OvmfPkg/CcExitLib: Drop special handling for Encrypted MMIO to APIC

The current #VC handler guards against MMIO to addresses that are mapped
with the encryption bit set, but has an special exception for MMIO
accesses to the APIC base address so allow for early access during SEC.

Now that the SEC page table has the encryption bit cleared for the APIC
base address range, there is no longer any need for this special
handling. Go ahead and remove it.

Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>

1 files changed, 1 insertions, 11 deletions

diff --git a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c b/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
index 549375dfed..da8f1e5db9 100644
--- a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
+++ b/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
@@ -98,7 +98,7 @@ UnsupportedExit (
   Validate that the MMIO memory access is not to encrypted memory.

 

   Examine the pagetable entry for the memory specified. MMIO should not be

-  performed against encrypted memory. MMIO to the APIC page is always allowed.

+  performed against encrypted memory.

 

   @param[in] Ghcb           Pointer to the Guest-Hypervisor Communication Block

   @param[in] MemoryAddress  Memory address to validate

@@ -118,16 +118,6 @@ ValidateMmioMemory (
 {

   MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE  State;

   GHCB_EVENT_INJECTION                 GpEvent;

-  UINTN                                Address;

-

-  //

-  // Allow APIC accesses (which will have the encryption bit set during

-  // SEC and PEI phases).

-  //

-  Address = MemoryAddress & ~(SIZE_4KB - 1);

-  if (Address == GetLocalApicBaseAddress ()) {

-    return 0;

-  }

 

   State = MemEncryptSevGetAddressRangeState (

             0,