commit ovmf for openSUSE:Factory

Tue, 11 Oct 2022 09:04:04 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2022-10-11 18:01:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and      /work/SRC/openSUSE:Factory/.ovmf.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "ovmf"

Tue Oct 11 18:01:25 2022 rev:81 rq:1007777 version:202205

Changes:
--------
--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes        2022-09-12 
19:07:41.142441467 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new.2275/ovmf.changes      2022-10-11 
18:03:52.541922428 +0200
@@ -1,0 +2,6 @@
+Mon Sep 19 11:16:00 UTC 2022 - Joey Lee <j...@suse.com>
+
+- Add patches to disable option ROM on sev (bsc#1199156)
+    ovmf-bsc1199156-OvmfPkg-IncompatiblePciDeviceSupportDxe-Ignore-Optio.patch
+
+-------------------------------------------------------------------

New:
----
  ovmf-bsc1199156-OvmfPkg-IncompatiblePciDeviceSupportDxe-Ignore-Optio.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ovmf.spec ++++++
--- /var/tmp/diff_new_pack.0kX24D/_old  2022-10-11 18:03:53.205923502 +0200
+++ /var/tmp/diff_new_pack.0kX24D/_new  2022-10-11 18:03:53.209923508 +0200
@@ -59,6 +59,8 @@
 Patch11:        
%{name}-Revert-SourceLevelDebugPkg-Replace-Opcode-with-the-c.patch
 Patch12:        
%{name}-Revert-MdePkg-Replace-Opcode-with-the-corresponding-.patch
 Patch13:        
%{name}-Revert-MdeModulePkg-Replace-Opcode-with-the-correspo.patch
+# bsc#1199156 OVMF exposed Invalid MMIO opcode (F6) error when enabled sev and 
sev-es
+Patch14:        
%{name}-bsc1199156-OvmfPkg-IncompatiblePciDeviceSupportDxe-Ignore-Optio.patch
 BuildRequires:  bc
 BuildRequires:  cross-arm-binutils
 BuildRequires:  cross-arm-gcc%{gcc_version}
@@ -183,6 +185,7 @@
 %patch12 -p1
 %patch13 -p1
 %endif
+%patch14 -p1
 
 # add openssl
 pushd CryptoPkg/Library/OpensslLib/openssl






++++++ 
ovmf-bsc1199156-OvmfPkg-IncompatiblePciDeviceSupportDxe-Ignore-Optio.patch 
++++++
>From 18b5b14932d1a90bceb928ca553851078bd19ca1 Mon Sep 17 00:00:00 2001
From: "Lee, Chun-Yi" <joeyli.ker...@gmail.com>
Date: Fri, 26 Aug 2022 23:15:20 +0800
Subject: [PATCH] OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in
 Sev guest

Reference: https://bugzilla.tianocore.org/show_bug.cgi?id=4031

This patch is similar to the c477b2783f patch for Td guest.

Host VMM may inject OptionRom which is untrusted in Sev guest. So PCI
OptionRom needs to be ignored if it is Sev guest. According to
"Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage"
PI spec 1.7, type-specific flags can be set to 0 when Address
Translation Offset == 6 to skip device option ROM.

Without this patch, Sev guest may shows invalid MMIO opcode error
as following:

Invalid MMIO opcode (F6)
ASSERT 
/home/abuild/rpmbuild/BUILD/edk2-edk2-stable202202/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c(1041):
 ((BOOLEAN)(0==1))

The OptionRom must be disabled both on Td and Sev guests, so we direct
use CcProbe().

Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
Reviewed-by: Gerd Hoffmann <kra...@redhat.com>
---
 .../IncompatiblePciDeviceSupport.c                           | 5 +++--
 .../IncompatiblePciDeviceSupport.inf                         | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git 
a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c 
b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
index 2d385d26ef..686d85633e 100644
--- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
+++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c
@@ -18,6 +18,7 @@
 #include <Library/MemoryAllocationLib.h>
 #include <Library/PcdLib.h>
 #include <Library/UefiBootServicesTableLib.h>
+#include <Library/CcProbeLib.h>
 
 #include <Protocol/IncompatiblePciDeviceSupport.h>
 #include <Protocol/LegacyBios.h>
@@ -264,7 +265,7 @@ CheckDevice (
   //
   // In Td guest OptionRom is not allowed.
   //
-  if (TdIsEnabled ()) {
+  if (CcProbe ()) {
     Length += sizeof mOptionRomConfiguration;
   }
 
@@ -286,7 +287,7 @@ CheckDevice (
   CopyMem (Ptr, &mMmio64Configuration, sizeof mMmio64Configuration);
   Length = sizeof mMmio64Configuration;
 
-  if (TdIsEnabled ()) {
+  if (CcProbe ()) {
     CopyMem (Ptr + Length, &mOptionRomConfiguration, sizeof 
mOptionRomConfiguration);
     Length += sizeof mOptionRomConfiguration;
   }
diff --git 
a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf 
b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
index c3e6bb9447..ad38128fcb 100644
--- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
+++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
@@ -24,6 +24,7 @@
   OvmfPkg/OvmfPkg.dec
 
 [LibraryClasses]
+  CcProbeLib
   DebugLib
   MemoryAllocationLib
   PcdLib
-- 
2.35.3

Reply via email to