From patchwork Wed Apr 19 12:20:41 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Will Deacon <will@kernel.org>
X-Patchwork-Id: 13216749
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 0738EC6FD18
	for <linux-arm-kernel@archiver.kernel.org>;
 Wed, 19 Apr 2023 12:21:57 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc
	:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=p/eGSfV/P73UPY9qK/Q775kKbGuMA5RQY5SGFLnVA3o=; b=SPANaM8IGrU+dp
	y3DPXufANYjbvFiQSoLswiXNXbDMY4ZsyzZE/S7USwnKiCx6TX2Ck0Zl2myXvryPF2sB7wWd4YEi3
	qMBFRAtQ+U1aQQSzQw0SYEw91QnsIyA3POy2T4A6rYkvs48LZV1doui51E6X4J5D4KK5240c2Bczk
	xkYZH5hYqm6jOwK7gsL99Ss8HlhQxINh6eNhhbw8+FqC0wilEUYYj26OIlAsMXgmpjnBZdMxAOAiE
	tF2Sa+9ybOLmvTyTPjk7NLmj2kO7hcZ6fGlWW5yGFC3tjqZdqdMOhW1gBx6MjlnLurJ4KRzQYE20x
	94S/pQ9sb65sSn7ozRhQ==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux))
	id 1pp6o2-005KRj-0r;
	Wed, 19 Apr 2023 12:21:02 +0000
Received: from dfw.source.kernel.org ([139.178.84.217])
	by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux))
	id 1pp6ny-005KQd-2P
	for linux-arm-kernel@lists.infradead.org;
	Wed, 19 Apr 2023 12:21:00 +0000
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 4703A63E69;
	Wed, 19 Apr 2023 12:20:58 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4F927C433D2;
	Wed, 19 Apr 2023 12:20:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1681906857;
	bh=rA2NVapRKVq6pSok9jZ56EUOGF6qa9D2K7nw8bxw+2A=;
	h=From:To:Cc:Subject:Date:From;
	b=IUqJ66fIBJVaPCLgPI9gL+4XqGCMiFkFJLs0jM2whm1zUdbX2kxHfEZopPKzFICwj
	 vKSIoGbzuLvlKKk9b14lVs+UFvdvpbLdZITf5fDyYUQkPP5CjbeIz9SDXp0aFp1qxm
	 LrSSPs2amlnXT8TeTp2hCYBmURqLnei2KhCX57to29yXD19UbEXptPV/UjCGIEkjHo
	 661Y9OkPurOI+N9DzYRHzhE1alUh+dZp92ebZ8CKIzItfL7WH5LgfleFHMdyonPx9r
	 0rorGjLiJbHFtJNjQ7ryQIcWswsDCQoQLFgNR4TQDmskQubW0DyHiFhh/NVK0b5crL
	 lXjcKUQLSTBYA==
From: Will Deacon <will@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Will Deacon <will@kernel.org>,
	Quentin Perret <qperret@google.com>,
	Marc Zyngier <maz@kernel.org>,
	Oliver Upton <oliver.upton@linux.dev>,
	James Morse <james.morse@arm.com>,
	Alexandru Elisei <alexandru.elisei@arm.com>,
	Suzuki K Poulose <suzuki.poulose@arm.com>,
	Sudeep Holla <sudeep.holla@arm.com>,
	Sebastian Ene <sebastianene@google.com>,
	Fuad Tabba <tabba@google.com>,
	kvmarm@lists.linux.dev,
	kernel-team@android.com
Subject: [PATCH v2 00/10] KVM: arm64: FF-A proxy for pKVM
Date: Wed, 19 Apr 2023 13:20:41 +0100
Message-Id: <20230419122051.1341-1-will@kernel.org>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20230419_052058_858553_6FDE0A39 
X-CRM114-Status: GOOD (  16.58  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Hi folks,

This is the second version of the pKVM FF-A proxy patches that were
originally posted by Quentin a while back:

	https://lore.kernel.org/r/20221116170335.2341003-1-qperret@google.com

As described in the original cover letter, these patches provide a
mechanism for pKVM to intercept memory being shared between the host
and Trustzone in order to prevent "confused deputy" attacks where the
host can ask Trustzone to access protected guest pages.

Changes since v1 include:

  * Remove double negatives by inverting ffa_call_unsupported() into
    ffa_call_supported()

  * Re-order patch series so that FFA_FEATURES doesn't advertise
    unimplemented functions during bisection

  * Rework patches to introduce function switch case by case

  * Dropped the first two changes as they have been merged upstream

  * Dropped stray "ANDROID:" prefix from the final patch

Thanks to Oliver for his comments on the initial posting.

Patches based on -rc7 and also pushed here:

git://git.kernel.org/pub/scm/linux/kernel/git/will/linux.git kvm/ffa-proxy

Cheers,

Will

Cc: Quentin Perret <qperret@google.com>
Cc: Marc Zyngier <maz@kernel.org>
Cc: Oliver Upton <oliver.upton@linux.dev>
Cc: James Morse <james.morse@arm.com>
Cc: Alexandru Elisei <alexandru.elisei@arm.com>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Sudeep Holla <sudeep.holla@arm.com>
Cc: Sebastian Ene <sebastianene@google.com>
Cc: Fuad Tabba <tabba@google.com>
Cc: kvmarm@lists.linux.dev
Cc: kernel-team@android.com

--->8	  

Fuad Tabba (1):
  KVM: arm64: Handle FFA_FEATURES call from the host

Quentin Perret (1):
  KVM: arm64: pkvm: Add support for fragmented FF-A descriptors

Will Deacon (8):
  KVM: arm64: Block unsafe FF-A calls from the host
  KVM: arm64: Probe FF-A version and host/hyp partition ID during init
  KVM: arm64: Allocate pages for hypervisor FF-A mailboxes
  KVM: arm64: Handle FFA_RXTX_MAP and FFA_RXTX_UNMAP calls from the host
  KVM: arm64: Add FF-A helpers to share/unshare memory with secure world
  KVM: arm64: Handle FFA_MEM_SHARE calls from the host
  KVM: arm64: Handle FFA_MEM_RECLAIM calls from the host
  KVM: arm64: Handle FFA_MEM_LEND calls from the host

 arch/arm64/include/asm/kvm_host.h             |   1 +
 arch/arm64/include/asm/kvm_pkvm.h             |  21 +
 arch/arm64/kvm/arm.c                          |   1 +
 arch/arm64/kvm/hyp/include/nvhe/ffa.h         |  17 +
 arch/arm64/kvm/hyp/include/nvhe/mem_protect.h |   3 +
 arch/arm64/kvm/hyp/nvhe/Makefile              |   2 +-
 arch/arm64/kvm/hyp/nvhe/ffa.c                 | 745 ++++++++++++++++++
 arch/arm64/kvm/hyp/nvhe/hyp-main.c            |   3 +
 arch/arm64/kvm/hyp/nvhe/mem_protect.c         |  68 ++
 arch/arm64/kvm/hyp/nvhe/setup.c               |  11 +
 arch/arm64/kvm/pkvm.c                         |   1 +
 include/linux/arm_ffa.h                       |   8 +
 12 files changed, 880 insertions(+), 1 deletion(-)
 create mode 100644 arch/arm64/kvm/hyp/include/nvhe/ffa.h
 create mode 100644 arch/arm64/kvm/hyp/nvhe/ffa.c