From 07e24d0bc78885c3dc20310e668271c4c0c1dee3 Mon Sep 17 00:00:00 2001 From: Will Deacon Date: Thu, 7 Jul 2022 15:49:18 +0100 Subject: [PATCH] Revert "ANDROID: BACKPORT: KVM: arm64: Block unsafe FF-A calls from the host" This reverts commit c63757defdb00691e6f1ac7f44c6d814eced5b4d. Bug: 233587962 Signed-off-by: Will Deacon Change-Id: I6ab696c6ec7f60828061e0bbf2a2466a1b641340 --- arch/arm64/kvm/hyp/include/nvhe/ffa.h | 16 ---- arch/arm64/kvm/hyp/nvhe/Makefile | 2 +- arch/arm64/kvm/hyp/nvhe/ffa.c | 113 -------------------------- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 3 - 4 files changed, 1 insertion(+), 133 deletions(-) delete mode 100644 arch/arm64/kvm/hyp/include/nvhe/ffa.h delete mode 100644 arch/arm64/kvm/hyp/nvhe/ffa.c diff --git a/arch/arm64/kvm/hyp/include/nvhe/ffa.h b/arch/arm64/kvm/hyp/include/nvhe/ffa.h deleted file mode 100644 index fc09ec671e24..000000000000 --- a/arch/arm64/kvm/hyp/include/nvhe/ffa.h +++ /dev/null @@ -1,16 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0-only */ -/* - * Copyright (C) 2022 - Google LLC - * Author: Andrew Walbran - */ -#ifndef __KVM_HYP_FFA_H -#define __KVM_HYP_FFA_H - -#include - -#define FFA_MIN_FUNC_NUM 0x60 -#define FFA_MAX_FUNC_NUM 0x7F - -bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt); - -#endif /* __KVM_HYP_FFA_H */ diff --git a/arch/arm64/kvm/hyp/nvhe/Makefile b/arch/arm64/kvm/hyp/nvhe/Makefile index 7329bb04224a..35d5afe6fbec 100644 --- a/arch/arm64/kvm/hyp/nvhe/Makefile +++ b/arch/arm64/kvm/hyp/nvhe/Makefile @@ -19,7 +19,7 @@ lib-objs := $(addprefix ../../../lib/, $(lib-objs)) obj-y := timer-sr.o sysreg-sr.o debug-sr.o switch.o tlb.o hyp-init.o host.o \ hyp-main.o hyp-smp.o psci-relay.o early_alloc.o stub.o page_alloc.o \ - cache.o ffa.o setup.o mm.o mem_protect.o sys_regs.o pkvm.o + cache.o setup.o mm.o mem_protect.o sys_regs.o pkvm.o obj-y += ../vgic-v3-sr.o ../aarch32.o ../vgic-v2-cpuif-proxy.o ../entry.o \ ../fpsimd.o ../hyp-entry.o ../exception.o ../pgtable.o obj-y += $(lib-objs) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c deleted file mode 100644 index 6ccf935d3b41..000000000000 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ /dev/null @@ -1,113 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0-only -/* - * FF-A v1.0 proxy to filter out invalid memory-sharing SMC calls issued by - * the host. FF-A is a slightly more palatable abbreviation of "Arm Firmware - * Framework for Arm A-profile", which is specified by Arm in document - * number DEN0077. - * - * Copyright (C) 2022 - Google LLC - * Author: Andrew Walbran - * - * This driver hooks into the SMC trapping logic for the host and intercepts - * all calls falling within the FF-A range. Each call is either: - * - * - Forwarded on unmodified to the SPMD at EL3 - * - Rejected as "unsupported" - * - Accompanied by a host stage-2 page-table check/update and reissued - * - * Consequently, any attempts by the host to make guest memory pages - * accessible to the secure world using FF-A will be detected either here - * (in the case that the memory is already owned by the guest) or during - * donation to the guest (in the case that the memory was previously shared - * with the secure world). - * - * To allow the rolling-back of page-table updates and FF-A calls in the - * event of failure, operations involving the RXTX buffers are locked for - * the duration and are therefore serialised. - */ - -#include -#include -#include -#include - -static void ffa_to_smccc_error(struct arm_smccc_res *res, u64 ffa_errno) -{ - *res = (struct arm_smccc_res) { - .a0 = FFA_ERROR, - .a2 = ffa_errno, - }; -} - -static void ffa_set_retval(struct kvm_cpu_context *ctxt, - struct arm_smccc_res *res) -{ - cpu_reg(ctxt, 0) = res->a0; - cpu_reg(ctxt, 1) = res->a1; - cpu_reg(ctxt, 2) = res->a2; - cpu_reg(ctxt, 3) = res->a3; -} - -static bool is_ffa_call(u64 func_id) -{ - return ARM_SMCCC_IS_FAST_CALL(func_id) && - ARM_SMCCC_OWNER_NUM(func_id) == ARM_SMCCC_OWNER_STANDARD && - ARM_SMCCC_FUNC_NUM(func_id) >= FFA_MIN_FUNC_NUM && - ARM_SMCCC_FUNC_NUM(func_id) <= FFA_MAX_FUNC_NUM; -} - -static bool ffa_call_unsupported(u64 func_id) -{ - switch (func_id) { - /* Unsupported memory management calls */ - case FFA_FN64_MEM_RETRIEVE_REQ: - case FFA_MEM_RETRIEVE_RESP: - case FFA_MEM_RELINQUISH: - case FFA_MEM_OP_PAUSE: - case FFA_MEM_OP_RESUME: - case FFA_MEM_FRAG_RX: - case FFA_FN64_MEM_DONATE: - /* Indirect message passing via RX/TX buffers */ - case FFA_MSG_SEND: - case FFA_MSG_POLL: - case FFA_MSG_WAIT: - /* 32-bit variants of 64-bit calls */ - case FFA_MSG_SEND_DIRECT_REQ: - case FFA_MSG_SEND_DIRECT_RESP: - case FFA_RXTX_MAP: - case FFA_MEM_DONATE: - case FFA_MEM_RETRIEVE_REQ: - return true; - } - - return false; -} - -bool kvm_host_ffa_handler(struct kvm_cpu_context *host_ctxt) -{ - DECLARE_REG(u64, func_id, host_ctxt, 0); - struct arm_smccc_res res; - - if (!is_ffa_call(func_id)) - return false; - - switch (func_id) { - /* Memory management */ - case FFA_FN64_RXTX_MAP: - case FFA_RXTX_UNMAP: - case FFA_MEM_SHARE: - case FFA_FN64_MEM_SHARE: - case FFA_MEM_LEND: - case FFA_FN64_MEM_LEND: - case FFA_MEM_RECLAIM: - case FFA_MEM_FRAG_TX: - break; - } - - if (!ffa_call_unsupported(func_id)) - return false; /* Pass through */ - - ffa_to_smccc_error(&res, FFA_RET_NOT_SUPPORTED); - ffa_set_retval(host_ctxt, &res); - return true; -} diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c index 44d205ae734e..803512cf8436 100644 --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c @@ -15,7 +15,6 @@ #include #include -#include #include #include #include @@ -1053,8 +1052,6 @@ static void handle_host_smc(struct kvm_cpu_context *host_ctxt) handled = kvm_host_psci_handler(host_ctxt); if (!handled && kvm_iommu_ops.host_smc_handler) handled = kvm_iommu_ops.host_smc_handler(host_ctxt); - if (!handled) - handled = kvm_host_ffa_handler(host_ctxt); if (!handled) default_host_smc_handler(host_ctxt);