Hi Viresh,
Some noob thoughts...
The problem of lending memory is more generic than FF-A. E.g. In Arm CCA memory is lent to the RMM by the Host. FF-A is just a mechanism to convey lent memory to the Borrower.
Is the key issue not that we need to enlighten dma-buf about the concept of lent memory/secure heap/protected memory? Could this not be solved by implementing a generic secure system heap as a "lend" equivalent of the existing system heap that is used for sharing memory. I believe this idea has been considered and vendor specific heaps are an intermediate step [1]?
Cheers, Achin
[1] https://source.android.com/docs/core/architecture/kernel/dma-buf-heaps
[cid:98a56555-6f6b-42c7-8161-32fb56dae1cd]https://outlook.office.com/bookwithme/user/caa0397acc4949e382b451677c9dc0c2@arm.com?anonymous&ismsaljsauthenabled&ep=owaSlotsEmailSignature Book time to meet with mehttps://outlook.office.com/bookwithme/user/caa0397acc4949e382b451677c9dc0c2@arm.com?anonymous&ismsaljsauthenabled&ep=owaSlotsEmailSignature ________________________________ From: Armelle Laine armellel@google.com Sent: 29 January 2026 06:50 To: Viresh Kumar viresh.kumar@linaro.org Cc: Arnd Bergmann arnd@linaro.org; Bertrand Marquis Bertrand.Marquis@arm.com; Achin Gupta Achin.Gupta@arm.com; Gil Cukierman cukie@google.com; Orlando Arbildo oarbildo@google.com; Ayrton Munoz (xWF) ayrton@google.com; Andrei Homescu (xWF) ahomescu@google.com; Ayrton Munoz (xWF) ayrton@xwf.google.com; Arve Hjønnevåg arve@google.com; virtio-msg@lists.linaro.org virtio-msg@lists.linaro.org; Vincent Guittot vincent.guittot@linaro.org; Lina Iyer lina.iyer@linaro.org; Sumit Semwal sumit.semwal@linaro.org Subject: Re: Share vs Lend - Vsock memory sharing over virtio-msg-ffa
On Wed, Jan 28, 2026 at 9:46 PM Viresh Kumar <viresh.kumar@linaro.orgmailto:viresh.kumar@linaro.org> wrote: On 28-01-26, 07:41, Armelle Laine wrote:
Viresh, as a first step we could follow the approach used in the Trusty driver with a vendor-specific secure heap which is FFA-aware and can select LEND on specific buffers as well as setting the FFA tag.
If the heap can be FFA aware, it can make direct FFA calls and doesn't need to use dma-ops of the virtio-msg device (Vsock). This is exactly what I did in the very first implementation. This will work.
Bertrand, rightly, objected to it and suggested to use the dma-ops instead so we can have a unified path to making FFA share operations.
So until we get a proper solution to this, we can do: - SHARE via system heap (with my current solution) - LEND via FFA aware heap (won't upstream)
We also need to support "SEND_SECURE" when the FFA handle already exists. Shouldn't the heap rather be virtio-msg-ffa aware? wouldn't the heap also be responsible to invoke "FFA_BUS_MSG_AREA_SHARE" with both the FFA handle and the tag (for LEND or SEND_SECURE cases)?
Lets see if someone can suggest something else in the meantime.
-- viresh IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
