[PATCH 1/2] KVM: arm64: fix FF-A call failure when ff-a driver is built-in

Marc Zyngier maz at kernel.org
Fri Oct 31 03:27:56 PDT 2025 

On Fri, 31 Oct 2025 10:08:37 +0000,
Yeoreum Yun <yeoreum.yun at arm.com> wrote:
> 
> Hi Sebastian,
> 
> > > Until has_version_negotiated is set to true,
> > > all FF-A function calls fail except FFA_VERSION.
> > > The has_version_negotiated flag is set to true when
> > > the first FFA_VERSION call is made after init_hyp_mode().
> > >
> > > This works fine when the FF-A driver is built as a module,
> > > since ffa_init() is invoked after kvm_arm_init(), allowing do_ffa_version()
> > > to set has_version_negotiated to true.
> > >
> > > However, when the FF-A driver is built-in (CONFIG_ARM_FFA_TRANSPORT=y),
> > > all FF-A calls fail. This happens because ffa_init() runs before
> > > kvm_arm_init() — the init level of ffa_init() is rootfs_initcall.
> > > As a result, the hypervisor cannot set has_version_negotiated,
> > > since the FFA_VERSION call made in ffa_init() does not trap to the hypervisor
> > > (HCR_EL2.TSC is cleared before kvm_arm_init()).
> > >
> >
> > I understand the reason behind the patch but this is problematic to have
> > the builtin driver load before pKVM because the hypervisor would be
> > un-aware of the host mapped buffers. (eg. the call from ffa_rxtx_map is
> > not trapped because it is too early). Essentially, you will end up
> > bypassing the hyp FF-A proxy which I think you will want to avoid.
> 
> Ah. I've overlooed the ffa_rxtx_map proxy.
> But unfortunately, some of depndency with the driver using arm_ffa
> driver, ffa_init() should be called first then other drivers' initcall
> (usually, these kind of driver defines its one initcall with
> device_initcall()) (i.e) https://lore.kernel.org/all/20250618102302.2379029-1-yeoreum.yun@arm.com/.
> 
> Though I arm_ffa driver provide an API getting mapped rx/tx buffer,
> But this seems to reverse dependency -- kvm depends on arm_ffa driver.

No it doesn't. KVM doesn't give a damn about the kernel FFA driver. It
just makes sure that the driver doesn't do anything stupid.

> I’ve been thinking about some possible solutions,
> but in my narrow idea, valid solution is kvm_arm_init() as
> subsys_initcall_sync() and call kvm_init() in module_init() like
> attached modification.
> 
> Do you have any idea?

There is no way we can accept such a change. It makes something
fragile even more brittle. If anything, make the FFA driver check for
KVM being initialised, and make the probing defer if not.

	M.

-- 
Without deviation from the norm, progress is not possible.

More information about the linux-arm-kernel mailing list