From nobody Sun May  5 07:20:20 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 1520908498726907.7107770571112;
 Mon, 12 Mar 2018 19:34:58 -0700 (PDT)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id DBD572249275B;
	Mon, 12 Mar 2018 19:28:35 -0700 (PDT)
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 3663822492750
 for <edk2-devel@lists.01.org>; Mon, 12 Mar 2018 19:28:34 -0700 (PDT)
Received: from orsmga001.jf.intel.com ([10.7.209.18])
 by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 12 Mar 2018 19:34:55 -0700
Received: from jwang36-mobl2.ccr.corp.intel.com ([10.239.192.32])
 by orsmga001.jf.intel.com with ESMTP; 12 Mar 2018 19:34:53 -0700
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.136; helo=mga12.intel.com;
 envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.47,463,1515484800"; d="scan'208";a="38224896"
From: Jian J Wang <jian.j.wang@intel.com>
To: edk2-devel@lists.01.org
Date: Tue, 13 Mar 2018 10:34:50 +0800
Message-Id: <20180313023450.18336-1-jian.j.wang@intel.com>
X-Mailer: git-send-email 2.15.1.windows.2
Subject: [edk2] [PATCH] MdeModulePkg/Core: fix mem alloc issues in heap guard
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Jiewen Yao <jiewen.yao@intel.com>, Eric Dong <eric.dong@intel.com>,
 Star Zeng <star.zeng@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

There're two ASSERT issues which will be triggered by boot loader of
Windows 10.

The first is caused by allocating memory in heap guard during another
memory allocation, which is not allowed in DXE core. Avoiding reentry
of memory allocation has been considered in heap guard feature. But
there's a hole in the code of function FindGuardedMemoryMap(). The fix
is adding AllocMapUnit parameter in the condition of while(), which
will prevent memory allocation from happenning during Guard page
check operation.

The second is caused by the core trying to allocate page 0 with Guard
page, which will cause the start address rolling back to the end of
supported system address. According to the requirement of heap guard,
the fix is just simply skipping the free memory at page 0 and let
the core continue searching free memory after it.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>

Reviewed-by: Jiewen.yao@intel.com
---
 MdeModulePkg/Core/Dxe/Mem/HeapGuard.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c b/MdeModulePkg/Core/Dxe/=
Mem/HeapGuard.c
index 19245049c2..ac043b5d9b 100644
--- a/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
+++ b/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
@@ -225,8 +225,8 @@ FindGuardedMemoryMap (
   //
   // Adjust current map table depth according to the address to access
   //
-  while (mMapLevel < GUARDED_HEAP_MAP_TABLE_DEPTH
-         &&
+  while (AllocMapUnit &&
+         mMapLevel < GUARDED_HEAP_MAP_TABLE_DEPTH &&
          RShiftU64 (
            Address,
            mLevelShift[GUARDED_HEAP_MAP_TABLE_DEPTH - mMapLevel - 1]
@@ -904,6 +904,10 @@ AdjustMemoryS (
   }
=20
   Target =3D Start + Size - SizeRequested;
+  ASSERT (Target >=3D Start);
+  if (Target =3D=3D 0) {
+    return 0;
+  }
=20
   if (!IsGuardPage (Start + Size)) {
     // No Guard at tail to share. One more page is needed.
--=20
2.16.2.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel