From nobody Mon Feb 9 19:04:25 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+87095+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+87095+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1646036246; cv=none; d=zohomail.com; s=zohoarc; b=DdXwPCwrkVKMWgEZ8EfXhLqhGU4GE3ctWrhpW7VS1sG8hpYvXtBoODjkrCyW0ItIwZXHtI7RoTOt3ZQ/CwOhUvah6jQNujLMXdsRVAavsMs7fnb4eUuenGAZP1tBNMVtCZsDLh3N9RTJEPfE4qaiLhcAydKQ3AKvdlQh1aJks88= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1646036246; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=0FwQTVKyI01IFnKLpGM5jiYAAzoJrwl0aI1M2N0UFPQ=; b=Xi4jgc/EMC7NRqePAWA9A3XpCt8V8Qi2na2zrHXRmLxFt7WhvwTl9pteLV/8Zp4DAQipP7UNIzC1EAFrJg8dQDsjk96WsTimsLvmZyUqLXZn1Vaz7HwUDKirG+qd+4Do3P9pRjhYOuwhMKac2W3q5vByJ4bYdYsHTCQLrMat5Yc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+87095+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1646036246321231.78745390184008; Mon, 28 Feb 2022 00:17:26 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id RLEYYY1788612x84QocWavFO; Mon, 28 Feb 2022 00:17:26 -0800 X-Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web11.17835.1646036243454643146 for ; Mon, 28 Feb 2022 00:17:24 -0800 X-IronPort-AV: E=McAfee;i="6200,9189,10271"; a="339268986" X-IronPort-AV: E=Sophos;i="5.90,142,1643702400"; d="scan'208";a="339268986" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Feb 2022 00:17:23 -0800 X-IronPort-AV: E=Sophos;i="5.90,142,1643702400"; d="scan'208";a="550140192" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.2.184]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Feb 2022 00:17:20 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Michael D Kinney , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [edk2-devel] [PATCH V4 08/10] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Td guest Date: Mon, 28 Feb 2022 16:16:29 +0800 Message-Id: <20220228081631.681-9-min.m.xu@intel.com> In-Reply-To: <20220228081631.681-1-min.m.xu@intel.com> References: <20220228081631.681-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: QkMCuZbwSDj0ySaIs7hd3CHFx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1646036246; bh=NWfFfUl0aFgl0zyYLwfvknP+TOmckyZP6LKt8PESIQs=; h=Cc:Date:From:Reply-To:Subject:To; b=loZtVlLpgEApmxE7hncS/NW9dBpnQx+9UXginyglUieIb39BFDzh5ng2SiSMQE7hZE8 zoyZL20nEpsjo7xNo/gIoxxxg10IBU4EwzHD8b1b7tZfwQ55L81cfSKKAmeVWiNHoELfk IUnb4gAhPv6kGz6AhOcOC0VgwFtQHf1AyJY= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1646036248537100015 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 Host VMM may inject OptionRom which is untrusted in Td guest. So PCI OptionRom needs to be ignored if it is of Td guest. According to "Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage" PI spec 1.7, type-specific flags can be set to 0 when Address Translation Offset =3D=3D 6 to skip device option ROM. Cc: Michael D Kinney Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Signed-off-by: Min Xu --- .../IncompatiblePciDeviceSupport.c | 110 ++++++++++++------ 1 file changed, 77 insertions(+), 33 deletions(-) diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceS= upport.c b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSup= port.c index 8730874613f8..68d4a5e0abfc 100644 --- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c +++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c @@ -9,6 +9,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ =20 +#include +#include #include #include =20 @@ -32,57 +34,76 @@ STATIC EFI_INCOMPATIBLE_PCI_DEVICE_SUPPORT_PROTOCOL mIncompatiblePciDeviceSupport; =20 // -// Configuration template for the CheckDevice() protocol member function. +// Below structure is length variable. It contains 3 parts: +// - mMmioConfiguration +// - mOptionRomConfiguration +// - mEndDesc // -// Refer to Table 20 "ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage"= in -// the Platform Init 1.4a Spec, Volume 5. +// mOptionRomConfiguration is present only in Td