On Thu, 19 Dec 2019 at 22:05, Matthew Garrett <mjg59@xxxxxxxxxx> wrote:
>
> On Wed, Dec 18, 2019 at 9:03 AM Ard Biesheuvel <ardb@xxxxxxxxxx> wrote:
> > + status = efi_call_early(create_event, EVT_SIGNAL_EXIT_BOOT_SERVICES,
> > + TPL_CALLBACK, handle_exit_boot_services_event,
> > + NULL, &exit_boot_services_event);
> > + if (status != EFI_SUCCESS) {
> > + pr_efi_err("Failed to register for EBS() event\n");
> > + goto free_handle;
> > + }
>
> OVMF's SEV implementation appears to tear down AMD's IOMMU mappings at
> EVT_SIGNAL_EXIT_BOOT_SERVICES. How are we ensuring that this happens
> first?
It doesn't, and that is kind of the point. The only guarantee you have
is that this runs before ExitBootServices() returns, but after any
other callbacks that have been registered. I know this is not 100%
what you're after, but it is the only way we can avoid poking devices
behind the backs of their drivers.
So this approach is what i am willing to accept for mainline, and I
would even start out by enabling it by default to get the most
coverage. If you need something stronger, I understand but I don't
think it belongs in mainline.
