From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.57]) by mx.groups.io with SMTP id smtpd.web11.46388.1681313037566942964 for ; Wed, 12 Apr 2023 08:23:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=ZLuPfdiT; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.244.57, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AlSVucM40AKOs+SqUUxMT9nOtRJBR0zac1dssBwImxH6Vgwj8YTK8BKIeyGK5VtkJOSSD83fEI4ai0Kmka/vtjXDTXjIccQM1GAWFBB+HlieRqY/SuhPz0dsd/SCuuikDJxZfmFj5m8JGYEk2X/3h11CtTgHiJKv/mj6KmiHOrt7WTS1vvHm0yrKYVYyy2npuiLuIFWmZ9u7u8qAyucIbfcIuTQU0OhcJKfKQdvz2N9W0F0Ye/lDGtUJI+bRLrhczGMrpoa+IiMfuuMiNBzAPjs/22foNRL3FV26ZhP/3wayYdBJHXsFKI2LJnrswka8+R1nRgFBpC9S6IS3m/F2gQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KpvGEK+02B0C7Ji8KNF9Q3nx5mEgkQQdtPjIymGlkUY=; b=V/rX6KceT/EEXf0c9jAaOyYf98UFoeimWZOBRcthhKKV1hVlrmjoXooBh0PI4PORjMPEeEBrahF5/WEzENg0rbjnNyHNvmvUx/TIT6dU6u9zp//WcTWyIwHzcNivRpGM517HQq6l9lGtKfwDR0fWV1TCoxUvi9CcGNwqQ3ITrRGNYw130RTELigvRiBWZBKGI/n6ZlueLBi+jV6YCjfG+UlO+gZnDUnyB5OvSKKjoeHOQd3ws7RuvwM7zT14yqoBTsEcOecmcDZKeBipX1L/71/R7COBphSp05FzfWdrXUMQYpAozCulYSZV3YPmO/kj3I0hdpVJs8VsNoZLXgs+jg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KpvGEK+02B0C7Ji8KNF9Q3nx5mEgkQQdtPjIymGlkUY=; b=ZLuPfdiT1L/3YXdWlZSsg1AcqtG/b9KNh11kLpzME4Bjb3nKrdzGMhZ3THWwYZdBVj2KrbHmNLUSsIjvM8QY/VMnvzdNEVZYlfVawVyRoTHHrXlV8rkNOeAFUt4tHB15IeNRrAjpg5DEEAMUKbQC0OnjRqPgvXZTrwr+jXky3jk= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by SN7PR12MB6691.namprd12.prod.outlook.com (2603:10b6:806:271::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6277.38; Wed, 12 Apr 2023 15:23:54 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::ea32:baf8:cc85:9648]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::ea32:baf8:cc85:9648%6]) with mapi id 15.20.6298.030; Wed, 12 Apr 2023 15:23:54 +0000 Message-ID: <03fed1d7-cbd8-ee45-ebd8-8ecf60971e61@amd.com> Date: Wed, 12 Apr 2023 10:23:52 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0 Subject: Re: [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest To: Gerd Hoffmann Cc: "Xu, Min M" , joeyli , "devel@edk2.groups.io" , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Michael Roth References: <20230331144834.GK8569@linux-l9pv.suse> <5d170680-0a9e-2d5f-ecc1-e9f587548e3c@amd.com> <7a06aa46-4c10-fc85-48a6-826a4d82991e@amd.com> <2xjjrifeaa7khaha4se7gs3hmtdz2kkg2dv4t7njwf5z5mbn2f@qb5s2k7c6225> From: "Lendacky, Thomas" In-Reply-To: <2xjjrifeaa7khaha4se7gs3hmtdz2kkg2dv4t7njwf5z5mbn2f@qb5s2k7c6225> X-ClientProxiedBy: CH0PR04CA0004.namprd04.prod.outlook.com (2603:10b6:610:76::9) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|SN7PR12MB6691:EE_ X-MS-Office365-Filtering-Correlation-Id: af4ed8e4-392b-4ad7-5772-08db3b69ed73 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: EcOLv1GGaY+59YiGo3IN53y0cLjVmoQMMEdDv503B1l0sgpJx7yuzb76EK7SuWPv3PYAziC/AiGCSK3+KFVOgvf3VJ5XcmVfPXnkwCRlST0z5DDG4rOyhdYU/4bTKOsVDMsXbokHP9RqC8tXgRd6pEIZ0UqRzBeYmVVCD9ScQ5e2BrUb7p8n1qORuJ1cAyJYoKR/3G8jhz0z/spLmg1hH8EbwwZmvSRdkVXA5thdTIXRlJKVm+QF1lvkSapW09PrJhGnCKzUHw+3I42Ve35Z8a/MHph6hu1q23MiXIJF6PGHWtgFJbBNKGIkQF4wPISTpszbqTfxtF0qsOeNjx8AiuSTjjmEYiysxtKRWyq+Qmrn1U8QOa9603TJNIvpmvR9Xf2zCGo8ZyMjcxhO2RCiUDmOyD+irankgFFalvV9ZEgNZSA2cmwnIKRwRX+T5nrrkLm6DXfDWvCkObWCUTqMQ+TrrnGnQmj/Chn6Fakfw53uYOsEq1WgPhy4ZahRJ+pocdxOhzYfASQUziI0F7X4g5/Xe2vqoVkowupS8vlqgaBUVEZ3jS1N9JnkuMo+RidneAs++KVcpP60pbnYLym7rYPseOF0xVq0kfrMZzfpRnIORtFA/vy8U5PORlKULn5DGMJAEcY3AJuJBcGBHLpAkA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(6029001)(4636009)(136003)(396003)(39860400002)(366004)(376002)(346002)(451199021)(2616005)(186003)(36756003)(6506007)(26005)(6512007)(6486002)(478600001)(83380400001)(54906003)(66556008)(66476007)(66946007)(316002)(53546011)(31686004)(4326008)(86362001)(6916009)(8936002)(8676002)(41300700001)(5660300002)(31696002)(2906002)(38100700002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?S1NhYmhhQ0FsZkFReVhod1N0L1E4ZnZzZ3dKUVA4a1d3MTF2bEhuREY3eDly?= =?utf-8?B?YjZhc3lZUzFkVW1US0Q1a2J0d0ZGekFvTjZpRkRaMEVYc0JsdXZOUVNtSjRW?= =?utf-8?B?QnQ3eFBrdHFMU1ZMMVcrMjcrWlNlNVkvcWJmU1dlVDRUcGxLUFJ3QVFubWR2?= =?utf-8?B?MHZ5REdwakx6QzlidDFLYVNKOEk4Mkd4UEVjc2J6UklpdG1pTmh4VElITWov?= =?utf-8?B?R3hkUUFwNDlQSUJ4RysxQk1ITm13MXNKdUNBYnlKbDMrUGFJdTlCVTBLaU1y?= =?utf-8?B?N2g3Um9TZzJNaGp3eThzSFMwdWhza005WVRaRlUvWUFCTDRORW9vY0p5ZFJD?= =?utf-8?B?UkxzSlFYWGYycFJ1NVBnczQ2YWwvUWMwSzdVZHRWZlhuN3B3YmNkUC8yZUZT?= =?utf-8?B?dzJwWDlTUTEzeGpBMis0dWQrRW1ZTFhPT3lTdFJ4OWpKaWx1S0J5Mm9LVnR6?= =?utf-8?B?MXhNT3c2VTFzUUZ6d2xhTDZRaDdDbXBodW1ZZjJGcVVIa2NUZGx0bExvSDE0?= =?utf-8?B?MXRBeGc2bmcxNUF2TWcxQkFncThqRDl2ZU9sc3ZiZ09pcFN5eGo3a2dUTzJQ?= =?utf-8?B?b3A1RyttVVBUMzZObmlzaWtGZVBNSE1JbzBQcWNEWklHR2tqQmtTRFhTbHJD?= =?utf-8?B?VmtwWC9aalhNT1RsM3pCdDExNnB6aXJmMFYzTGVwTmh6SUJlWUtDQ3crK1kw?= =?utf-8?B?bmxpbUNkNGhqR0RYcVFJNmdtdU1QZFpGNXF2V3UrbjU3bzlhSGhySVg4MU1I?= =?utf-8?B?UlVZUS9DOUoxVXh3OFh6WWNUc2VLSFlUVGZjZ014bW5nOXd6bklCNUtKLy9C?= =?utf-8?B?SVZuWHBRejBYVFhKb0NUY0EwSFB6b0t4R0psamlGaGFpUVUzbk0vWmxESHFs?= =?utf-8?B?Q08rV01tQyt6RFltZ3g1YytSdVRVVjhhQks0Q3dOQnFWbGdUTkJHdlVUWmV2?= =?utf-8?B?MFlCYmFwMHhCQVJ0OVphMk9qN0VUN3BNa0NiVUc5amFZQnFhLzl5T2RvNCtW?= =?utf-8?B?TUE4UEdaQitzOTdzdzhPY09nWFFRLy9ZdzVwZ1pMY2E1SXJkTDhoUTNlQjBN?= =?utf-8?B?UlIxcHlBVE9KeE80VmZnZzRQTkRtZm52ZDdkOGhEaWRTZ1drbUpaRGZ1SFNo?= =?utf-8?B?Ly9oM0NwK3JDLy9iQkpORXl4RlRBc3NsdGhRVkJsMUpNTGlJdGx0TnlRNjJa?= =?utf-8?B?ZE5xK1RYYWxuaHo4WGhkclg1aXpKWmtWN1NkUHY3ZkFHSHk0TWdWZitkQits?= =?utf-8?B?cldFa2VXcmVUY0hIdFJoWkY3RzQyWWphcTRveUdKWSs3Y1BGcnZHc21hOHNt?= =?utf-8?B?L0RxRk9EcHVqKzZMdHd0K01JbGR4QzVVU0hTOE53YXg3Wm5HR2ZKL0VOK3pP?= =?utf-8?B?Mlc2VHZnL2hUQlBOYzFBL2hKQ2dGZnorVXc0V3AzRVdyRzZleWJ4NmRzZ25l?= =?utf-8?B?bmJZbTN2amtrZjdoREdCR2g3cncwZ21Ob3FwbnE5YXdpVTVsalJGUTJJb0hl?= =?utf-8?B?Y1BLbndpNlhrYkV2RXV6VzdHNlpUSC85bW9pVTlmNW9KRUdrb2tYM0VZMUhD?= =?utf-8?B?UVV1VXpnZWoxUWFrWloxcjhWT0ttK1BJaDJRSWgxVDZZZXBDOUlsWlN5YWU3?