On Wed, Jun 17, 2026 at 02:51:29PM +0000, Sebastian Ene wrote:
From: Mostafa Saleh smostafa@google.com
At the moment we only check that the size of the range is page aligned, and truncate the address to the page boundary. This make an assumption that TZ will do the same.
However, it might decide to use the extra offset of the neighbour page at the end, which is valid under FFA if NS is using larger page size.
I failed to parse this
But I see
/* The base IPA of the constituent memory region, aligned to 4 kiB */
So it sounds fair to prevent oversharing when PAGE_SIZE > 4KiB
Harden this check by also checking that the base address is aligned and reject it otherwise.
Fixes: 436090001776 ("KVM: arm64: Handle FFA_MEM_SHARE calls from the host") Signed-off-by: Mostafa Saleh smostafa@google.com Signed-off-by: Sebastian Ene sebastianene@google.com
Perhaps the commit description needs some improvement.
The rest looks good.
Reviewed-by: Vincent Donnefort vdonnefort@google.com
arch/arm64/kvm/hyp/nvhe/ffa.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index 1a2abd0154c6..d7c5701d0584 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -352,7 +352,7 @@ static u32 __ffa_host_share_ranges(struct ffa_mem_region_addr_range *ranges, u64 sz = (u64)range->pg_cnt * FFA_PAGE_SIZE; u64 pfn = hyp_phys_to_pfn(range->address);
if (!PAGE_ALIGNED(sz))
if (!PAGE_ALIGNED(sz | range->address)) break;if (__pkvm_host_share_ffa(pfn, sz / PAGE_SIZE)) @@ -372,7 +372,7 @@ static u32 __ffa_host_unshare_ranges(struct ffa_mem_region_addr_range *ranges, u64 sz = (u64)range->pg_cnt * FFA_PAGE_SIZE; u64 pfn = hyp_phys_to_pfn(range->address);
if (!PAGE_ALIGNED(sz))
if (!PAGE_ALIGNED(sz | range->address)) break;if (__pkvm_host_unshare_ffa(pfn, sz / PAGE_SIZE)) -- 2.54.0.1136.gdb2ca164c4-goog