[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/6] xen/arm: ffa: Harden notifications and enable VM-to-VM delivery

To: xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Bertrand Marquis <bertrand.marquis@xxxxxxx>
Date: Fri, 17 Apr 2026 15:40:48 +0200
Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=foss header.d=arm.com header.i="@arm.com" header.h="From:To:Cc:Subject:Date"
Cc: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Jens Wiklander <jens.wiklander@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>
Delivery-date: Fri, 17 Apr 2026 13:41:25 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

This series hardens FF-A notification handling in the Arm FF-A mediator
and completes local delivery for non-secure VM-to-VM notifications.

Hardening and state handling (Patches 1-4):
1) Fix notification pending interrupt delivery when vcpu0 is offline by
   reusing a common global NPI injection helper.
2) Replace the single hypervisor notification boolean with a protected
   HYP bitmap and keep bitmap lifecycle tied to the cached endpoint ID.
3) Tighten notification parameter validation so malformed BIND, UNBIND,
   GET, and SET requests are rejected consistently before reaching
   cached state or the SPMC.
4) Preserve the secure pending indication until secure notifications are
   retrieved, protect the secure pending latch with notif_lock,
   serialize SPMC INFO_GET polling, and keep INFO_GET return width
   consistent with the caller.

Local VM notification delivery (Patches 5-6):
1) Track non-secure VM notification bindings locally, promote pending
   state to a per-bit bitmap, and validate BIND/UNBIND requests
   against that state.
2) Deliver non-secure VM-to-VM notifications locally, track whether a
   local NPI is already armed, and only advertise notification support
   when firmware capabilities or CONFIG_FFA_VM_TO_VM actually provide
   it.

Backward compatibility: v1.0/v1.1 guests remain compatible. Valid
guest-visible notification behavior is preserved; the series only
tightens malformed-request handling and enables local non-secure
VM-to-VM delivery when CONFIG_FFA_VM_TO_VM is enabled.

Gitlab branch with patches:
https://gitlab.com/xen-project/people/bmarquis/xen-ffa/-/tree/vm-notif/v1?ref_type=heads
CI pass result:
https://gitlab.com/xen-project/people/bmarquis/xen-ffa/-/pipelines/2460589353

Bertrand Marquis (6):
  xen/arm: ffa: Fix NPI injection when vcpu0 is offline
  xen/arm: ffa: Track hypervisor notifications in a bitmap
  xen/arm: ffa: Tighten notification parameter validation
  xen/arm: ffa: Preserve secure notification state when polling SPMC
  xen/arm: ffa: Track VM notification bindings locally
  xen/arm: ffa: Deliver VM-to-VM notifications locally

 xen/arch/arm/tee/ffa.c         |  24 +-
 xen/arch/arm/tee/ffa_notif.c   | 407 +++++++++++++++++++++++++++------
 xen/arch/arm/tee/ffa_private.h |  29 ++-
 3 files changed, 385 insertions(+), 75 deletions(-)

-- 
2.53.0

Follow-Ups:
- [PATCH 6/6] xen/arm: ffa: Deliver VM-to-VM notifications locally
  - From: Bertrand Marquis
- [PATCH 5/6] xen/arm: ffa: Track VM notification bindings locally
  - From: Bertrand Marquis
- [PATCH 4/6] xen/arm: ffa: Preserve secure notification state when polling SPMC
  - From: Bertrand Marquis
- [PATCH 3/6] xen/arm: ffa: Tighten notification parameter validation
  - From: Bertrand Marquis
- [PATCH 2/6] xen/arm: ffa: Track hypervisor notifications in a bitmap
  - From: Bertrand Marquis
- [PATCH 1/6] xen/arm: ffa: Fix NPI injection when vcpu0 is offline
  - From: Bertrand Marquis

Prev by Date: Re: [PATCH v2 5/6] CI: setup SSH key
Next by Date: [PATCH 1/6] xen/arm: ffa: Fix NPI injection when vcpu0 is offline
Previous by thread: Re: [PATCH v2 5/6] CI: setup SSH key
Next by thread: [PATCH 1/6] xen/arm: ffa: Fix NPI injection when vcpu0 is offline
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.