> v3 changes: > a. split from v2 #1 patch file. > b. refine the commit message and title.
UAF (Use-After-Free) memory issue is kind of illegal access to memory which has been freed. It can be detected by a new freed-memory guard enforced onto freed memory. BIT4 of following PCD is used to enable the freed-memory guard feature. gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask Please note this feature is for debug purpose and should not be enabled in product BIOS, and cannot be enabled with pool/page heap guard at the same time. It's disabled by default. Cc: Star Zeng <star.z...@intel.com> Cc: Michael D Kinney <michael.d.kin...@intel.com> Cc: Jiewen Yao <jiewen....@intel.com> Cc: Ruiyu Ni <ruiyu...@intel.com> Cc: Laszlo Ersek <ler...@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.w...@intel.com> --- MdeModulePkg/MdeModulePkg.dec | 6 ++++++ MdeModulePkg/MdeModulePkg.uni | 4 +++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 2009dbc5fd..255b92ea67 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -1011,14 +1011,20 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType|0x0|UINT64|0x30001053 ## This mask is to control Heap Guard behavior. + # # Note that due to the limit of pool memory implementation and the alignment # requirement of UEFI spec, BIT7 is a try-best setting which cannot guarantee # that the returned pool is exactly adjacent to head guard page or tail guard # page. + # + # Note that UEFI freed-memory guard and pool/page guard cannot be enabled + # at the same time. + # # BIT0 - Enable UEFI page guard.<BR> # BIT1 - Enable UEFI pool guard.<BR> # BIT2 - Enable SMM page guard.<BR> # BIT3 - Enable SMM pool guard.<BR> + # BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory detection).<BR> # BIT6 - Enable non-stop mode.<BR> # BIT7 - The direction of Guard Page for Pool Guard. # 0 - The returned pool is near the tail guard page.<BR> diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni index 9d2e473fa9..e72b893509 100644 --- a/MdeModulePkg/MdeModulePkg.uni +++ b/MdeModulePkg/MdeModulePkg.uni @@ -1227,11 +1227,13 @@ "Note that due to the limit of pool memory implementation and the alignment\n" "requirement of UEFI spec, BIT7 is a try-best setting which cannot guarantee\n" "that the returned pool is exactly adjacent to head guard page or tail guard\n" - "page.\n" + "page.\n\n" + "Note that UEFI freed-memory guard and pool/page guard cannot be enabled at the same time.\n\n" " BIT0 - Enable UEFI page guard.<BR>\n" " BIT1 - Enable UEFI pool guard.<BR>\n" " BIT2 - Enable SMM page guard.<BR>\n" " BIT3 - Enable SMM pool guard.<BR>\n" + " BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory detection).<BR>\n" " BIT7 - The direction of Guard Page for Pool Guard.\n" " 0 - The returned pool is near the tail guard page.<BR>\n" " 1 - The returned pool is near the head guard page.<BR>" -- 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel