On 2018/10/24 13:26, Jian J Wang wrote:
v3 changes:
a. split from v2 #1 patch file.
b. refine the commit message and title.
UAF (Use-After-Free) memory issue is kind of illegal access to memory
which has been freed. It can be detected by a new freed-memory guard
enforced onto freed memory.
BIT4 of following PCD is used to enable the freed-memory guard feature.
gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask
Please note this feature is for debug purpose and should not be enabled
Suggest also adding this information into the PCD description.
Pool/page heap guard also has same condition, right?
If yes, we can have a generic sentence for whole PCD.
With this addressed, Reviewed-by: Star Zeng <[email protected]>.
Thanks,
Star
in product BIOS, and cannot be enabled with pool/page heap guard at the
same time. It's disabled by default.
Cc: Star Zeng <[email protected]>
Cc: Michael D Kinney <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Ruiyu Ni <[email protected]>
Cc: Laszlo Ersek <[email protected]>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <[email protected]>
---
MdeModulePkg/MdeModulePkg.dec | 6 ++++++
MdeModulePkg/MdeModulePkg.uni | 4 +++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 2009dbc5fd..255b92ea67 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1011,14 +1011,20 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType|0x0|UINT64|0x30001053
## This mask is to control Heap Guard behavior.
+ #
# Note that due to the limit of pool memory implementation and the alignment
# requirement of UEFI spec, BIT7 is a try-best setting which cannot
guarantee
# that the returned pool is exactly adjacent to head guard page or tail
guard
# page.
+ #
+ # Note that UEFI freed-memory guard and pool/page guard cannot be enabled
+ # at the same time.
+ #
# BIT0 - Enable UEFI page guard.<BR>
# BIT1 - Enable UEFI pool guard.<BR>
# BIT2 - Enable SMM page guard.<BR>
# BIT3 - Enable SMM pool guard.<BR>
+ # BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory
detection).<BR>
# BIT6 - Enable non-stop mode.<BR>
# BIT7 - The direction of Guard Page for Pool Guard.
# 0 - The returned pool is near the tail guard page.<BR>
diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni
index 9d2e473fa9..e72b893509 100644
--- a/MdeModulePkg/MdeModulePkg.uni
+++ b/MdeModulePkg/MdeModulePkg.uni
@@ -1227,11 +1227,13 @@
"Note that due to the limit of pool memory implementation and the
alignment\n"
"requirement of UEFI spec, BIT7 is a try-best setting which cannot
guarantee\n"
"that the returned pool is exactly adjacent to head guard page or tail
guard\n"
-
"page.\n"
+
"page.\n\n"
+
"Note that UEFI freed-memory guard and pool/page guard cannot be enabled at the
same time.\n\n"
" BIT0 - Enable UEFI page guard.<BR>\n"
" BIT1 - Enable UEFI pool guard.<BR>\n"
" BIT2 - Enable SMM page guard.<BR>\n"
" BIT3 - Enable SMM pool guard.<BR>\n"
+
" BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory
detection).<BR>\n"
" BIT7 - The direction of Guard Page for Pool Guard.\n"
" 0 - The returned pool is near the tail guard page.<BR>\n"
" 1 - The returned pool is near the head guard page.<BR>"
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel
