I just realized that this patch contains some changes which should be part of Patch 2/3. Please ignore this patch for now. I will fix it as part of v2 when addressing review feedback. thanks
-Brijesh On 07/31/2017 02:31 PM, Brijesh Singh wrote:
To support the Map(), we allocate bounce buffer with C-bit cleared, the buffer is referred as a DeviceAddress. Typically, DeviceAddress is used as communication block between guest and hypervisor. When guest is done with communication block, it calls Unmap().The Unmap() free's the DeviceAddress, if we do not clear the content of shared communication block during Unmap() then data remains readble to the hypervisor for an unpredicatable time. Let's zero the bounce buffer after we are done using it. I did some benchmark and did not see any measure perform impact of zeroing the page(s). Suggested-by: Laszlo Ersek <ler...@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.0 Cc: Laszlo Ersek <ler...@redhat.com> Cc: Jordan Justen <jordan.l.jus...@intel.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c index 5ae54482fffe..04e3725ff7e6 100644 --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c @@ -67,8 +67,7 @@ SetBufferAsEncDec ( // buffer matches with same encryption mask. // if (!Enc) { - Status = MemEncryptSevClearPageEncMask (0, MapInfo->DeviceAddress, - MapInfo->NumberOfPages, TRUE); + Status = MemEncryptSevClearPageEncMask (0, TempBuffer, MapInfo->NumberOfPages, TRUE); ASSERT_EFI_ERROR (Status); }@@ -79,7 +78,7 @@ SetBufferAsEncDec (// CopyMem ( (VOID *) (UINTN) TempBuffer, - (VOID *) (UINTN)MapInfo->HostAddress, + (VOID *) (UINTN) MapInfo->HostAddress, MapInfo->NumberOfBytes);//@@ -109,11 +108,8 @@ SetBufferAsEncDec ( // // Restore the encryption mask of the intermediate buffer // - if (!Enc) { - Status = MemEncryptSevSetPageEncMask (0, MapInfo->DeviceAddress, - MapInfo->NumberOfPages, TRUE); - ASSERT_EFI_ERROR (Status); - } + Status = MemEncryptSevSetPageEncMask (0, TempBuffer, MapInfo->NumberOfPages, TRUE); + ASSERT_EFI_ERROR (Status);//// Free the intermediate buffer @@ -386,6 +382,12 @@ IoMmuUnmap ( ASSERT_EFI_ERROR(Status);//+ // Zero the shared memory so that hypervisor no longer able to get intelligentable + // data. + // + SetMem ((VOID *) (UINTN)MapInfo->DeviceAddress, MapInfo->NumberOfBytes, 0); + + // // Free the bounce buffer // gBS->FreePages (MapInfo->DeviceAddress, MapInfo->NumberOfPages);
_______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
