.../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c | 5 +++-- .../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf | 1 + 2 files changed, 4 insertions(+), 2 deletions(-)
Reference: https://bugzilla.tianocore.org/show_bug.cgi?id=4031
This patch is similar to the c477b2783f patch for Td guest.
Host VMM may inject OptionRom which is untrusted in Sev guest. So PCI
OptionRom needs to be ignored if it is Sev guest. According to
"Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage"
PI spec 1.7, type-specific flags can be set to 0 when Address
Translation Offset == 6 to skip device option ROM.
Without this patch, Sev guest may shows invalid MMIO opcode error
as following:
Invalid MMIO opcode (F6)
ASSERT /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202202/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c(1041): ((BOOLEAN)(0==1))
The OptionRom must be disabled both on Td and Sev guests, so we direct
use CcProbe().
v2: Use CcProbe() instead of TdIsEnabled() and MemEncryptSevIsEnabled().
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
---
.../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c | 5 +++--
.../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf | 1 +
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
index 2d385d26ef..686d85633e 100644
--- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
+++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
@@ -18,6 +18,7 @@
#include <Library/MemoryAllocationLib.h>
#include <Library/PcdLib.h>
#include <Library/UefiBootServicesTableLib.h>
+#include <Library/CcProbeLib.h>
#include <Protocol/IncompatiblePciDeviceSupport.h>
#include <Protocol/LegacyBios.h>
@@ -264,7 +265,7 @@ CheckDevice (
//
// In Td guest OptionRom is not allowed.
//
- if (TdIsEnabled ()) {
+ if (CcProbe ()) {
Length += sizeof mOptionRomConfiguration;
}
@@ -286,7 +287,7 @@ CheckDevice (
CopyMem (Ptr, &mMmio64Configuration, sizeof mMmio64Configuration);
Length = sizeof mMmio64Configuration;
- if (TdIsEnabled ()) {
+ if (CcProbe ()) {
CopyMem (Ptr + Length, &mOptionRomConfiguration, sizeof mOptionRomConfiguration);
Length += sizeof mOptionRomConfiguration;
}
diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
index c3e6bb9447..ad38128fcb 100644
--- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
+++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
@@ -24,6 +24,7 @@
OvmfPkg/OvmfPkg.dec
[LibraryClasses]
+ CcProbeLib
DebugLib
MemoryAllocationLib
PcdLib
--
2.12.3
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#92868): https://edk2.groups.io/g/devel/message/92868
Mute This Topic: https://groups.io/mt/93271877/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On Fri, Aug 26, 2022 at 11:15:20PM +0800, Lee, Chun-Yi wrote: > Reference: https://bugzilla.tianocore.org/show_bug.cgi?id=4031 > > This patch is similar to the c477b2783f patch for Td guest. > > Host VMM may inject OptionRom which is untrusted in Sev guest. So PCI > OptionRom needs to be ignored if it is Sev guest. According to > "Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage" > PI spec 1.7, type-specific flags can be set to 0 when Address > Translation Offset == 6 to skip device option ROM. > > Without this patch, Sev guest may shows invalid MMIO opcode error > as following: > > Invalid MMIO opcode (F6) > ASSERT /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202202/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c(1041): ((BOOLEAN)(0==1)) > > The OptionRom must be disabled both on Td and Sev guests, so we direct > use CcProbe(). > > v2: Use CcProbe() instead of TdIsEnabled() and MemEncryptSevIsEnabled(). Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92909): https://edk2.groups.io/g/devel/message/92909 Mute This Topic: https://groups.io/mt/93271877/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On Mon, 29 Aug 2022 at 11:32, Gerd Hoffmann <kraxel@redhat.com> wrote: > > On Fri, Aug 26, 2022 at 11:15:20PM +0800, Lee, Chun-Yi wrote: > > Reference: https://bugzilla.tianocore.org/show_bug.cgi?id=4031 > > > > This patch is similar to the c477b2783f patch for Td guest. > > > > Host VMM may inject OptionRom which is untrusted in Sev guest. So PCI > > OptionRom needs to be ignored if it is Sev guest. According to > > "Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage" > > PI spec 1.7, type-specific flags can be set to 0 when Address > > Translation Offset == 6 to skip device option ROM. > > > > Without this patch, Sev guest may shows invalid MMIO opcode error > > as following: > > > > Invalid MMIO opcode (F6) > > ASSERT /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202202/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c(1041): ((BOOLEAN)(0==1)) > > > > The OptionRom must be disabled both on Td and Sev guests, so we direct > > use CcProbe(). > > > > v2: Use CcProbe() instead of TdIsEnabled() and MemEncryptSevIsEnabled(). > > Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> > Merged as #3298 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#93246): https://edk2.groups.io/g/devel/message/93246 Mute This Topic: https://groups.io/mt/93271877/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.