From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5E29121D49C6B for ; Wed, 2 Aug 2017 05:50:49 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 49E90C0587E8; Wed, 2 Aug 2017 12:52:59 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 49E90C0587E8 Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=lersek@redhat.com Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-47.phx2.redhat.com [10.3.116.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id B750C7F46E; Wed, 2 Aug 2017 12:52:57 +0000 (UTC) To: Brijesh Singh , edk2-devel@lists.01.org Cc: Tom Lendacky , Jordan Justen , Ard Biesheuvel References: <1501529474-20550-1-git-send-email-brijesh.singh@amd.com> <1501529474-20550-4-git-send-email-brijesh.singh@amd.com> <58dc46c4-59ae-4743-214a-df25b138303b@redhat.com> <8a9d77fe-3831-c644-381f-d5e18fa8a3ca@amd.com> From: Laszlo Ersek Message-ID: Date: Wed, 2 Aug 2017 14:52:56 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <8a9d77fe-3831-c644-381f-d5e18fa8a3ca@amd.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Wed, 02 Aug 2017 12:52:59 +0000 (UTC) Subject: Re: [PATCH v1 3/4] OvmfPkg: IommuDxe: Zero the shared page(s) on Unmap() X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Aug 2017 12:50:49 -0000 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 08/02/17 13:22, Brijesh Singh wrote: > > > On 8/2/17 2:37 AM, Laszlo Ersek wrote: >> // >>> + // Zero the shared memory so that hypervisor no longer able to get intelligentable >>> + // data. >>> + // >>> + SetMem ((VOID *) (UINTN)MapInfo->DeviceAddress, MapInfo->NumberOfBytes, 0); >> Please use ZeroMem(). >> >> Furthermore, ZeroMem() should occur just before every FreePages() call: >> - when Unmap() releases the implicitly allocated bounce buffer >> - when FreeBuffer() releases the explicitly allocated common buffer >> (I thought I spelled this out in my previous email(s), but in >> retrospect it seems I only intended to :/ ) >> - in the virtio drivers' exit-boot-services callbacks, FreeBuffer() >> can't be called (only Unmap(), after the virtio reset), so the >> ZeroMem() should be done manually there. > > Not sure why do we need to ZeroMem() when FreeBuffer() is called for > explicitly allocated common buffer ? I thought before calling the > FreeBuffer() on common buffer, client will call Unmap() which will > restore the C-bit state on the common buffer and also update the > contents (i.e now common buffer will contain encrypted data). > My bad, you are totally right -- when I wrote the above, I actually reviewed the "BusMasterCommonBuffer" section of my earlier message http://mid.mail-archive.com/e1137140-f5d5-7eb8-0162-952694b24f96@redhat.com and I totally missed that in that message I had written "Client calls Unmap(). Unmap() restores the C bit in one fell swoop, and encrypts the buffer in-place (by bouncing it page-wise to the static array and back)." Sigh. Need more rest. Thanks for catching my error! Laszlo