[v6] Implement heap guard feature

[edk2] [PATCH v6 0/7] Implement heap guard feature

Jian J Wang posted 7 patches 6 years, 5 months ago

Diff against v1 v2 v3 v4 v5
Download series mbox

Failed in applying to current master (apply log)

MdeModulePkg/Core/Dxe/DxeMain.inf                  |    4 +
MdeModulePkg/Core/Dxe/Mem/HeapGuard.c              | 1192 ++++++++++++++++
MdeModulePkg/Core/Dxe/Mem/HeapGuard.h              |  394 ++++++
MdeModulePkg/Core/Dxe/Mem/Imem.h                   |   38 +-
MdeModulePkg/Core/Dxe/Mem/Page.c                   |  130 +-
MdeModulePkg/Core/Dxe/Mem/Pool.c                   |  154 +-
MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c      |    3 +
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf            |    1 +
MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c    |   36 +-
MdeModulePkg/Core/PiSmmCore/HeapGuard.c            | 1467 ++++++++++++++++++++
MdeModulePkg/Core/PiSmmCore/HeapGuard.h            |  398 ++++++
MdeModulePkg/Core/PiSmmCore/Page.c                 |   52 +-
MdeModulePkg/Core/PiSmmCore/PiSmmCore.c            |    7 +-
MdeModulePkg/Core/PiSmmCore/PiSmmCore.h            |   81 +-
MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf          |    6 +
MdeModulePkg/Core/PiSmmCore/Pool.c                 |   81 +-
MdeModulePkg/Include/Protocol/SmmMemoryAttribute.h |  136 ++
MdeModulePkg/MdeModulePkg.dec                      |   60 +
MdeModulePkg/MdeModulePkg.uni                      |   58 +
UefiCpuPkg/CpuDxe/CpuPageTable.c                   |    5 +-
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c           |   10 +
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c         |   20 +
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h         |   98 ++
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf       |    2 +
UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c |  163 +++
UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c            |   15 +-
26 files changed, 4512 insertions(+), 99 deletions(-)
create mode 100644 MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
create mode 100644 MdeModulePkg/Core/Dxe/Mem/HeapGuard.h
create mode 100644 MdeModulePkg/Core/PiSmmCore/HeapGuard.c
create mode 100644 MdeModulePkg/Core/PiSmmCore/HeapGuard.h
create mode 100644 MdeModulePkg/Include/Protocol/SmmMemoryAttribute.h

Expand all Fold all

[edk2] [PATCH v6 0/7] Implement heap guard feature

Posted by Jian J Wang 6 years, 5 months ago

> Patch V6 changes:
> Add sanity check and comments for the use of heap guard and memory
> protection because heap guard might overwrite memory attributes set
> by memory protection.

> Patch V5 changes:
> a. Remove EFI from comment for SMM memory attribute protocol.
> b. Change parameter modifier of GetAttribute from IN to OUT
> c. Add ASSERT to make sure static paging and heap guard are not enabled
>    at the same time
> d. Remove lib and pcd no longer needed from PiSmmCore.inf
> e. Fix duplicate pcd token number


> Pacth V4 changes:
> a. Change names of gEdkiiSmmMemoryAttributeProtocolGuid related
>    definitions from EFI_ to EDKII_
> b. Coding style cleanup
> c. Split patches in a more reasonable order and groups

> Patch V3 changes:
> a. Add new protocol gEdkiiSmmMemoryAttributeProtocolGuid to do
>    memory attributes update instead of doing it directly in SmmCore
> b. Fix GCC build error

> Patch V2 changes:
> a. Remove local variable initializer with memory copy from globals
> b. Change map table dump code to use DEBUG_PAGE|DEBUG_POOL level
>    message 
> c. Fix malfunction in 32-bit boot mode
> d. Add comment for the use of mOnGuarding
> e. Change name of function InitializePageTableLib to 
>    InitializePageTableGlobals
> f. Add code in 32-bit code to bypass setting page table to read-only
> g. Coding style clean-up
>

This feature makes use of paging mechanism to add a hidden (not present)
page just before and after the allocated memory block. If the code tries
to access memory outside of the allocated part, page fault exception will
be triggered.

This feature is disabled by default and is not recommended to enable it
in production build of BIOS.

This patch has passed following validations:

  a. Boot to shell (OVMF, Intel real platform)(32/64)
  b. Boot to Fedora 25 (64)

NT32 emulation platform was not validated with this feature enabled
due to the fact that it doesn't support paging which is needed for
this feature to work. But all are validated with feature is disabled.

Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>

Jian J Wang (7):
  MdeModulePkg/MdeModulePkg.dec,.uni: Add Protocol, PCDs and string
    tokens
  MdeModulePkg/SmmMemoryAttribute.h: Add new protocol definitions
  UefiCpuPkg/CpuDxe: Reduce debug message
  MdeModulePkg/DxeIpl: Enable paging for heap guard
  MdeModulePkg/DxeCore: Implement heap guard feature for UEFI
  UefiCpuPkg/PiSmmCpuDxeSmm: Add SmmMemoryAttribute protocol
  MdeModulePkg/PiSmmCore: Implement heap guard feature for SMM mode

 MdeModulePkg/Core/Dxe/DxeMain.inf                  |    4 +
 MdeModulePkg/Core/Dxe/Mem/HeapGuard.c              | 1192 ++++++++++++++++
 MdeModulePkg/Core/Dxe/Mem/HeapGuard.h              |  394 ++++++
 MdeModulePkg/Core/Dxe/Mem/Imem.h                   |   38 +-
 MdeModulePkg/Core/Dxe/Mem/Page.c                   |  130 +-
 MdeModulePkg/Core/Dxe/Mem/Pool.c                   |  154 +-
 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c      |    3 +
 MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf            |    1 +
 MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c    |   36 +-
 MdeModulePkg/Core/PiSmmCore/HeapGuard.c            | 1467 ++++++++++++++++++++
 MdeModulePkg/Core/PiSmmCore/HeapGuard.h            |  398 ++++++
 MdeModulePkg/Core/PiSmmCore/Page.c                 |   52 +-
 MdeModulePkg/Core/PiSmmCore/PiSmmCore.c            |    7 +-
 MdeModulePkg/Core/PiSmmCore/PiSmmCore.h            |   81 +-
 MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf          |    6 +
 MdeModulePkg/Core/PiSmmCore/Pool.c                 |   81 +-
 MdeModulePkg/Include/Protocol/SmmMemoryAttribute.h |  136 ++
 MdeModulePkg/MdeModulePkg.dec                      |   60 +
 MdeModulePkg/MdeModulePkg.uni                      |   58 +
 UefiCpuPkg/CpuDxe/CpuPageTable.c                   |    5 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c           |   10 +
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c         |   20 +
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h         |   98 ++
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf       |    2 +
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c |  163 +++
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c            |   15 +-
 26 files changed, 4512 insertions(+), 99 deletions(-)
 create mode 100644 MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
 create mode 100644 MdeModulePkg/Core/Dxe/Mem/HeapGuard.h
 create mode 100644 MdeModulePkg/Core/PiSmmCore/HeapGuard.c
 create mode 100644 MdeModulePkg/Core/PiSmmCore/HeapGuard.h
 create mode 100644 MdeModulePkg/Include/Protocol/SmmMemoryAttribute.h

-- 
2.14.1.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel