From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180])
 by mx.groups.io with SMTP id smtpd.web08.38471.1661526926698420834
 for <devel@edk2.groups.io>;
 Fri, 26 Aug 2022 08:15:26 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=Mk/XJjzP;
 spf=pass (domain: gmail.com, ip: 209.85.215.180, mailfrom: joeyli.kernel@gmail.com)
Received: by mail-pg1-f180.google.com with SMTP id 69so16264pgb.13
        for <devel@edk2.groups.io>; Fri, 26 Aug 2022 08:15:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=message-id:date:subject:cc:to:from:from:to:cc;
        bh=cc368ZgdVOs7X88D55LeVx5r42aR2CKND6w2kh+WlgU=;
        b=Mk/XJjzPMxrdqoCp8JCpiW/cxIkHtj9nYBe1Wemxr+3hPuU2meg6Mwoz98G+wL/3S1
         cnZg4iA+X95RKrNpymcyVL5vpaxAmNUneWaH1+esAf1wweRTDrpcq2oD1a291TYHpeKN
         9K1fZD3tpqqAQB2Q/LWvWYloWZtPx2mowrwMeno+RWbQRB+eabdLckbuJn+gTbDNqpAH
         eONAhvG7o+5oDGaiR3VwevnkblyuX5FtTGTxnv/KMNo0k/Z5YM1NQVSLJuzzZzHBrS9s
         a4XKVTz6Wa/Cp5R/ZaO7VCeYXOAQ5NyVXZOVs/G0E4B2oicij90sSIPXxwVx/EYkIVaL
         8/sA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc;
        bh=cc368ZgdVOs7X88D55LeVx5r42aR2CKND6w2kh+WlgU=;
        b=HjEflSwNHS6sWfAJXyl7g9xgZ/eU4Q1wSrh1kDQrziTXcoIbee9KF0pFE7LfVomUw8
         eB3m67uR+2WRaCO1DXKgKMUcZP56onxmbTFQvutC4yIvFp8wFIAtKP9WelWfjLQyzovb
         q8qSZN7oaYivJ3Vy6IWcuZtTVIWEqlGTPVo2ln9NC8pGdRNmcm5Ydaj7VAxwVCBI77mY
         JuCUqYwnE6LPHNauaANnKqiq3Y2WI03F336wqrOTv1yBuG9C7e/fwGQsG9hR8r3Nmqd7
         ZJcl4QStfAg9/Hhio0LohMbi8FAxTcjUEREjFvyTTbbmUD+4o0EebD9+Or4DPTYonOv4
         lFbA==
X-Gm-Message-State: ACgBeo3i075f4Wt2XCNAFtTOdYXh/jTYoeNILwVZGXwSO9lE+vyw66RT
	eIv2jYxv7JXuR+3pT45ZdOlMYUBL++c=
X-Google-Smtp-Source: AA6agR67ROU1VLb11NTItioFOjorLpbY5EiYMNrtDQdhUCJ1Q16mfQpTXJWM+VuHFEUq2shvyYbMAA==
X-Received: by 2002:a65:6417:0:b0:42b:2f13:8477 with SMTP id a23-20020a656417000000b0042b2f138477mr3577129pgv.329.1661526925631;
        Fri, 26 Aug 2022 08:15:25 -0700 (PDT)
Return-Path: <joeyli.kernel@gmail.com>
Received: from linux-l9pv.suse (123-194-152-128.dynamic.kbronet.com.tw. [123.194.152.128])
        by smtp.gmail.com with ESMTPSA id ij25-20020a170902ab5900b001745662d568sm148062plb.278.2022.08.26.08.15.23
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 26 Aug 2022 08:15:24 -0700 (PDT)
From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
X-Google-Original-From: "Lee, Chun-Yi" <jlee@suse.com>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Min Xu <min.m.xu@intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	"Lee, Chun-Yi" <jlee@suse.com>
Subject: [PATCH v2] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Sev guest
Date: Fri, 26 Aug 2022 23:15:20 +0800
Message-Id: <20220826151520.25850-1-jlee@suse.com>
X-Mailer: git-send-email 2.12.3

Reference: https://bugzilla.tianocore.org/show_bug.cgi?id=4031

This patch is similar to the c477b2783f patch for Td guest.

Host VMM may inject OptionRom which is untrusted in Sev guest. So PCI
OptionRom needs to be ignored if it is Sev guest. According to
"Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage"
PI spec 1.7, type-specific flags can be set to 0 when Address
Translation Offset == 6 to skip device option ROM.

Without this patch, Sev guest may shows invalid MMIO opcode error
as following:

Invalid MMIO opcode (F6)
ASSERT /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202202/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c(1041): ((BOOLEAN)(0==1))

The OptionRom must be disabled both on Td and Sev guests, so we direct
use CcProbe().

v2: Use CcProbe() instead of TdIsEnabled() and MemEncryptSevIsEnabled().

Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
---
 .../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c   | 5 +++--
 .../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
index 2d385d26ef..686d85633e 100644
--- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
+++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
@@ -18,6 +18,7 @@
 #include <Library/MemoryAllocationLib.h>
 #include <Library/PcdLib.h>
 #include <Library/UefiBootServicesTableLib.h>
+#include <Library/CcProbeLib.h>
 
 #include <Protocol/IncompatiblePciDeviceSupport.h>
 #include <Protocol/LegacyBios.h>
@@ -264,7 +265,7 @@ CheckDevice (
   //
   // In Td guest OptionRom is not allowed.
   //
-  if (TdIsEnabled ()) {
+  if (CcProbe ()) {
     Length += sizeof mOptionRomConfiguration;
   }
 
@@ -286,7 +287,7 @@ CheckDevice (
   CopyMem (Ptr, &mMmio64Configuration, sizeof mMmio64Configuration);
   Length = sizeof mMmio64Configuration;
 
-  if (TdIsEnabled ()) {
+  if (CcProbe ()) {
     CopyMem (Ptr + Length, &mOptionRomConfiguration, sizeof mOptionRomConfiguration);
     Length += sizeof mOptionRomConfiguration;
   }
diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
index c3e6bb9447..ad38128fcb 100644
--- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
+++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
@@ -24,6 +24,7 @@
   OvmfPkg/OvmfPkg.dec
 
 [LibraryClasses]
+  CcProbeLib
   DebugLib
   MemoryAllocationLib
   PcdLib
-- 
2.12.3