Hi Bertrand, On Tue, Feb 3, 2026 at 6:38 PM Bertrand Marquis <[email protected]> wrote: > > Xen only maps a VM RX/TX buffer into the SPMC when firmware supports > FFA_RX_ACQUIRE. Without that mapping, the SPMC cannot access the VM TX > buffer to relay FFA_MSG_SEND2 to a secure partition. > > Advertise FFA_MSG_SEND2 to guests only when VM-to-VM is enabled or when > the firmware supports both FFA_MSG_SEND2 and FFA_RX_ACQUIRE, and reject > SEND2 to a secure partition otherwise. Add comments to document the > mapping/ownership dependency. > > Functional impact: SEND2 to a secure partition is reported as > NOT_SUPPORTED when FFA_RX_ACQUIRE is absent. > > Signed-off-by: Bertrand Marquis <[email protected]> > --- > xen/arch/arm/tee/ffa.c | 8 +++++++- > xen/arch/arm/tee/ffa_msg.c | 11 +++++++++++ > 2 files changed, 18 insertions(+), 1 deletion(-)
Looks good: Reviewed-by: Jens Wiklander <[email protected]> Cheers, Jens > > diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c > index e9e020bb0cb3..a46c6e5e67f1 100644 > --- a/xen/arch/arm/tee/ffa.c > +++ b/xen/arch/arm/tee/ffa.c > @@ -292,7 +292,13 @@ static void handle_features(struct cpu_user_regs *regs) > ffa_set_regs_error(regs, FFA_RET_NOT_SUPPORTED); > break; > case FFA_MSG_SEND2: > - if ( ffa_fw_supports_fid(a1) || IS_ENABLED(CONFIG_FFA_VM_TO_VM) ) > + /* > + * Forwarding SEND2 to an SP requires the SPMC to see the VM TX > buffer. > + * We only map VM RX/TX into the SPMC when RX_ACQUIRE is supported. > + */ > + if ( IS_ENABLED(CONFIG_FFA_VM_TO_VM) || > + (ffa_fw_supports_fid(FFA_MSG_SEND2) && > + ffa_fw_supports_fid(FFA_RX_ACQUIRE)) ) > ffa_set_regs_success(regs, 0, 0); > else > ffa_set_regs_error(regs, FFA_RET_NOT_SUPPORTED); > diff --git a/xen/arch/arm/tee/ffa_msg.c b/xen/arch/arm/tee/ffa_msg.c > index 10856fddcbc4..928f269f6c3a 100644 > --- a/xen/arch/arm/tee/ffa_msg.c > +++ b/xen/arch/arm/tee/ffa_msg.c > @@ -274,6 +274,17 @@ int32_t ffa_handle_msg_send2(struct cpu_user_regs *regs) > ret = FFA_RET_NOT_SUPPORTED; > goto out; > } > + /* > + * The SPMC needs access to the VM TX buffer to relay SEND2. > + * We only map VM RX/TX into the SPMC when RX_ACQUIRE is supported. > + */ > + if ( !ffa_fw_supports_fid(FFA_RX_ACQUIRE) ) > + { > + ret = FFA_RET_NOT_SUPPORTED; > + gdprintk(XENLOG_DEBUG, > + "ffa: msg_send2 to SP requires RX_ACQUIRE\n"); > + goto out; > + } > > ret = ffa_simple_call(FFA_MSG_SEND2, > ((uint32_t)ffa_get_vm_id(src_d)) << 16, 0, 0, > 0); > -- > 2.50.1 (Apple Git-155) >
