From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by mx.groups.io with SMTP id smtpd.web12.11568.1644941696179798481 for ; Tue, 15 Feb 2022 08:14:56 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@canonical.com header.s=20210705 header.b=CKBmyMSb; spf=pass (domain: canonical.com, ip: 185.125.188.123, mailfrom: dann.frazier@canonical.com) Received: from mail-il1-f200.google.com (mail-il1-f200.google.com [209.85.166.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 35B3D402DF for ; Tue, 15 Feb 2022 16:14:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1644941690; bh=P1Tm8nezGSewyWXQ7Xwvi8/3Qqy1PAg7oVbwAYr56QM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=CKBmyMSblTWCmv9qNCP1oUqlbtGxHYv5D/V9WZy24BjahBEK+1nj7XU9wsCvAKwDh 0coVv9vUvT8pqAZSlpTA+0uq3iFS7SZFuMViZlKwuRBJ16xeTpHxZXfTKXY99sasPr etDz52HCfXuY1qlqCa2zx9Kema3GulUTzAYEiamwqjjaVi8jkIBb0Ms2l5lny4iX7s IQDxLGCkd43jliVbfrYZOPXAvA3ilRzpRCDm0Oabx+MY7w4sGcE1lSsVjjHubthXY6 AmRnHSWHbMsCKlZV9pv3WNtD98VKwMQhlEeyzEMQ2hRARIPxhnAspIkYpQQpU1eUNA uuwWdfPssNQ/g== Received: by mail-il1-f200.google.com with SMTP id y3-20020a920903000000b002be462612d7so13676867ilg.10 for ; Tue, 15 Feb 2022 08:14:50 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=P1Tm8nezGSewyWXQ7Xwvi8/3Qqy1PAg7oVbwAYr56QM=; b=dOCkrAwWCvFU2xsuzhZZJSAI5pi4/e6L3VauktylfcJColZ/euMpI4/yXdXmHj8rfv 9PGIVLQVQb9Qr7pjL31dThmupqYLmnUbLOjLYoaQvsUFAeA7bijmUhOWVB+CeqQXpkIs G4ubry/JVVTIdNPP0UB6l56dgC/fDg4K5/FH7kgy5lFIy0AYhybuLM57IYlmOry5sY6n uB5Jcvp1evfpOrlK/V/QNca7v5gxR+ozmYjtaJI0ZkIM7O76y+6O9ELN5J8ZtllVXeG9 8UPdP9Mq+3eNEQi2y/+kipVvj2Nv14IZ5LBtGiwqHZRwCIm8BZwLBZR7+NGy/cOgm+vm EeTA== X-Gm-Message-State: AOAM530E8/rIx7ycTMuYNJnFTdo6PrQ3I+kL6uqfq79yfVYZTvvCC8Hd YI8E/sTidnB4xMz/mLoSmxwV6cDC1Tb3h9tyXL2k62Eh0mGMmJcW0D3Y3g5IzXRXx0yF/eLZ7cn XgUOQRNQEKZwd4OEfP5EJAl1BqnzWnS0= X-Received: by 2002:a05:6e02:170c:: with SMTP id u12mr2943062ill.135.1644941684063; Tue, 15 Feb 2022 08:14:44 -0800 (PST) X-Google-Smtp-Source: ABdhPJwmjN0AcqSfjQfLEThyJ4G1NJFXxX7aZpeyB0b5By30Ze3ee+6Pg0asWb16TETWb/0cjGjwGQ== X-Received: by 2002:a05:6e02:170c:: with SMTP id u12mr2943052ill.135.1644941683858; Tue, 15 Feb 2022 08:14:43 -0800 (PST) Received: from xps13.dannf (c-71-196-238-11.hsd1.co.comcast.net. [71.196.238.11]) by smtp.gmail.com with ESMTPSA id r9sm16643673ilt.82.2022.02.15.08.14.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 15 Feb 2022 08:14:42 -0800 (PST) Date: Tue, 15 Feb 2022 09:14:40 -0700 From: "dann frazier" To: Brijesh Singh Cc: devel@edk2.groups.io, James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Gerd Hoffmann , Aaron Young Subject: Re: [PATCH 1/1] OvmfPkg/FvbServicesSmm: use the VmgExitLibNull Message-ID: References: <20220215151638.1671473-1-brijesh.singh@amd.com> MIME-Version: 1.0 In-Reply-To: <20220215151638.1671473-1-brijesh.singh@amd.com> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Feb 15, 2022 at 09:16:38AM -0600, Brijesh Singh wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3835 > > The commit ade62c18f4742301bbef474ac10518bde5972fba caused a boot failure > when OVMF is build with SECURE_BOOT/SMM enabled. > > This happen because the above commit extended the BaseMemEncryptSevLib.inf > to include VmgExitLib. The FvbServicesSmm uses the functions provided > by the MemEncryptSevLib to clear the memory encryption mask from the > page table. It created a dependency, as shown below > > OvmfPkg/FvbServicesSmm.inf > ---> MemEncryptSevLib class > ---> "OvmfPkg/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf" instance > ---> VmgExitLib > ---> "OvmfPkg/VmgExitLib" instance > ---> LocalApicLib class > ---> UefiCpuPkg/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf instance > ---> TimerLib class > ---> "OvmfPkg/AcpiTimerLib/DxeAcpiTimerLib.inf" instance > ---> PciLib class > ---> "OvmfPkg/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf" instance > > The LocalApicLib provides a constructor, execution of the constructor > causes an exception. The SEV-ES and SEV-SNP do not support the SMM, so > skip including the VmgExitLib chain. Use the module override to use the > VmgExitLibNull to avoid the inclusion of unneeded LocalApicLib dependency > chain in FvbServicesSmm. We ran similar issue for AmdSevDxe driver, > see commit 19914edc5a0202cc7830f819ffac7e7b2368166a > > After the patch, the dependency look like this: > > OvmfPkg/FvbServicesSmm.inf > ---> MemEncryptSevLib class > ---> "OvmfPkg/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf" instance > ---> VmgExitLib > ---> "UefiCpuPkg/Library/VmgExitLibNull" instance > > Fixes: ade62c18f4742301bbef474ac10518bde5972fba > Reported-by: Aaron Young > Cc: Dann Frazier > Cc: Michael Roth > Cc: James Bottomley > Cc: Min Xu > Cc: Jiewen Yao > Cc: Tom Lendacky > Cc: Jordan Justen > Cc: Ard Biesheuvel > Cc: Erdem Aktas > Cc: Gerd Hoffmann > Signed-off-by: Brijesh Singh Thanks for the quick fix Brijesh! Tested-by: dann frazier -dann > --- > OvmfPkg/CloudHv/CloudHvX64.dsc | 5 ++++- > OvmfPkg/OvmfPkgIa32.dsc | 5 ++++- > OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++- > OvmfPkg/OvmfPkgX64.dsc | 5 ++++- > 4 files changed, 16 insertions(+), 4 deletions(-) > > diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc > index 8ac9227c5f50..3172100310b1 100644 > --- a/OvmfPkg/CloudHv/CloudHvX64.dsc > +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc > @@ -906,7 +906,10 @@ [Components] > # > # Variable driver stack (SMM) > # > - OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf > + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf { > + > + VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf > + } > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf { > > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > index 29eea82571c5..85abed24c1a7 100644 > --- a/OvmfPkg/OvmfPkgIa32.dsc > +++ b/OvmfPkg/OvmfPkgIa32.dsc > @@ -956,7 +956,10 @@ [Components] > # > # Variable driver stack (SMM) > # > - OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf > + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf { > + > + VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf > + } > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf { > > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > index 56d3c49ab21a..a9c1daecc1a8 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > @@ -974,7 +974,10 @@ [Components.X64] > # > # Variable driver stack (SMM) > # > - OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf > + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf { > + > + VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf > + } > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf { > > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index f0924c0f9d0a..718399299f57 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -971,7 +971,10 @@ [Components] > # > # Variable driver stack (SMM) > # > - OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf > + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf { > + > + VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf > + } > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf { >