From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 019123E6391 for ; Fri, 3 Jul 2026 10:35:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.48 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783074917; cv=none; b=oVnKUxv3n9HAxPY7/o5IKC32MG3KOuOQXpP0WI+x9UbUk+JzwuVyVm9cQRw4MSLX3HRFpZX+X3YWiYogHrXh0Rou5bOPwcVBmyB/0UyDxZVXocSrqgprSy4abiagvTJlCaMBp5ZRbbxb7oienNlEbrLUEIY8cZYw6mKu0H72w6E= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783074917; c=relaxed/simple; bh=Vzefwy+FmvZ4/SyohLy5EyBfQ7O9LgW5bNYkr6/E3d4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=MWwBEKHAeMrZ2YlJn5BHuZodaBD3CaOUzsenB+ZpzkpNvR7xkAEeJDAcDZKHSxwpAczS4QczJpCRyVLrg+H4PzgTd8xRgqx7ccuxX89zXldTEJWgMbnUSOhAQ0dO0yJnznvQtwF0ckSS3H93aNrs/9A8yGYQO5IllDQWmaV4Km8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Bb1TjhvM; arc=none smtp.client-ip=209.85.221.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Bb1TjhvM" Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-470174001a0so234614f8f.0 for ; Fri, 03 Jul 2026 03:35:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1783074913; x=1783679713; darn=vger.kernel.org; h=in-reply-to:content-disposition:content-type:mime-version :references:message-id:subject:cc:to:from:date:from:to:cc:subject :date:message-id:reply-to:content-type; bh=Wp+fsHhsX4lAKb58gXPJ8tba1DU/IH/qxP9n8Ckh7NI=; b=Bb1TjhvMGd9ob5VUjtwvvS+znHvMYsdNI0PA3UedqD9pUMDvz514OBryVhWitFlaPy viNMy5v4tBMpfqlkMa5jGgq0EEcxRf9EPytSyIc13AF2x86FEhJ4PA6vNvDlZsHek4W6 ceP5P39uDyRdXoSWN+ellPL4l7bEjxOxKx2XzbLKmNN/5Rdz/+Xn9FP4os6lbGdx0qyM 3vOMtzsXakHXsnLwibOtJ/Y0O5L++ttqWhdb72TjMQwsXdgQ+qo4wZtKrVfi4xwsvxK4 fM21jKLCKFQyQ114OiB53PbkYG2r4MJv2fE9hDUpukqQN2fc8agfpJ7DAEyfxnpk6GKg q+rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783074913; x=1783679713; h=in-reply-to:content-disposition:content-type:mime-version :references:message-id:subject:cc:to:from:date:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to :content-type; bh=Wp+fsHhsX4lAKb58gXPJ8tba1DU/IH/qxP9n8Ckh7NI=; b=g7R2MmW8Tkll115w7rISz91VrivPrm+Z9zDYRTNgY5Sf1zXkbzVdU4BcBipvdumtbv 2HRQ6auWCsgQ5/KDhG/4NWs0XJ7+emKYund5d3j/WGbZlKcVGOZjXtZeN8NBgnAAOnLc w+PUCCUWfcKlRmHd4lRw1VBfBUsaLheQXXBSwWs5MpaB3517E9o2aI32JOC1E2XRZuCg +ophWbv6266PhHy6lYlu9ZoHjos22VWUSxU8T6dpyUfv3ig84PRQP/cYhQN0+xqa9ZS/ 9uSt8ukNHnk9lYa8vo8ZUjsWqUbWL6TV3u9JLIemcSRHGDwMwyqp/CYFFtl1C9sZeX9c pf6A== X-Forwarded-Encrypted: i=1; AHgh+Ro9QYcwjtIH2HQ1Z7IiZZg151D9LFYCa6eFJtFQi33SHXWkduLZTQQMzQ/Bvk9fYImqPGYjSO0RZiYYgJM=@vger.kernel.org X-Gm-Message-State: AOJu0YxPZamsEI5jVABGWzALOoFN3p59W5i4ow6LC004L9LNY6AG2+j7 V85rn3igXlu5hl8JMqV3w4YAB3kIN4Hmkezp4vcitWAWgqiG5PFWEdK5SQiazHf8HQ== X-Gm-Gg: AfdE7cm0XvqMBe6V9QE1dj1m+gh3ZZj6FEcd/TolEQfg2QCFzCPO/X+0YOQJcBIdFyC /CAOjiiBZkDvC6rx3tb7DTeNg6tl+u+h1Avmsg3il2IGknnkYYTLq5sxhvJuCPzuWcSOpI11UtP SulCYEDHxmEMdi8xlPQTJTHk5RJ8wHpQ7idkZHc6sziT7WwuhuF3SAmOyzH4fbI44Yf439A9BsT drY66zuO8D9ZVAdWHhgulE8WVu6KcZ7Y8rwT5JTCcOoft6hqNUOIWeWlSIh3xBg4RZldr8lwkHX CZD3mekZvzTVsh55/9yQkqeouwCBXcT0hJhjJJSnEFZFF/CI1T+RsQ394t7hH/4kgLFicwR7Q1L 0IHKBCzNVhAqRLp6kQKhdhVsfQN/BgxuoeI24KNZUTgfkhZeJjmZm+lBNtsgafqU5j+Iey/Nkke dLYRXPmXjqxnCJ3iW/+eOXaVRv/dDNftcXS9nlq2NY55DWagzpR9KTPO2foA14Eg== X-Received: by 2002:adf:e106:0:b0:46d:d693:88cc with SMTP id ffacd0b85a97d-477b5489f5cmr8754455f8f.47.1783074912560; Fri, 03 Jul 2026 03:35:12 -0700 (PDT) Received: from google.com (137.69.77.34.bc.googleusercontent.com. [34.77.69.137]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-477de3dd46asm18021822f8f.36.2026.07.03.03.35.