From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web08.1752.1662483380535768577
 for <devel@edk2.groups.io>;
 Tue, 06 Sep 2022 09:56:20 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=LzbwHUN0;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id CC586615C5
	for <devel@edk2.groups.io>; Tue,  6 Sep 2022 16:56:19 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3C374C433D7
	for <devel@edk2.groups.io>; Tue,  6 Sep 2022 16:56:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1662483379;
	bh=JpWCuFIGSMWelBMtXNMSEWb/wlBsEaWfTF7FEXjCHmU=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=LzbwHUN0wuZwZe8BiH6S9ixTjKzf1YpVBPWIi5R6gyneYMB8w31ft+ILJ8ak3Kezm
	 odXmyYiL1aJXFNZqjqyTrD+K4rv+nNlq20rfCEH1wD6Zx3LqkbuUCEXfzxe/2XIcFp
	 4oA3Qu7iFMCCymjIoMEScB2OcJ+xgvFp/6KzqGt0tW3JZgUa6SHEarXsBlj92f2NEn
	 +WBoMlOuDJUiuZ6YiKGEBHbpfd7/zIMa0KXVVXELOAZIcB/Gv+KW83zusqK23Q+2eX
	 3UMqRdgXTHeYXTQNC9rehMDvv2jicq6VHbnX3I9dejywS/uq8lcobDqJeiVlorb11d
	 CrKxckEEXjEeQ==
Received: by mail-lf1-f49.google.com with SMTP id p7so18337363lfu.3
        for <devel@edk2.groups.io>; Tue, 06 Sep 2022 09:56:19 -0700 (PDT)
X-Gm-Message-State: ACgBeo24tlE3JQXDfkQfg5F1XfNhaBEsse2SaF8awErpBx6EWf+FnZ/0
	TgXMvGUsufqQv+OS4ShSbY/y9iNytsQakaMUypw=
X-Google-Smtp-Source: AA6agR6KyaqWN03xbO+fl+JhhxkLtzW4mJYlsDZiVfoT/FRJlMHU7CnDZiR/ZxqqsRpc6BhhskE+Y/Q/6OWWk1TCugo=
X-Received: by 2002:a05:6512:13a1:b0:48d:f14:9059 with SMTP id
 p33-20020a05651213a100b0048d0f149059mr20563413lfa.110.1662483377305; Tue, 06
 Sep 2022 09:56:17 -0700 (PDT)
MIME-Version: 1.0
References: <20220826151520.25850-1-jlee@suse.com> <20220829093216.aztojumlhrj2x7am@sirius.home.kraxel.org>
In-Reply-To: <20220829093216.aztojumlhrj2x7am@sirius.home.kraxel.org>
From: "Ard Biesheuvel" <ardb@kernel.org>
Date: Tue, 6 Sep 2022 18:56:05 +0200
X-Gmail-Original-Message-ID: <CAMj1kXFA0pNfxm1V8hkgL51_nfSNfK3em0P1aC039djQ4V6FPQ@mail.gmail.com>
Message-ID: <CAMj1kXFA0pNfxm1V8hkgL51_nfSNfK3em0P1aC039djQ4V6FPQ@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH v2] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Sev guest
To: devel@edk2.groups.io, kraxel@redhat.com
Cc: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>, Jiewen Yao <jiewen.yao@intel.com>, 
	Jordan Justen <jordan.l.justen@intel.com>, Min Xu <min.m.xu@intel.com>, 
	Brijesh Singh <brijesh.singh@amd.com>, Erdem Aktas <erdemaktas@google.com>, 
	James Bottomley <jejb@linux.ibm.com>, "Lee, Chun-Yi" <jlee@suse.com>
Content-Type: text/plain; charset="UTF-8"

On Mon, 29 Aug 2022 at 11:32, Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> On Fri, Aug 26, 2022 at 11:15:20PM +0800, Lee, Chun-Yi wrote:
> > Reference: https://bugzilla.tianocore.org/show_bug.cgi?id=4031
> >
> > This patch is similar to the c477b2783f patch for Td guest.
> >
> > Host VMM may inject OptionRom which is untrusted in Sev guest. So PCI
> > OptionRom needs to be ignored if it is Sev guest. According to
> > "Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage"
> > PI spec 1.7, type-specific flags can be set to 0 when Address
> > Translation Offset == 6 to skip device option ROM.
> >
> > Without this patch, Sev guest may shows invalid MMIO opcode error
> > as following:
> >
> > Invalid MMIO opcode (F6)
> > ASSERT /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202202/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c(1041): ((BOOLEAN)(0==1))
> >
> > The OptionRom must be disabled both on Td and Sev guests, so we direct
> > use CcProbe().
> >
> > v2: Use CcProbe() instead of TdIsEnabled() and MemEncryptSevIsEnabled().
>
> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
>

Merged as #3298