From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ed1-f73.google.com (mail-ed1-f73.google.com [209.85.208.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D4030429824 for ; Wed, 27 May 2026 15:02:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.73 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779894175; cv=none; b=Hs+gSg1LydSNPgT0RS64qlYUkVq7A6WshcaViIotYq9k7RlYbvkdmbWhiq8ZuOtv93ym6rcG3E8zc+3s75LRZ4SeeDwIvOC5NAfl9ju92J1ffGa9NcdGGNqDaS8x7QAUHdh/ozzQmUJL31U/Ipp4k9UXnQT6m2A424BzLvoeE/A= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779894175; c=relaxed/simple; bh=SP4Kec8y+oWOlOQeZ//P8sSlKwGT5+/gmSM055b4H6I=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=qby6UznYkJy8v8kcfKObZAD0B8JTEMTt0mR+vch9ZKRl3YDMW/9VvnYf6I9pjf67LfnQHTC4hPvasllQhTiO/RRkO/jQ6LthT807HH+1IQPY0PC/GAyRhg2zbrxbJZKrjINfQnP90kZRWME4kZKmjFvGAO+MCiiPJ5X0yUGE+4w= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--smostafa.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Di3jG8/N; arc=none smtp.client-ip=209.85.208.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--smostafa.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Di3jG8/N" Received: by mail-ed1-f73.google.com with SMTP id 4fb4d7f45d1cf-67bca868649so9465005a12.3 for ; Wed, 27 May 2026 08:02:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1779894168; x=1780498968; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Kwo4Qh0di/1vFA0Eu7i+PSEhw4tHDX1V0gCvzn+6kjI=; b=Di3jG8/NXK+ggJM/kkicEDu7cGHfE2Lsbc5uMDPmfAMJBgkD9cL2/TW2Est/1e6uVG aagXHe9b+vI5jJmVtLXkSc4FNTQU7hMdbDLIXb8ACKvaYLTy/oCme+JbAmwjGJI63p/0 fbl87wlG0G+/D7e/9T8/mDviFRO90qhRjAFkZHxb/YiCj0ItxfMDmk8xypZrzNvQ3L3v F1GLfITwnernUqMzoIMu1DNPZ2OPOmcZO3sBolX1MWU/y8oc7qa7hQhwtRC9tv9IrnG3 ptaB8JO59kR0kQnTNM6qrC8pIaQmkHcNjZCyO95ibpwwGkMz0H8PK/qIevWb9uoLB4jn 5jtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779894168; x=1780498968; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Kwo4Qh0di/1vFA0Eu7i+PSEhw4tHDX1V0gCvzn+6kjI=; b=P/Vc+nz57sN+ZlxUXEBctdLb5QBabErjenJvjnaL4SsqIywtgNWGV1sqxfm2oVeNHs cGTmlzc9JBRZUp3Bl1tyvOyMZ4brK7zGcmsWzOQ7fR5ws1Po6cWV1WQy9F0c+mod3Mwr HN1f/1D9tI6JGUcia2TD1Ti/BGR5b09YPCsp1jBCFS9+lyw5kUASH9Uo7RUv8Lu1qjBy o8QeJCLaYeKdpVhTRGi5rSGWgPeVhVK9nYHjE5HlreqfvvjSxGADIiNQFjBmef0b8pTV 8MlpV/RPeZNGlfPuL65ZLN0OUu17Hr+XNqDNEkHQgVFlqY2z+1QhMED85Ijlp42yFhsW 2E3g== X-Forwarded-Encrypted: i=1; AFNElJ8Ted96dt/jTDkRNbutdW/7XeCSjYsapTVthEsG1KYFZ4FOu1S2XM5EiKtn27laiv60KWljneFGb1a02fg=@vger.kernel.org X-Gm-Message-State: AOJu0YwJNegEeNl6cbsO6knoTpBwb05EN6BSuDZbBAl8qRl93PL6G0V1 selZCy9j6jOKTjlBM8/B31egmCv/ZfPyou5MR8bHJHgByrkXF+cBf7xelpMGR9g9cPdAaDCAnMn odh7T5o29CgBafQ== X-Received: from edyd3.prod.google.com ([2002:a05:6402:783:b0:688:c574:279d]) (user=smostafa job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6402:a51b:20b0:689:6c2e:6cce with SMTP id 4fb4d7f45d1cf-6896c2e6e11mr5575010a12.2.1779894167979; Wed, 27 May 2026 08:02:47 -0700 (PDT) Date: Wed, 27 May 2026 15:02:36 +0000 In-Reply-To: <20260527150236.1978655-1-smostafa@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260527150236.1978655-1-smostafa@google.com> X-Mailer: git-send-email 2.54.0.746.g67dd491aae-goog Message-ID: <20260527150236.1978655-7-smostafa@google.com> Subject: [PATCH v6 6/6] KVM: arm64: Ensure FFA ranges are page aligned From: Mostafa Saleh To: op-tee@lists.trustedfirmware.org, linux-kernel@vger.kernel.org, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oupton@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, catalin.marinas@arm.com, jens.wiklander@linaro.org, sumit.garg@kernel.org, sebastianene@google.com, vdonnefort@google.com, sudeep.holla@kernel.org, Mostafa Saleh Content-Type: text/plain; charset="UTF-8" At the moment we only check that the size of the range is page aligned, and truncate the address to the page boundary. This make an assumption that TZ will do the same. However, it might decide to use the extra offset of the neighbour page at the end, which is valid under FFA if NS is using larger page size. Harden this check by also checking that the base address is aligned and reject it otherwise. Fixes: 436090001776 ("KVM: arm64: Handle FFA_MEM_SHARE calls from the host") Signed-off-by: Mostafa Saleh --- arch/arm64/kvm/hyp/nvhe/ffa.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index a12e01883314..daf0e328c847 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -352,7 +352,7 @@ static u32 __ffa_host_share_ranges(struct ffa_mem_region_addr_range *ranges, u64 sz = (u64)range->pg_cnt * FFA_PAGE_SIZE; u64 pfn = hyp_phys_to_pfn(range->address); - if (!PAGE_ALIGNED(sz)) + if (!PAGE_ALIGNED(sz | range->address)) break; if (__pkvm_host_share_ffa(pfn, sz / PAGE_SIZE)) @@ -372,7 +372,7 @@ static u32 __ffa_host_unshare_ranges(struct ffa_mem_region_addr_range *ranges, u64 sz = (u64)range->pg_cnt * FFA_PAGE_SIZE; u64 pfn = hyp_phys_to_pfn(range->address); - if (!PAGE_ALIGNED(sz)) + if (!PAGE_ALIGNED(sz | range->address)) break; if (__pkvm_host_unshare_ffa(pfn, sz / PAGE_SIZE)) -- 2.54.0.746.g67dd491aae-goog From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.trustedfirmware.org (lists.trustedfirmware.org [18.214.241.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 65984CD5BD5 for ; Wed, 27 May 2026 15:05:24 +0000 (UTC) Received: from lists.trustedfirmware.org (localhost [127.0.0.1]) by lists.trustedfirmware.org (Postfix) with ESMTP id BA8C144E2F for ; Wed, 27 May 2026 15:05:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.trustedfirmware.org; s=2024; t=1779894323; bh=SP4Kec8y+oWOlOQeZ//P8sSlKwGT5+/gmSM055b4H6I=; h=Date:In-Reply-To:References:Subject:To:CC:List-Id:List-Archive: List-Help:List-Owner:List-Post:List-Subscribe:List-Unsubscribe: From:Reply-To:From; b=SWjlTiIVgSsKIs9DmUAccJ/BnAv277qzjMTdT07s/oqTu0GhqEyUHfuLJQmE0OFiD ANIa+wtb08Rn2rNkfhrNwvQOAKgMO+pYy7/YX6GBvi5DMkMCEebZOaWVFEaJ3gsinN eUTXhJkVGel4NkTTFlm+BTZzi6z3g/qYDHtjvBsWNNfs58Y3p/hV06Qb145z3aYfs0 SkgvlPT4vaVos7TTcfYse8n6GdZFaJIaS+5ZAoZ1vRjTltonTRXLm8iJZ+cuV8n9v2 /mdYXCUjR7vqEq4Tw+pDIWtPZcZr7xDROfJKICXE98l1W+uUq1XBC0PjlOBPYBtYdw f4PO0hcGbWXOw== Received: from mail-ed1-f74.google.com (mail-ed1-f74.google.com [209.85.208.74]) by lists.trustedfirmware.org (Postfix) with ESMTPS id 3B676443EB for ; Wed, 27 May 2026 15:02:50 +0000 (UTC) Authentication-Results: lists.trustedfirmware.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256 header.s=20251104 header.b=V+5DGhOR; dkim-atps=neutral Received: by mail-ed1-f74.google.com with SMTP id 4fb4d7f45d1cf-67bca868649so9465022a12.3 for ; Wed, 27 May 2026 08:02:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1779894169; x=1780498969; darn=lists.trustedfirmware.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Kwo4Qh0di/1vFA0Eu7i+PSEhw4tHDX1V0gCvzn+6kjI=; b=V+5DGhORQJ8olfDBRfvpxgPk4dcPz/fDC7H0Jle7l8y1jIa92u3xR6LwsclWMAIkGh LHMaaqBB1lH8l2uv9k9O2hBaRGHdiyh1jrRQjbBfb4VBSEEEwy2/IL9eyg7a5+E1qWVW Y4s4zvgf9wNVj2uwLlKmkY0EJqVBQFbA7M3cF5JzPSp04EAewmX8rNgLwWuTPWFuiBtB eX/AiDxMvGVjl5+mN2MuK5FBxI/XUgPslJEMkXHBq4lPtM8WB8rqd/vb2/X+kKlTL4T3 daabQH5TPiuZtH7wzPQWiS5EorbYaRd4Zl+eGvAeKX76XC1ZR1CgO8auQyMJTorqUOVT drrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779894169; x=1780498969; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Kwo4Qh0di/1vFA0Eu7i+PSEhw4tHDX1V0gCvzn+6kjI=; b=i/Z4AqlpHi1NPKGuxoeLoM6h/7hRxhhVp856lO9Xp3tcddaSBYKrUEVa5nfAlqO9SD izxeW2O8lMjEnRr5bBVnmsFvqGMh33uBDJUSfVvo3hB/OqsSRmx5BmMLwXhe65BIv1ow lkgnr7wSDYqb8b736IjVpGnpfyLAW+r8pWT/sgVHlXDITgogm7Ku+TzPWqAX5yWjmT2w cK+eX5pdO8IqprF5/tIb+h+GtOIzEJEeEEtBKpdxZX5/CG70DygiyumiFBl0t9srKZ8T Ob9Yj5Y8d4A6bmaOfAk84ZEYjFyxaA4ad8WyQAUClOZB+B8cckWvJB0sCbAJ/ThS8W1t UjDQ== X-Gm-Message-State: AOJu0YzradngrJC1w3N9Ye+aG3xX4L762ogE9TnLiVtp3xfGGnqbkh0+ MR3JoxEiTxPou4l2Ou8Sop5Fw1bz95NJIWJLeHmyuw+aXw7MhQVBOd+ngtGoU578pzSNdREvHWn 97m3L1+aIAbxRGqQg/FfwmKqbt6wbk1oZUxWhd++Knx93rJc/W0ZVga9StlWIKcAjyv4PwlBc8d f1FdNMUiXJzB0QRMyxSde6TmQFx9JV5R7Z4hozhrJKfGIpytNoE3z4e38PIBrA X-Received: from edyd3.prod.google.com ([2002:a05:6402:783:b0:688:c574:279d]) (user=smostafa job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6402:a51b:20b0:689:6c2e:6cce with SMTP id 4fb4d7f45d1cf-6896c2e6e11mr5575010a12.2.1779894167979; Wed, 27 May 2026 08:02:47 -0700 (PDT) Date: Wed, 27 May 2026 15:02:36 +0000 In-Reply-To: <20260527150236.1978655-1-smostafa@google.com> Mime-Version: 1.0 References: <20260527150236.1978655-1-smostafa@google.com> X-Mailer: git-send-email 2.54.0.746.g67dd491aae-goog Message-ID: <20260527150236.1978655-7-smostafa@google.com> Subject: [PATCH v6 6/6] KVM: arm64: Ensure FFA ranges are page aligned To: op-tee@lists.trustedfirmware.org, linux-kernel@vger.kernel.org, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Action: no action X-Spamd-Result: default: False [-2.20 / 15.00]; BAYES_HAM(-3.00)[99.99%]; MID_CONTAINS_FROM(1.00)[]; DMARC_POLICY_ALLOW(-0.50)[google.com,reject]; MV_CASE(0.50)[]; FORGED_SENDER(0.30)[smostafa@google.com,3lwcxaggkblokegkl2728gg8d6.4gegh-l66daklk.ljmkl657ajeo2j6.gj8@flex--smostafa.bounces.google.com]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c]; R_DKIM_ALLOW(-0.20)[google.com:s=20251104]; MIME_GOOD(-0.10)[text/plain]; TO_DN_SOME(0.00)[]; RCPT_COUNT_TWELVE(0.00)[15]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; RSPAMD_EMAILBL_FAIL(0.00)[3lwcxaggkblokegkl2728gg8d6.4gegh-l66daklk.ljmkl657ajeo2j6.gj8@flex--smostafa.bounces.google.com:server fail]; DWL_DNSWL_NONE(0.00)[google.com:dkim]; PREVIOUSLY_DELIVERED(0.00)[op-tee@lists.trustedfirmware.