[PATCH 0/2] KVM: arm64: Support FF-A direct messaging interfaces

[PATCH 0/2] KVM: arm64: Support FF-A direct messaging interfaces

[Per Larsen via B4 Relay]

Support FFA_MSG_SEND_DIRECT_REQ unconditionally.
Support FFA_MSG_SEND_DIRECT_REQ2 if hypervisor negotiated version 1.2+.

The second patch was part of a previous patch set [0] but was dropped
since the use case was unclear. A clear use case has now appeared [1].

Tested by booting Android under QEMU.

Best Regards,
Per

[0]: https://lore.kernel.org/all/20250730-virtio-msg-ffa-v9-0-7f1b55c8d149@google.com/
[1]: https://lore.kernel.org/all/20251027191729.1704744-1-yeoreum.yun@arm.com/
 

Signed-off-by: Per Larsen <perlarsen@google.com>
---
Per Larsen (1):
      KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ2 in host handler

Sebastian Ene (1):
      KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ in host handler

 arch/arm64/kvm/hyp/nvhe/ffa.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
---
base-commit: e53642b87a4f4b03a8d7e5f8507fc3cd0c595ea6
change-id: 20251029-host-direct-messages-5201d7f55abd

Best regards,
-- 
Per Larsen <perlarsen@google.com>

[PATCH 1/2] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ in host handler

[Per Larsen via B4 Relay]

From: Sebastian Ene <sebastianene@google.com>

Allow direct messages to be forwarded from the host.

Signed-off-by: Sebastian Ene <sebastianene@google.com>
Signed-off-by: Per Larsen <perlarsen@google.com>
---
 arch/arm64/kvm/hyp/nvhe/ffa.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
index 4e16f9b96f637599873b16148c6e40cf1210aa3e..191dcb301cca3986758fb6a49f15f1799de9f1d1 100644
--- a/arch/arm64/kvm/hyp/nvhe/ffa.c
+++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
@@ -857,6 +857,15 @@ static void do_ffa_part_get(struct arm_smccc_1_2_regs *res,
 	hyp_spin_unlock(&host_buffers.lock);
 }
 
+static void do_ffa_direct_msg(struct arm_smccc_1_2_regs *res,
+			      struct kvm_cpu_context *ctxt,
+			      u64 vm_handle)
+{
+	struct arm_smccc_1_2_regs *args = (void *)&ctxt->regs.regs[0];
+
+	arm_smccc_1_2_smc(args, res);
+}
+
 bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
 {
 	struct arm_smccc_1_2_regs res;
@@ -915,6 +924,13 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
 	case FFA_PARTITION_INFO_GET:
 		do_ffa_part_get(&res, host_ctxt);
 		goto out_handled;
+	case FFA_ID_GET:
+		ffa_to_smccc_res_prop(&res, FFA_RET_SUCCESS, HOST_FFA_ID);
+		goto out_handled;
+	case FFA_MSG_SEND_DIRECT_REQ:
+	case FFA_FN64_MSG_SEND_DIRECT_REQ:
+		do_ffa_direct_msg(&res, host_ctxt, HOST_FFA_ID);
+		goto out_handled;
 	}
 
 	if (ffa_call_supported(func_id))

-- 
2.51.1.851.g4ebd6896fd-goog

[PATCH 2/2] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ2 in host handler

[Per Larsen via B4 Relay]

From: Per Larsen <perlarsen@google.com>

FF-A 1.2 adds the DIRECT_REQ2 messaging interface which is similar to
the existing FFA_MSG_SEND_DIRECT_{REQ,RESP} functions and can use the
existing handler function. Add support for FFA_MSG_SEND_DIRECT_REQ2 in
the host ffa handler.

Signed-off-by: Per Larsen <perlarsen@google.com>
---
 arch/arm64/kvm/hyp/nvhe/ffa.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
index 191dcb301cca3986758fb6a49f15f1799de9f1d1..0d91411fd1d0d3fc48d725c51a7f3c77372374be 100644
--- a/arch/arm64/kvm/hyp/nvhe/ffa.c
+++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
@@ -678,8 +678,10 @@ static bool ffa_call_supported(u64 func_id)
 	case FFA_NOTIFICATION_SET:
 	case FFA_NOTIFICATION_GET:
 	case FFA_NOTIFICATION_INFO_GET:
+		return false;
 	/* Optional interfaces added in FF-A 1.2 */
 	case FFA_MSG_SEND_DIRECT_REQ2:		/* Optional per 7.5.1 */
+		return hyp_ffa_version >= FFA_VERSION_1_2;
 	case FFA_MSG_SEND_DIRECT_RESP2:		/* Optional per 7.5.1 */
 	case FFA_CONSOLE_LOG:			/* Optional per 13.1: not in Table 13.1 */
 	case FFA_PARTITION_INFO_GET_REGS:	/* Optional for virtual instances per 13.1 */
@@ -927,6 +929,10 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
 	case FFA_ID_GET:
 		ffa_to_smccc_res_prop(&res, FFA_RET_SUCCESS, HOST_FFA_ID);
 		goto out_handled;
+	case FFA_MSG_SEND_DIRECT_REQ2:
+		if (!ffa_call_supported(func_id))
+			goto out_not_supported;
+		fallthrough;
 	case FFA_MSG_SEND_DIRECT_REQ:
 	case FFA_FN64_MSG_SEND_DIRECT_REQ:
 		do_ffa_direct_msg(&res, host_ctxt, HOST_FFA_ID);
@@ -936,6 +942,7 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
 	if (ffa_call_supported(func_id))
 		return false; /* Pass through */
 
+out_not_supported:
 	ffa_to_smccc_error(&res, FFA_RET_NOT_SUPPORTED);
 out_handled:
 	ffa_set_retval(host_ctxt, &res);

-- 
2.51.1.851.g4ebd6896fd-goog

Re: [PATCH 1/2] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ in host handler

[Yeoreum Yun]

Hi Per and Sebasian,

>
> Allow direct messages to be forwarded from the host.
>
> Signed-off-by: Sebastian Ene <sebastianene@google.com>
> Signed-off-by: Per Larsen <perlarsen@google.com>
> ---
>  arch/arm64/kvm/hyp/nvhe/ffa.c | 16 ++++++++++++++++
>  1 file changed, 16 insertions(+)
>
> diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
> index 4e16f9b96f637599873b16148c6e40cf1210aa3e..191dcb301cca3986758fb6a49f15f1799de9f1d1 100644
> --- a/arch/arm64/kvm/hyp/nvhe/ffa.c
> +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
> @@ -857,6 +857,15 @@ static void do_ffa_part_get(struct arm_smccc_1_2_regs *res,
>  	hyp_spin_unlock(&host_buffers.lock);
>  }
>
> +static void do_ffa_direct_msg(struct arm_smccc_1_2_regs *res,
> +			      struct kvm_cpu_context *ctxt,
> +			      u64 vm_handle)
> +{
> +	struct arm_smccc_1_2_regs *args = (void *)&ctxt->regs.regs[0];
> +
> +	arm_smccc_1_2_smc(args, res);
> +}
> +

TBH, I don't have a strong comment for this but, I'm not sure why
it is necessary.
Since it calls just "smc" with the passed argments,
I think it can be handled by default_smc_handler() without adding this
function but return the ture for DIRECT MSG2 in ffa_call_support().

Am I missing something?

>  bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
>  {
>  	struct arm_smccc_1_2_regs res;
> @@ -915,6 +924,13 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
>  	case FFA_PARTITION_INFO_GET:
>  		do_ffa_part_get(&res, host_ctxt);
>  		goto out_handled;
> +	case FFA_ID_GET:
> +		ffa_to_smccc_res_prop(&res, FFA_RET_SUCCESS, HOST_FFA_ID);
> +		goto out_handled;

I think FFA_ID_GET should be a seperated patch?

> +	case FFA_MSG_SEND_DIRECT_REQ:
> +	case FFA_FN64_MSG_SEND_DIRECT_REQ:
> +		do_ffa_direct_msg(&res, host_ctxt, HOST_FFA_ID);
> +		goto out_handled;
>  	}
>
>  	if (ffa_call_supported(func_id))

Thanks.

--
Sincerely,
Yeoreum Yun

Re: [PATCH 1/2] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ in host handler

[Per Larsen]

Hi Yeoreum,

On 10/30/25 2:48 PM, Yeoreum Yun wrote:
> Hi Per and Sebasian,
> 
>>
>> Allow direct messages to be forwarded from the host.
>>
>> Signed-off-by: Sebastian Ene <sebastianene@google.com>
>> Signed-off-by: Per Larsen <perlarsen@google.com>
>> ---
>>   arch/arm64/kvm/hyp/nvhe/ffa.c | 16 ++++++++++++++++
>>   1 file changed, 16 insertions(+)
>>
>> diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
>> index 4e16f9b96f637599873b16148c6e40cf1210aa3e..191dcb301cca3986758fb6a49f15f1799de9f1d1 100644
>> --- a/arch/arm64/kvm/hyp/nvhe/ffa.c
>> +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
>> @@ -857,6 +857,15 @@ static void do_ffa_part_get(struct arm_smccc_1_2_regs *res,
>>   	hyp_spin_unlock(&host_buffers.lock);
>>   }
>>
>> +static void do_ffa_direct_msg(struct arm_smccc_1_2_regs *res,
>> +			      struct kvm_cpu_context *ctxt,
>> +			      u64 vm_handle)
>> +{
>> +	struct arm_smccc_1_2_regs *args = (void *)&ctxt->regs.regs[0];
>> +
>> +	arm_smccc_1_2_smc(args, res);
>> +}
>> +
> 
> TBH, I don't have a strong comment for this but, I'm not sure why
> it is necessary.
> Since it calls just "smc" with the passed argments,
> I think it can be handled by default_smc_handler() without adding this
> function but return the ture for DIRECT MSG2 in ffa_call_support().
> 
> Am I missing something?
Calling `do_ffa_direct_msg` from the host ffa proxy ensures that the 
caller has negotiated a FF-A version with the hypervisor first. In turn,
this means that `ffa_call_support` can use the negotiated version to 
decide whether to proxy this interface or not.

Moreover, `kvm_host_ffa_handler` currently proxies host FF-A calls. 
Android also proxies FF-A calls from guest VMs via a similar function: 
`kvm_guest_ffa_handler` so this function avoids duplication if/when 
adding a guest proxy. This function is also where one would check FFA 
IDs before forwarding messages (to prevent spoofing). You can see the 
downstream implementation here 
https://android-review.googlesource.com/c/kernel/common/+/3422040.

> 
>>   bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
>>   {
>>   	struct arm_smccc_1_2_regs res;
>> @@ -915,6 +924,13 @@ bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt, u32 func_id)
>>   	case FFA_PARTITION_INFO_GET:
>>   		do_ffa_part_get(&res, host_ctxt);
>>   		goto out_handled;
>> +	case FFA_ID_GET:
>> +		ffa_to_smccc_res_prop(&res, FFA_RET_SUCCESS, HOST_FFA_ID);
>> +		goto out_handled;
> 
> I think FFA_ID_GET should be a seperated patch?
Agreed. I've dropped it from this patch set as I don't think we need it.>
>> +	case FFA_MSG_SEND_DIRECT_REQ:
>> +	case FFA_FN64_MSG_SEND_DIRECT_REQ:
>> +		do_ffa_direct_msg(&res, host_ctxt, HOST_FFA_ID);
>> +		goto out_handled;
>>   	}
>>
>>   	if (ffa_call_supported(func_id))

Thanks,Per

Re: [PATCH 1/2] KVM: arm64: Support FFA_MSG_SEND_DIRECT_REQ in host handler

[Yeoreum Yun]

Hi,

> >
> > >
> > > Allow direct messages to be forwarded from the host.
> > >
> > > Signed-off-by: Sebastian Ene <sebastianene@google.com>
> > > Signed-off-by: Per Larsen <perlarsen@google.com>
> > > ---
> > >   arch/arm64/kvm/hyp/nvhe/ffa.c | 16 ++++++++++++++++
> > >   1 file changed, 16 insertions(+)
> > >
> > > diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
> > > index 4e16f9b96f637599873b16148c6e40cf1210aa3e..191dcb301cca3986758fb6a49f15f1799de9f1d1 100644
> > > --- a/arch/arm64/kvm/hyp/nvhe/ffa.c
> > > +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
> > > @@ -857,6 +857,15 @@ static void do_ffa_part_get(struct arm_smccc_1_2_regs *res,
> > >   	hyp_spin_unlock(&host_buffers.lock);
> > >   }
> > >
> > > +static void do_ffa_direct_msg(struct arm_smccc_1_2_regs *res,
> > > +			      struct kvm_cpu_context *ctxt,
> > > +			      u64 vm_handle)
> > > +{
> > > +	struct arm_smccc_1_2_regs *args = (void *)&ctxt->regs.regs[0];
> > > +
> > > +	arm_smccc_1_2_smc(args, res);
> > > +}
> > > +
> >
> > TBH, I don't have a strong comment for this but, I'm not sure why
> > it is necessary.
> > Since it calls just "smc" with the passed argments,
> > I think it can be handled by default_smc_handler() without adding this
> > function but return the ture for DIRECT MSG2 in ffa_call_support().
> >
> > Am I missing something?
> Calling `do_ffa_direct_msg` from the host ffa proxy ensures that the caller
> has negotiated a FF-A version with the hypervisor first. In turn,
> this means that `ffa_call_support` can use the negotiated version to decide
> whether to proxy this interface or not.
>
> Moreover, `kvm_host_ffa_handler` currently proxies host FF-A calls. Android
> also proxies FF-A calls from guest VMs via a similar function:
> `kvm_guest_ffa_handler` so this function avoids duplication if/when adding a
> guest proxy. This function is also where one would check FFA IDs before
> forwarding messages (to prevent spoofing). You can see the downstream
> implementation here
> https://android-review.googlesource.com/c/kernel/common/+/3422040.

Thanks for sharing and clarification.

[...]

Thanks.

--
Sincerely,
Yeoreum Yun