From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181])
 by mx.groups.io with SMTP id smtpd.web09.24096.1661434771272878766
 for <devel@edk2.groups.io>;
 Thu, 25 Aug 2022 06:39:31 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=VBjDIuEF;
 spf=pass (domain: gmail.com, ip: 209.85.210.181, mailfrom: joeyli.kernel@gmail.com)
Received: by mail-pf1-f181.google.com with SMTP id p185so5333539pfb.13
        for <devel@edk2.groups.io>; Thu, 25 Aug 2022 06:39:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=message-id:date:subject:cc:to:from:from:to:cc;
        bh=+Xcpg/F9utOY6w9PlGWV8Xd7b0hMNeh6FDRoPNcIqLQ=;
        b=VBjDIuEFuPePMkIh8llpk3AZw7ci8bmyUnYtg+jl7XC/mJOVyR3/XnhQVW1w35lARi
         PFdZcE1jjt03ggmFzVo5HT4maZBJmzrrTPd9wEJUx5qMeDUFm7gd5om51clUvOpaOmVS
         xb26z5ZsTLPI3dqiq+NCn16cV6Jh5HSkg0hFmYiQpUI2EeaSv7Uh0DIa2fd9WVd6xcnt
         fvOf4WfSQ4zyUWFp8VRMsYvdO5rLdGZnVp8Kvt/O4kupKk+g/IPjrDqR+PdrEnmMZU9l
         F4N0BgRGy4kuDrM30Ay/SzO8m3gEVqhQh6tqCBH2J9iMMxSkpUsdo2HCqXph5rD/mKmM
         JUOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc;
        bh=+Xcpg/F9utOY6w9PlGWV8Xd7b0hMNeh6FDRoPNcIqLQ=;
        b=XywW93d+bIUERKQVTXsZdSUmJB29rP0mv2IIr6E698ANqcQC2pbAEYsi0gH6jrJyuK
         wbbc4JA/JcGJlm/brQ+BpEnF/BJxm0D/N9raELa3675mSU8mUQE+6g7L5uwhItfORsTZ
         bwWH6kMrgCdFjXdd2v6597tk9F4SA1uPECtxKxA3dtUcSeKExcgihlUN9lXGv5Vq6pkw
         uig5kcJnIPot0Z9o01RO1tj8MVEfTssWcSY11VnJnjyg5M23PJwnIyLjeZnZwmA+0U7Z
         PqktT+1wmPEt408r5AmMr443EOY2Iv30Z4IYvoiRlASaSF4rVSZU1kiC1Sigirk4ET/C
         JKuQ==
X-Gm-Message-State: ACgBeo1GUYErfQUx15eCKWZLc+qAYWgJEqzL8LG/NAFblILD4bYwHdWp
	Qt52gpf7qeLyRL3exbpBlTJS2OdxD7o=
X-Google-Smtp-Source: AA6agR4/p3NO+0RTiWBbQxl9xOUHT/+Z/M2jzEmGU+D7VvjdgHpyp/zzawIixt5g6NbvN75AH4vUsw==
X-Received: by 2002:a63:f0e:0:b0:429:54d7:238 with SMTP id e14-20020a630f0e000000b0042954d70238mr3329909pgl.620.1661434770510;
        Thu, 25 Aug 2022 06:39:30 -0700 (PDT)
Return-Path: <joeyli.kernel@gmail.com>
Received: from linux-l9pv.suse (123-194-152-128.dynamic.kbronet.com.tw. [123.194.152.128])
        by smtp.gmail.com with ESMTPSA id y5-20020aa79ae5000000b0052db82ad8b2sm13873551pfp.123.2022.08.25.06.39.27
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 25 Aug 2022 06:39:29 -0700 (PDT)
From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
X-Google-Original-From: "Lee, Chun-Yi" <jlee@suse.com>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Min Xu <min.m.xu@intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	"Lee, Chun-Yi" <jlee@suse.com>
Subject: [PATCH] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Sev guest
Date: Thu, 25 Aug 2022 21:39:25 +0800
Message-Id: <20220825133925.6410-1-jlee@suse.com>
X-Mailer: git-send-email 2.12.3

Reference: https://bugzilla.tianocore.org/show_bug.cgi?id=4031

This patch is similar to the c477b2783f patch for Td guest.

Host VMM may inject OptionRom which is untrusted in Sev guest. So PCI
OptionRom needs to be ignored if it is Sev guest. According to
"Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage"
PI spec 1.7, type-specific flags can be set to 0 when Address
Translation Offset == 6 to skip device option ROM.

Without this patch, Sev guest may shows invalid MMIO opcode error
as following:

Invalid MMIO opcode (F6)
ASSERT /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202202/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c(1041): ((BOOLEAN)(0==1))

Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
---
 .../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c   | 5 +++--
 .../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
index 2d385d26ef..269e6c2b91 100644
--- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
+++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
@@ -16,6 +16,7 @@
 
 #include <Library/DebugLib.h>
 #include <Library/MemoryAllocationLib.h>
+#include <Library/MemEncryptSevLib.h>
 #include <Library/PcdLib.h>
 #include <Library/UefiBootServicesTableLib.h>
 
@@ -264,7 +265,7 @@ CheckDevice (
   //
   // In Td guest OptionRom is not allowed.
   //
-  if (TdIsEnabled ()) {
+  if (TdIsEnabled () || MemEncryptSevIsEnabled()) {
     Length += sizeof mOptionRomConfiguration;
   }
 
@@ -286,7 +287,7 @@ CheckDevice (
   CopyMem (Ptr, &mMmio64Configuration, sizeof mMmio64Configuration);
   Length = sizeof mMmio64Configuration;
 
-  if (TdIsEnabled ()) {
+  if (TdIsEnabled () || MemEncryptSevIsEnabled()) {
     CopyMem (Ptr + Length, &mOptionRomConfiguration, sizeof mOptionRomConfiguration);
     Length += sizeof mOptionRomConfiguration;
   }
diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
index c3e6bb9447..be2b883c40 100644
--- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
+++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
@@ -25,6 +25,7 @@
 
 [LibraryClasses]
   DebugLib
+  MemEncryptSevLib
   MemoryAllocationLib
   PcdLib
   UefiBootServicesTableLib
-- 
2.12.3