= =?utf-8?B?b3dBK0dnc3BzY1RZbEFjdjFmd0cvMG5tbTdNdi9UY0N4dlRWSjFiVGNxQTMy?= =?utf-8?B?WXJQTnRZTGt3R1lJZk5IeDFzbDk3K0JwSzJFQ1hleGZhdnFuQlc3Ung2Z3dh?= =?utf-8?B?aTMxL3dtOHErU1VEUjlXSndhME5OYU16elNtMnZGSzhYaDY3NTczTUJKeXFF?= =?utf-8?B?TWdpa3lPUTRXNERaTHg2cVF1cmNENEcrSFNoOWJMZHVTM2xKYmpDU29Oc2Np?= =?utf-8?B?UWlNZHF4VHlYWWpMcGlZNU9CZjJxT3l4ZnY0WHJjczhWTkZGbzdTbjRwS3pM?= =?utf-8?B?TTY4L01GUnR4L1lONXZTNmN3R3hFcHJJdVJtVlZUdlBPbzRnMmZvOXZicEIy?= =?utf-8?B?dFFoTVcyUnp6MDczZFFId2hOWnFqdUtuNmlhZE4yNGxTajF5bjU1TGR1eEZD?= =?utf-8?B?RDlaVXViQTRRY3V1RGNveU1saHcvTENZdUNKVk5WZ0kvdkg0UjJTTDZ1QS84?= =?utf-8?Q?ODM3idCQeqzKGs57jHROwg9xl?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: af4ed8e4-392b-4ad7-5772-08db3b69ed73 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Apr 2023 15:23:54.6454 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: RlYq6lC6f3x+sEva/BjQdgBlQtoiFgNa1xy+JhQMhtZ9JC+u6Og5UzeTPBGj6K0UX9d88UzFjGNgO21k8NgnAQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6691 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 4/12/23 02:24, Gerd Hoffmann wrote: > On Tue, Apr 11, 2023 at 01:03:28PM -0500, Tom Lendacky wrote: >> On 4/11/23 05:04, Gerd Hoffmann wrote: >>> On Fri, Apr 07, 2023 at 12:00:46PM -0500, Tom Lendacky wrote: >>>> >>>> Thanks for the quick turn-around, but that patch didn't work for me. I've >>>> update the bugzilla. >>> >>> Can you try the patch below? >> >> That doesn't work either. >> >> Specifying both OVMF_CODE.fd and OVMF_VARS.fd generates an ASSERT. > > Both as pflash I assume? Which assert? Yes, both as pflash. I've never attempted to run an SEV guest using the -bios option. The assert is: ASSERT [PlatformPei] /root/kernels/ovmf-build-X64/OvmfPkg/Library/PlatformInitLib/Platform.c(930): ((BOOLEAN)(0==1)) That happens for SEV and SEV-ES. For SEV-SNP, it causes a VMRUN failure with a strange exit code - but I believe it is because of accessing a page marked as shared in the RMP, but accessed as private by the guest. > >> Specifying just OVMF_CODE.fd causes VMRUN failure (triple fault) > > That's not a valid configuration anyway. Right, but it has worked in the past. IIUC, it effectively ends up creating a memory based variable store. An SEV guest triple faults. An SEV-ES and SEV-SNP guest asserts: Invalid MMIO opcode (AF) ASSERT [SecMain] /root/kernels/ovmf-build-X64/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c(507): ((BOOLEAN)(0==1)) > >> Specifying just OVMF.fd boots successfully > > pflash or -bios or both? Just pflash. We don't support running OVMF under SEV using the -bios option. If I try to run an SEV guest with -bios OVMF.fd, both SEV and SEV-ES hang, while SEV-SNP returns an -EFAULT on a launch update. I believe none of the mappings are setup properly at this point. I think just eliminating the call for an SEV guest is fine. Thanks, Tom > > For which cases does the patch change behavior? > > take care, > Gerd >