[edk2-devel] [PATCH v4 3/3] OvmfPkg/CcExitLib: Drop special handling for Encrypted MMIO to APIC

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Roth, Michael via groups.io" <Michael.Roth=amd.com@groups.io>
To: <devel@edk2.groups.io>
Cc: Gerd Hoffmann <kraxel@redhat.com>,
	Ard Biesheuvel <ardb@kernel.org>,
	"Tom Lendacky" <thomas.lendacky@amd.com>,
	Erdem Aktas <erdemaktas@google.com>,
	Jiewen Yao <jiewen.yao@intel.com>, Min Xu <min.m.xu@intel.com>
Subject: [edk2-devel] [PATCH v4 3/3] OvmfPkg/CcExitLib: Drop special handling for Encrypted MMIO to APIC
Date: Wed, 1 May 2024 14:03:40 -0500	[thread overview]
Message-ID: <20240501190340.2238565-4-michael.roth@amd.com> (raw)
In-Reply-To: <20240501190340.2238565-1-michael.roth@amd.com>

The current #VC handler guards against MMIO to addresses that are mapped
with the encryption bit set, but has an special exception for MMIO
accesses to the APIC base address so allow for early access during SEC.

Now that the SEC page table has the encryption bit cleared for the APIC
base address range, there is no longer any need for this special
handling. Go ahead and remove it.

Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c b/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
index 549375dfed..da8f1e5db9 100644
--- a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
+++ b/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
@@ -98,7 +98,7 @@ UnsupportedExit (
   Validate that the MMIO memory access is not to encrypted memory.
 
   Examine the pagetable entry for the memory specified. MMIO should not be
-  performed against encrypted memory. MMIO to the APIC page is always allowed.
+  performed against encrypted memory.
 
   @param[in] Ghcb           Pointer to the Guest-Hypervisor Communication Block
   @param[in] MemoryAddress  Memory address to validate
@@ -118,16 +118,6 @@ ValidateMmioMemory (
 {
   MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE  State;
   GHCB_EVENT_INJECTION                 GpEvent;
-  UINTN                                Address;
-
-  //
-  // Allow APIC accesses (which will have the encryption bit set during
-  // SEC and PEI phases).
-  //
-  Address = MemoryAddress & ~(SIZE_4KB - 1);
-  if (Address == GetLocalApicBaseAddress ()) {
-    return 0;
-  }
 
   State = MemEncryptSevGetAddressRangeState (
             0,
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118480): https://edk2.groups.io/g/devel/message/118480
Mute This Topic: https://groups.io/mt/105849143/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

next prev parent reply	other threads:[~2024-05-01 19:06 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-01 19:03 [edk2-devel] [PATCH v4 0/3] OvmfPkg: Don't make APIC MMIO accesses with encryption bit set Roth, Michael via groups.io
2024-05-01 19:03 ` [edk2-devel] [PATCH v4 1/3] OvmfPkg/ResetVector: Clear SEV encryption bit for non-leaf PTEs Roth, Michael via groups.io
2024-05-01 19:03 ` [edk2-devel] [PATCH v4 2/3] OvmfPkg: Don't make APIC MMIO accesses with encryption bit set Roth, Michael via groups.io
2024-05-01 19:03 ` Roth, Michael via groups.io [this message]
2024-05-02  9:06 ` [edk2-devel] [PATCH v4 0/3] " Gerd Hoffmann
2024-05-02 11:50   ` Ard Biesheuvel

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:549375dfe dfblob:da8f1e5db )
 OR (
bs:"[edk2-devel] [PATCH v4 3/3] OvmfPkg/CcExitLib: Drop special handling for Encrypted MMIO to APIC" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240501190340.2238565-4-michael.roth@amd.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox