From nobody Sun May 19 11:31:10 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+92868+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92868+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1661526971; cv=none; d=zohomail.com; s=zohoarc; b=FHBAQFN34JE7slwmUreqhe88bIgYFChulF59e4EvgUrUdEuxgrh9i/5jRwKeLvuHsfTkewbKa6jMwikLm8HxI9lEBvzi+68EX4UfIKXi0/tass/so/6VUCCV/vUO0OPQMYr2/bHgfsapNTdn8AbaWKMZX53lWM9nIYhcy6JvEKg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661526971; h=Cc:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:Message-ID:Reply-To:Sender:Subject:To; bh=CsHeJ5l3sANOswNKVCPGmLb8krQUN2R3CCfPovqC5uc=; b=Nm8SzGmBC3jBErSljMSk4n8JeSUZ3g5RntfPYpeW9ga5iDML+nZG/6Pr2RnQBe1hqHK3CsEH8FClTO4R1q5WdUJ4ufiThdL2zV76cyEORoU9G2lbOw04ianDVjCj2Liz62yC5ieCUYTOYP/EiIcaflT2eTxytuSNEYMZVbPE+AI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92868+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1661526971567881.730531836368; Fri, 26 Aug 2022 08:16:11 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id fyGgYY1788612xREMKSzfFYE; Fri, 26 Aug 2022 08:16:11 -0700 X-Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) by mx.groups.io with SMTP id smtpd.web08.38471.1661526926698420834 for ; Fri, 26 Aug 2022 08:15:26 -0700 X-Received: by mail-pg1-f180.google.com with SMTP id 69so16264pgb.13 for ; Fri, 26 Aug 2022 08:15:26 -0700 (PDT) X-Gm-Message-State: GaipF6IKQG8vhYFZrltseVH7x1787277AA= X-Google-Smtp-Source: AA6agR67ROU1VLb11NTItioFOjorLpbY5EiYMNrtDQdhUCJ1Q16mfQpTXJWM+VuHFEUq2shvyYbMAA== X-Received: by 2002:a65:6417:0:b0:42b:2f13:8477 with SMTP id a23-20020a656417000000b0042b2f138477mr3577129pgv.329.1661526925631; Fri, 26 Aug 2022 08:15:25 -0700 (PDT) X-Received: from linux-l9pv.suse (123-194-152-128.dynamic.kbronet.com.tw. [123.194.152.128]) by smtp.gmail.com with ESMTPSA id ij25-20020a170902ab5900b001745662d568sm148062plb.278.2022.08.26.08.15.23 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 26 Aug 2022 08:15:24 -0700 (PDT) From: "Lee, Chun-Yi" X-Google-Original-From: "Lee, Chun-Yi" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Jiewen Yao , Jordan Justen , Gerd Hoffmann , Min Xu , Brijesh Singh , Erdem Aktas , James Bottomley , "Lee, Chun-Yi" Subject: [edk2-devel] [PATCH v2] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Sev guest Date: Fri, 26 Aug 2022 23:15:20 +0800 Message-Id: <20220826151520.25850-1-jlee@suse.com> Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,joeyli.kernel@gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1661526971; bh=ZFnQvAh2sBGAnw5BmspUZ29na1Iuh3I9Y2SS2EkUmf0=; h=Cc:Date:From:Reply-To:Subject:To; b=eIy9JZXEkh47/17oN/PizaToKbQrb4uRJsBUm15ipfOWTJ62r1ywx5sJFKWXEhZ7y85 EFsuyZbZp6Pk7Sxd7JHT+yU552/pYtG/A85K82SHy6o/ZDTM5NMm1qGuvFArW89ygxyXI iZNpzXyjEPSa6hMMWkaY0pp2OB4jOTvu8mk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1661526972785100001 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Reference: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4031 This patch is similar to the c477b2783f patch for Td guest. Host VMM may inject OptionRom which is untrusted in Sev guest. So PCI OptionRom needs to be ignored if it is Sev guest. According to "Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage" PI spec 1.7, type-specific flags can be set to 0 when Address Translation Offset =3D=3D 6 to skip device option ROM. Without this patch, Sev guest may shows invalid MMIO opcode error as following: Invalid MMIO opcode (F6) ASSERT /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202202/OvmfPkg/Library/V= mgExitLib/VmgExitVcHandler.c(1041): ((BOOLEAN)(0=3D=3D1)) The OptionRom must be disabled both on Td and Sev guests, so we direct use CcProbe(). v2: Use CcProbe() instead of TdIsEnabled() and MemEncryptSevIsEnabled(). Signed-off-by: "Lee, Chun-Yi" Reviewed-by: Gerd Hoffmann --- .../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c | 5 += ++-- .../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceS= upport.c b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSup= port.c index 2d385d26ef..686d85633e 100644 --- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c +++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c @@ -18,6 +18,7 @@ #include #include #include +#include =20 #include #include @@ -264,7 +265,7 @@ CheckDevice ( // // In Td guest OptionRom is not allowed. // - if (TdIsEnabled ()) { + if (CcProbe ()) { Length +=3D sizeof mOptionRomConfiguration; } =20 @@ -286,7 +287,7 @@ CheckDevice ( CopyMem (Ptr, &mMmio64Configuration, sizeof mMmio64Configuration); Length =3D sizeof mMmio64Configuration; =20 - if (TdIsEnabled ()) { + if (CcProbe ()) { CopyMem (Ptr + Length, &mOptionRomConfiguration, sizeof mOptionRomConf= iguration); Length +=3D sizeof mOptionRomConfiguration; } diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceS= upport.inf b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceS= upport.inf index c3e6bb9447..ad38128fcb 100644 --- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.= inf +++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.= inf @@ -24,6 +24,7 @@ OvmfPkg/OvmfPkg.dec =20 [LibraryClasses] + CcProbeLib DebugLib MemoryAllocationLib PcdLib --=20 2.12.3 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92868): https://edk2.groups.io/g/devel/message/92868 Mute This Topic: https://groups.io/mt/93271877/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-