From: Jian J Wang <jian.j.wang@intel.com>
To: edk2-devel@lists.01.org
Cc: Star Zeng <star.zeng@intel.com>,
Michael D Kinney <michael.d.kinney@intel.com>,
Jiewen Yao <jiewen.yao@intel.com>, Ruiyu Ni <ruiyu.ni@intel.com>,
Laszlo Ersek <lersek@redhat.com>
Subject: [PATCH v2 1/5] MdeModulePkg/MdeModulePkg.dec: update PCD description for new feature
Date: Tue, 23 Oct 2018 22:53:27 +0800 [thread overview]
Message-ID: <20181023145331.5768-2-jian.j.wang@intel.com> (raw)
In-Reply-To: <20181023145331.5768-1-jian.j.wang@intel.com>
> v2 changes:
> a. Drop PCD PcdUseAfterFreeDetectionPropertyMask. Use BIT4 of
> PcdHeapGuardPropertyMask instead. Update related descriptions in both
> dec and uni files.
Freed-memory guard is used to detect UAF (Use-After-Free) memory issue
which is illegal access to memory which has been freed. The principle
behind is similar to heap guard feature, that is we'll turn all pool
memory allocation to page allocation and mark them to be not-present
once they are freed.
This also implies that, once a page is allocated and freed, it cannot
be re-allocated. This will bring another issue, which is that there's
risk that memory space will be used out. To address it, this patch
series add logic put part (at most 64 pages a time) of freed pages
back into page pool, so that the memory service can still have memory
to allocate, when all memory space have been allocated once. This is
called memory promotion. The promoted pages are always from the eldest
pages freed.
BIT4 of following PCD is used to enable the freed-memory guard feature.
gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask
Please note this feature cannot be enabled with heap guard at the same
time.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
MdeModulePkg/MdeModulePkg.dec | 10 ++++++++++
MdeModulePkg/MdeModulePkg.uni | 6 +++++-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 6037504fa7..255b92ea67 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -955,6 +955,8 @@
# free pages for all of them. The page allocation for the type related to
# cleared bits keeps the same as ususal.
#
+ # This PCD is only valid if BIT0 and/or BIT2 are set in PcdHeapGuardPropertyMask.
+ #
# Below is bit mask for this PCD: (Order is same as UEFI spec)<BR>
# EfiReservedMemoryType 0x0000000000000001<BR>
# EfiLoaderCode 0x0000000000000002<BR>
@@ -984,6 +986,8 @@
# if there's enough free memory for all of them. The pool allocation for the
# type related to cleared bits keeps the same as ususal.
#
+ # This PCD is only valid if BIT1 and/or BIT3 are set in PcdHeapGuardPropertyMask.
+ #
# Below is bit mask for this PCD: (Order is same as UEFI spec)<BR>
# EfiReservedMemoryType 0x0000000000000001<BR>
# EfiLoaderCode 0x0000000000000002<BR>
@@ -1007,14 +1011,20 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType|0x0|UINT64|0x30001053
## This mask is to control Heap Guard behavior.
+ #
# Note that due to the limit of pool memory implementation and the alignment
# requirement of UEFI spec, BIT7 is a try-best setting which cannot guarantee
# that the returned pool is exactly adjacent to head guard page or tail guard
# page.
+ #
+ # Note that UEFI freed-memory guard and pool/page guard cannot be enabled
+ # at the same time.
+ #
# BIT0 - Enable UEFI page guard.<BR>
# BIT1 - Enable UEFI pool guard.<BR>
# BIT2 - Enable SMM page guard.<BR>
# BIT3 - Enable SMM pool guard.<BR>
+ # BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory detection).<BR>
# BIT6 - Enable non-stop mode.<BR>
# BIT7 - The direction of Guard Page for Pool Guard.
# 0 - The returned pool is near the tail guard page.<BR>
diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni
index a6bcb627cf..e72b893509 100644
--- a/MdeModulePkg/MdeModulePkg.uni
+++ b/MdeModulePkg/MdeModulePkg.uni
@@ -1171,6 +1171,7 @@
" before and after corresponding type of pages allocated if there's enough\n"
" free pages for all of them. The page allocation for the type related to\n"
" cleared bits keeps the same as ususal.\n\n"
+ " This PCD is only valid if BIT0 and/or BIT2 are set in PcdHeapGuardPropertyMask.\n\n"
" Below is bit mask for this PCD: (Order is same as UEFI spec)<BR>\n"
" EfiReservedMemoryType 0x0000000000000001\n"
" EfiLoaderCode 0x0000000000000002\n"
@@ -1198,6 +1199,7 @@
" before and after corresponding type of pages which the allocated pool occupies,\n"
" if there's enough free memory for all of them. The pool allocation for the\n"
" type related to cleared bits keeps the same as ususal.\n\n"
+ " This PCD is only valid if BIT1 and/or BIT3 are set in PcdHeapGuardPropertyMask.\n\n"
" Below is bit mask for this PCD: (Order is same as UEFI spec)<BR>\n"
" EfiReservedMemoryType 0x0000000000000001\n"
" EfiLoaderCode 0x0000000000000002\n"
@@ -1225,11 +1227,13 @@
"Note that due to the limit of pool memory implementation and the alignment\n"
"requirement of UEFI spec, BIT7 is a try-best setting which cannot guarantee\n"
"that the returned pool is exactly adjacent to head guard page or tail guard\n"
- "page.\n"
+ "page.\n\n"
+ "Note that UEFI freed-memory guard and pool/page guard cannot be enabled at the same time.\n\n"
" BIT0 - Enable UEFI page guard.<BR>\n"
" BIT1 - Enable UEFI pool guard.<BR>\n"
" BIT2 - Enable SMM page guard.<BR>\n"
" BIT3 - Enable SMM pool guard.<BR>\n"
+ " BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory detection).<BR>\n"
" BIT7 - The direction of Guard Page for Pool Guard.\n"
" 0 - The returned pool is near the tail guard page.<BR>\n"
" 1 - The returned pool is near the head guard page.<BR>"
--
2.16.2.windows.1
next prev parent reply other threads:[~2018-10-23 14:53 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-23 14:53 [PATCH v2 0/5] Add freed-memory guard feature Jian J Wang
2018-10-23 14:53 ` Jian J Wang [this message]
2018-10-23 16:09 ` [PATCH v2 1/5] MdeModulePkg/MdeModulePkg.dec: update PCD description for new feature Laszlo Ersek
2018-10-24 0:45 ` Wang, Jian J
2018-10-23 14:53 ` [PATCH v2 2/5] UefiCpuPkg/CpuDxe: fix an infinite loop issue Jian J Wang
2018-10-23 16:41 ` Laszlo Ersek
2018-10-23 14:53 ` [PATCH v2 3/5] MdeModulePkg/Core: fix a lock issue in GCD memory map dump Jian J Wang
2018-10-23 18:26 ` Laszlo Ersek
2018-10-23 14:53 ` [PATCH v2 4/5] MdeModulePkg/Core: add freed-memory guard feature Jian J Wang
2018-10-23 18:29 ` Laszlo Ersek
2018-10-23 14:53 ` [PATCH v2 5/5] MdeModulePkg/Core: fix-up for changes introduced by freed-memory guard Jian J Wang
2018-10-23 17:16 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181023145331.5768-2-jian.j.wang@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox