> v4 changes:
> a. refine PCD description of PcdHeapGuardPropertyMask
UAF (Use-After-Free) memory issue is kind of illegal access to memory
which has been freed. It can be detected by a new freed-memory guard
enforced onto freed memory.
BIT4 of following PCD is used to enable the freed-memory guard feature.
gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask
Please note this feature is for debug purpose and should not be enabled
in product BIOS, and cannot be enabled with pool/page heap guard at the
same time. It's disabled by default.
Cc: Star Zeng <star.z...@intel.com>
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Ruiyu Ni <ruiyu...@intel.com>
Cc: Laszlo Ersek <ler...@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.w...@intel.com>
---
MdeModulePkg/MdeModulePkg.dec | 16 ++++++++++++----
MdeModulePkg/MdeModulePkg.uni | 14 ++++++++++----
2 files changed, 22 insertions(+), 8 deletions(-)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 2009dbc5fd..428eeeb670 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1011,14 +1011,22 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType|0x0|UINT64|0x30001053
## This mask is to control Heap Guard behavior.
- # Note that due to the limit of pool memory implementation and the alignment
- # requirement of UEFI spec, BIT7 is a try-best setting which cannot guarantee
- # that the returned pool is exactly adjacent to head guard page or tail guard
- # page.
+ #
+ # Note:
+ # a) Heap Guard is for debug purpose and should not be enabled in product
+ # BIOS.
+ # b) Due to the limit of pool memory implementation and the alignment
+ # requirement of UEFI spec, BIT7 is a try-best setting which cannot
+ # guarantee that the returned pool is exactly adjacent to head guard
+ # page or tail guard page.
+ # c) UEFI freed-memory guard and UEFI pool/page guard cannot be enabled
+ # at the same time.
+ #
# BIT0 - Enable UEFI page guard.<BR>
# BIT1 - Enable UEFI pool guard.<BR>
# BIT2 - Enable SMM page guard.<BR>
# BIT3 - Enable SMM pool guard.<BR>
+ # BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory
detection).<BR>
# BIT6 - Enable non-stop mode.<BR>
# BIT7 - The direction of Guard Page for Pool Guard.
# 0 - The returned pool is near the tail guard page.<BR>
diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni
index 9d2e473fa9..5fa7a6ae30 100644
--- a/MdeModulePkg/MdeModulePkg.uni
+++ b/MdeModulePkg/MdeModulePkg.uni
@@ -1224,14 +1224,20 @@
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPropertyMask_PROMPT
#language en-US "The Heap Guard feature mask"
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPropertyMask_HELP
#language en-US "This mask is to control Heap Guard behavior.\n"
-
"Note that due to the limit of pool memory implementation and the
alignment\n"
-
"requirement of UEFI spec, BIT7 is a try-best setting which cannot
guarantee\n"
-
"that the returned pool is exactly adjacent to head guard page or
tail guard\n"
-
"page.\n"
+
" Note:\n"
+
" a) Heap Guard is for debug purpose and should not be enabled
in product"
+
" BIOS.\n"
+
" b) Due to the limit of pool memory implementation and the
alignment"
+
" requirement of UEFI spec, BIT7 is a try-best setting which
cannot"
+
" guarantee that the returned pool is exactly adjacent to
head guard"
+
" page or tail guard page.\n"
+
" c) UEFI freed-memory guard and UEFI pool/page guard cannot be
enabled"
+
" at the same time.\n"
" BIT0 - Enable UEFI page guard.<BR>\n"
" BIT1 - Enable UEFI pool guard.<BR>\n"
" BIT2 - Enable SMM page guard.<BR>\n"
" BIT3 - Enable SMM pool guard.<BR>\n"
+
" BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory
detection).<BR>\n"
" BIT7 - The direction of Guard Page for Pool Guard.\n"
" 0 - The returned pool is near the tail guard
page.<BR>\n"
" 1 - The returned pool is near the head guard page.<BR>"
--
2.16.2.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
