From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1])
 by mx.groups.io with SMTP id smtpd.web08.9827.1606324185649413741
 for <devel@edk2.groups.io>;
 Wed, 25 Nov 2020 09:09:45 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=DYsotC4F;
 spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: jejb@linux.ibm.com)
Received: from pps.filterd (m0098393.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0APH2VvN006693;
	Wed, 25 Nov 2020 12:09:37 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject :
 from : reply-to : to : cc : date : in-reply-to : references : content-type
 : mime-version : content-transfer-encoding; s=pp1;
 bh=dJUv1s2QDPMCqgemLl7FuU8cKy+bhfNIxoUEdMJzWpo=;
 b=DYsotC4FMpiEwtM56/3CFv1/7BVsh9nIrR/L8+BrBYTqntfXRz5aMuWsM8ZSsTvN62hf
 Nm72CTLuRXuQ34CNscu5w1wiF/7eybViNvh1uq+NiCx2/j6Aetesa1mjB9A2t3qCxPRn
 86sCamnM9XT/UMj6IKIH9wofrayUJkaJ1FWpxU3TahPzrMmUNUqEXiEL6a7FUHRcstnV
 Eo/DGruUwqyDFzaalqWuqQ7VAjGHIIqO6qimhlewKvHUgc6sCnua5nCzwhcXjS4oUDUD
 lpmWMZ2MUaWXp9LoUHgE520Cgx53p+54/SoRpLDSuBcE5smbtOGAS5/bBUAByvAUGRpy 4A== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 351u5q8gsu-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 25 Nov 2020 12:09:37 -0500
Received: from m0098393.ppops.net (m0098393.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 0APH3rNQ015773;
	Wed, 25 Nov 2020 12:09:37 -0500
Received: from ppma04wdc.us.ibm.com (1a.90.2fa9.ip4.static.sl-reverse.com [169.47.144.26])
	by mx0a-001b2d01.pphosted.com with ESMTP id 351u5q8gry-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 25 Nov 2020 12:09:37 -0500
Received: from pps.filterd (ppma04wdc.us.ibm.com [127.0.0.1])
	by ppma04wdc.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0APH2ei1030249;
	Wed, 25 Nov 2020 17:09:35 GMT
Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20])
	by ppma04wdc.us.ibm.com with ESMTP id 34xth990b1-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 25 Nov 2020 17:09:35 +0000
Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235])
	by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0APH9WtN3998230
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Wed, 25 Nov 2020 17:09:32 GMT
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id AF18B78090;
	Wed, 25 Nov 2020 17:09:32 +0000 (GMT)
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id CE98D78091;
	Wed, 25 Nov 2020 17:09:29 +0000 (GMT)
Received: from jarvis.int.hansenpartnership.com (unknown [9.85.194.234])
	by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP;
	Wed, 25 Nov 2020 17:09:29 +0000 (GMT)
Message-ID: <1064db1d53315987bf8bb478894a07bda8d90a96.camel@linux.ibm.com>
Subject: Re: [edk2-devel] [PATCH v2 2/6] OvmfPkg/AmdSev: add Grub Firmware Volume Package
From: "James Bottomley" <jejb@linux.ibm.com>
Reply-To: jejb@linux.ibm.com
To: Laszlo Ersek <lersek@redhat.com>, devel@edk2.groups.io,
        Bret Barkelew
	 <brbarkel@microsoft.com>,
        "Liming Gao (Byosoft address)"
	 <gaoliming@byosoft.com.cn>
Cc: dovmurik@linux.vnet.ibm.com, Dov.Murik1@il.ibm.com, ashish.kalra@amd.com,
        brijesh.singh@amd.com, tobin@ibm.com, david.kaplan@amd.com,
        jon.grimm@amd.com, thomas.lendacky@amd.com, frankeh@us.ibm.com,
        "Dr . David Alan Gilbert" <dgilbert@redhat.com>,
        "Ard
 Biesheuvel (ARM address)" <ard.biesheuvel@arm.com>
Date: Wed, 25 Nov 2020 09:09:28 -0800
In-Reply-To: <5b9b21c3eb37ba7024c1cb85ead267867b323c7d.camel@linux.ibm.com>
References: <20201120184521.19437-1-jejb@linux.ibm.com>
	 <20201120184521.19437-3-jejb@linux.ibm.com>
	 <28e99174-79b3-e805-b977-5fed0071a702@redhat.com>
	 <06b9425507ab8c1b35d377cf9bba155b0cc44147.camel@linux.ibm.com>
	 <b95a5301-7987-5ccd-7228-7690fc535a89@redhat.com>
	 <3b7899fa-fa52-7652-2d2a-d4ec67ece34d@redhat.com>
	 <d7ac7744-e369-3047-4f58-676d13b5a4e0@redhat.com>
	 <f1b8aedbcdf450056e7bbf4b5cdef19391c483ad.camel@linux.ibm.com>
	 <1c871b56-f459-5ac4-3b8d-a55d978eac06@redhat.com>
	 <c0dd366c623aa796bd30223b27ccab5d74b020f3.camel@linux.ibm.com>
	 <93fdaca88b53d400670b338a06fd1410c1445a39.camel@linux.ibm.com>
	 <082a97c2-9a49-acf6-fd7c-70ee6b61c000@redhat.com>
	 <5b9b21c3eb37ba7024c1cb85ead267867b323c7d.camel@linux.ibm.com>
User-Agent: Evolution 3.34.4 
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312,18.0.737
 definitions=2020-11-25_10:2020-11-25,2020-11-25 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 mlxlogscore=999
 suspectscore=0 malwarescore=0 clxscore=1015 impostorscore=0
 priorityscore=1501 bulkscore=0 adultscore=0 mlxscore=0 lowpriorityscore=0
 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2009150000 definitions=main-2011250104
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit

On Wed, 2020-11-25 at 08:02 -0800, James Bottomley wrote:
> On Wed, 2020-11-25 at 15:01 +0100, Laszlo Ersek wrote:
> > This upgrade gave me kernel 5.8.18-100.fc31.x86_64 in the guest --
> > and this one does *not* crash. From your boot log below, I see your
> > guest kernel is 5.5.0; I suggest upgrading it.
> 
> Heh, that's easier said than done ... I always make my encrypted
> images too small to upgrade a kernel easily.  Anyway, after doing the
> remove and add stuff dance, I finally got it upgraded to the latest
> debian testing linux-image-5.8.0-3 it's still crashing although with
> a slightly different traceback.  It looks like there might be
> something additional in the fedora 5.8 kernel that fixes this.  I'm
> going to try out upstream kernels next.

I've got the upstream kernel booting through OVMF with a qemu -kernel
command line.  I also have a fix: it's not to delete the dummy variable
which was part of the ancient x86 anti bricking code (which is also why
arm64 doesn't have the problem).

If you remove the set variable in arch/x86/platform/efi/quirks.c:

/*
 * Deleting the dummy variable which kicks off garbage collection
*/
void efi_delete_dummy_variable(void)
{
	efi.set_variable_nonblocking((efi_char16_t *)efi_dummy_name,
				     &EFI_DUMMY_GUID,
				     EFI_VARIABLE_NON_VOLATILE |
				     EFI_VARIABLE_BOOTSERVICE_ACCESS |
				     EFI_VARIABLE_RUNTIME_ACCESS, 0, NULL);
}

The kernel will boot.  I'm not sure why we have this deletion
unconditionally in efi_enter_virtual_mode, but removing the call with
the patch below allows the kernel to boot.

However, once the kernel has booted, any attempt to write to an EFI
variable results in this:

[  975.440240] [Firmware Bug]: Page fault caused by firmware at PA: 0x7e450020

And then the efi runtime gets disabled.

James

---

diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
index 8a26e705cb06..dfae61f07196 100644
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -844,7 +844,7 @@ static void __init __efi_enter_virtual_mode(void)
 	efi_runtime_update_mappings();
 
 	/* clean DUMMY object */
-	efi_delete_dummy_variable();
+	//efi_delete_dummy_variable();
 	return;
 
 err: