From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 01B4421C8EFB5 for ; Thu, 25 Oct 2018 00:18:14 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Oct 2018 00:18:14 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,423,1534834800"; d="scan'208";a="275453754" Received: from shwdeopenpsi777.ccr.corp.intel.com ([10.239.158.27]) by fmsmga006.fm.intel.com with ESMTP; 25 Oct 2018 00:18:13 -0700 From: Jian J Wang To: edk2-devel@lists.01.org Cc: Star Zeng , Michael D Kinney , Jiewen Yao , Ruiyu Ni , Laszlo Ersek Date: Thu, 25 Oct 2018 15:18:01 +0800 Message-Id: <20181025071805.6692-3-jian.j.wang@intel.com> X-Mailer: git-send-email 2.16.2.windows.1 In-Reply-To: <20181025071805.6692-1-jian.j.wang@intel.com> References: <20181025071805.6692-1-jian.j.wang@intel.com> Subject: [PATCH v4 2/6] MdeModulePkg: introduce UEFI freed-memory guard bit in HeapGuard PCD X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Oct 2018 07:18:15 -0000 > v4 changes: > a. refine PCD description of PcdHeapGuardPropertyMask UAF (Use-After-Free) memory issue is kind of illegal access to memory which has been freed. It can be detected by a new freed-memory guard enforced onto freed memory. BIT4 of following PCD is used to enable the freed-memory guard feature. gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask Please note this feature is for debug purpose and should not be enabled in product BIOS, and cannot be enabled with pool/page heap guard at the same time. It's disabled by default. Cc: Star Zeng Cc: Michael D Kinney Cc: Jiewen Yao Cc: Ruiyu Ni Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang --- MdeModulePkg/MdeModulePkg.dec | 16 ++++++++++++---- MdeModulePkg/MdeModulePkg.uni | 14 ++++++++++---- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 2009dbc5fd..428eeeb670 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -1011,14 +1011,22 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType|0x0|UINT64|0x30001053 ## This mask is to control Heap Guard behavior. - # Note that due to the limit of pool memory implementation and the alignment - # requirement of UEFI spec, BIT7 is a try-best setting which cannot guarantee - # that the returned pool is exactly adjacent to head guard page or tail guard - # page. + # + # Note: + # a) Heap Guard is for debug purpose and should not be enabled in product + # BIOS. + # b) Due to the limit of pool memory implementation and the alignment + # requirement of UEFI spec, BIT7 is a try-best setting which cannot + # guarantee that the returned pool is exactly adjacent to head guard + # page or tail guard page. + # c) UEFI freed-memory guard and UEFI pool/page guard cannot be enabled + # at the same time. + # # BIT0 - Enable UEFI page guard.
# BIT1 - Enable UEFI pool guard.
# BIT2 - Enable SMM page guard.
# BIT3 - Enable SMM pool guard.
+ # BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory detection).
# BIT6 - Enable non-stop mode.
# BIT7 - The direction of Guard Page for Pool Guard. # 0 - The returned pool is near the tail guard page.
diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni index 9d2e473fa9..5fa7a6ae30 100644 --- a/MdeModulePkg/MdeModulePkg.uni +++ b/MdeModulePkg/MdeModulePkg.uni @@ -1224,14 +1224,20 @@ #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPropertyMask_PROMPT #language en-US "The Heap Guard feature mask" #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPropertyMask_HELP #language en-US "This mask is to control Heap Guard behavior.\n" - "Note that due to the limit of pool memory implementation and the alignment\n" - "requirement of UEFI spec, BIT7 is a try-best setting which cannot guarantee\n" - "that the returned pool is exactly adjacent to head guard page or tail guard\n" - "page.\n" + " Note:\n" + " a) Heap Guard is for debug purpose and should not be enabled in product" + " BIOS.\n" + " b) Due to the limit of pool memory implementation and the alignment" + " requirement of UEFI spec, BIT7 is a try-best setting which cannot" + " guarantee that the returned pool is exactly adjacent to head guard" + " page or tail guard page.\n" + " c) UEFI freed-memory guard and UEFI pool/page guard cannot be enabled" + " at the same time.\n" " BIT0 - Enable UEFI page guard.
\n" " BIT1 - Enable UEFI pool guard.
\n" " BIT2 - Enable SMM page guard.
\n" " BIT3 - Enable SMM pool guard.
\n" + " BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory detection).
\n" " BIT7 - The direction of Guard Page for Pool Guard.\n" " 0 - The returned pool is near the tail guard page.
\n" " 1 - The returned pool is near the head guard page.
" -- 2.16.2.windows.1