[PATCH v2] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Sev guest

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>, Min Xu <min.m.xu@intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	"Lee, Chun-Yi" <jlee@suse.com>
Subject: [PATCH v2] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Sev guest
Date: Fri, 26 Aug 2022 23:15:20 +0800	[thread overview]
Message-ID: <20220826151520.25850-1-jlee@suse.com> (raw)

Reference: https://bugzilla.tianocore.org/show_bug.cgi?id=4031

This patch is similar to the c477b2783f patch for Td guest.

Host VMM may inject OptionRom which is untrusted in Sev guest. So PCI
OptionRom needs to be ignored if it is Sev guest. According to
"Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage"
PI spec 1.7, type-specific flags can be set to 0 when Address
Translation Offset == 6 to skip device option ROM.

Without this patch, Sev guest may shows invalid MMIO opcode error
as following:

Invalid MMIO opcode (F6)
ASSERT /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202202/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c(1041): ((BOOLEAN)(0==1))

The OptionRom must be disabled both on Td and Sev guests, so we direct
use CcProbe().

v2: Use CcProbe() instead of TdIsEnabled() and MemEncryptSevIsEnabled().

Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
---
 .../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c   | 5 +++--
 .../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
index 2d385d26ef..686d85633e 100644
--- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
+++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
@@ -18,6 +18,7 @@
 #include <Library/MemoryAllocationLib.h>
 #include <Library/PcdLib.h>
 #include <Library/UefiBootServicesTableLib.h>
+#include <Library/CcProbeLib.h>
 
 #include <Protocol/IncompatiblePciDeviceSupport.h>
 #include <Protocol/LegacyBios.h>
@@ -264,7 +265,7 @@ CheckDevice (
   //
   // In Td guest OptionRom is not allowed.
   //
-  if (TdIsEnabled ()) {
+  if (CcProbe ()) {
     Length += sizeof mOptionRomConfiguration;
   }
 
@@ -286,7 +287,7 @@ CheckDevice (
   CopyMem (Ptr, &mMmio64Configuration, sizeof mMmio64Configuration);
   Length = sizeof mMmio64Configuration;
 
-  if (TdIsEnabled ()) {
+  if (CcProbe ()) {
     CopyMem (Ptr + Length, &mOptionRomConfiguration, sizeof mOptionRomConfiguration);
     Length += sizeof mOptionRomConfiguration;
   }
diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
index c3e6bb9447..ad38128fcb 100644
--- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
+++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
@@ -24,6 +24,7 @@
   OvmfPkg/OvmfPkg.dec
 
 [LibraryClasses]
+  CcProbeLib
   DebugLib
   MemoryAllocationLib
   PcdLib
-- 
2.12.3

next             reply	other threads:[~2022-08-26 15:15 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-26 15:15 Lee, Chun-Yi [this message]
2022-08-29  9:32 ` [PATCH v2] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Sev guest Gerd Hoffmann
2022-09-06 16:56   ` [edk2-devel] " Ard Biesheuvel

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:2d385d26e dfblob:686d85633 dfblob:c3e6bb944 dfblob:ad38128fc )
 OR (
bs:"[PATCH v2] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Sev guest" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220826151520.25850-1-jlee@suse.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox