From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.5244.1650606437587264298 for ; Thu, 21 Apr 2022 22:47:18 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=iDaeb5rM; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: jian.j.wang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1650606437; x=1682142437; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=XLm/YwHMlvGAOU2ljBeFKbBztuiF0qZkOJGnxO5YK5k=; b=iDaeb5rMOubg/C7HeLvitF4AxCKM985K7YOod7GPe7POXhjMVatE5ysu Hmq/y5xNC0obniCBAHL3WYmijUM5rUEmtJrdRxSen9IpdJBwGmraCjIWZ NLQl9cN9sfxxbjYND3kJPUvWl5TBR5iIe1guxE8HauzWqeRZRm/WGftQY NT2sULa5CicENJ7jFTeWKyNwyIkzLL7DgyGR1TMmFtVJBBtwoUw+QqrVR CsIjGQk0vMTkED4h/Spj8xhZ14F9CRZ0SlN1mtM5wGlx0ZU2rExJP4Ra7 kHTwDEm4o2U0kVZ0VULoudxhrUfmjcz51LUohYGcwXPIclh5d7XBWfSHu Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10324"; a="325031275" X-IronPort-AV: E=Sophos;i="5.90,280,1643702400"; d="scan'208";a="325031275" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Apr 2022 22:47:16 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,280,1643702400"; d="scan'208";a="728356926" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orsmga005.jf.intel.com with ESMTP; 21 Apr 2022 22:47:16 -0700 Received: from fmsmsx607.amr.corp.intel.com (10.18.126.87) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Thu, 21 Apr 2022 22:47:16 -0700 Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by fmsmsx607.amr.corp.intel.com (10.18.126.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Thu, 21 Apr 2022 22:47:15 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Thu, 21 Apr 2022 22:47:15 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.174) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Thu, 21 Apr 2022 22:47:15 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EkWmLLXp0xsvyw8madeBCdI4kYKMO86EX29WHU16gPUiigTKgOwGJsyTclZGQFOi+zfRT5KET5hBy/zxYOh3y0IZ99fBeDnEOfVbG+6ZEg/0VRPa/fdmTwL7o5J0yBf8FApfrBBiUu1Z1gdi9Ep2NtB8mT+TU1Ps/W7mPuArKMxp9KwMuEyPrGSZ002AAuORxRej9ix1nmmNgcQ9GFb/1v0vEY7DA10oq8nh1UFd5Plw76WQyI6cwGRTn2cARlq6XQ6OP0Do0j8suwRm++W5JTj3swrAS/6+P6Cyj/7CcKMxkENs7QUMvrYE4PBqcbhL4GSXM0fnK2/Ahz/5HLOp2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DCYKuW32pRIyf7VCbRS5D+0UGZsc2VuJTmchgejjZHU=; b=fdsJxXlff3xczXIp5Qg9QTL30BH/tapPR0UbqbF69bmlsuKEuCLkCRIafLda/1NnWRfWgeZHGw3wUbKI9s5x4bXlVMjGlr0ZarzwYYwDWhZ9SmvRJb/sldmOyNVGUbtWOrGkraQnaXI4vvX6Ny5YBtWnMMBdNqTKxmaYjSkqfPd2vUMMawhWFWbrdjf7a3aiIcrq7ZmoWxy1soymJllHIIJvbrTfErQ8/+d6bQbJbBPp8aiYzYFPqbE++rHYSC6n80n0L3KoNm5M9hqv1FHsFnjlOX4vt2PJRdC6BxONe7SVxtiWjwWrY37p00UmYA8lWXkjV+bARvGNPd/C6iSBLQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from CO1PR11MB4945.namprd11.prod.outlook.com (2603:10b6:303:9c::8) by CY4PR11MB0071.namprd11.prod.outlook.com (2603:10b6:910:7a::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.25; Fri, 22 Apr 2022 05:47:08 +0000 Received: from CO1PR11MB4945.namprd11.prod.outlook.com ([fe80::6403:9220:63e2:574b]) by CO1PR11MB4945.namprd11.prod.outlook.com ([fe80::6403:9220:63e2:574b%5]) with mapi id 15.20.5186.014; Fri, 22 Apr 2022 05:47:08 +0000 From: "Wang, Jian J" To: "devel@edk2.groups.io" , "kuqin12@gmail.com" CC: "Yao, Jiewen" , "Dong, Eric" , "Ni, Ray" , "Gao, Liming" Subject: Re: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: PiSmmCore: Inspect memory guarded with pool headers Thread-Topic: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: PiSmmCore: Inspect memory guarded with pool headers Thread-Index: AQHYOOptZw5YF45m0kW4dgZ7tj47YKz7psnA Date: Fri, 22 Apr 2022 05:47:08 +0000 Message-ID: References: <20220316035954.1146-1-kuqin12@gmail.com> <20220316035954.1146-2-kuqin12@gmail.com> In-Reply-To: <20220316035954.1146-2-kuqin12@gmail.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.6.401.20 dlp-product: dlpe-windows authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 693be22b-4506-4e1d-cb9d-08da24238a1e x-ms-traffictypediagnostic: CY4PR11MB0071:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 2rfZ8LW46+ifAwbtcN0LRVOb7NTMvNC1gLlz3rxW/C2G9W+mVFoGnOZi2lCq4QfVtBEZY49WJou1f3Qh/tvrCUYMH8UqQMuiZBBBEgsDqW63AzXV03yN0AnBD6B1RNVF7Zq20K6EDjD4efyg4DWnLz4PZbmNdVzyHeFOozF6oxLiqGJTzTiT4/fkaYoQJOxAerKpGbVxqykbT3q1eMg3hx9rdtlQWNu5QjQ3iyuVoCL0Smnt+l1m810Qn1rK61KuljB/EImlZTelPX9GrQVmb2Zg39kKZiYwHgo6JXT3VSqKvf5QQjkoX06MAyaEDJHxpDvzhyJGuMGZH026MkYHG2gn06m3etRvrLQHdj/pkoLWawAdWANqqVJzz8216ZmYGib07p2JfwrIkU+a9s0D8x0mNQPHVUykh9p/kN3JadZVnn8IUkmmoHr/aHdtADt/S3yOICLecQwBR6uXJNQ5pRLsd3L1kJ6r854DDENL0ezhrymbYs2o6R7u69NWSQ7ug0zTWjOwX4JTlIO7KApSKpfJGRwzpLC/Box+3ET0ElGzieV4UG9RIVbgjO/YauYkay4kTIEswSL/SrC7x8pti45At/PwvwoqL9sadyUohcTwHkLa28rZgJgCK9cHQEkaQMPGwemBw68384x7B6ewdHrBBOh8Sz79d/v7oSJ66j+bZ8/KDpGlkXgNnOabFHBBKParFE1NM8Tj149lD8rwyoqCBzXObihRJklRYOS7MX5Z39x/029bqo3evlHQcyCQLd6BtQqIT/LDcBs4HHfzCwoVkHT0czxSNwcOIAXjMlAWWpMQDPP7xn2iwmBDIMyIMLb67TZxGTQZdEhAYGWK5Q== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB4945.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(6029001)(366004)(55016003)(86362001)(5660300002)(508600001)(52536014)(966005)(71200400001)(7696005)(26005)(83380400001)(53546011)(9686003)(6506007)(33656002)(186003)(76116006)(64756008)(66946007)(2906002)(4326008)(8936002)(122000001)(66556008)(66446008)(66476007)(82960400001)(8676002)(110136005)(54906003)(38100700002)(316002)(38070700005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?fMiVP2Fhsh/TYeioxB/r0L5ukn3zeHIvMsUzahaIviW4/FONil4y687AvT7p?= =?us-ascii?Q?1dYQ1WtRDIbWz3IXhin6SXIZe1iRw8L2lBWaFXh4ss0hQ2LfKmDwOeCh9PoN?= =?us-ascii?Q?1Rgtj1QFZnBuzVvEK2i3c7xADnftCfgdiKzXntdWzGXkBSosGAbJrXvdOZva?= =?us-ascii?Q?0UmCp9HVb21huSBoKvPMp/4XLXnIzmQ4+gdLbgpLm3utKUKwt8b9+H/RFAfL?= =?us-ascii?Q?RlZ2t7gb+aXG0IjtWsHSS4DV6LjhEbSTSUqfzYW6mwcJZ6TdFnCe/FIZrjam?= =?us-ascii?Q?wu3OoGog3SWNkuH14VsuXnKa8saMVsJdKgu/3b5z2A1gy8IY7JJ9TvwapRwV?= =?us-ascii?Q?GShbNFLtaOBEA9NyaRFjFcc0FLZYqcXoxXUGS+5mJ7L7jDPvJPbz4Q+HsiwF?= =?us-ascii?Q?0wFLJk+xjH1j/0qZxdjKPPW2kPKZtGVhuekRvxTChXuh1uAkDMmgjqZmWzqD?= =?us-ascii?Q?4amlu16rd3ZgfWU0+s42Zw72HTrJ08PVUooPLgEOVmnX3Xp6kwzxW0aIYLpJ?= =?us-ascii?Q?6nSn6blX1t5OOzBur/8wOIAwKcg/XOkGbjZG3T10AhbK7yI8PSomugWcgBe6?= =?us-ascii?Q?0wKeoT3jgZMWyIFLc569TicvIqJdHfLURzEOVKO3MHyPhFhPqipbTmqWybrO?= =?us-ascii?Q?kGGBtS7tloG8ggbBfW1Tjh2WypO2XBI5t1xTCfjteWepkpTYubOyeNVrSVbY?= =?us-ascii?Q?qzLau5QP3V4DLar7NjikBtdlV2h3xTeLqP41HKn0KuCmJ1awonsDXtDAMhN6?= =?us-ascii?Q?ATNwLWsCqc1hOY6favCx8gF7hdTyN2dw8c//logH6dDswC7SlVNsDXUIbbxG?= =?us-ascii?Q?f8oBAA3+X5Zny6ZHJMNgL5Z4/3dhbj7gfhGx4jcwkjHOVqS4VZK35uaeqJdK?= =?us-ascii?Q?e83VyjIVoIbUQPw4dyJGuJ3xt9dI4DPj9VFVR6WeITeg0r89qrM05vKJJRoc?= =?us-ascii?Q?Hx+zzsj6XTTgUC9h8+flJYOXwqIptWqAuueK4l/LMAaBpcRZqgRGGNnZy1Ue?= =?us-ascii?Q?qFbKRVteFI2rZbvDWMZJsLKxxaJQ5s2f4NatKeNwxABnm6oqhdo2JJvL3H/2?= =?us-ascii?Q?+XFu4ArqjWWeOy9MPH2fWl67XqZQ2Z+ztzUXPkONivr30bjuSR4hhIB3H6oW?= =?us-ascii?Q?pvLR174wl98+YxH+7IoiqklA0rychFV2Zv0nPcwW29tOgITvb2kecfiNXrlL?= =?us-ascii?Q?O6CCbaXrjrAft8hI+CltxEtBDo6UrrMgwLaG8Laz/8FLv5ngNSVsDrMO2kpy?= =?us-ascii?Q?OlZoO6ttS6lkOuPCSpnCehg4oMijY1vIiuisAsLHL5nM9mfF71qzpEmfEGjW?= =?us-ascii?Q?OgpGhpAD14zhAwMyxAaILztZr3bNni2rmtZmhaWqCFG/yoFfCVfLwFSzSx8Z?= =?us-ascii?Q?ILIJQ/deKctrFnsxz07axGtXfmQjZsUDji1uxg1Z7sXYpCegzI0H/9W3h92P?= =?us-ascii?Q?6rYaIoW3kaee6507carhXJbhcKzdSJgFuXPvgquiSnR5ZBGGBun+YQHpXD8P?= =?us-ascii?Q?o4cY/KnwHItWLdOg+DvcFCDCigQ0g7+iuvctP5QxDjyFhqHtlqeQTxU37nzR?= =?us-ascii?Q?GqDHfo8ABy+6k4QI1q9OBl4fA2i3YTdlzh10Ah7c/5wc/rXPGe3gNJyuLoqT?= =?us-ascii?Q?iVQWebty0DkC43xUCvgYCBEMsmF0gpjch9Dc3zS4M02r2cIAbt5iXaylidPH?= =?us-ascii?Q?7FPMnYKODXWR3NPKdzeRb+4htZMLBAONSz0g9cyc/yNZ2sfgd/Kl2Gfw8uvK?= =?us-ascii?Q?3BYD9iVzKg=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4945.