxxxxx>

From: Jens Wiklander <jens.wiklander@xxxxxxxxxx>

Date: Fri, 23 May 2025 08:51:01 +0200

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>

Delivery-date: Fri, 23 May 2025 06:51:42 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Bertrand, On Thu, May 22, 2025 at 5:08 PM Bertrand Marquis <bertrand.marquis@xxxxxxx> wrote: > > Create a CONFIG_FFA_VM_TO_VM parameter to activate FFA communication > between VMs. > When activated list VMs in the system with FF-A support in part_info_get. > > When VM to VM is activated, Xen will be tainted as Insecure and a > message is displayed to the user during the boot as there is no > filtering of VMs in FF-A so any VM can communicate or see any other VM > in the system. > > WARNING: There is no filtering for now and all VMs are listed !! > > This patch is reorganizing the ffa_ctx structure to make clear which > lock is protecting what parts. > > This patch is introducing a chain list of the ffa_ctx with a FFA Version > negociated allowing to create the partinfo results for VMs without negotiated > taking a lock on the global domain list in Xen. > > Signed-off-by: Bertrand Marquis <bertrand.marquis@xxxxxxx> [...] > diff --git a/xen/arch/arm/tee/ffa_private.h b/xen/arch/arm/tee/ffa_private.h > index 0a9c1082db28..08dbdf9fcddd 100644 > --- a/xen/arch/arm/tee/ffa_private.h > +++ b/xen/arch/arm/tee/ffa_private.h > @@ -195,6 +195,18 @@ > */ > #define FFA_PARTITION_INFO_GET_COUNT_FLAG BIT(0, U) > > +/* > + * Partition properties we give for a normal world VM: > + * - can send direct message but not receive them > + * - can handle indirect messages > + * - can receive notifications > + * 32/64 bit flag is set depending on the VM > + */ > +#define FFA_PART_VM_PROP (FFA_PART_PROP_DIRECT_REQ_SEND | \ > + FFA_PART_PROP_INDIRECT_MSGS | \ > + FFA_PART_PROP_RECV_NOTIF | \ > + FFA_PART_PROP_IS_PE_ID) > + > /* Flags used in calls to FFA_NOTIFICATION_GET interface */ > #define FFA_NOTIF_FLAG_BITMAP_SP BIT(0, U) > #define FFA_NOTIF_FLAG_BITMAP_VM BIT(1, U) > @@ -297,36 +309,70 @@ struct ffa_ctx_notif { > }; > > struct ffa_ctx { > - void *rx; > - const void *tx; > - struct page_info *rx_pg; > - struct page_info *tx_pg; > + /* > + * Chain list of all FF-A contexts, to prevent locking access to this > list, > + * all "unlocked" data from the structure must be set before adding an > + * entry in the list and an entry must be removed from the list before > + * freeing a context. > + */ > + struct list_head ctx_list; /* chain list of all FF-A contexts */ > + > + /* > + * Data access unlocked (mainly for part_info_get in VM to VM). > + * Those should be set before the ctx is added in the list. > + */ > + /* FF-A Endpoint ID */ > + uint16_t ffa_id; > + uint16_t num_vcpus; > + bool is_64bit; > + > + /* > + * Global data accessed atomically or using ACCES_ONCE. > + */ > + struct ffa_ctx_notif notif; > + > + /* > + * Global data accessed with lock locked. > + */ > + spinlock_t lock; > + /* > + * FF-A version negociated by the guest, only modifications to negotiated With the two spell errors fixed. Reviewed-by: Jens Wiklander <jens.wiklander@xxxxxxxxxx> Cheers, Jens

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.