From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.93; helo=mga11.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 64E82224872A3 for ; Mon, 12 Mar 2018 22:32:07 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Mar 2018 22:38:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.47,464,1515484800"; d="scan'208";a="182175142" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by orsmga004.jf.intel.com with ESMTP; 12 Mar 2018 22:38:28 -0700 Received: from fmsmsx126.amr.corp.intel.com (10.18.125.43) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 12 Mar 2018 22:38:27 -0700 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by FMSMSX126.amr.corp.intel.com (10.18.125.43) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 12 Mar 2018 22:38:27 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.80]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.129]) with mapi id 14.03.0319.002; Tue, 13 Mar 2018 13:38:24 +0800 From: "Yao, Jiewen" To: "Wang, Jian J" , "edk2-devel@lists.01.org" CC: "Zeng, Star" , "Dong, Eric" Thread-Topic: [PATCH] MdeModulePkg/Core: fix mem alloc issues in heap guard Thread-Index: AQHTunPpz699WE/ts02nJ56pTMeizKPNphCA Date: Tue, 13 Mar 2018 05:38:23 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503AAFA2E0@shsmsx102.ccr.corp.intel.com> References: <20180313023450.18336-1-jian.j.wang@intel.com> In-Reply-To: <20180313023450.18336-1-jian.j.wang@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOGI4NTFmZDEtODE0OS00ZjFjLWIxNDAtZGNjM2VhNzAxNjdiIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjIuNS4xOCIsIlRydXN0ZWRMYWJlbEhhc2giOiJYNFp0MDRzaUNsWHVXRnh4OHU1WENYZWVRUmVrZDhRTGNiUGIxenpHM1B0NnRWMk9tRndRUERMZjJEdE1PQ3A3In0= x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH] MdeModulePkg/Core: fix mem alloc issues in heap guard X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Mar 2018 05:32:07 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen.yao@intel.com > -----Original Message----- > From: Wang, Jian J > Sent: Tuesday, March 13, 2018 10:35 AM > To: edk2-devel@lists.01.org > Cc: Zeng, Star ; Dong, Eric ; Y= ao, > Jiewen > Subject: [PATCH] MdeModulePkg/Core: fix mem alloc issues in heap guard >=20 > There're two ASSERT issues which will be triggered by boot loader of > Windows 10. >=20 > The first is caused by allocating memory in heap guard during another > memory allocation, which is not allowed in DXE core. Avoiding reentry > of memory allocation has been considered in heap guard feature. But > there's a hole in the code of function FindGuardedMemoryMap(). The fix > is adding AllocMapUnit parameter in the condition of while(), which > will prevent memory allocation from happenning during Guard page > check operation. >=20 > The second is caused by the core trying to allocate page 0 with Guard > page, which will cause the start address rolling back to the end of > supported system address. According to the requirement of heap guard, > the fix is just simply skipping the free memory at page 0 and let > the core continue searching free memory after it. >=20 > Cc: Star Zeng > Cc: Eric Dong > Cc: Jiewen Yao > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Jian J Wang >=20 > --- > MdeModulePkg/Core/Dxe/Mem/HeapGuard.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) >=20 > diff --git a/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c > b/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c > index 19245049c2..ac043b5d9b 100644 > --- a/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c > +++ b/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c > @@ -225,8 +225,8 @@ FindGuardedMemoryMap ( > // > // Adjust current map table depth according to the address to access > // > - while (mMapLevel < GUARDED_HEAP_MAP_TABLE_DEPTH > - && > + while (AllocMapUnit && > + mMapLevel < GUARDED_HEAP_MAP_TABLE_DEPTH && > RShiftU64 ( > Address, > mLevelShift[GUARDED_HEAP_MAP_TABLE_DEPTH - mMapLevel - > 1] > @@ -904,6 +904,10 @@ AdjustMemoryS ( > } >=20 > Target =3D Start + Size - SizeRequested; > + ASSERT (Target >=3D Start); > + if (Target =3D=3D 0) { > + return 0; > + } >=20 > if (!IsGuardPage (Start + Size)) { > // No Guard at tail to share. One more page is needed. > -- > 2.16.2.windows.1