From: Brijesh Singh <brijesh.singh@amd.com>
To: edk2-devel@lists.01.org
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Brijesh Singh <brijesh.singh@amd.com>,
Laszlo Ersek <lersek@redhat.com>,
Jordan Justen <jordan.l.justen@intel.com>
Subject: [PATCH v1 3/4] OvmfPkg: IommuDxe: Zero the shared page(s) on Unmap()
Date: Mon, 31 Jul 2017 15:31:13 -0400 [thread overview]
Message-ID: <1501529474-20550-4-git-send-email-brijesh.singh@amd.com> (raw)
In-Reply-To: <1501529474-20550-1-git-send-email-brijesh.singh@amd.com>
To support the Map(), we allocate bounce buffer with C-bit cleared,
the buffer is referred as a DeviceAddress. Typically, DeviceAddress
is used as communication block between guest and hypervisor. When
guest is done with communication block, it calls Unmap().The Unmap()
free's the DeviceAddress, if we do not clear the content of shared
communication block during Unmap() then data remains readble to the
hypervisor for an unpredicatable time. Let's zero the bounce buffer
after we are done using it.
I did some benchmark and did not see any measure perform impact of
zeroing the page(s).
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c
index 5ae54482fffe..04e3725ff7e6 100644
--- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c
+++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c
@@ -67,8 +67,7 @@ SetBufferAsEncDec (
// buffer matches with same encryption mask.
//
if (!Enc) {
- Status = MemEncryptSevClearPageEncMask (0, MapInfo->DeviceAddress,
- MapInfo->NumberOfPages, TRUE);
+ Status = MemEncryptSevClearPageEncMask (0, TempBuffer, MapInfo->NumberOfPages, TRUE);
ASSERT_EFI_ERROR (Status);
}
@@ -79,7 +78,7 @@ SetBufferAsEncDec (
//
CopyMem (
(VOID *) (UINTN) TempBuffer,
- (VOID *) (UINTN)MapInfo->HostAddress,
+ (VOID *) (UINTN) MapInfo->HostAddress,
MapInfo->NumberOfBytes);
//
@@ -109,11 +108,8 @@ SetBufferAsEncDec (
//
// Restore the encryption mask of the intermediate buffer
//
- if (!Enc) {
- Status = MemEncryptSevSetPageEncMask (0, MapInfo->DeviceAddress,
- MapInfo->NumberOfPages, TRUE);
- ASSERT_EFI_ERROR (Status);
- }
+ Status = MemEncryptSevSetPageEncMask (0, TempBuffer, MapInfo->NumberOfPages, TRUE);
+ ASSERT_EFI_ERROR (Status);
//
// Free the intermediate buffer
@@ -386,6 +382,12 @@ IoMmuUnmap (
ASSERT_EFI_ERROR(Status);
//
+ // Zero the shared memory so that hypervisor no longer able to get intelligentable
+ // data.
+ //
+ SetMem ((VOID *) (UINTN)MapInfo->DeviceAddress, MapInfo->NumberOfBytes, 0);
+
+ //
// Free the bounce buffer
//
gBS->FreePages (MapInfo->DeviceAddress, MapInfo->NumberOfPages);
--
2.7.4
next prev parent reply other threads:[~2017-07-31 19:29 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-31 19:31 [PATCH v1 0/4] OvmfPkg : IoMmuDxe: BusMasterCommonBuffer support when SEV is active Brijesh Singh
2017-07-31 19:31 ` [PATCH v1 1/4] OvmfPkg: IommuDxe: Do not clear C-bit in Allocate() and Free() Brijesh Singh
2017-08-01 20:42 ` Laszlo Ersek
2017-07-31 19:31 ` [PATCH v1 2/4] OvmfPkg: IommuDxe: Provide support for mapping BusMasterCommonBuffer operation Brijesh Singh
2017-07-31 19:49 ` Ard Biesheuvel
2017-07-31 20:27 ` Brijesh Singh
2017-08-01 20:52 ` Laszlo Ersek
2017-08-01 21:59 ` Laszlo Ersek
2017-08-01 23:51 ` Brijesh Singh
2017-08-02 8:41 ` Laszlo Ersek
2017-07-31 19:31 ` Brijesh Singh [this message]
2017-07-31 19:38 ` [PATCH v1 3/4] OvmfPkg: IommuDxe: Zero the shared page(s) on Unmap() Brijesh Singh
2017-08-02 7:37 ` Laszlo Ersek
2017-08-02 11:22 ` Brijesh Singh
2017-08-02 12:52 ` Laszlo Ersek
2017-07-31 19:31 ` [PATCH v1 4/4] OvmfPkg : QemuFwCfgLib: Map DMA buffer with CommonBuffer when SEV is enable Brijesh Singh
2017-08-02 8:09 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1501529474-20550-4-git-send-email-brijesh.singh@amd.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox