[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v7 3/6] xen/arm: ffa: Introduce VM to VM support

  • To: Demi Marie Obenour <demiobenour@xxxxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Mon, 4 Aug 2025 07:21:07 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 4.158.2.129) smtp.rcpttodomain=gmail.com smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=geAkE7DB6wdH4evMbSTVt9r1MrUQTgXJvQJA+GSeqf0=; b=h2oWqCdbYBRMmuIt+hgfFUht3raXbSOjEGeLtJCfHtPd7Nf3qVAqQOfoa+xzGH1BOApuIIqXj+xo0mbawv0L6znU+/4gCxzWsdXLyZAP1+iygoMLz90W+lrStz1J/CrYerwErBes96lEtr9NwtwYRx3r9S1fRF3yHh5D5UfYBUednUGbEcCwo5AHx18I8smGBoS/iqIAcFNUafsPmzM3YyeKhZKNLdVnLpk1YMS/whGrz2zqsrgfCMiG3QcVUHopu+ortELw3xT207ij0BVoHq7UYhvx/eQFZTKC+ksa5M+vTI7ZDbBlrZLTUu4SEF3V9eZohxExdga/DdPTX4mZIQ==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=geAkE7DB6wdH4evMbSTVt9r1MrUQTgXJvQJA+GSeqf0=; b=Lt77er1OYg2PiIir8xeSUACPFi8kFq+ObytLuL2BjidiLW6kfb4xuHT+zrnGGvwiQ2Q/6nIMK0OHwmGxugnoZ4MIp9YHB/akov91FDgYxOih3wMEzkYg7KTcYSVgAeqx0At8mYape1DIHYzqMA532AV5sYPU662xEFYmheZtTs3WN2HqdYDWCOrIPq4s3HYtWddWYiLsZljgxZoeI3B6QWsNfyDcpZaD82ULO04uP+ZI6ioMzEpoTEda024AkxMbKvkwa9slYSzJyIHH1tDd5VInhIhRLJMRryR+a8Jy9//ndD/0sGcOJ1ms741hQUz7KCcU/eLdl2oeOeY0ud3OhQ==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=GrCO8xILQHowHRYIvrXBKgytW0Oeh7NoD16P1lANdK9e1QF9+qgSjxKAp5kDT/NNT/x33foNHHXQH197CDiQXvtTCBfGqBnV7bjQv1twN+3UiMX1Vd02w53I5wSJaQRM/9V34CicfXmQ36O4WkYXUzU8DVljlOSdACzjWbSgtNmjC1rvfxOuGVr7IhP83/8k9W6Ml9BZ+3THq/9guXyUnOKFuGu4IpVs0+Mk5DmSi5fcWTWYKTGxaH1gsx8d2v3iDD+mCDfVQ/lNL3Bs4099PHmugH7wU4XKGKvLML2Iu5k7L38G9NlNswHcpcrVcqkfT7H6PmATxVhAbCsMGdD72g==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=UwKl8F25EOEteXawnbw8RLxIFwJiUBQMTmZMdw7Yomlw2zmsGc32JAe3fznfD04DVel2Z5uVH5LbfRjd3iFmJLPTa28exxagY1BPgSEXNejDqim/riuf6DhDYgQvCYS01CJO4LTmej6l2suCX01zFIrZWzGPPiP7osSAkTEa2gVUqF/24UJJ4sBBBBXWh38OaPSaH3sZXBRno7ItJ9GPjEHgTvKXcAnpN/OEbON+xtvZf9i5XVhJdWHvDKX29qCZJPxja2/Pcti7dyGZD/7tztCm523G3SKuiAHCoaxo+vpLvDoryHPHV5aDISttwZYTAB1X3K1mupE2LUAEn2VL7g==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "jens.wiklander@xxxxxxxxxx" <jens.wiklander@xxxxxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>
  • Delivery-date: Mon, 04 Aug 2025 07:28:30 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Thread-index: AQHb9xP9tgnM92Sxpk+5sdmAsJMirrRQbvOAgAHDiYA=
  • Thread-topic: [PATCH v7 3/6] xen/arm: ffa: Introduce VM to VM support
Hi Demi,

> On 3 Aug 2025, at 06:24, Demi Marie Obenour <demiobenour@xxxxxxxxx> wrote:
> 
> On 7/17/25 08:11, Bertrand Marquis wrote:
>> Create a CONFIG_FFA_VM_TO_VM parameter to activate FFA communication
>> between VMs.
>> When activated list VMs in the system with FF-A support in part_info_get.
>> 
>> When VM to VM is activated, Xen will be tainted as Insecure and a
>> message is displayed to the user during the boot as there is no
>> filtering of VMs in FF-A so any VM can communicate or see any other VM
>> in the system.
>> 
>> WARNING: There is no filtering for now and all VMs are listed !!
> I'm pretty sure that there is already no filtering for things like grant
> tables and event channels, so this doesn't make things any worse.  That
> said, FF-A is quite tricky to implement without integer overflow/wraparound
> or denial of service bugs.  In particular, code in Hafnium (Secure Partition
> Monitor running in S-EL2) requires quadratic time because of repeated linear
> searches.  Xen is allowed to use dynamic memory allocation, so it can, should,
> and must do better.

I do agree but we still have tricky cases where we could end up in unbounded 
loops.
Some are handled by adding some limits.

Dynamic allocation being available in Xen is helping a lot on some cases but 
for now
I try to prevent it when possible but we might have to review this later if we 
want to
increase some capacities (for example the number of shared memories).

I plan to do a presentation at the Xen Summit and a design session to discuss 
how
we could define a way to define by configuration or at runtime what secure 
endpoints
or VMs can be contacted by a VM with FF-A enabled.

Regards
Bertrand

> -- 
> Sincerely,
> Demi Marie Obenour (she/her/hers)<OpenPGP_0xB288B55FFF9C22C1.asc>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.