OvmfPkg/IoMmuDxe: zero out pages before releasing them

Whenever we release the plaintext bounce buffer pages that were allocated
implicitly in Map() for BusMasterRead[64] and BusMasterWrite[64], we
restore the encryption mask on them. However, we should also rewrite the
area (fill it with zeros) so that the hypervisor is not left with a
plaintext view of the earlier data.

Similarly, whenever we release the plaintext common buffer pages that were
allocated explicitly in AllocateBuffer() for BusMasterCommonBuffer[64], we
restore the encryption mask on them.  However, we should also rewrite the
area (fill it with zeros) so that the hypervisor is not left with a
plaintext view of the earlier data.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>

OvmfPkg/IoMmuDxe/AmdSevIoMmu.c

@@ -280,6 +280,10 @@ IoMmuUnmap (
              TRUE
              );
   ASSERT_EFI_ERROR(Status);
+  ZeroMem (
+    (VOID*)(UINTN)MapInfo->PlainTextAddress,
+    EFI_PAGES_TO_SIZE (MapInfo->NumberOfPages)
+    );
 
   //
   // Free the mapped buffer and the MAP_INFO structure.
@@ -414,6 +418,7 @@ IoMmuFreeBuffer (
              TRUE
              );
   ASSERT_EFI_ERROR(Status);
+  ZeroMem (HostAddress, EFI_PAGES_TO_SIZE (Pages));
 
   DEBUG ((
     DEBUG_VERBOSE,