The Linux Kernel Mailing List
 help / color / mirror / Atom feed
From: Mostafa Saleh <smostafa@google.com>
To: Sebastian Ene <sebastianene@google.com>
Cc: Vincent Donnefort <vdonnefort@google.com>,
	catalin.marinas@arm.com, oupton@kernel.org,
	sudeep.holla@kernel.org, will@kernel.org,
	jens.wiklander@linaro.org, joey.gouly@arm.com,
	kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
	linux-kernel@vger.kernel.org, android-kvm@google.com,
	maz@kernel.org, mrigendra.chaubey@gmail.com,
	op-tee@lists.trustedfirmware.org, perlarsen@google.com,
	seiden@linux.ibm.com, sumit.garg@kernel.org,
	suzuki.poulose@arm.com, yuzenghui@huawei.com
Subject: Re: [PATCH v7 6/7] KVM: arm64: Ensure FFA ranges are page aligned
Date: Tue, 30 Jun 2026 10:22:59 +0000	[thread overview]
Message-ID: <akOZAwBn0JkbyzX4@google.com> (raw)
In-Reply-To: <akORop8Z9Levu9Sr@google.com>

> Hey Vincent,
> 
> > I failed to parse this 
> > 
> > But I see 
> > 
> > /* The base IPA of the constituent memory region, aligned to 4 kiB */ 
> > 
> > So it sounds fair to prevent oversharing when PAGE_SIZE > 4KiB
> > 
> 
> I think the problem is when you have a mismatch between FFA_PAGE_SIZE
> and the system PAGE_SIZE. We expect a fixed FFA_PAGE_SIZE of 4kb and
> this is enforced by :
> https://elixir.bootlin.com/linux/v7.1.2/source/arch/arm64/kvm/hyp/nvhe/ffa.c#L761
> 
> if FFA_PAGE_SIZE = 4kb and PAGE_SIZE = 16kb you can end up annotating more pages with FF-A then
> needed when the range->address is unaligned.
> 
> It took me a while to understand this so I guess it is better to rephrase the commit msg.

The problem here is that we only check alignment for size and not
the address.
And the code later (__pkvm_host_unshare_ffa()) uses pfn which
truncates the extra bits.
So, in case we have an unaligned address and an aligned the size, it
will round down the address while the actual size spans an extra page.

For example if base = 0xFFF and size = 0x1000. pKVM will share
(0-0x1000) while the actual range spans till 0x1FFF causing FFA
to access an extra page that was not shared by pKVM.

Thanks,
Mostafa



  reply	other threads:[~2026-06-30 10:23 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-17 14:51 [PATCH v7 0/7] arm_ffa, KVM: Fix FF-A emad offset calculations Sebastian Ene
2026-06-17 14:51 ` [PATCH v7 1/7] optee: ffa: Add NULL check in optee_ffa_lend_protmem Sebastian Ene
2026-06-29  8:53   ` Jens Wiklander
2026-06-30 10:13     ` Sebastian Ene
2026-06-17 14:51 ` [PATCH v7 2/7] firmware: arm_ffa: Fix out-of-bound writes in ffa_setup_and_transmit() Sebastian Ene
2026-06-17 14:51 ` [PATCH v7 3/7] firmware: arm_ffa: Fix Endpoint Memory Access Descriptor offset calculation Sebastian Ene
2026-06-17 14:51 ` [PATCH v7 4/7] KVM: arm64: Fix bounds checking in do_ffa_mem_reclaim() Sebastian Ene
2026-06-18 16:19   ` Vincent Donnefort
2026-06-17 14:51 ` [PATCH v7 5/7] KVM: arm64: Validate the offset to the mem access descriptor Sebastian Ene
2026-06-18 16:56   ` Vincent Donnefort
2026-06-22  9:23     ` Sebastian Ene
2026-06-22 11:22       ` Sebastian Ene
2026-06-17 14:51 ` [PATCH v7 6/7] KVM: arm64: Ensure FFA ranges are page aligned Sebastian Ene
2026-06-18 17:09   ` Vincent Donnefort
2026-06-30  9:51     ` Sebastian Ene
2026-06-30 10:22       ` Mostafa Saleh [this message]
2026-06-17 14:51 ` [PATCH v7 7/7] KVM: arm64: Zero out the stack initialized data in the FFA handler Sebastian Ene
2026-06-18 17:14   ` Vincent Donnefort

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=akOZAwBn0JkbyzX4@google.com \
    --to=smostafa@google.com \
    --cc=android-kvm@google.com \
    --cc=catalin.marinas@arm.com \
    --cc=jens.wiklander@linaro.org \
    --cc=joey.gouly@arm.com \
    --cc=kvmarm@lists.linux.dev \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=maz@kernel.org \
    --cc=mrigendra.chaubey@gmail.com \
    --cc=op-tee@lists.trustedfirmware.org \
    --cc=oupton@kernel.org \
    --cc=perlarsen@google.com \
    --cc=sebastianene@google.com \
    --cc=seiden@linux.ibm.com \
    --cc=sudeep.holla@kernel.org \
    --cc=sumit.garg@kernel.org \
    --cc=suzuki.poulose@arm.com \
    --cc=vdonnefort@google.com \
    --cc=will@kernel.org \
    --cc=yuzenghui@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox