From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web08.1752.1662483380535768577 for ; Tue, 06 Sep 2022 09:56:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=LzbwHUN0; spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CC586615C5 for ; Tue, 6 Sep 2022 16:56:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3C374C433D7 for ; Tue, 6 Sep 2022 16:56:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1662483379; bh=JpWCuFIGSMWelBMtXNMSEWb/wlBsEaWfTF7FEXjCHmU=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=LzbwHUN0wuZwZe8BiH6S9ixTjKzf1YpVBPWIi5R6gyneYMB8w31ft+ILJ8ak3Kezm odXmyYiL1aJXFNZqjqyTrD+K4rv+nNlq20rfCEH1wD6Zx3LqkbuUCEXfzxe/2XIcFp 4oA3Qu7iFMCCymjIoMEScB2OcJ+xgvFp/6KzqGt0tW3JZgUa6SHEarXsBlj92f2NEn +WBoMlOuDJUiuZ6YiKGEBHbpfd7/zIMa0KXVVXELOAZIcB/Gv+KW83zusqK23Q+2eX 3UMqRdgXTHeYXTQNC9rehMDvv2jicq6VHbnX3I9dejywS/uq8lcobDqJeiVlorb11d CrKxckEEXjEeQ== Received: by mail-lf1-f49.google.com with SMTP id p7so18337363lfu.3 for ; Tue, 06 Sep 2022 09:56:19 -0700 (PDT) X-Gm-Message-State: ACgBeo24tlE3JQXDfkQfg5F1XfNhaBEsse2SaF8awErpBx6EWf+FnZ/0 TgXMvGUsufqQv+OS4ShSbY/y9iNytsQakaMUypw= X-Google-Smtp-Source: AA6agR6KyaqWN03xbO+fl+JhhxkLtzW4mJYlsDZiVfoT/FRJlMHU7CnDZiR/ZxqqsRpc6BhhskE+Y/Q/6OWWk1TCugo= X-Received: by 2002:a05:6512:13a1:b0:48d:f14:9059 with SMTP id p33-20020a05651213a100b0048d0f149059mr20563413lfa.110.1662483377305; Tue, 06 Sep 2022 09:56:17 -0700 (PDT) MIME-Version: 1.0 References: <20220826151520.25850-1-jlee@suse.com> <20220829093216.aztojumlhrj2x7am@sirius.home.kraxel.org> In-Reply-To: <20220829093216.aztojumlhrj2x7am@sirius.home.kraxel.org> From: "Ard Biesheuvel" Date: Tue, 6 Sep 2022 18:56:05 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [edk2-devel] [PATCH v2] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Sev guest To: devel@edk2.groups.io, kraxel@redhat.com Cc: "Lee, Chun-Yi" , Jiewen Yao , Jordan Justen , Min Xu , Brijesh Singh , Erdem Aktas , James Bottomley , "Lee, Chun-Yi" Content-Type: text/plain; charset="UTF-8" On Mon, 29 Aug 2022 at 11:32, Gerd Hoffmann wrote: > > On Fri, Aug 26, 2022 at 11:15:20PM +0800, Lee, Chun-Yi wrote: > > Reference: https://bugzilla.tianocore.org/show_bug.cgi?id=4031 > > > > This patch is similar to the c477b2783f patch for Td guest. > > > > Host VMM may inject OptionRom which is untrusted in Sev guest. So PCI > > OptionRom needs to be ignored if it is Sev guest. According to > > "Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage" > > PI spec 1.7, type-specific flags can be set to 0 when Address > > Translation Offset == 6 to skip device option ROM. > > > > Without this patch, Sev guest may shows invalid MMIO opcode error > > as following: > > > > Invalid MMIO opcode (F6) > > ASSERT /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202202/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c(1041): ((BOOLEAN)(0==1)) > > > > The OptionRom must be disabled both on Td and Sev guests, so we direct > > use CcProbe(). > > > > v2: Use CcProbe() instead of TdIsEnabled() and MemEncryptSevIsEnabled(). > > Reviewed-by: Gerd Hoffmann > Merged as #3298