Re: [PATCH v3 0/6] Implement heap guard feature

[Laszlo Ersek <lersek@redhat.com>]

On 10/27/17 03:39, Wang, Jian J wrote:
> Hi Laszlo,
> 
>> -----Original Message-----
>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>> Sent: Thursday, October 26, 2017 9:27 PM
>> To: Wang, Jian J <jian.j.wang@intel.com>
>> Cc: Yao, Jiewen <jiewen.yao@intel.com>; edk2-devel@lists.01.org; Kinney,
>> Michael D <michael.d.kinney@intel.com>; Wolman, Ayellet
>> <ayellet.wolman@intel.com>; Dong, Eric <eric.dong@intel.com>; Zeng, Star
>> <star.zeng@intel.com>
>> Subject: Re: [edk2] [PATCH v3 0/6] Implement heap guard feature
>>
>> Hi Jian,
>>
>> On 10/26/17 09:38, Wang, Jian J wrote:
>>> Thanks for the feedback.
>>>
>>>> -----Original Message-----
>>>> From: Yao, Jiewen
>>>> Sent: Thursday, October 26, 2017 2:49 PM
>>>> To: Wang, Jian J <jian.j.wang@intel.com>; edk2-devel@lists.01.org
>>>> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Wolman, Ayellet
>>>> <ayellet.wolman@intel.com>; Dong, Eric <eric.dong@intel.com>; Zeng, Star
>>>> <star.zeng@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
>>>> Subject: RE: [edk2] [PATCH v3 0/6] Implement heap guard feature
>>>>
>>>> That is great work. Jian.
>>>>
>>>> Some suggestion for your consideration:
>>>>
>>>> 0) I suggest add Laszlo to review SMM part, and add Ruiyu to review
>>>> SMM_MEMORY_ATTRIBUTE_PROTOCOL.
>>>>
>>>
>>> Ok, already pinged them.
>>>
>>>> 1) Would you please mention what test we have done for this feature?
>>>> Such as OVMF/realPlatform? IA32/X64?
>>>>
>>>
>>> I did following test:
>>>
>>> Boot to shell (OVMF/Intel platform) (both IA32 and X64)
>>> Boot to Fedora 25 (64 only)
>>
>> May I ask if you used KVM virtualization (i.e., a Linux host computer)
>> for this?
>>
>> https://github.com/tianocore/tianocore.github.io/wiki/Testing-SMM-with-
>> QEMU,-KVM-and-libvirt
>>
> 
> No, I'm using Qemu on Windows. I think Qemu doesn't support VM on Windows
> machine but I do enabled SMM mode for it. Please let me know if there's any 
> differences between them I should be aware of.

QEMU on Windows uses software emulation / just in time compilation. It
is called the "TCG accelerator" of QEMU, with TCG standing for "Tiny
Code Generator". This is very useful for development purposes (and for
cross-architectural emulation). It is also very fast relative to other
software emulators.

However, for production use and testing, hardware virtualization should
be used, and that requires the KVM accelerator (= "Kernel Virtual
Machine", meaning a Linux host computer). SMM emulation is imlemented
very differently in TCG and in KVM. Both TCG and KVM support
multiprocessing (multiple logical CPUs in the guest), mapping VCPUs to
separate host-side threads. Most of the time KVM is better at exposing
multiprocessing bugs in guest code.

Generally, KVM (= Linux host) should be used for SMM testing, because
that's how OVMF is used in production.

>>> Windows 10 boot loader has a limit of 512-memory-descriptor, which will
>>> cause boot failure. This is due to a fact that enabling this feature will cause
>>> more memory fragments (pool memory). Since this is a debug feature, I
>> suppose
>>> this is an acceptable result.
>>
>> This feature is large; I can't even attempt to review it in the time
>> that I could allocate to it.
>>
>> However, I would like to regression test it (thank you Jiewen for the
>> reference!) Preferably, given that a v4 is already planned, I should
>> test v4.
>>
>> If you can post v4 on Oct 27th (tomorrow), I'll make an effort to test
>> it in the afternoon / evening, on the 27th. (Please CC me.) Next week I
>> will be mostly inactive on edk2-devel -- I wouldn't like to block your
>> work, but I also wouldn't like an OVMF regression.
>>
> 
> Thanks for trying. I'll try my best to send v4 today. I'd remind you in advance
> I have already found heap overflow (just read) in UiApp and Openssl code.

Great!

My understanding is that the feature is not enabled by default, so I
primarily intend to test that OVMF works as before, with your patches
applied.

Thanks!
Laszlo