Re: [PATCH v4 7/7] KVM: arm64: Support FFA_NOTIFICATION_INFO_GET in host handler

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] The 64-bit variant of `FFA_NOTIFICATION_INFO_GET` (`FFA_FN64_NOTIFICATION_INFO_GET`) is not intercepted, allowing the host to bypass the newly added SBZ enforcement.
--

commit 9394d3f8c8ebd222066a0b0a791f85587bdb9eb5
Author: Sebastian Ene <sebastianene@google.com>

KVM: arm64: Support FFA_NOTIFICATION_INFO_GET in host handler

Allow the host to query the FF-A notifiction status and proxy the info
get message to Trustzone. Make sure that the SBZ fields are enforced.

> diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
> index de47943383883..ffb6d44b5010d 100644
> --- a/arch/arm64/kvm/hyp/nvhe/ffa.c
> +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
[ ... ]
> @@ -1100,6 +1112,9 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
>  	case FFA_NOTIFICATION_GET:
>  		do_ffa_notif_get(&res, host_ctxt);
>  		goto out_handled;
> +	case FFA_NOTIFICATION_INFO_GET:
> +		do_ffa_notif_info_get(&res, host_ctxt);
> +		goto out_handled;

[Severity: Medium]
Does this miss the 64-bit variant (FFA_FN64_NOTIFICATION_INFO_GET)?

If the host natively issues the 64-bit SMC ID, it will fall through this
switch statement. It will then be evaluated by ffa_call_supported(), which
returns true because it is not explicitly blocked. This causes the unvalidated
call to be passed directly through to EL3, bypassing the newly added SBZ
validation entirely.

Should FFA_FN64_NOTIFICATION_INFO_GET be handled here alongside the
32-bit variant to ensure the validation is enforced for both?

>  	}
>  
>  	if (ffa_call_supported(func_id))

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260616154149.2763214-1-sebastianene@google.com?part=7