[PATCH v4 3/5] KVM: arm64: Mark FFA_NOTIFICATION_* calls as unsupported

Thu May 29 05:05:24 PDT 2025

On Fri, May 16, 2025 at 12:14:02PM +0000, Per Larsen via B4 Relay wrote:
> From: Per Larsen <perlarsen at google.com>
> 
> Prevent FFA_NOTIFICATION_* interfaces from being passed through to TZ.
> 
> Signed-off-by: Per Larsen <perlarsen at google.com>
> ---
>  arch/arm64/kvm/hyp/nvhe/ffa.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
> index b3d016bee404ce3f8c72cc57befb4ef4e6c1657f..a545d25002c85b79a8d281739479dab7838a7cd3 100644
> --- a/arch/arm64/kvm/hyp/nvhe/ffa.c
> +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
> @@ -632,6 +632,14 @@ static bool ffa_call_supported(u64 func_id)
>  	case FFA_RXTX_MAP:
>  	case FFA_MEM_DONATE:
>  	case FFA_MEM_RETRIEVE_REQ:
> +       /* Optional notification interfaces added in FF-A 1.1 */
> +	case FFA_NOTIFICATION_BITMAP_CREATE:
> +	case FFA_NOTIFICATION_BITMAP_DESTROY:
> +	case FFA_NOTIFICATION_BIND:
> +	case FFA_NOTIFICATION_UNBIND:
> +	case FFA_NOTIFICATION_SET:
> +	case FFA_NOTIFICATION_GET:
> +	case FFA_NOTIFICATION_INFO_GET:
>  		return false;

Acked-by: Will Deacon <will at kernel.org>

That said, I wonder if we should revisit this denylist along the lines
of the discussion with Oliver on the initial FF-A proxy series:

https://lore.kernel.org/kvmarm/ZGx0QBZzFCmm636r@linux.dev/

We check for is_ffa_call() already, so we could invert the above to be
an allow-list for calls within the FF-A range rather than a deny-list.

What do you think?

Will