Passing function pointers from Kernel driver to Hypervisor

Question

I'm trying to pass a function pointer from EL1 (Android Kernel) to EL2(Hypervisor) using a SMC Call and trapping the SMC call in the hypervisor. I understand that just passing the pointer the the Hypervisor won't work because its a VA and it means nothing to the Hypervisor.

Any comments on how to do it? I would want to invoke the function from EL2 basically and not from EL1.

My guesses are that I might need to use ion memory or might need to convert the VA -> IPA/PA

Any help or pointers is appreciated, thanks!

Answer 1

Generally, you don't wish to keep a pointer that is passed this way. It is better to pass a buffer index and copy it in the monitor portion. If the normal OS resumes, the pointed to memory may change and this can result in various overflows and condition checks being avoided.

For this reason, it is often better to pass information by value if possible. If you must pass buffers, it is best to use some lock free structures in memory shared between the normal and secure world. The buffer is fixed and indexed. The SMC call is done to make the secure world aware of the state change. It copies the buffers and updates the structure in shared memory to say it is free. The buffer is then validated in the private copy and acted on.

Generally, acting on a normal world address is not a good idea. This is very error prone and should be avoided. This is why micro-kernels use message passing which copies buffers all the time.