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_NEQ_ENVFROM(0.00)[smostafa@google.com,3lwcxaggkblokegkl2728gg8d6.4gegh-l66daklk.ljmkl657ajeo2j6.gj8@flex--smostafa.bounces.google.com]; DKIM_TRACE(0.00)[google.com:+]; ALIAS_RESOLVED(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.208.74:from]; NEURAL_HAM(-0.00)[-0.991]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; RCVD_IN_DNSWL_NONE(0.00)[209.85.208.74:from] X-Rspamd-Server: lists.trustedfirmware.org X-Rspamd-Queue-Id: 3B676443EB X-Spamd-Bar: -- Message-ID-Hash: 2ME3YCWE4MM2GAPA4ALAV4FWM4ZK2T64 X-Message-ID-Hash: 2ME3YCWE4MM2GAPA4ALAV4FWM4ZK2T64 X-MailFrom: 3lwcXaggKBloKEGKL2728GG8D6.4GEGH-L66DAKLK.LJMKL657AJEO2J6.GJ8@flex--smostafa.bounces.google.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-op-tee.lists.trustedfirmware.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: maz@kernel.org, oupton@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, catalin.marinas@arm.com, sumit.garg@kernel.org, sebastianene@google.com, vdonnefort@google.com, sudeep.holla@kernel.org, Mostafa Saleh X-Mailman-Version: 3.3.5 Precedence: list List-Id: Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Mostafa Saleh via OP-TEE Reply-To: Mostafa Saleh At the moment we only check that the size of the range is page aligned, and truncate the address to the page boundary. This make an assumption that TZ will do the same. However, it might decide to use the extra offset of the neighbour page at the end, which is valid under FFA if NS is using larger page size. Harden this check by also checking that the base address is aligned and reject it otherwise. Fixes: 436090001776 ("KVM: arm64: Handle FFA_MEM_SHARE calls from the host") Signed-off-by: Mostafa Saleh --- arch/arm64/kvm/hyp/nvhe/ffa.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index a12e01883314..daf0e328c847 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -352,7 +352,7 @@ static u32 __ffa_host_share_ranges(struct ffa_mem_region_addr_range *ranges, u64 sz = (u64)range->pg_cnt * FFA_PAGE_SIZE; u64 pfn = hyp_phys_to_pfn(range->address); - if (!PAGE_ALIGNED(sz)) + if (!PAGE_ALIGNED(sz | range->address)) break; if (__pkvm_host_share_ffa(pfn, sz / PAGE_SIZE)) @@ -372,7 +372,7 @@ static u32 __ffa_host_unshare_ranges(struct ffa_mem_region_addr_range *ranges, u64 sz = (u64)range->pg_cnt * FFA_PAGE_SIZE; u64 pfn = hyp_phys_to_pfn(range->address); - if (!PAGE_ALIGNED(sz)) + if (!PAGE_ALIGNED(sz | range->address)) break; if (__pkvm_host_unshare_ffa(pfn, sz / PAGE_SIZE)) -- 2.54.0.746.g67dd491aae-goog