From nobody Sun May 19 17:22:41 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+92813+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+92813+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1661435060; cv=none;
	d=zohomail.com; s=zohoarc;
	b=lDsDvcPKDZ3moUFVOAETl3lkjDRhQ84mxVm9SviAYbCL9VpI7P85Pcfi2Sm1mlUPR3uXAn4EhDu4XboApPcysfnivNDuo1n1br0vK0eyYxRpWFpfDTXslKhg6yNsW6bTCdGZK9EbHJ7hwrXcNprIvlP/J1vn/gi0oBmGCg/gf58=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1661435060;
 h=Cc:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:Message-ID:Reply-To:Sender:Subject:To;
	bh=9DsD4AjNytR4Svm2O5btRvFLR0bOHH/98OV6sVEAJh0=;
	b=LQCAgF17233b3JNzQyMjvXQP8eUacLfeI06OxedL2dG/rQo6Zy+Rxyqy7qhx3cMZBvvqqGl7WoxR1hMY/tbjf3JN0+l4adi6xUedlfAiYUriAMb/PN1WDf9rSDriQ7tgUnCxcWF6bgh7xynSeY3Lo7SmCc5bsjjbtbYluO+RJ14=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+92813+1787277+3901457@groups.io;
	dmarc=fail header.from=<joeyli.kernel@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1661435060517762.4605465984939;
 Thu, 25 Aug 2022 06:44:20 -0700 (PDT)
Return-Path: <bounce+27952+92813+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id AkQiYY1788612x2t8IiuYdXd;
 Thu, 25 Aug 2022 06:44:19 -0700
X-Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com
 [209.85.210.181])
 by mx.groups.io with SMTP id smtpd.web09.24096.1661434771272878766
 for <devel@edk2.groups.io>;
 Thu, 25 Aug 2022 06:39:31 -0700
X-Received: by mail-pf1-f181.google.com with SMTP id p185so5333539pfb.13
        for <devel@edk2.groups.io>; Thu, 25 Aug 2022 06:39:31 -0700 (PDT)
X-Gm-Message-State: ZEMeJf82Qkuj95HLW3CuS9yXx1787277AA=
X-Google-Smtp-Source: 
 AA6agR4/p3NO+0RTiWBbQxl9xOUHT/+Z/M2jzEmGU+D7VvjdgHpyp/zzawIixt5g6NbvN75AH4vUsw==
X-Received: by 2002:a63:f0e:0:b0:429:54d7:238 with SMTP id
 e14-20020a630f0e000000b0042954d70238mr3329909pgl.620.1661434770510;
        Thu, 25 Aug 2022 06:39:30 -0700 (PDT)
X-Received: from linux-l9pv.suse (123-194-152-128.dynamic.kbronet.com.tw.
 [123.194.152.128])
        by smtp.gmail.com with ESMTPSA id
 y5-20020aa79ae5000000b0052db82ad8b2sm13873551pfp.123.2022.08.25.06.39.27
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 25 Aug 2022 06:39:29 -0700 (PDT)
From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
X-Google-Original-From: "Lee, Chun-Yi" <jlee@suse.com>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Min Xu <min.m.xu@intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	"Lee, Chun-Yi" <jlee@suse.com>
Subject: [edk2-devel] [PATCH] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore
 OptionRom in Sev guest
Date: Thu, 25 Aug 2022 21:39:25 +0800
Message-Id: <20220825133925.6410-1-jlee@suse.com>
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,joeyli.kernel@gmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1661435059;
 bh=cZDI1WgVXvEgDTK4L5N5ZmGe5Apsa4pHi37osqx5qs4=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=Cn/9xsxbF4qV39bbe9z+QVGIMOSEBp6JcbqOIzf579giY3/k1xFWooOC/8jNeyjjqHD
 coQVFA32dVBB0XbXb+XceFlRcNgUZxSJGjnabAHBJ+AKQZs2/b1E4bPArJoXTB/mp5cgP
 PiY5nrxlSdXz345JrITmZZ0COM1Zb+IOkYw=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1661435061138100001
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

Reference: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4031

This patch is similar to the c477b2783f patch for Td guest.

Host VMM may inject OptionRom which is untrusted in Sev guest. So PCI
OptionRom needs to be ignored if it is Sev guest. According to
"Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage"
PI spec 1.7, type-specific flags can be set to 0 when Address
Translation Offset =3D=3D 6 to skip device option ROM.

Without this patch, Sev guest may shows invalid MMIO opcode error
as following:

Invalid MMIO opcode (F6)
ASSERT /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202202/OvmfPkg/Library/V=
mgExitLib/VmgExitVcHandler.c(1041): ((BOOLEAN)(0=3D=3D1))

Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
---
 .../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c   | 5 +=
++--
 .../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceS=
upport.c b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSup=
port.c
index 2d385d26ef..269e6c2b91 100644
--- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
+++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
@@ -16,6 +16,7 @@
=20
 #include <Library/DebugLib.h>
 #include <Library/MemoryAllocationLib.h>
+#include <Library/MemEncryptSevLib.h>
 #include <Library/PcdLib.h>
 #include <Library/UefiBootServicesTableLib.h>
=20
@@ -264,7 +265,7 @@ CheckDevice (
   //
   // In Td guest OptionRom is not allowed.
   //
-  if (TdIsEnabled ()) {
+  if (TdIsEnabled () || MemEncryptSevIsEnabled()) {
     Length +=3D sizeof mOptionRomConfiguration;
   }
=20
@@ -286,7 +287,7 @@ CheckDevice (
   CopyMem (Ptr, &mMmio64Configuration, sizeof mMmio64Configuration);
   Length =3D sizeof mMmio64Configuration;
=20
-  if (TdIsEnabled ()) {
+  if (TdIsEnabled () || MemEncryptSevIsEnabled()) {
     CopyMem (Ptr + Length, &mOptionRomConfiguration, sizeof mOptionRomConf=
iguration);
     Length +=3D sizeof mOptionRomConfiguration;
   }
diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceS=
upport.inf b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceS=
upport.inf
index c3e6bb9447..be2b883c40 100644
--- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.=
inf
+++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.=
inf
@@ -25,6 +25,7 @@
=20
 [LibraryClasses]
   DebugLib
+  MemEncryptSevLib
   MemoryAllocationLib
   PcdLib
   UefiBootServicesTableLib
--=20
2.12.3



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#92813): https://edk2.groups.io/g/devel/message/92813
Mute This Topic: https://groups.io/mt/93248346/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-