From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web11.17835.1646036243454643146 for ; Mon, 28 Feb 2022 00:17:24 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=UkL0IPaO; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1646036244; x=1677572244; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=8FbocPEd9X03LQ1h8nkkLk2ZNEg3DN1cIkF445YlSlk=; b=UkL0IPaO6Efj4PEf864r5TdBD3mLpi+cgxIpbzEoQW2L3i5ir9PhMpLf zxXNPfRjZ0xxIjq7uT5DbeXpV8nGjnBxggOVzM60vXUGQlP7BY+E+2+k7 EfHeHCkGvD2p/XHQe6y2cDtjtIOBj8QK+JfNvUJtctf5BNDkHs6IrwH9U ViGrVBZozIUv5sLgUfzfyeTjjv43ZgBWbispgxKIAAs6Jz2QVXsDgoZsf Mnf/SrVKUju2LiEP5XlN+4x35S0airPgj0Wh4MR+DGcE3+jbRaF1nWi85 lpbnq/DhU/JQi2f63Xc87NZEna+u6YqTQjNbmfUSQM1ffvCnsalsBs2WV g==; X-IronPort-AV: E=McAfee;i="6200,9189,10271"; a="339268986" X-IronPort-AV: E=Sophos;i="5.90,142,1643702400"; d="scan'208";a="339268986" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Feb 2022 00:17:23 -0800 X-IronPort-AV: E=Sophos;i="5.90,142,1643702400"; d="scan'208";a="550140192" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.2.184]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Feb 2022 00:17:20 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Michael D Kinney , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [PATCH V4 08/10] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Td guest Date: Mon, 28 Feb 2022 16:16:29 +0800 Message-Id: <20220228081631.681-9-min.m.xu@intel.com> X-Mailer: git-send-email 2.29.2.windows.2 In-Reply-To: <20220228081631.681-1-min.m.xu@intel.com> References: <20220228081631.681-1-min.m.xu@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429 Host VMM may inject OptionRom which is untrusted in Td guest. So PCI OptionRom needs to be ignored if it is of Td guest. According to "Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage" PI spec 1.7, type-specific flags can be set to 0 when Address Translation Offset == 6 to skip device option ROM. Cc: Michael D Kinney Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Signed-off-by: Min Xu --- .../IncompatiblePciDeviceSupport.c | 110 ++++++++++++------ 1 file changed, 77 insertions(+), 33 deletions(-) diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c index 8730874613f8..68d4a5e0abfc 100644 --- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c +++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c @@ -9,6 +9,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ +#include +#include #include #include @@ -32,57 +34,76 @@ STATIC EFI_INCOMPATIBLE_PCI_DEVICE_SUPPORT_PROTOCOL mIncompatiblePciDeviceSupport; // -// Configuration template for the CheckDevice() protocol member function. +// Below structure is length variable. It contains 3 parts: +// - mMmioConfiguration +// - mOptionRomConfiguration +// - mEndDesc // -// Refer to Table 20 "ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage" in -// the Platform Init 1.4a Spec, Volume 5. +// mOptionRomConfiguration is present only in Td guest. +// Host VMM can inject option ROM which is untrusted in Td guest, +// so PCI option ROM needs to be ignored. +// According to "Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage" +// PI spec 1.7, type-specific flags can be set to 0 when +// Address Translation Offset == 6 to skip device option ROM. // // This structure is interpreted by the UpdatePciInfo() function in the edk2 // PCI Bus UEFI_DRIVER. // -#pragma pack (1) -typedef struct { - EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR AddressSpaceDesc; - EFI_ACPI_END_TAG_DESCRIPTOR EndDesc; -} MMIO64_PREFERENCE; -#pragma pack () +STATIC CONST EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR mMmio64Configuration = { + ACPI_ADDRESS_SPACE_DESCRIPTOR, // Desc + (UINT16)( // Len + sizeof (EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR) - + OFFSET_OF ( + EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR, + ResType + ) + ), + ACPI_ADDRESS_SPACE_TYPE_MEM, // ResType + 0, // GenFlag + 0, // SpecificFlag + 64, // AddrSpaceGranularity: + // aperture selection hint + // for BAR allocation + 0, // AddrRangeMin + 0, // AddrRangeMax: + // no special alignment + // for affected BARs + MAX_UINT64, // AddrTranslationOffset: + // hint covers all + // eligible BARs + 0 // AddrLen: + // use probed BAR size +}; -STATIC CONST MMIO64_PREFERENCE mConfiguration = { - // - // AddressSpaceDesc - // - { - ACPI_ADDRESS_SPACE_DESCRIPTOR, // Desc - (UINT16)( // Len +STATIC CONST EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR mOptionRomConfiguration = { + ACPI_ADDRESS_SPACE_DESCRIPTOR, // Desc + (UINT16)( // Len sizeof (EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR) - OFFSET_OF ( EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR, ResType ) ), - ACPI_ADDRESS_SPACE_TYPE_MEM, // ResType - 0, // GenFlag - 0, // SpecificFlag - 64, // AddrSpaceGranularity: + ACPI_ADDRESS_SPACE_TYPE_MEM, // ResType + 0, // GenFlag + 0, // Disable option roms SpecificFlag + 64, // AddrSpaceGranularity: // aperture selection hint // for BAR allocation - 0, // AddrRangeMin - 0, // AddrRangeMax: + MAX_UINT64, // AddrRangeMin + MAX_UINT64, // AddrRangeMax: // no special alignment // for affected BARs - MAX_UINT64, // AddrTranslationOffset: + 6, // AddrTranslationOffset: // hint covers all // eligible BARs - 0 // AddrLen: + 0 // AddrLen: // use probed BAR size - }, - // - // EndDesc - // - { - ACPI_END_TAG_DESCRIPTOR, // Desc - 0 // Checksum: to be ignored - } +}; + +STATIC CONST EFI_ACPI_END_TAG_DESCRIPTOR mEndDesc = { + ACPI_END_TAG_DESCRIPTOR, // Desc + 0 // Checksum: to be ignored }; // @@ -203,6 +224,8 @@ CheckDevice ( ) { mCheckDeviceCalled = TRUE; + UINTN Length; + UINT8 *Ptr; // // Unlike the general description of this protocol member suggests, there is @@ -232,7 +255,17 @@ CheckDevice ( // the edk2 PCI Bus UEFI_DRIVER actually handles error codes; see the // UpdatePciInfo() function. // - *Configuration = AllocateCopyPool (sizeof mConfiguration, &mConfiguration); + Length = sizeof mMmio64Configuration + sizeof mEndDesc; + + // + // In Td guest OptionRom is not allowed. + // + if (TdIsEnabled ()) { + Length += sizeof mOptionRomConfiguration; + } + + *Configuration = AllocateZeroPool (Length); + if (*Configuration == NULL) { DEBUG (( DEBUG_WARN, @@ -245,6 +278,17 @@ CheckDevice ( return EFI_OUT_OF_RESOURCES; } + Ptr = (UINT8 *)(UINTN)*Configuration; + CopyMem (Ptr, &mMmio64Configuration, sizeof mMmio64Configuration); + Length = sizeof mMmio64Configuration; + + if (TdIsEnabled ()) { + CopyMem (Ptr + Length, &mOptionRomConfiguration, sizeof mOptionRomConfiguration); + Length += sizeof mOptionRomConfiguration; + } + + CopyMem (Ptr + Length, &mEndDesc, sizeof mEndDesc); + return EFI_SUCCESS; } -- 2.29.2.windows.2