public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH v1 0/1] SMM memory management: Inspect memory guarded with pool headers
@ 2022-03-16  3:59 Kun Qin
  2022-03-16  3:59 ` [PATCH v1 1/1] MdeModulePkg: PiSmmCore: " Kun Qin
  0 siblings, 1 reply; 6+ messages in thread
From: Kun Qin @ 2022-03-16  3:59 UTC (permalink / raw)
  To: devel; +Cc: Jiewen Yao, Eric Dong, Ray Ni, Jian J Wang, Liming Gao

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3488

Current free pool routine from PiSmmCore will inspect memory guard status
for target buffer without considering pool headers. This could lead to
`IsMemoryGuarded` function to return incorrect results.

i.e. A 0-sized pool that is configured to be near tail guard page, it
could cause the returned region points into a guard page, which is legal.
However, trying to free this 0 sized pool will cause `IsMemoryGuarded` to
access guard page, which leads to page fault.

This change will inspect memory guarded with pool headers. This can avoid
errors when a pool content happens to be on a page boundary.

Patch v1 branch: https://github.com/kuqin12/edk2/tree/mm_zero_sized_pool

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>

Kun Qin (1):
  MdeModulePkg: PiSmmCore: Inspect memory guarded with pool headers

 MdeModulePkg/Core/PiSmmCore/Pool.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

-- 
2.35.1.windows.2


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2022-04-22  5:47 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-03-16  3:59 [PATCH v1 0/1] SMM memory management: Inspect memory guarded with pool headers Kun Qin
2022-03-16  3:59 ` [PATCH v1 1/1] MdeModulePkg: PiSmmCore: " Kun Qin
2022-03-18  1:20   ` 回复: [edk2-devel] " gaoliming
2022-03-28 21:57     ` Kun Qin
2022-04-21 20:50       ` Kun Qin
2022-04-22  5:47   ` Wang, Jian J

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox