From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 405462117D741 for ; Tue, 23 Oct 2018 11:29:34 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BDBE730832D1; Tue, 23 Oct 2018 18:29:33 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-214.rdu2.redhat.com [10.10.120.214]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4939560F80; Tue, 23 Oct 2018 18:29:32 +0000 (UTC) To: Jian J Wang , edk2-devel@lists.01.org Cc: Michael D Kinney , Ruiyu Ni , Jiewen Yao , Star Zeng References: <20181023145331.5768-1-jian.j.wang@intel.com> <20181023145331.5768-5-jian.j.wang@intel.com> From: Laszlo Ersek Message-ID: <748d2be7-be2b-bedd-0d35-f84946b81350@redhat.com> Date: Tue, 23 Oct 2018 20:29:31 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20181023145331.5768-5-jian.j.wang@intel.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Tue, 23 Oct 2018 18:29:33 +0000 (UTC) Subject: Re: [PATCH v2 4/5] MdeModulePkg/Core: add freed-memory guard feature X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Oct 2018 18:29:34 -0000 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 10/23/18 16:53, Jian J Wang wrote: >> v2 changes: >> a. Change prototype and implementation of IsHeapGuardEnabled() >> to allow it to check freed-memory guard feature. >> b. Drop IsUafEnabled() because of a. >> c. Move the sanity check of freed-memory guard and heap guard >> into HeapGuardCpuArchProtocolNotify() >> d. Add GuardFreedPagesChecked() to avoid duplicate feature check >> e. Coding style cleanup > > Freed-memory guard is used to detect UAF (Use-After-Free) memory issue > which is illegal access to memory which has been freed. The principle > behind is similar to heap guard feature, that is we'll turn all pool > memory allocation to page allocation and mark them to be not-present > once they are freed. > > This also implies that, once a page is allocated and freed, it cannot > be re-allocated. This will bring another issue, which is that there's > risk that memory space will be used out. To address it, the memory > service add logic to put part (at most 64 pages a time) of freed pages > back into page pool, so that the memory service can still have memory > to allocate, when all memory space have been allocated once. This is > called memory promotion. The promoted pages are always from the eldest > pages which haven been freed. > > Cc: Star Zeng > Cc: Michael D Kinney > Cc: Jiewen Yao > Cc: Ruiyu Ni > Cc: Laszlo Ersek > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Jian J Wang > --- > MdeModulePkg/Core/Dxe/Mem/HeapGuard.c | 409 +++++++++++++++++++++++++++++++++- > MdeModulePkg/Core/Dxe/Mem/HeapGuard.h | 63 +++++- > MdeModulePkg/Core/Dxe/Mem/Page.c | 41 +++- > MdeModulePkg/Core/Dxe/Mem/Pool.c | 21 +- > 4 files changed, 513 insertions(+), 21 deletions(-) I don't know when I will find the time to review this patch. Please make sure that with BIT4 clear in the PCD, the changes are a no-op. I'd prefer if you could regression-test the changes on OVMF as well, not just on physical platforms. Other than that, until I find the time, please proceed with the normal review workflow -- feel free to submit further versions, according to the MdeModulePkg maintainers' comments, and/or even push the final version, should I prove unable to comment on this patch in time. Thanks! Laszlo