Re: [edk2] [PATCH v3 2/6] MdeModulePkg: introduce UEFI freed-memory guard bit in HeapGuard PCD

Wed, 24 Oct 2018 21:23:53 -0700 

Star,

Regards,
Jian


> -----Original Message-----
> From: Zeng, Star
> Sent: Thursday, October 25, 2018 11:02 AM
> To: Wang, Jian J <jian.j.w...@intel.com>; edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kin...@intel.com>; Ni, Ruiyu
> <ruiyu...@intel.com>; Yao, Jiewen <jiewen....@intel.com>; Laszlo Ersek
> <ler...@redhat.com>; Zeng, Star <star.z...@intel.com>
> Subject: Re: [edk2] [PATCH v3 2/6] MdeModulePkg: introduce UEFI freed-
> memory guard bit in HeapGuard PCD
> 
> On 2018/10/24 13:26, Jian J Wang wrote:
> >> v3 changes:
> >> a. split from v2 #1 patch file.
> >> b. refine the commit message and title.
> >
> > UAF (Use-After-Free) memory issue is kind of illegal access to memory
> > which has been freed. It can be detected by a new freed-memory guard
> > enforced onto freed memory.
> >
> > BIT4 of following PCD is used to enable the freed-memory guard feature.
> >
> >    gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask
> >
> > Please note this feature is for debug purpose and should not be enabled
> 
> Suggest also adding this information into the PCD description.
> Pool/page heap guard also has same condition, right?
> If yes, we can have a generic sentence for whole PCD.
> 
> With this addressed, Reviewed-by: Star Zeng <star.z...@intel.com>.
> 

Sure. I'll update the dec/uni file with it. Thanks.

> 
> Thanks,
> Star
> 
> > in product BIOS, and cannot be enabled with pool/page heap guard at the
> > same time. It's disabled by default.
> >
> > Cc: Star Zeng <star.z...@intel.com>
> > Cc: Michael D Kinney <michael.d.kin...@intel.com>
> > Cc: Jiewen Yao <jiewen....@intel.com>
> > Cc: Ruiyu Ni <ruiyu...@intel.com>
> > Cc: Laszlo Ersek <ler...@redhat.com>
> > Contributed-under: TianoCore Contribution Agreement 1.1
> > Signed-off-by: Jian J Wang <jian.j.w...@intel.com>
> > ---
> >   MdeModulePkg/MdeModulePkg.dec | 6 ++++++
> >   MdeModulePkg/MdeModulePkg.uni | 4 +++-
> >   2 files changed, 9 insertions(+), 1 deletion(-)
> >
> > diff --git a/MdeModulePkg/MdeModulePkg.dec
> b/MdeModulePkg/MdeModulePkg.dec
> > index 2009dbc5fd..255b92ea67 100644
> > --- a/MdeModulePkg/MdeModulePkg.dec
> > +++ b/MdeModulePkg/MdeModulePkg.dec
> > @@ -1011,14 +1011,20 @@
> >
> gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType|0x0|UINT64|0x30
> 001053
> >
> >     ## This mask is to control Heap Guard behavior.
> > +  #
> >     # Note that due to the limit of pool memory implementation and the
> alignment
> >     # requirement of UEFI spec, BIT7 is a try-best setting which cannot
> guarantee
> >     # that the returned pool is exactly adjacent to head guard page or tail 
> > guard
> >     # page.
> > +  #
> > +  # Note that UEFI freed-memory guard and pool/page guard cannot be
> enabled
> > +  # at the same time.
> > +  #
> >     #   BIT0 - Enable UEFI page guard.<BR>
> >     #   BIT1 - Enable UEFI pool guard.<BR>
> >     #   BIT2 - Enable SMM page guard.<BR>
> >     #   BIT3 - Enable SMM pool guard.<BR>
> > +  #   BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory
> detection).<BR>
> >     #   BIT6 - Enable non-stop mode.<BR>
> >     #   BIT7 - The direction of Guard Page for Pool Guard.
> >     #          0 - The returned pool is near the tail guard page.<BR>
> > diff --git a/MdeModulePkg/MdeModulePkg.uni
> b/MdeModulePkg/MdeModulePkg.uni
> > index 9d2e473fa9..e72b893509 100644
> > --- a/MdeModulePkg/MdeModulePkg.uni
> > +++ b/MdeModulePkg/MdeModulePkg.uni
> > @@ -1227,11 +1227,13 @@
> >                                                                             
> >                   "Note that due to the limit
> of pool memory implementation and the alignment\n"
> >                                                                             
> >                   "requirement of UEFI spec,
> BIT7 is a try-best setting which cannot guarantee\n"
> >                                                                             
> >                   "that the returned pool is
> exactly adjacent to head guard page or tail guard\n"
> > -                                                                           
> >                  "page.\n"
> > +                                                                           
> >                  "page.\n\n"
> > +                                                                           
> >                  "Note that UEFI freed-
> memory guard and pool/page guard cannot be enabled at the same time.\n\n"
> >                                                                             
> >                   "   BIT0 - Enable UEFI page
> guard.<BR>\n"
> >                                                                             
> >                   "   BIT1 - Enable UEFI pool
> guard.<BR>\n"
> >                                                                             
> >                   "   BIT2 - Enable SMM page
> guard.<BR>\n"
> >                                                                             
> >                   "   BIT3 - Enable SMM pool
> guard.<BR>\n"
> > +                                                                           
> >                  "   BIT4 - Enable UEFI
> freed-memory guard (Use-After-Free memory detection).<BR>\n"
> >                                                                             
> >                   "   BIT7 - The direction of
> Guard Page for Pool Guard.\n"
> >                                                                             
> >                   "          0 - The returned
> pool is near the tail guard page.<BR>\n"
> >                                                                             
> >                   "          1 - The returned
> pool is near the head guard page.<BR>"
> >

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to