From cf1ef61244f05dac03a158a65af61e85be2ee635 Mon Sep 17 00:00:00 2001 From: Per Larsen Date: Fri, 2 May 2025 02:21:06 -0700 Subject: [PATCH] FROMLIST: KVM: arm64: Restrict FF-A host version renegotiation Prevent the host from re-negotiating a lesser minor version with the hypervisor. Once the hypervisor negotiates a version, that should remain locked in. Fix the current behaviour by returning NOT_SUPPORTED to avoid the FF-A interoperability rules with lesser minor versions that allow the host version to downgrade. Bug: 269285339 Link: https://lore.kernel.org/all/20250516-virtio-msg-ffa-v4-1-580ee70e5081@google.com Change-Id: I18e26a1a467f89ce421f31f577b3f15c37dfcf1a Acked-by: Will Deacon Signed-off-by: Per Larsen --- arch/arm64/kvm/hyp/nvhe/ffa.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index a8fa431f0109..93c82a834774 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -1367,7 +1367,10 @@ static void do_ffa_version(struct arm_smccc_res *res, hyp_spin_lock(&version_lock); if (has_version_negotiated) { - res->a0 = hyp_ffa_version; + if (FFA_MINOR_VERSION(ffa_req_version) < FFA_MINOR_VERSION(hyp_ffa_version)) + res->a0 = FFA_RET_NOT_SUPPORTED; + else + res->a0 = hyp_ffa_version; goto unlock; }