public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Min Xu" <min.m.xu@intel.com>
To: dann frazier <dann.frazier@canonical.com>,
	"devel@edk2.groups.io" <devel@edk2.groups.io>,
	"Xu, Min M" <min.m.xu@intel.com>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>,
	"Gao, Liming" <gaoliming@byosoft.com.cn>,
	"Liu, Zhiguang" <zhiguang.liu@intel.com>,
	"James Bottomley" <jejb@linux.ibm.com>,
	James Bottomley <James.Bottomley@hansenpartnership.com>,
	"Yao, Jiewen" <jiewen.yao@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>
Subject: Re: [edk2-devel] [PATCH V2 5/6] MdePkg: Probe Cc guest in BaseIoLibIntrinsicSev
Date: Tue, 17 May 2022 07:58:42 +0000	[thread overview]
Message-ID: <PH0PR11MB5064C4950C2952C6D5AE4E3EC5CE9@PH0PR11MB5064.namprd11.prod.outlook.com> (raw)
In-Reply-To: <PH0PR11MB5064DF3B212CB72826ED3997C5CE9@PH0PR11MB5064.namprd11.prod.outlook.com>

On May 17, 2022 9:15 AM, Xu Min wrote:
> On May 17, 2022 6:22 AM, dann frazier wrote:
> > I ran through our tests on stable-202205-rc1, and I'm finding that all
> > of the tests using 2M FD_SIZE & SMM_REQUIRE=TRUE are failing with
> QEMU
> > hanging w/o output. Equivalent tests w/ 4M FD_SIZE are working fine. I
> > bisected it down to this commit, and also confirmed that reverting
> > this commit on top of 202205-rc1 also avoids the problem.
> >
> > I might have a chance to debug more tomorrow, but for now I just
> > wanted to flag it.
> This patch calls CcProbe () to get the Confidential Computing guest type.
> There are 2 versions of CcProbeLib, one is to get the Cc guest type from
> PcdOvmfWorkArea, the other is a null instance and it always return
> CcGuestTypeNonEncrypted (which means it is a legacy vm guest).  Only
> OvmfPkgX64.dsc and IntelTdxX64.dsc include the first one (which probe the
> PcdOvmfWorkArea).
> 
> If this patch is reverted, it means it is to check the guest type by calling CPUID,
> not reading the PcdOvmfWorkArea.
> 
More investigation shows that the root cause is the wrong memory access in SMM driver (PiSmmCpuDxeSmm.inf). This issue can be triggered when SMM_REQUIRE is TRUE.
IoLib is used in PiSmmCpuDxeSmm.inf. In OvmfPkgX64 BaseIoLibIntrinsicSev.inf is included and it probes if the working guest is td guest by CcProbe(). CcProbe reads PcdOvmfWorkArea (0x80B000) to get the guest type. It works in Non-SMM mode. But in SMM mode it is illegal. So reverting the patch makes the probe to call CPUID (0x21) instead of reading PcdOvmfWorkArea. It does work.

I am thinking how to fix this issue and then send out the patch-set for review.

Thanks
Min

  reply	other threads:[~2022-05-17  7:59 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-15  0:07 [PATCH V2 0/6] Introduce CcProbe in MdePkg Min Xu
2022-04-15  0:07 ` [PATCH V2 1/6] MdePkg: Add CC_GUEST_TYPE in ConfidentialComputingGuestAttr.h Min Xu
2022-04-15  0:07 ` [PATCH V2 2/6] OvmfPkg: Replace GUEST_TYPE with CC_GUEST_TYPE Min Xu
2022-04-15  0:07 ` [PATCH V2 3/6] MdePkg: Add CcProbeLib Min Xu
2022-04-15  0:07 ` [PATCH V2 4/6] OvmfPkg: " Min Xu
2022-04-15  0:07 ` [PATCH V2 5/6] MdePkg: Probe Cc guest in BaseIoLibIntrinsicSev Min Xu
2022-05-16 22:22   ` [edk2-devel] " dann frazier
2022-05-17  1:15     ` Min Xu
2022-05-17  7:58       ` Min Xu [this message]
2022-04-15  0:07 ` [PATCH V2 6/6] OvmfPkg: Add CcProbeLib in *.dsc Min Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=PH0PR11MB5064C4950C2952C6D5AE4E3EC5CE9@PH0PR11MB5064.namprd11.prod.outlook.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox