Re: [edk2] [PATCH 1/5] ArmPkg/ArmMmuLib AARCH64: fix out of bounds access
On Mon, 14 Jan 2019 at 13:00, Leif Lindholm wrote: > > On Mon, Jan 07, 2019 at 08:15:00AM +0100, Ard Biesheuvel wrote: > > Take care not to dereference BlockEntry if it may be pointing past > > the end of the page table we are manipulating. It is only a read, > > and thus harmless, but HeapGuard triggers on it so let's fix it. > > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > Signed-off-by: Ard Biesheuvel > > Reviewed-by: Leif Lindholm > Thanks Pushed as d08575759e5a..76c23f9e0d0d > > --- > > ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c > > b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c > > index e41044142ef4..d66df3e17a02 100644 > > --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c > > +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c > > @@ -382,7 +382,7 @@ UpdateRegionMapping ( > > > >// Break the inner loop when next block is a table > >// Rerun GetBlockEntryListFromAddress to avoid page table memory leak > > - if (TableLevel != 3 && > > + if (TableLevel != 3 && BlockEntry <= LastBlockEntry && > >(*BlockEntry & TT_TYPE_MASK) == TT_TYPE_TABLE_ENTRY) { > > break; > >} > > -- > > 2.20.1 > > ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 1/5] ArmPkg/ArmMmuLib AARCH64: fix out of bounds access
On Mon, Jan 07, 2019 at 08:15:00AM +0100, Ard Biesheuvel wrote: > Take care not to dereference BlockEntry if it may be pointing past > the end of the page table we are manipulating. It is only a read, > and thus harmless, but HeapGuard triggers on it so let's fix it. > > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm > --- > ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c > b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c > index e41044142ef4..d66df3e17a02 100644 > --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c > +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c > @@ -382,7 +382,7 @@ UpdateRegionMapping ( > >// Break the inner loop when next block is a table >// Rerun GetBlockEntryListFromAddress to avoid page table memory leak > - if (TableLevel != 3 && > + if (TableLevel != 3 && BlockEntry <= LastBlockEntry && >(*BlockEntry & TT_TYPE_MASK) == TT_TYPE_TABLE_ENTRY) { > break; >} > -- > 2.20.1 > ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH 1/5] ArmPkg/ArmMmuLib AARCH64: fix out of bounds access
Take care not to dereference BlockEntry if it may be pointing past the end of the page table we are manipulating. It is only a read, and thus harmless, but HeapGuard triggers on it so let's fix it. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel --- ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c index e41044142ef4..d66df3e17a02 100644 --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c @@ -382,7 +382,7 @@ UpdateRegionMapping ( // Break the inner loop when next block is a table // Rerun GetBlockEntryListFromAddress to avoid page table memory leak - if (TableLevel != 3 && + if (TableLevel != 3 && BlockEntry <= LastBlockEntry && (*BlockEntry & TT_TYPE_MASK) == TT_TYPE_TABLE_ENTRY) { break; } -- 2.20.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel