-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
Sent: Wednesday, February 16, 2022 10:52 AM
To: Brijesh Singh <brijesh.singh@...>; devel@edk2.groups.io
Cc: James Bottomley <jejb@...>; Xu, Min M <min.m.xu@...>;
Tom Lendacky <thomas.lendacky@...>; Justen, Jordan L
<jordan.l.justen@...>; Ard Biesheuvel <ardb+tianocore@...>;
Aktas, Erdem <erdemaktas@...>; Michael Roth
<Michael.Roth@...>; Gerd Hoffmann <kraxel@...>; Aaron
Young <aaron.young@...>; Dann Frazier
<dann.frazier@...>; Michael Roth <michael.roth@...>
Subject: Re: [edk2-devel] [PATCH 1/1] OvmfPkg/FvbServicesSmm: use the
VmgExitLibNull

Reviewed-by: Jiewen Yao <Jiewen.yao@...>

-----Original Message-----
From: Brijesh Singh <brijesh.singh@...>
Sent: Tuesday, February 15, 2022 11:17 PM
To: devel@edk2.groups.io
Cc: James Bottomley <jejb@...>; Xu, Min M

<min.m.xu@...>;

Yao, Jiewen <jiewen.yao@...>; Tom Lendacky
<thomas.lendacky@...>; Justen, Jordan L <jordan.l.justen@...>;
Ard Biesheuvel <ardb+tianocore@...>; Aktas, Erdem
<erdemaktas@...>; Michael Roth <Michael.Roth@...>; Gerd
Hoffmann <kraxel@...>; Brijesh Singh <brijesh.singh@...>;
Aaron Young <aaron.young@...>; Dann Frazier
<dann.frazier@...>; Michael Roth <michael.roth@...>
Subject: [PATCH 1/1] OvmfPkg/FvbServicesSmm: use the VmgExitLibNull

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3835

The commit ade62c18f4742301bbef474ac10518bde5972fba caused a boot
failure
when OVMF is build with SECURE_BOOT/SMM enabled.

This happen because the above commit extended the
BaseMemEncryptSevLib.inf
to include VmgExitLib. The FvbServicesSmm uses the functions provided
by the MemEncryptSevLib to clear the memory encryption mask from the
page table. It created a dependency, as shown below

OvmfPkg/FvbServicesSmm.inf
---> MemEncryptSevLib class
---> "OvmfPkg/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf" instance
---> VmgExitLib
---> "OvmfPkg/VmgExitLib" instance
---> LocalApicLib class
---> UefiCpuPkg/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf instance
---> TimerLib class
---> "OvmfPkg/AcpiTimerLib/DxeAcpiTimerLib.inf" instance
---> PciLib class
---> "OvmfPkg/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf" instance

The LocalApicLib provides a constructor, execution of the constructor
causes an exception. The SEV-ES and SEV-SNP do not support the SMM, so
skip including the VmgExitLib chain. Use the module override to use the
VmgExitLibNull to avoid the inclusion of unneeded LocalApicLib dependency
chain in FvbServicesSmm. We ran similar issue for AmdSevDxe driver,
see commit 19914edc5a0202cc7830f819ffac7e7b2368166a

After the patch, the dependency look like this:

OvmfPkg/FvbServicesSmm.inf
---> MemEncryptSevLib class
---> "OvmfPkg/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf" instance
---> VmgExitLib
---> "UefiCpuPkg/Library/VmgExitLibNull" instance

Fixes: ade62c18f4742301bbef474ac10518bde5972fba
Reported-by: Aaron Young <aaron.young@...>
Cc: Dann Frazier <dann.frazier@...>
Cc: Michael Roth <michael.roth@...>
Cc: James Bottomley <jejb@...>
Cc: Min Xu <min.m.xu@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: Gerd Hoffmann <kraxel@...>
Signed-off-by: Brijesh Singh <brijesh.singh@...>
---
OvmfPkg/CloudHv/CloudHvX64.dsc | 5 ++++-
OvmfPkg/OvmfPkgIa32.dsc | 5 ++++-
OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++-
OvmfPkg/OvmfPkgX64.dsc | 5 ++++-
4 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc
b/OvmfPkg/CloudHv/CloudHvX64.dsc
index 8ac9227c5f50..3172100310b1 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -906,7 +906,10 @@ [Components]
#
# Variable driver stack (SMM)
#
- OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf
+ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf {
+ <LibraryClasses>
+ VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf
+ }

MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf

MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {
<LibraryClasses>
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 29eea82571c5..85abed24c1a7 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -956,7 +956,10 @@ [Components]
#
# Variable driver stack (SMM)
#
- OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf
+ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf {
+ <LibraryClasses>
+ VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf
+ }

MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf

MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {
<LibraryClasses>
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 56d3c49ab21a..a9c1daecc1a8 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -974,7 +974,10 @@ [Components.X64]
#
# Variable driver stack (SMM)
#
- OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf
+ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf {
+ <LibraryClasses>
+ VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf
+ }

MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf

MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {
<LibraryClasses>
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index f0924c0f9d0a..718399299f57 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -971,7 +971,10 @@ [Components]
#
# Variable driver stack (SMM)
#
- OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf
+ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf {
+ <LibraryClasses>
+ VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf
+ }

MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf

MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {
<LibraryClasses>
--
2.25.1