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 693be22b-4506-4e1d-cb9d-08da24238a1e X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Apr 2022 05:47:08.5919 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: CvBc+gGuya/hjTlJ04VuLhrIIO/SsJnJAZzLf4u5CifP1hKz5I1d8d4+oKrm+ipQrzhpI54uE8egjFrWC4bIMg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB0071 Return-Path: jian.j.wang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable It looks good to me. Thanks for fixing it. Reviewed-by: Jian J Wang Regards, Jian > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Kun Qin > Sent: Wednesday, March 16, 2022 12:00 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Dong, Eric ;= Ni, > Ray ; Wang, Jian J ; Gao, Liming > > Subject: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: PiSmmCore: Inspect > memory guarded with pool headers >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3488 >=20 > Current free pool routine from PiSmmCore will inspect memory guard status > for target buffer without considering pool headers. This could lead to > `IsMemoryGuarded` function to return incorrect results. >=20 > In that sense, allocating a 0 sized pool could cause an allocated buffer > directly points into a guard page, which is legal. However, trying to > free this pool will cause the routine changed in this commit to read XP > pages, which leads to page fault. >=20 > This change will inspect memory guarded with pool headers. This can avoid > errors when a pool content happens to be on a page boundary. >=20 > Cc: Jiewen Yao > Cc: Eric Dong > Cc: Ray Ni > Cc: Jian J Wang > Cc: Liming Gao >=20 > Signed-off-by: Kun Qin > --- > MdeModulePkg/Core/PiSmmCore/Pool.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) >=20 > diff --git a/MdeModulePkg/Core/PiSmmCore/Pool.c > b/MdeModulePkg/Core/PiSmmCore/Pool.c > index 96ebe811c669..e1ff40a8ea55 100644 > --- a/MdeModulePkg/Core/PiSmmCore/Pool.c > +++ b/MdeModulePkg/Core/PiSmmCore/Pool.c > @@ -382,11 +382,6 @@ SmmInternalFreePool ( > return EFI_INVALID_PARAMETER; > } >=20 > - MemoryGuarded =3D IsHeapGuardEnabled () && > - IsMemoryGuarded ((EFI_PHYSICAL_ADDRESS)(UINTN)Buffer); > - HasPoolTail =3D !(MemoryGuarded && > - ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) =3D=3D 0)= ); > - > FreePoolHdr =3D (FREE_POOL_HEADER *)((POOL_HEADER *)Buffer - 1); > ASSERT (FreePoolHdr->Header.Signature =3D=3D POOL_HEAD_SIGNATURE); > ASSERT (!FreePoolHdr->Header.Available); > @@ -394,6 +389,11 @@ SmmInternalFreePool ( > return EFI_INVALID_PARAMETER; > } >=20 > + MemoryGuarded =3D IsHeapGuardEnabled () && > + IsMemoryGuarded ((EFI_PHYSICAL_ADDRESS)(UINTN)FreePool= Hdr); > + HasPoolTail =3D !(MemoryGuarded && > + ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) =3D=3D 0)= ); > + > if (HasPoolTail) { > PoolTail =3D HEAD_TO_TAIL (&FreePoolHdr->Header); > ASSERT (PoolTail->Signature =3D=3D POOL_TAIL_SIGNATURE); > -- > 2.35.1.windows.2 >=20 >=20 >=20 >=20 >=20