From bc1c2e49acbc8ccaf9f1b4f0c93470b4791539dc Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 2 Aug 2017 11:53:53 +0200
Subject: [PATCH] OvmfPkg/IoMmuDxe: zero out pages before releasing them

Whenever we release the plaintext bounce buffer pages that were allocated
implicitly in Map() for BusMasterRead[64] and BusMasterWrite[64], we
restore the encryption mask on them. However, we should also rewrite the
area (fill it with zeros) so that the hypervisor is not left with a
plaintext view of the earlier data.

Similarly, whenever we release the plaintext common buffer pages that were
allocated explicitly in AllocateBuffer() for BusMasterCommonBuffer[64], we
restore the encryption mask on them.  However, we should also rewrite the
area (fill it with zeros) so that the hypervisor is not left with a
plaintext view of the earlier data.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c
index 8c2c23356a..d899b0ab9e 100644
--- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c
+++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c
@@ -280,6 +280,10 @@ IoMmuUnmap (
              TRUE
              );
   ASSERT_EFI_ERROR(Status);
+  ZeroMem (
+    (VOID*)(UINTN)MapInfo->PlainTextAddress,
+    EFI_PAGES_TO_SIZE (MapInfo->NumberOfPages)
+    );
 
   //
   // Free the mapped buffer and the MAP_INFO structure.
@@ -414,6 +418,7 @@ IoMmuFreeBuffer (
              TRUE
              );
   ASSERT_EFI_ERROR(Status);
+  ZeroMem (HostAddress, EFI_PAGES_TO_SIZE (Pages));
 
   DEBUG ((
     DEBUG_VERBOSE,
-- 
2.39.2