From 5323e918c39a04a872149737096db6ac9408f322 Mon Sep 17 00:00:00 2001 From: Jian J Wang Date: Wed, 24 Oct 2018 10:26:07 +0800 Subject: MdeModulePkg: introduce UEFI freed-memory guard bit in HeapGuard PCD UAF (Use-After-Free) memory issue is kind of illegal access to memory which has been freed. It can be detected by a new freed-memory guard enforced onto freed memory. BIT4 of following PCD is used to enable the freed-memory guard feature. gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask Please note this feature is for debug purpose and should not be enabled in product BIOS, and cannot be enabled with pool/page heap guard at the same time. It's disabled by default. Cc: Star Zeng Cc: Michael D Kinney Cc: Jiewen Yao Cc: Ruiyu Ni Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang Reviewed-by: Star Zeng Reviewed-by: Laszlo Ersek --- MdeModulePkg/MdeModulePkg.uni | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'MdeModulePkg/MdeModulePkg.uni') diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni index 9d2e473fa9..5fa7a6ae30 100644 --- a/MdeModulePkg/MdeModulePkg.uni +++ b/MdeModulePkg/MdeModulePkg.uni @@ -1224,14 +1224,20 @@ #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPropertyMask_PROMPT #language en-US "The Heap Guard feature mask" #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPropertyMask_HELP #language en-US "This mask is to control Heap Guard behavior.\n" - "Note that due to the limit of pool memory implementation and the alignment\n" - "requirement of UEFI spec, BIT7 is a try-best setting which cannot guarantee\n" - "that the returned pool is exactly adjacent to head guard page or tail guard\n" - "page.\n" + " Note:\n" + " a) Heap Guard is for debug purpose and should not be enabled in product" + " BIOS.\n" + " b) Due to the limit of pool memory implementation and the alignment" + " requirement of UEFI spec, BIT7 is a try-best setting which cannot" + " guarantee that the returned pool is exactly adjacent to head guard" + " page or tail guard page.\n" + " c) UEFI freed-memory guard and UEFI pool/page guard cannot be enabled" + " at the same time.\n" " BIT0 - Enable UEFI page guard.
\n" " BIT1 - Enable UEFI pool guard.
\n" " BIT2 - Enable SMM page guard.
\n" " BIT3 - Enable SMM pool guard.
\n" + " BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory detection).
\n" " BIT7 - The direction of Guard Page for Pool Guard.\n" " 0 - The returned pool is near the tail guard page.
\n" " 1 - The returned pool is near the head guard page.
" -- cgit v1.2.3