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Jul 2026 03:35:11 -0700 (PDT) Date: Fri, 3 Jul 2026 11:35:08 +0100 From: Vincent Donnefort To: Sebastian Ene Cc: catalin.marinas@arm.com, oupton@kernel.org, sudeep.holla@kernel.org, will@kernel.org, jens.wiklander@linaro.org, joey.gouly@arm.com, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, android-kvm@google.com, maz@kernel.org, mrigendra.chaubey@gmail.com, op-tee@lists.trustedfirmware.org, perlarsen@google.com, seiden@linux.ibm.com, smostafa@google.com, sumit.garg@kernel.org, suzuki.poulose@arm.com, yuzenghui@huawei.com Subject: Re: [PATCH v9 4/6] KVM: arm64: Validate the offset to the mem access descriptor Message-ID: References: <20260702103848.1647249-1-sebastianene@google.com> <20260702103848.1647249-5-sebastianene@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260702103848.1647249-5-sebastianene@google.com> On Thu, Jul 02, 2026 at 10:38:41AM +0000, Sebastian Ene wrote: > Prevent the pKVM hypervisor from making assumptions that the > endpoint memory access descriptor (EMAD) comes right after the > FF-A memory region header. > Prior to FF-A version 1.1 the header of the memory region > didn't contain an offset to the endpoint memory access descriptor. > The layout of a memory transaction looks like this from 1.1 onward: > Type | Field name | Offset > [ Header | ffa_mem_region | 0 > EMAD 1 | ffa_mem_region_attributes) | ffa_mem_region.ep_mem_offset > ] > Verify that the offset to the first endpoint memory access descriptor > is within the mailbox buffer bounds. > > Also, fix one hardcoded sizeof(struct ffa_mem_region_attributes) that > should be replaced ffa_emad_size_get() for compatibility with FFA v1.0. > > Fixes: 42fb33dde42b ("KVM: arm64: Use FF-A 1.1 with pKVM") > Signed-off-by: Mostafa Saleh > Signed-off-by: Sebastian Ene Reviewed-by: Vincent Donnefort > --- > arch/arm64/kvm/hyp/nvhe/ffa.c | 27 +++++++++++++++++++-------- > include/linux/arm_ffa.h | 7 +++++++ > 2 files changed, 26 insertions(+), 8 deletions(-) > [...] > diff --git a/include/linux/arm_ffa.h b/include/linux/arm_ffa.h > index 033c630b271b..e71d83ee0aef 100644 > --- a/include/linux/arm_ffa.h > +++ b/include/linux/arm_ffa.h > @@ -421,6 +421,13 @@ struct ffa_mem_region { > #define FFA_EMAD_HAS_IMPDEF_FIELD(version) ((version) >= FFA_VERSION_1_2) > #define FFA_MEM_REGION_HAS_EP_MEM_OFFSET(version) ((version) > FFA_VERSION_1_0) > > +/* The layout changed from FFA_VERSION_1_0 and the region includes an > + * ep_mem_offset. > + */ nit: Coding-style. > +#define FFA_MEM_REGION_SZ(version) (!FFA_MEM_REGION_HAS_EP_MEM_OFFSET((version)) ?\ > + offsetof(struct ffa_mem_region, ep_mem_offset) :\ > + sizeof(struct ffa_mem_region)) nit: Could avoid the ! by just swapping the two expressions. > + > static inline u32 ffa_emad_size_get(u32 ffa_version) > { > u32 sz; > -- > 2.55.0.rc0.799.gd6f94ed593-goog >