guest. +// Host VMM can inject option ROM which is untrusted in Td guest, +// so PCI option ROM needs to be ignored. +// According to "Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor U= sage" +// PI spec 1.7, type-specific flags can be set to 0 when +// Address Translation Offset =3D=3D 6 to skip device option ROM. // // This structure is interpreted by the UpdatePciInfo() function in the ed= k2 // PCI Bus UEFI_DRIVER. // -#pragma pack (1) -typedef struct { - EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR AddressSpaceDesc; - EFI_ACPI_END_TAG_DESCRIPTOR EndDesc; -} MMIO64_PREFERENCE; -#pragma pack () +STATIC CONST EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR mMmio64Configuration =3D { + ACPI_ADDRESS_SPACE_DESCRIPTOR, // Desc + (UINT16)( // Len + sizeof (EFI_ACPI_ADDRES= S_SPACE_DESCRIPTOR) - + OFFSET_OF ( + EFI_ACPI_ADDRESS_SPAC= E_DESCRIPTOR, + ResType + ) + ), + ACPI_ADDRESS_SPACE_TYPE_MEM, // ResType + 0, // GenFlag + 0, // SpecificFlag + 64, // AddrSpaceGranularity: + // aperture selection= hint + // for BAR allocation + 0, // AddrRangeMin + 0, // AddrRangeMax: + // no special alignme= nt + // for affected BARs + MAX_UINT64, // AddrTranslationOffse= t: + // hint covers all + // eligible BARs + 0 // AddrLen: + // use probed BAR size +}; =20 -STATIC CONST MMIO64_PREFERENCE mConfiguration =3D { - // - // AddressSpaceDesc - // - { - ACPI_ADDRESS_SPACE_DESCRIPTOR, // Desc - (UINT16)( // Len +STATIC CONST EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR mOptionRomConfiguration = =3D { + ACPI_ADDRESS_SPACE_DESCRIPTOR, // Desc + (UINT16)( // Len sizeof (EFI_ACPI_ADDRES= S_SPACE_DESCRIPTOR) - OFFSET_OF ( EFI_ACPI_ADDRESS_SPAC= E_DESCRIPTOR, ResType ) ), - ACPI_ADDRESS_SPACE_TYPE_MEM, // ResType - 0, // GenFlag - 0, // SpecificFlag - 64, // AddrSpaceGranularity: + ACPI_ADDRESS_SPACE_TYPE_MEM, // ResType + 0, // GenFlag + 0, // Disable option roms = SpecificFlag + 64, // AddrSpaceGranularity: // aperture selection= hint // for BAR allocation - 0, // AddrRangeMin - 0, // AddrRangeMax: + MAX_UINT64, // AddrRangeMin + MAX_UINT64, // AddrRangeMax: // no special alignme= nt // for affected BARs - MAX_UINT64, // AddrTranslationOffse= t: + 6, // AddrTranslationOffse= t: // hint covers all // eligible BARs - 0 // AddrLen: + 0 // AddrLen: // use probed BAR size - }, - // - // EndDesc - // - { - ACPI_END_TAG_DESCRIPTOR, // Desc - 0 // Checksum: to be igno= red - } +}; + +STATIC CONST EFI_ACPI_END_TAG_DESCRIPTOR mEndDesc =3D { + ACPI_END_TAG_DESCRIPTOR, // Desc + 0 // Checksum: to be igno= red }; =20 // @@ -203,6 +224,8 @@ CheckDevice ( ) { mCheckDeviceCalled =3D TRUE; + UINTN Length; + UINT8 *Ptr; =20 // // Unlike the general description of this protocol member suggests, ther= e is @@ -232,7 +255,17 @@ CheckDevice ( // the edk2 PCI Bus UEFI_DRIVER actually handles error codes; see the // UpdatePciInfo() function. // - *Configuration =3D AllocateCopyPool (sizeof mConfiguration, &mConfigurat= ion); + Length =3D sizeof mMmio64Configuration + sizeof mEndDesc; + + // + // In Td guest OptionRom is not allowed. + // + if (TdIsEnabled ()) { + Length +=3D sizeof mOptionRomConfiguration; + } + + *Configuration =3D AllocateZeroPool (Length); + if (*Configuration =3D=3D NULL) { DEBUG (( DEBUG_WARN, @@ -245,6 +278,17 @@ CheckDevice ( return EFI_OUT_OF_RESOURCES; } =20 + Ptr =3D (UINT8 *)(UINTN)*Configuration; + CopyMem (Ptr, &mMmio64Configuration, sizeof mMmio64Configuration); + Length =3D sizeof mMmio64Configuration; + + if (TdIsEnabled ()) { + CopyMem (Ptr + Length, &mOptionRomConfiguration, sizeof mOptionRomConf= iguration); + Length +=3D sizeof mOptionRomConfiguration; + } + + CopyMem (Ptr + Length, &mEndDesc, sizeof mEndDesc); + return EFI_SUCCESS; } =20 --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#87095): https://edk2.groups.io/g/devel/message/87095 Mute This Topic: https://groups.io/mt/89446696/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-