Whenever we release the plaintext bounce buffer pages that were allocated
implicitly in Map() for BusMasterRead[64] and BusMasterWrite[64], we
restore the encryption mask on them. However, we should also rewrite the
area (fill it with zeros) so that the hypervisor is not left with a
plaintext view of the earlier data.
Similarly, whenever we release the plaintext common buffer pages that were
allocated explicitly in AllocateBuffer() for BusMasterCommonBuffer[64], we
restore the encryption mask on them. However, we should also rewrite the
area (fill it with zeros) so that the hypervisor is not left with a
plaintext view of the earlier data.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
TRUE\r
);\r
ASSERT_EFI_ERROR(Status);\r
+ ZeroMem (\r
+ (VOID*)(UINTN)MapInfo->PlainTextAddress,\r
+ EFI_PAGES_TO_SIZE (MapInfo->NumberOfPages)\r
+ );\r
\r
//\r
// Free the mapped buffer and the MAP_INFO structure.\r
TRUE\r
);\r
ASSERT_EFI_ERROR(Status);\r
+ ZeroMem (HostAddress, EFI_PAGES_TO_SIZE (Pages));\r
\r
DEBUG ((\r
DEBUG_VERBOSE,\r