Re: [edk2-devel] [PATCH v9 13/32] OvmfPkg/AmdSevDxe: do not use extended PCI config space

Thu, 14 Oct 2021 00:50:17 -0700 

On Wed, Oct 13, 2021 at 11:56:54AM -0500, Brijesh Singh wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
> 
> Commit 85b8eac59b8c5bd9c7eb9afdb64357ce1aa2e803 added support to ensure
> that MMIO is only performed against the un-encrypted memory. If MMIO
> is performed against encrypted memory, a #GP is raised.
> 
> The AmdSevDxe uses the functions provided by the MemEncryptSevLib to
> clear the memory encryption mask from the page table. If the
> MemEncryptSevLib is extended to include VmgExitLib then depedency
> chain will look like this:
> 
> OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> -----> MemEncryptSevLib                    class
> -----> "OvmfPkg/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf"   instance
> -----> VmgExitLib                          class
> -----> "OvmfPkg/VmgExitLib"    instance
> -----> LocalApicLib                        class
> -----> "UefiCpuPkg/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf" instance
> -----> TimerLib                            class
> -----> "OvmfPkg/AcpiTimerLib/DxeAcpiTimerLib.inf"   instance
> -----> PciLib                                           class
> -----> "OvmfPkg/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf"    instance
> -----> PciExpressLib                                          class
> -----> "MdePkg/BasePciExpressLib/BasePciExpressLib.inf"  instance
> 
> The LocalApicLib provides a constructor that gets called before the
> AmdSevDxe can clear the memory encryption mask from the MMIO regions.
> 
> When running under the Q35 machine type, the call chain looks like this:
> 
> AcpiTimerLibConstructor ()  [AcpiTimerLib]
>   PciRead32 ()              [DxePciLibI440FxQ35]
>    PciExpressRead32 ()      [PciExpressLib]
> 
> The PciExpressRead32 () reads the MMIO region. The MMIO regions are not
> yet mapped un-encrypted, so the check introduced in the commit
> 85b8eac59b8c5bd9c7eb9afdb64357ce1aa2e803 raises a #GP.
> 
> The AmdSevDxe driver does not require the access to the extended PCI
> config space. Accessing a normal PCI config space, via IO port should be
> sufficent. Use the module-scope override to make the AmdSevDxe use the
> BasePciLib instead of BasePciExpressLib so that PciRead32 () uses the
> IO ports instead of the extended config space.

Acked-by: Gerd Hoffmann <kra...@redhat.com>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#81982): https://edk2.groups.io/g/devel/message/81982
Mute This Topic: https://groups.io/mt/86292900/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to