> v3 changes:
> a. split from v2 #1 patch file.
> b. refine the commit message and title.
UAF (Use-After-Free) memory issue is kind of illegal access to memory
which has been freed. It can be detected by a new freed-memory guard
enforced onto freed memory.
BIT4 of following PCD is used to enable the freed-memory guard feature.
gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask
Please note this feature is for debug purpose and should not be enabled
in product BIOS, and cannot be enabled with pool/page heap guard at the
same time. It's disabled by default.
Cc: Star Zeng <star.z...@intel.com>
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Ruiyu Ni <ruiyu...@intel.com>
Cc: Laszlo Ersek <ler...@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.w...@intel.com>
---
MdeModulePkg/MdeModulePkg.dec | 6 ++++++
MdeModulePkg/MdeModulePkg.uni | 4 +++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 2009dbc5fd..255b92ea67 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1011,14 +1011,20 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType|0x0|UINT64|0x30001053
## This mask is to control Heap Guard behavior.
+ #
# Note that due to the limit of pool memory implementation and the alignment
# requirement of UEFI spec, BIT7 is a try-best setting which cannot guarantee
# that the returned pool is exactly adjacent to head guard page or tail guard
# page.
+ #
+ # Note that UEFI freed-memory guard and pool/page guard cannot be enabled
+ # at the same time.
+ #
# BIT0 - Enable UEFI page guard.<BR>
# BIT1 - Enable UEFI pool guard.<BR>
# BIT2 - Enable SMM page guard.<BR>
# BIT3 - Enable SMM pool guard.<BR>
+ # BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory
detection).<BR>
# BIT6 - Enable non-stop mode.<BR>
# BIT7 - The direction of Guard Page for Pool Guard.
# 0 - The returned pool is near the tail guard page.<BR>
diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni
index 9d2e473fa9..e72b893509 100644
--- a/MdeModulePkg/MdeModulePkg.uni
+++ b/MdeModulePkg/MdeModulePkg.uni
@@ -1227,11 +1227,13 @@
"Note that due to the limit of pool memory implementation and the
alignment\n"
"requirement of UEFI spec, BIT7 is a try-best setting which cannot
guarantee\n"
"that the returned pool is exactly adjacent to head guard page or
tail guard\n"
-
"page.\n"
+
"page.\n\n"
+
"Note that UEFI freed-memory guard and pool/page guard cannot be
enabled at the same time.\n\n"
" BIT0 - Enable UEFI page guard.<BR>\n"
" BIT1 - Enable UEFI pool guard.<BR>\n"
" BIT2 - Enable SMM page guard.<BR>\n"
" BIT3 - Enable SMM pool guard.<BR>\n"
+
" BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory
detection).<BR>\n"
" BIT7 - The direction of Guard Page for Pool Guard.\n"
" 0 - The returned pool is near the tail guard
page.<BR>\n"
" 1 - The returned pool is near the head guard page.<BR>"
--
2.16.2.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
