Re: [edk2-devel] MdeModulePkg: Fix MAT SplitRecord() Logic introduce one bug and will cause SUT reset when boot to windows

["Oliver Smith-Denny" <osde@linux.microsoft.com>]

On 4/18/2024 11:43 PM, Ni, Ray wrote:
> 
> 
> So this is just junk unallocated memory that we are reporting as
> a type it *could* be if an allocation occurs to minimize failures
> of ExitBootServices. Which is questionable. But in terms of
> attributes, I would expect we either have this unallocated
> memory marked the same as the bin type or better, mark it RP
> if we can (Taylor is making a change to set RP on free memory
> by default, so we would have this in the page table, but we
> would need to decide what we tell the OS).
> 
> [Ray] When reviewing today's logic of memory protection through page 
> table, I feel that it was designed improperly in the beginning.
> My rough thought is:
> * All memory is RP initially (as you said Taylor will do that)

Correct, Taylor is working on a change here and actually taking this a
step further, that all free memory will be RP, to catch any use after
free and keep a safer environment.

> * Allocated memory is mapped as either RO or XD, depending on code/data. 
> Or RP if it's a guard page.

This is mostly true, of course it depends on how the memory protections
are configured. I would like to see this go to not being an option but
something that DxeCore enforces by default depending on memory type
allocated.

> 
> Maybe I am not aware of some limitations of the above idea. The 
> limitations prevented the initial design be in this way.
> Or what Taylor will do aligns to the idea?
> 

The issue in this mailing thread is not what DXE's page tables are,
but what get reported in the MAT to the OS. Before Taylor's change
to improve the SplitTable logic the extra RuntimeServicesCode sections
that get reported to the OS (these are the leftover sections in the
memory bins to improve the chance for S4 resume) were getting reported
as XP. Taylor is proposing these get marked RO instead as they are
marked as Code sections (although they really hold junk in them).

Another path would be can we mark them both RO and XP. These are junk
sections, they should not be used and definitely not executed from. We
only report them to the OS so that our memory map changes less between
boots (I also wonder if there are better ways we can do this, but I'll
have to think about this more).

Thanks,
Oliver




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118143): https://edk2.groups.io/g/devel/message/118143
Mute This Topic: https://groups.io/mt/105477564/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-