From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.20; helo=mga02.intel.com; envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 7110E2117AE6F for ; Thu, 18 Oct 2018 18:50:20 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Oct 2018 18:50:20 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,397,1534834800"; d="scan'208";a="79898976" Received: from shwdeopenpsi777.ccr.corp.intel.com ([10.239.158.27]) by fmsmga008.fm.intel.com with ESMTP; 18 Oct 2018 18:50:18 -0700 From: Jian J Wang To: edk2-devel@lists.01.org Cc: Star Zeng , Michael D Kinney , Jiewen Yao , Ruiyu Ni , Laszlo Ersek Date: Fri, 19 Oct 2018 09:50:11 +0800 Message-Id: <20181019015013.7488-2-jian.j.wang@intel.com> X-Mailer: git-send-email 2.16.2.windows.1 In-Reply-To: <20181019015013.7488-1-jian.j.wang@intel.com> References: <20181019015013.7488-1-jian.j.wang@intel.com> Subject: [PATCH 1/3] MdeModulePkg/MdeModulePkg.dec: add new PCD for UAF detection feature X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Oct 2018 01:50:20 -0000 UAF (Use-After-Free) memory detection is new feature introduced to detect illegal access to memory which has been freed. The principle behind is similar to heap guard feature, that is we'll turn all pool memory allocation to page allocation and mark them to be not-present once they are freed. This also implies that, once a page is allocated and freed, it cannot be re-allocated. This will bring another issue, which is that there's risk that memory space will be used out. To address it, this patch series add logic put part (at most 64 pages a time) of freed pages back into page pool, so that the memory service can still have memory to allocate, when all memory space have been allocated once. This is called memory promotion. The promoted pages are always from the eldest pages freed. To use this feature, one can simply set following PCD to 1 gEfiMdeModulePkgTokenSpaceGuid.PcdUseAfterFreeDetectionPropertyMask Please note this feature cannot be used with heap guard feature controlled by PCD gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask. Cc: Star Zeng Cc: Michael D Kinney Cc: Jiewen Yao Cc: Ruiyu Ni Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang --- MdeModulePkg/MdeModulePkg.dec | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 6037504fa7..83736cd761 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -1029,6 +1029,12 @@ # @Prompt Enable UEFI Stack Guard. gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|FALSE|BOOLEAN|0x30001055 + ## This mask is to control Use-After-Free Memory Detection behavior. + # BIT0 - Enable Use-After-Free memory detection for UEFI modules.
+ # BIT1..7 - Reserved for future uses.
+ # @Prompt The Use-After-Free Memory Detection feature mask + gEfiMdeModulePkgTokenSpaceGuid.PcdUseAfterFreeDetectionPropertyMask|0x0|UINT8|0x30001056 + [PcdsFixedAtBuild, PcdsPatchableInModule] ## Dynamic type PCD can be registered callback function for Pcd setting action. # PcdMaxPeiPcdCallBackNumberPerPcdEntry indicates the maximum number of callback function -- 2.16.2.windows.1