[PATCH] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Sev guest

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

* [PATCH] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Sev guest
@ 2022-08-25 13:39 Lee, Chun-Yi
  2022-08-26  5:27 ` Gerd Hoffmann
  0 siblings, 1 reply; 3+ messages in thread
From: Lee, Chun-Yi @ 2022-08-25 13:39 UTC (permalink / raw)
  To: devel
  Cc: Ard Biesheuvel, Jiewen Yao, Jordan Justen, Gerd Hoffmann, Min Xu,
	Brijesh Singh, Erdem Aktas, James Bottomley, Lee, Chun-Yi

Reference: https://bugzilla.tianocore.org/show_bug.cgi?id=4031

This patch is similar to the c477b2783f patch for Td guest.

Host VMM may inject OptionRom which is untrusted in Sev guest. So PCI
OptionRom needs to be ignored if it is Sev guest. According to
"Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage"
PI spec 1.7, type-specific flags can be set to 0 when Address
Translation Offset == 6 to skip device option ROM.

Without this patch, Sev guest may shows invalid MMIO opcode error
as following:

Invalid MMIO opcode (F6)
ASSERT /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202202/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c(1041): ((BOOLEAN)(0==1))

Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
---
 .../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c   | 5 +++--
 .../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
index 2d385d26ef..269e6c2b91 100644
--- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
+++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
@@ -16,6 +16,7 @@
 
 #include <Library/DebugLib.h>
 #include <Library/MemoryAllocationLib.h>
+#include <Library/MemEncryptSevLib.h>
 #include <Library/PcdLib.h>
 #include <Library/UefiBootServicesTableLib.h>
 
@@ -264,7 +265,7 @@ CheckDevice (
   //
   // In Td guest OptionRom is not allowed.
   //
-  if (TdIsEnabled ()) {
+  if (TdIsEnabled () || MemEncryptSevIsEnabled()) {
     Length += sizeof mOptionRomConfiguration;
   }
 
@@ -286,7 +287,7 @@ CheckDevice (
   CopyMem (Ptr, &mMmio64Configuration, sizeof mMmio64Configuration);
   Length = sizeof mMmio64Configuration;
 
-  if (TdIsEnabled ()) {
+  if (TdIsEnabled () || MemEncryptSevIsEnabled()) {
     CopyMem (Ptr + Length, &mOptionRomConfiguration, sizeof mOptionRomConfiguration);
     Length += sizeof mOptionRomConfiguration;
   }
diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
index c3e6bb9447..be2b883c40 100644
--- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
+++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
@@ -25,6 +25,7 @@
 
 [LibraryClasses]
   DebugLib
+  MemEncryptSevLib
   MemoryAllocationLib
   PcdLib
   UefiBootServicesTableLib
-- 
2.12.3


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Sev guest
  2022-08-25 13:39 [PATCH] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Sev guest Lee, Chun-Yi
@ 2022-08-26  5:27 ` Gerd Hoffmann
  2022-08-26 10:56   ` joeyli
  0 siblings, 1 reply; 3+ messages in thread
From: Gerd Hoffmann @ 2022-08-26  5:27 UTC (permalink / raw)
  To: Lee, Chun-Yi
  Cc: devel, Ard Biesheuvel, Jiewen Yao, Jordan Justen, Min Xu,
	Brijesh Singh, Erdem Aktas, James Bottomley, Lee, Chun-Yi

  Hi,

> -  if (TdIsEnabled ()) {
> +  if (TdIsEnabled () || MemEncryptSevIsEnabled()) {

I think you can just use CcProbeLib and CcProbe() function to cover both
tdx and sev.

take care,
  Gerd


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Sev guest
  2022-08-26  5:27 ` Gerd Hoffmann
@ 2022-08-26 10:56   ` joeyli
  0 siblings, 0 replies; 3+ messages in thread
From: joeyli @ 2022-08-26 10:56 UTC (permalink / raw)
  To: Gerd Hoffmann
  Cc: Lee, Chun-Yi, devel, Ard Biesheuvel, Jiewen Yao, Jordan Justen,
	Min Xu, Brijesh Singh, Erdem Aktas, James Bottomley

Hi Gerd,

On Fri, Aug 26, 2022 at 07:27:17AM +0200, Gerd Hoffmann wrote:
>   Hi,
> 
> > -  if (TdIsEnabled ()) {
> > +  if (TdIsEnabled () || MemEncryptSevIsEnabled()) {
> 
> I think you can just use CcProbeLib and CcProbe() function to cover both
> tdx and sev.
>

Thanks for your review and suggestion! It works to me.

I will send version 2 patch.

Joey Lee 

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-08-26 10:56 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-25 13:39 [PATCH] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Sev guest Lee, Chun-Yi
2022-08-26  5:27 ` Gerd Hoffmann
2022-08-26 10:56   ` joeyli

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox