[PATCH v3 08/10] KVM: arm64: Handle FFA_MEM_LEND calls from the host
DaeRo Lee
skseofh at gmail.com
Sun Jul 13 07:59:57 PDT 2025
> > > Handle FFA_MEM_LEND calls from the host by treating them identically to
> > > FFA_MEM_SHARE calls for the purposes of the host stage-2 page-table, but
> > > forwarding on the original request to EL3.
> >
> > I have a question about your patch.
> > Does treating FFA_MEM_LEND as identical to FFA_MEM_SHARE imply that
> > the host can still access the memory even after it has been lent?
>
> Only if your TZ implementation is broken and relies on the NS hypervisor
> for isolation.
I believe pKVM is managing stage 2 isolation between Host and Non-secure Guest
VMs or between Non-secure Guest VMs
<Quote DEN0140_FF-A_Memory Management Protocol>
2.2.1.2 Relayer responsibilities
10. Unmap the memory region from the translation regime of the Lender, if
managed by the Relayer as specified in 1.2 Address translation regimes. This
must be done only if the memory region is in the Owner-EA state. This includes
removing access to the memory region from any DMA capable devices assigned to
the Lender.
>From the content, it seems that when performing a Lend operation, it's
necessary to perform a Stage 2 unmap of the host memory area. Am I understanding
this correctly?
More information about the linux-arm-kernel
mailing list