From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 67BD42034A893 for ; Fri, 27 Oct 2017 05:29:00 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3960CC00478F; Fri, 27 Oct 2017 12:32:47 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 3960CC00478F Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=lersek@redhat.com Received: from lacos-laptop-7.usersys.redhat.com (ovpn-122-3.rdu2.redhat.com [10.10.122.3]) by smtp.corp.redhat.com (Postfix) with ESMTP id 400437F5FF; Fri, 27 Oct 2017 12:32:45 +0000 (UTC) To: "Wang, Jian J" Cc: "Yao, Jiewen" , "edk2-devel@lists.01.org" , "Kinney, Michael D" , "Wolman, Ayellet" , "Dong, Eric" , "Zeng, Star" References: <20171023005054.7528-1-jian.j.wang@intel.com> <74D8A39837DF1E4DA445A8C0B3885C503AA04EF0@shsmsx102.ccr.corp.intel.com> From: Laszlo Ersek Message-ID: <96a7acbf-1bdc-3010-2bcd-493c9a8d1046@redhat.com> Date: Fri, 27 Oct 2017 14:32:43 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Fri, 27 Oct 2017 12:32:47 +0000 (UTC) Subject: Re: [PATCH v3 0/6] Implement heap guard feature X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Oct 2017 12:29:00 -0000 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 10/27/17 03:39, Wang, Jian J wrote: > Hi Laszlo, > >> -----Original Message----- >> From: Laszlo Ersek [mailto:lersek@redhat.com] >> Sent: Thursday, October 26, 2017 9:27 PM >> To: Wang, Jian J >> Cc: Yao, Jiewen ; edk2-devel@lists.01.org; Kinney, >> Michael D ; Wolman, Ayellet >> ; Dong, Eric ; Zeng, Star >> >> Subject: Re: [edk2] [PATCH v3 0/6] Implement heap guard feature >> >> Hi Jian, >> >> On 10/26/17 09:38, Wang, Jian J wrote: >>> Thanks for the feedback. >>> >>>> -----Original Message----- >>>> From: Yao, Jiewen >>>> Sent: Thursday, October 26, 2017 2:49 PM >>>> To: Wang, Jian J ; edk2-devel@lists.01.org >>>> Cc: Kinney, Michael D ; Wolman, Ayellet >>>> ; Dong, Eric ; Zeng, Star >>>> ; Yao, Jiewen >>>> Subject: RE: [edk2] [PATCH v3 0/6] Implement heap guard feature >>>> >>>> That is great work. Jian. >>>> >>>> Some suggestion for your consideration: >>>> >>>> 0) I suggest add Laszlo to review SMM part, and add Ruiyu to review >>>> SMM_MEMORY_ATTRIBUTE_PROTOCOL. >>>> >>> >>> Ok, already pinged them. >>> >>>> 1) Would you please mention what test we have done for this feature? >>>> Such as OVMF/realPlatform? IA32/X64? >>>> >>> >>> I did following test: >>> >>> Boot to shell (OVMF/Intel platform) (both IA32 and X64) >>> Boot to Fedora 25 (64 only) >> >> May I ask if you used KVM virtualization (i.e., a Linux host computer) >> for this? >> >> https://github.com/tianocore/tianocore.github.io/wiki/Testing-SMM-with- >> QEMU,-KVM-and-libvirt >> > > No, I'm using Qemu on Windows. I think Qemu doesn't support VM on Windows > machine but I do enabled SMM mode for it. Please let me know if there's any > differences between them I should be aware of. QEMU on Windows uses software emulation / just in time compilation. It is called the "TCG accelerator" of QEMU, with TCG standing for "Tiny Code Generator". This is very useful for development purposes (and for cross-architectural emulation). It is also very fast relative to other software emulators. However, for production use and testing, hardware virtualization should be used, and that requires the KVM accelerator (= "Kernel Virtual Machine", meaning a Linux host computer). SMM emulation is imlemented very differently in TCG and in KVM. Both TCG and KVM support multiprocessing (multiple logical CPUs in the guest), mapping VCPUs to separate host-side threads. Most of the time KVM is better at exposing multiprocessing bugs in guest code. Generally, KVM (= Linux host) should be used for SMM testing, because that's how OVMF is used in production. >>> Windows 10 boot loader has a limit of 512-memory-descriptor, which will >>> cause boot failure. This is due to a fact that enabling this feature will cause >>> more memory fragments (pool memory). Since this is a debug feature, I >> suppose >>> this is an acceptable result. >> >> This feature is large; I can't even attempt to review it in the time >> that I could allocate to it. >> >> However, I would like to regression test it (thank you Jiewen for the >> reference!) Preferably, given that a v4 is already planned, I should >> test v4. >> >> If you can post v4 on Oct 27th (tomorrow), I'll make an effort to test >> it in the afternoon / evening, on the 27th. (Please CC me.) Next week I >> will be mostly inactive on edk2-devel -- I wouldn't like to block your >> work, but I also wouldn't like an OVMF regression. >> > > Thanks for trying. I'll try my best to send v4 today. I'd remind you in advance > I have already found heap overflow (just read) in UiApp and Openssl code. Great! My understanding is that the feature is not enabled by default, so I primarily intend to test that OVMF works as before, with your patches applied. Thanks! Laszlo