On 08/29/17 16:02, Brijesh Singh wrote: > > > On 08/28/2017 07:39 AM, Laszlo Ersek wrote: >> There's a small window between >> >> - AllocFwCfgDmaAccessBuffer() mapping the new FW_CFG_DMA_ACCESS object >> for >> common buffer operation (i.e., decrypting it), and >> >> - InternalQemuFwCfgDmaBytes() setting the fields of the object. >> >> In this window, earlier garbage in the object is "leaked" to the >> hypervisor. So zero the object before we decrypt it. >> >> (This commit message references AMD SEV directly, because QemuFwCfgDxeLib >> is not *generally* enabled for IOMMU operation just yet, unlike our goal >> for the virtio infrastructure. Instead, QemuFwCfgDxeLib uses >> MemEncryptSevLib explicitly to detect SEV, and then relies on IOMMU >> protocol behavior that is specific to SEV. At this point, this is by >> design.) >> >> Cc: Brijesh Singh <[email protected]> >> Cc: Jordan Justen <[email protected]> >> Cc: Tom Lendacky <[email protected]> >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Laszlo Ersek <[email protected]> > > > Reviewed-by: Brijesh Singh <[email protected]>
Thank you guys for the reviews, pushed as commit d431d8339e8b. Laszlo _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
