[PATCH 1/3] MdeModulePkg/MdeModulePkg.dec: add new PCD for UAF detection feature

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: Jian J Wang <jian.j.wang@intel.com>
To: edk2-devel@lists.01.org
Cc: Star Zeng <star.zeng@intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>, Ruiyu Ni <ruiyu.ni@intel.com>,
	Laszlo Ersek <lersek@redhat.com>
Subject: [PATCH 1/3] MdeModulePkg/MdeModulePkg.dec: add new PCD for UAF detection feature
Date: Fri, 19 Oct 2018 09:50:11 +0800	[thread overview]
Message-ID: <20181019015013.7488-2-jian.j.wang@intel.com> (raw)
In-Reply-To: <20181019015013.7488-1-jian.j.wang@intel.com>

UAF (Use-After-Free) memory detection is new feature introduced to
detect illegal access to memory which has been freed. The principle
behind is similar to heap guard feature, that is we'll turn all pool
memory allocation to page allocation and mark them to be not-present
once they are freed.

This also implies that, once a page is allocated and freed, it cannot
be re-allocated. This will bring another issue, which is that there's
risk that memory space will be used out. To address it, this patch
series add logic put part (at most 64 pages a time) of freed pages
back into page pool, so that the memory service can still have memory
to allocate, when all memory space have been allocated once. This is
called memory promotion. The promoted pages are always from the eldest
pages freed.

To use this feature, one can simply set following PCD to 1
  gEfiMdeModulePkgTokenSpaceGuid.PcdUseAfterFreeDetectionPropertyMask

Please note this feature cannot be used with heap guard feature controlled
by PCD gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
 MdeModulePkg/MdeModulePkg.dec | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 6037504fa7..83736cd761 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1029,6 +1029,12 @@
   # @Prompt Enable UEFI Stack Guard.
   gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|FALSE|BOOLEAN|0x30001055

+  ## This mask is to control Use-After-Free Memory Detection behavior.
+  #   BIT0    - Enable Use-After-Free memory detection for UEFI modules.<BR>
+  #   BIT1..7 - Reserved for future uses.<BR>
+  # @Prompt The Use-After-Free Memory Detection feature mask
+  gEfiMdeModulePkgTokenSpaceGuid.PcdUseAfterFreeDetectionPropertyMask|0x0|UINT8|0x30001056
+
 [PcdsFixedAtBuild, PcdsPatchableInModule]
   ## Dynamic type PCD can be registered callback function for Pcd setting action.
   #  PcdMaxPeiPcdCallBackNumberPerPcdEntry indicates the maximum number of callback function
-- 
2.16.2.windows.1

next prev parent reply	other threads:[~2018-10-19  1:50 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-10-19  1:50 [PATCH 0/3] Add use-after-free memory detection Jian J Wang
2018-10-19  1:50 ` Jian J Wang [this message]
2018-10-19 11:27   ` [PATCH 1/3] MdeModulePkg/MdeModulePkg.dec: add new PCD for UAF detection feature Laszlo Ersek
2018-10-22  2:20   ` Zeng, Star
2018-10-19  1:50 ` [PATCH 2/3] UefiCpuPkg/CpuDxe: fix an infinite loop issue Jian J Wang
2018-10-19 11:45   ` Laszlo Ersek
2018-10-22  7:23     ` Wang, Jian J
2018-10-19  1:50 ` [PATCH 3/3] MdeModulePkg/Core: add use-after-free memory detection Jian J Wang
2018-10-19 12:04   ` Laszlo Ersek
2018-10-22  7:34     ` Wang, Jian J
2018-10-22  2:53   ` Zeng, Star
2018-10-22  7:12     ` Wang, Jian J
2018-10-22  8:23       ` Zeng, Star
2018-10-23  1:24         ` Wang, Jian J
2018-10-23  3:14           ` Zeng, Star
2018-10-19  1:56 ` [PATCH 0/3] Add " Wang, Jian J

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6037504fa dfblob:83736cd76 )
 OR (
bs:"[PATCH 1/3] MdeModulePkg/MdeModulePkg.dec: add new PCD for UAF detection feature" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181019015013.7488-2-jian.j.wang@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox