[PATCH v6 6/6] KVM: arm64: Ensure FFA ranges are page aligned

Next message: Geert Uytterhoeven: "Re: [PATCH 2/4] arm64: dts: renesas: r9a08g046: Add i2c{0..3} device nodes"
Previous message: Mostafa Saleh: "[PATCH v6 4/6] KVM: arm64: Fix bounds checking in do_ffa_mem_reclaim()"
In reply to: Mostafa Saleh: "[PATCH v6 4/6] KVM: arm64: Fix bounds checking in do_ffa_mem_reclaim()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Mostafa Saleh

Date: Wed May 27 2026 - 11:13:29 EST

At the moment we only check that the size of the range is page
aligned, and truncate the address to the page boundary.
This make an assumption that TZ will do the same.

However, it might decide to use the extra offset of the neighbour
page at the end, which is valid under FFA if NS is using larger
page size.

Harden this check by also checking that the base address is aligned
and reject it otherwise.

Fixes: 436090001776 ("KVM: arm64: Handle FFA_MEM_SHARE calls from the host")
Signed-off-by: Mostafa Saleh <smostafa@xxxxxxxxxx>
---
arch/arm64/kvm/hyp/nvhe/ffa.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
index a12e01883314..daf0e328c847 100644
--- a/arch/arm64/kvm/hyp/nvhe/ffa.c
+++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
@@ -352,7 +352,7 @@ static u32 __ffa_host_share_ranges(struct ffa_mem_region_addr_range *ranges,
u64 sz = (u64)range->pg_cnt * FFA_PAGE_SIZE;
u64 pfn = hyp_phys_to_pfn(range->address);

- if (!PAGE_ALIGNED(sz))
+ if (!PAGE_ALIGNED(sz | range->address))
break;

if (__pkvm_host_share_ffa(pfn, sz / PAGE_SIZE))
@@ -372,7 +372,7 @@ static u32 __ffa_host_unshare_ranges(struct ffa_mem_region_addr_range *ranges,
u64 sz = (u64)range->pg_cnt * FFA_PAGE_SIZE;
u64 pfn = hyp_phys_to_pfn(range->address);

- if (!PAGE_ALIGNED(sz))
+ if (!PAGE_ALIGNED(sz | range->address))
break;

if (__pkvm_host_unshare_ffa(pfn, sz / PAGE_SIZE))
--
2.54.0.746.g67dd491aae-goog