On 07/31/17 21:31, Brijesh Singh wrote: > To support the Map(), we allocate bounce buffer with C-bit cleared, > the buffer is referred as a DeviceAddress. Typically, DeviceAddress > is used as communication block between guest and hypervisor. When > guest is done with communication block, it calls Unmap().The Unmap() > free's the DeviceAddress, if we do not clear the content of shared > communication block during Unmap() then data remains readble to the > hypervisor for an unpredicatable time. Let's zero the bounce buffer > after we are done using it. > > I did some benchmark and did not see any measure perform impact of > zeroing the page(s). > > Suggested-by: Laszlo Ersek <[email protected]> > Contributed-under: TianoCore Contribution Agreement 1.0 > Cc: Laszlo Ersek <[email protected]> > Cc: Jordan Justen <[email protected]> > Signed-off-by: Brijesh Singh <[email protected]> > --- > OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 18 ++++++++++-------- > 1 file changed, 10 insertions(+), 8 deletions(-) > > diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c > index 5ae54482fffe..04e3725ff7e6 100644 > --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c > +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c > @@ -67,8 +67,7 @@ SetBufferAsEncDec ( > // buffer matches with same encryption mask. > // > if (!Enc) { > - Status = MemEncryptSevClearPageEncMask (0, MapInfo->DeviceAddress, > - MapInfo->NumberOfPages, TRUE); > + Status = MemEncryptSevClearPageEncMask (0, TempBuffer, > MapInfo->NumberOfPages, TRUE); > ASSERT_EFI_ERROR (Status); > } > > @@ -79,7 +78,7 @@ SetBufferAsEncDec ( > // > CopyMem ( > (VOID *) (UINTN) TempBuffer, > - (VOID *) (UINTN)MapInfo->HostAddress, > + (VOID *) (UINTN) MapInfo->HostAddress, > MapInfo->NumberOfBytes); > > // > @@ -109,11 +108,8 @@ SetBufferAsEncDec ( > // > // Restore the encryption mask of the intermediate buffer > // > - if (!Enc) { > - Status = MemEncryptSevSetPageEncMask (0, MapInfo->DeviceAddress, > - MapInfo->NumberOfPages, TRUE); > - ASSERT_EFI_ERROR (Status); > - } > + Status = MemEncryptSevSetPageEncMask (0, TempBuffer, > MapInfo->NumberOfPages, TRUE); > + ASSERT_EFI_ERROR (Status); > > // > // Free the intermediate buffer > @@ -386,6 +382,12 @@ IoMmuUnmap ( > ASSERT_EFI_ERROR(Status); > > // > + // Zero the shared memory so that hypervisor no longer able to get > intelligentable > + // data. > + // > + SetMem ((VOID *) (UINTN)MapInfo->DeviceAddress, MapInfo->NumberOfBytes, 0);
Please use ZeroMem(). Furthermore, ZeroMem() should occur just before every FreePages() call: - when Unmap() releases the implicitly allocated bounce buffer - when FreeBuffer() releases the explicitly allocated common buffer (I thought I spelled this out in my previous email(s), but in retrospect it seems I only intended to :/ ) - in the virtio drivers' exit-boot-services callbacks, FreeBuffer() can't be called (only Unmap(), after the virtio reset), so the ZeroMem() should be done manually there. Thanks Laszlo > + > + // > // Free the bounce buffer > // > gBS->FreePages (MapInfo->DeviceAddress, MapInfo->NumberOfPages); > _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
