[edk2-devel] [PATCH V4 08/10] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Td guest
Min Xu
min.m.xu at intel.com
Mon Feb 28 08:16:29 UTC 2022
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
Host VMM may inject OptionRom which is untrusted in Td guest. So PCI
OptionRom needs to be ignored if it is of Td guest. According to
"Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage"
PI spec 1.7, type-specific flags can be set to 0 when Address
Translation Offset == 6 to skip device option ROM.
Cc: Michael D Kinney <michael.d.kinney at intel.com>
Cc: Brijesh Singh <brijesh.singh at amd.com>
Cc: Erdem Aktas <erdemaktas at google.com>
Cc: James Bottomley <jejb at linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao at intel.com>
Cc: Tom Lendacky <thomas.lendacky at amd.com>
Cc: Gerd Hoffmann <kraxel at redhat.com>
Signed-off-by: Min Xu <min.m.xu at intel.com>
---
.../IncompatiblePciDeviceSupport.c | 110 ++++++++++++------
1 file changed, 77 insertions(+), 33 deletions(-)
diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
index 8730874613f8..68d4a5e0abfc 100644
--- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
+++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
@@ -9,6 +9,8 @@
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
#include <IndustryStandard/Acpi10.h>
#include <IndustryStandard/Pci22.h>
@@ -32,57 +34,76 @@ STATIC EFI_INCOMPATIBLE_PCI_DEVICE_SUPPORT_PROTOCOL
mIncompatiblePciDeviceSupport;
//
-// Configuration template for the CheckDevice() protocol member function.
+// Below structure is length variable. It contains 3 parts:
+// - mMmioConfiguration
+// - mOptionRomConfiguration
+// - mEndDesc
//
-// Refer to Table 20 "ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage" in
-// the Platform Init 1.4a Spec, Volume 5.
+// mOptionRomConfiguration is present only in Td guest.
+// Host VMM can inject option ROM which is untrusted in Td guest,
+// so PCI option ROM needs to be ignored.
+// According to "Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage"
+// PI spec 1.7, type-specific flags can be set to 0 when
+// Address Translation Offset == 6 to skip device option ROM.
//
// This structure is interpreted by the UpdatePciInfo() function in the edk2
// PCI Bus UEFI_DRIVER.
//
-#pragma pack (1)
-typedef struct {
- EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR AddressSpaceDesc;
- EFI_ACPI_END_TAG_DESCRIPTOR EndDesc;
-} MMIO64_PREFERENCE;
-#pragma pack ()
+STATIC CONST EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR mMmio64Configuration = {
+ ACPI_ADDRESS_SPACE_DESCRIPTOR, // Desc
+ (UINT16)( // Len
+ sizeof (EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR) -
+ OFFSET_OF (
+ EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR,
+ ResType
+ )
+ ),
+ ACPI_ADDRESS_SPACE_TYPE_MEM, // ResType
+ 0, // GenFlag
+ 0, // SpecificFlag
+ 64, // AddrSpaceGranularity:
+ // aperture selection hint
+ // for BAR allocation
+ 0, // AddrRangeMin
+ 0, // AddrRangeMax:
+ // no special alignment
+ // for affected BARs
+ MAX_UINT64, // AddrTranslationOffset:
+ // hint covers all
+ // eligible BARs
+ 0 // AddrLen:
+ // use probed BAR size
+};
-STATIC CONST MMIO64_PREFERENCE mConfiguration = {
- //
- // AddressSpaceDesc
- //
- {
- ACPI_ADDRESS_SPACE_DESCRIPTOR, // Desc
- (UINT16)( // Len
+STATIC CONST EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR mOptionRomConfiguration = {
+ ACPI_ADDRESS_SPACE_DESCRIPTOR, // Desc
+ (UINT16)( // Len
sizeof (EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR) -
OFFSET_OF (
EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR,
ResType
)
),
- ACPI_ADDRESS_SPACE_TYPE_MEM, // ResType
- 0, // GenFlag
- 0, // SpecificFlag
- 64, // AddrSpaceGranularity:
+ ACPI_ADDRESS_SPACE_TYPE_MEM, // ResType
+ 0, // GenFlag
+ 0, // Disable option roms SpecificFlag
+ 64, // AddrSpaceGranularity:
// aperture selection hint
// for BAR allocation
- 0, // AddrRangeMin
- 0, // AddrRangeMax:
+ MAX_UINT64, // AddrRangeMin
+ MAX_UINT64, // AddrRangeMax:
// no special alignment
// for affected BARs
- MAX_UINT64, // AddrTranslationOffset:
+ 6, // AddrTranslationOffset:
// hint covers all
// eligible BARs
- 0 // AddrLen:
+ 0 // AddrLen:
// use probed BAR size
- },
- //
- // EndDesc
- //
- {
- ACPI_END_TAG_DESCRIPTOR, // Desc
- 0 // Checksum: to be ignored
- }
+};
+
+STATIC CONST EFI_ACPI_END_TAG_DESCRIPTOR mEndDesc = {
+ ACPI_END_TAG_DESCRIPTOR, // Desc
+ 0 // Checksum: to be ignored
};
//
@@ -203,6 +224,8 @@ CheckDevice (
)
{
mCheckDeviceCalled = TRUE;
+ UINTN Length;
+ UINT8 *Ptr;
//
// Unlike the general description of this protocol member suggests, there is
@@ -232,7 +255,17 @@ CheckDevice (
// the edk2 PCI Bus UEFI_DRIVER actually handles error codes; see the
// UpdatePciInfo() function.
//
- *Configuration = AllocateCopyPool (sizeof mConfiguration, &mConfiguration);
+ Length = sizeof mMmio64Configuration + sizeof mEndDesc;
+
+ //
+ // In Td guest OptionRom is not allowed.
+ //
+ if (TdIsEnabled ()) {
+ Length += sizeof mOptionRomConfiguration;
+ }
+
+ *Configuration = AllocateZeroPool (Length);
+
if (*Configuration == NULL) {
DEBUG ((
DEBUG_WARN,
@@ -245,6 +278,17 @@ CheckDevice (
return EFI_OUT_OF_RESOURCES;
}
+ Ptr = (UINT8 *)(UINTN)*Configuration;
+ CopyMem (Ptr, &mMmio64Configuration, sizeof mMmio64Configuration);
+ Length = sizeof mMmio64Configuration;
+
+ if (TdIsEnabled ()) {
+ CopyMem (Ptr + Length, &mOptionRomConfiguration, sizeof mOptionRomConfiguration);
+ Length += sizeof mOptionRomConfiguration;
+ }
+
+ CopyMem (Ptr + Length, &mEndDesc, sizeof mEndDesc);
+
return EFI_SUCCESS;
}
--
2.29.2.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#87095): https://edk2.groups.io/g/devel/message/87095
Mute This Topic: https://groups.io/mt/89446696/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list