This is a note to let you know that I've just added the patch titled
firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors
to the 6.3-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
firmware-arm_ffa-set-reserved-mbz-fields-to-zero-in-the-memory-descriptors.patch
and it can be found in the queue-6.3 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 111a833dc5cbef3d05b2a796a7e23cb7f6ff2192 Mon Sep 17 00:00:00 2001
From: Sudeep Holla <sudeep.holla@xxxxxxx>
Date: Wed, 3 May 2023 14:12:52 +0100
Subject: firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors
From: Sudeep Holla <sudeep.holla@xxxxxxx>
commit 111a833dc5cbef3d05b2a796a7e23cb7f6ff2192 upstream.
The transmit buffers allocated by the driver can be used to transmit data
by any messages/commands needing the buffer. However, it is not guaranteed
to have been zero-ed before every new transmission and hence it will just
contain residual value from the previous transmission. There are several
reserved fields in the memory descriptors that must be zero(MBZ). The
receiver can reject the transmission if any such MBZ fields are non-zero.
While we can set the whole page to zero, it is not optimal as most of the
fields get initialised to the value required for the current transmission.
So, just set the reserved/MBZ fields to zero in the memory descriptors
explicitly to honour the requirement and keep the receiver happy.
Fixes: cc2195fe536c ("firmware: arm_ffa: Add support for MEM_* interfaces")
Reported-by: Marc Bonnici <marc.bonnici@xxxxxxx>
Link: https://lore.kernel.org/r/20230503131252.12585-1-sudeep.holla@xxxxxxx
Signed-off-by: Sudeep Holla <sudeep.holla@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/firmware/arm_ffa/driver.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/firmware/arm_ffa/driver.c
+++ b/drivers/firmware/arm_ffa/driver.c
@@ -420,12 +420,17 @@ ffa_setup_and_transmit(u32 func_id, void
ep_mem_access->receiver = args->attrs[idx].receiver;
ep_mem_access->attrs = args->attrs[idx].attrs;
ep_mem_access->composite_off = COMPOSITE_OFFSET(args->nattrs);
+ ep_mem_access->flag = 0;
+ ep_mem_access->reserved = 0;
}
+ mem_region->reserved_0 = 0;
+ mem_region->reserved_1 = 0;
mem_region->ep_count = args->nattrs;
composite = buffer + COMPOSITE_OFFSET(args->nattrs);
composite->total_pg_cnt = ffa_get_num_pages_sg(args->sg);
composite->addr_range_cnt = num_entries;
+ composite->reserved = 0;
length = COMPOSITE_CONSTITUENTS_OFFSET(args->nattrs, num_entries);
frag_len = COMPOSITE_CONSTITUENTS_OFFSET(args->nattrs, 0);
@@ -460,6 +465,7 @@ ffa_setup_and_transmit(u32 func_id, void
constituents->address = sg_phys(args->sg);
constituents->pg_cnt = args->sg->length / FFA_PAGE_SIZE;
+ constituents->reserved = 0;
constituents++;
frag_len += sizeof(struct ffa_mem_region_addr_range);
} while ((args->sg = sg_next(args->sg)));
Patches currently in stable-queue which might be from sudeep.holla@xxxxxxx are
queue-6.3/firmware-arm_ffa-fix-ffa-device-names-for-logical-partitions.patch
queue-6.3/firmware-arm_ffa-set-reserved-mbz-fields-to-zero-in-the-memory-descriptors.patch
queue-6.3/firmware-arm_ffa-check-if-ffa_driver-remove-is-present-before-executing.patch
