diff options
| author | Jian J Wang <jian.j.wang@intel.com> | 2017-12-20 16:47:15 +0800 |
|---|---|---|
| committer | Star Zeng <star.zeng@intel.com> | 2017-12-26 18:07:27 +0800 |
| commit | c44218e5f40880e3100bdf4d112672e8dd56b94a (patch) | |
| tree | cc4abdb4e586406d9234ecde2b64b057b2e6e4e1 /MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | |
| parent | 14b351e2ed8586f144dd3cd2e0a25082c1a32837 (diff) | |
| download | edk2-c44218e5f40880e3100bdf4d112672e8dd56b94a.tar.gz edk2-c44218e5f40880e3100bdf4d112672e8dd56b94a.tar.bz2 edk2-c44218e5f40880e3100bdf4d112672e8dd56b94a.zip | |
MdeModulePkg/Core: Fix heap guard issues
Three issues addressed here:
a. Make NX memory protection and heap guard to be compatible
The solution is to check PcdDxeNxMemoryProtectionPolicy in Heap Guard to
see if the free memory should be set to NX, and set the Guard page to NX
before it's freed back to memory pool. This can solve the issue which NX
setting would be overwritten by Heap Guard feature in certain
configuration.
b. Returned pool address was not 8-byte aligned sometimes
This happened only when BIT7 is not set in PcdHeapGuardPropertyMask. Since
8-byte alignment is UEFI spec required, letting allocated pool adjacent to
tail guard page cannot be guaranteed.
c. NULL address handling due to allocation failure
When allocation failure, normally a NULL will be returned. But Heap Guard
code will still try to adjust the starting address of it, which will cause
a non-NULL pointer returned.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Diffstat (limited to 'MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c')
| -rw-r--r-- | MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c index a74cfc137a..862593f562 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c @@ -1070,15 +1070,12 @@ CoreInitializeMemoryProtection ( // - code regions should have no EFI_MEMORY_XP attribute
// - EfiConventionalMemory and EfiBootServicesData should use the
// same attribute
- // - heap guard should not be enabled for the same type of memory
//
ASSERT ((GetPermissionAttributeForMemoryType (EfiBootServicesCode) & EFI_MEMORY_XP) == 0);
ASSERT ((GetPermissionAttributeForMemoryType (EfiRuntimeServicesCode) & EFI_MEMORY_XP) == 0);
ASSERT ((GetPermissionAttributeForMemoryType (EfiLoaderCode) & EFI_MEMORY_XP) == 0);
ASSERT (GetPermissionAttributeForMemoryType (EfiBootServicesData) ==
GetPermissionAttributeForMemoryType (EfiConventionalMemory));
- ASSERT ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & PcdGet64 (PcdHeapGuardPoolType)) == 0);
- ASSERT ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & PcdGet64 (PcdHeapGuardPageType)) == 0);
if (mImageProtectionPolicy != 0 || PcdGet64 (PcdDxeNxMemoryProtectionPolicy) != 0) {
Status = CoreCreateEvent (
|