From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com [209.85.215.178])
 by mx.groups.io with SMTP id smtpd.web09.2975.1652403538791948100
 for <devel@edk2.groups.io>;
 Thu, 12 May 2022 17:58:58 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=GJ0cF1Nu;
 spf=pass (domain: gmail.com, ip: 209.85.215.178, mailfrom: kuqin12@gmail.com)
Received: by mail-pg1-f178.google.com with SMTP id h24so775134pgh.12
        for <devel@edk2.groups.io>; Thu, 12 May 2022 17:58:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=message-id:date:mime-version:user-agent:subject:content-language:to
         :cc:references:from:in-reply-to:content-transfer-encoding;
        bh=KuzIam2Z/akqewQrB4lvXRe/BR5Qi5FLVMRvalhaqHk=;
        b=GJ0cF1NuPvehSMeV91hTByoIXEaRARmvpG7KBIt6VVUlop8T5nzoN7V49EPJHOboDj
         NPcFn2pGqIN2jcQIyfLZQfkH2wctIDodQVmZ6hGzmqWp2k+mBkwiwHT8YOH6zTXhYgQ6
         toqA8cQm/iDt21RPZMccqy3FvDRwUTjsT+vMXjgaoc1WwvEdaXZlLN9NjYFs7FFRQapW
         Y5/DyMGgBrvlSuvzuoZmu04ztlEutH+GJ6i58Ke9OHNpl71uQglOpwDuDaITh3XLZ69o
         dgACd2vWHcTP0T124AnCcUcTqLuob+MzHBdl78kGQuELdNPFpxGFpjZ2MM2FxASLIyf3
         NZow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
         :content-language:to:cc:references:from:in-reply-to
         :content-transfer-encoding;
        bh=KuzIam2Z/akqewQrB4lvXRe/BR5Qi5FLVMRvalhaqHk=;
        b=n0v5F8dUqwYFUTZrcjmmS7wvRvt+ftcq/A5cgiQDNzJ1zUzhfRKH5Qh40epRI826QM
         5tG5PA/Pgt1LLYsXLsPZhKohljRz0DEsT7/PTrhYQDRGNbOEPFyiXjVH2LU+ORTtDYeq
         +GWuO2DrBNZH5Wc9oXwUrWrax12a1nAnlflPqflGF/cAs6u7K0vD00o5s1MyXiZcHKd0
         kwJVehZcyS140sdA6hiMM8ED+CfCQYU4MGt0dCXPNmEqNC9N+Zic+WXxfTX+pZ4ZCXu/
         QowRs9Dg4+I3GErL6cD2pnLubArrWpwGV0V4Il90DuAiF7FiafIg2rhE1ZO4drE9DIo6
         5Gew==
X-Gm-Message-State: AOAM532GZzmaMyMPzoDULsVD7Tzjyxe60YcA22XK/vwown95KSIH/LT/
	ZT5CZ8fwsVSe3sumblrRb9EQ3EVIMPk=
X-Google-Smtp-Source: ABdhPJwKVaYWMCXQtUAP9/+QM5odm/BonI7EnYEDuQ2O1mW0WED8xji2weFc3wKloZk2mlZ5fWSQYA==
X-Received: by 2002:a65:6217:0:b0:3c6:1571:b971 with SMTP id d23-20020a656217000000b003c61571b971mr1856185pgv.124.1652403531183;
        Thu, 12 May 2022 17:58:51 -0700 (PDT)
Return-Path: <kuqin12@gmail.com>
Received: from ?IPV6:2001:4898:d8:33:3c22:4e0c:c02a:fc7f? ([2001:4898:80e8:7:bc3d:4e0c:c02a:fc7f])
        by smtp.gmail.com with ESMTPSA id p1-20020a1709027ec100b0015e8d4eb281sm475070plb.203.2022.05.12.17.58.50
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Thu, 12 May 2022 17:58:50 -0700 (PDT)
Message-ID: <4751070c-e147-1599-c317-1742df03862d@gmail.com>
Date: Thu, 12 May 2022 17:58:50 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.9.0
Subject: =?UTF-8?B?UmU6IOWbnuWkjTogW2VkazItZGV2ZWxdIFtQQVRDSCB2MiAxLzFdIE1kZU1vZHVsZVBrZzogUGlTbW1Db3JlOiBJbnNwZWN0IG1lbW9yeSBndWFyZGVkIHdpdGggcG9vbCBoZWFkZXJz?=
To: devel@edk2.groups.io, gaoliming@byosoft.com.cn
Cc: 'Jiewen Yao' <jiewen.yao@intel.com>, 'Eric Dong' <eric.dong@intel.com>,
 'Ray Ni' <ray.ni@intel.com>, 'Jian J Wang' <jian.j.wang@intel.com>
References: <20220426004746.190-1-kuqin12@gmail.com>
 <16E94BCEA778D83E.21521@groups.io>
 <4a986954-f9db-e9ad-0d8b-5ed08097ede3@gmail.com>
 <043f01d86661$d2a46680$77ed3380$@byosoft.com.cn>
From: "Kun Qin" <kuqin12@gmail.com>
In-Reply-To: <043f01d86661$d2a46680$77ed3380$@byosoft.com.cn>
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

Thank you for the help, Liming!

On 5/12/2022 5:38 PM, gaoliming wrote:
> Kun:
>    This patch is reviewed before soft feature freeze. I agree to merge it for this stable tag.
>
>    Here is PR https://github.com/tianocore/edk2/pull/2881
>
> Thanks
> Liming
>> -----邮件原件-----
>> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Kun Qin
>> 发送时间: 2022年5月13日 8:23
>> 收件人: devel@edk2.groups.io
>> 抄送: Jiewen Yao <jiewen.yao@intel.com>; Eric Dong <eric.dong@intel.com>;
>> Ray Ni <ray.ni@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Liming Gao
>> <gaoliming@byosoft.com.cn>
>> 主题: Re: [edk2-devel] [PATCH v2 1/1] MdeModulePkg: PiSmmCore: Inspect
>> memory guarded with pool headers
>>
>> Hi maintainers,
>>
>> This patch was reviewed and sent a while back, could you please help me
>> to merge in this change, if no further feedback?
>>
>> Thanks in advance,
>> Kun
>>
>> On 4/25/2022 5:47 PM, Kun Qin via groups.io wrote:
>>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3488
>>>
>>> Current free pool routine from PiSmmCore will inspect memory guard status
>>> for target buffer without considering pool headers. This could lead to
>>> `IsMemoryGuarded` function to return incorrect results.
>>>
>>> In that sense, allocating a 0 sized pool could cause an allocated buffer
>>> directly points into a guard page, which is legal. However, trying to
>>> free this pool will cause the routine changed in this commit to read XP
>>> pages, which leads to page fault.
>>>
>>> This change will inspect memory guarded with pool headers. This can avoid
>>> errors when a pool content happens to be on a page boundary.
>>>
>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>>> Cc: Eric Dong <eric.dong@intel.com>
>>> Cc: Ray Ni <ray.ni@intel.com>
>>> Cc: Jian J Wang <jian.j.wang@intel.com>
>>> Cc: Liming Gao <gaoliming@byosoft.com.cn>
>>>
>>> Signed-off-by: Kun Qin <kuqin12@gmail.com>
>>> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
>>> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
>>> ---
>>>
>>> Notes:
>>>       v2:
>>>       - Added reviewed-by tag [Jian]
>>>       - Added reviewed-by tag [Liming]
>>>
>>>    MdeModulePkg/Core/PiSmmCore/Pool.c | 10 +++++-----
>>>    1 file changed, 5 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/MdeModulePkg/Core/PiSmmCore/Pool.c
>> b/MdeModulePkg/Core/PiSmmCore/Pool.c
>>> index 96ebe811c669..e1ff40a8ea55 100644
>>> --- a/MdeModulePkg/Core/PiSmmCore/Pool.c
>>> +++ b/MdeModulePkg/Core/PiSmmCore/Pool.c
>>> @@ -382,11 +382,6 @@ SmmInternalFreePool (
>>>        return EFI_INVALID_PARAMETER;
>>>      }
>>>
>>> -  MemoryGuarded = IsHeapGuardEnabled () &&
>>> -                  IsMemoryGuarded
>> ((EFI_PHYSICAL_ADDRESS)(UINTN)Buffer);
>>> -  HasPoolTail = !(MemoryGuarded &&
>>> -                  ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) ==
>> 0));
>>> -
>>>      FreePoolHdr = (FREE_POOL_HEADER *)((POOL_HEADER *)Buffer - 1);
>>>      ASSERT (FreePoolHdr->Header.Signature ==
>> POOL_HEAD_SIGNATURE);
>>>      ASSERT (!FreePoolHdr->Header.Available);
>>> @@ -394,6 +389,11 @@ SmmInternalFreePool (
>>>        return EFI_INVALID_PARAMETER;
>>>      }
>>>
>>> +  MemoryGuarded = IsHeapGuardEnabled () &&
>>> +                  IsMemoryGuarded
>> ((EFI_PHYSICAL_ADDRESS)(UINTN)FreePoolHdr);
>>> +  HasPoolTail = !(MemoryGuarded &&
>>> +                  ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) ==
>> 0));
>>> +
>>>      if (HasPoolTail) {
>>>        PoolTail = HEAD_TO_TAIL (&FreePoolHdr->Header);
>>>        ASSERT (PoolTail->Signature == POOL_TAIL_SIGNATURE);
>>
>>
>>
>
>
>
>
> 
>
>