MdeModulePkg: introduce UEFI freed-memory guard bit in HeapGuard PCD

author Jian J Wang <jian.j.wang@intel.com>

Wed, 24 Oct 2018 02:26:07 +0000 (10:26 +0800)

committer Jian J Wang <jian.j.wang@intel.com>

Fri, 26 Oct 2018 02:27:20 +0000 (10:27 +0800)
author Jian J Wang <jian.j.wang@intel.com>
Wed, 24 Oct 2018 02:26:07 +0000 (10:26 +0800)
committer Jian J Wang <jian.j.wang@intel.com>
Fri, 26 Oct 2018 02:27:20 +0000 (10:27 +0800)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec

index 2009dbc5fd5207e071c27a823412c6fdc180e45f..428eeeb670449499f5e31f1529b886dbca107725 100644 (file)
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1011,14 +1011,22 @@
    gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType|0x0|UINT64|0x30001053\r
  \r
    ## This mask is to control Heap Guard behavior.\r
-  # Note that due to the limit of pool memory implementation and the alignment\r
-  # requirement of UEFI spec, BIT7 is a try-best setting which cannot guarantee\r
-  # that the returned pool is exactly adjacent to head guard page or tail guard\r
-  # page.\r
+  #\r
+  # Note:\r
+  #   a) Heap Guard is for debug purpose and should not be enabled in product\r
+  #      BIOS.\r
+  #   b) Due to the limit of pool memory implementation and the alignment\r
+  #      requirement of UEFI spec, BIT7 is a try-best setting which cannot\r
+  #      guarantee that the returned pool is exactly adjacent to head guard\r
+  #      page or tail guard page.\r
+  #   c) UEFI freed-memory guard and UEFI pool/page guard cannot be enabled\r
+  #      at the same time.\r
+  #\r
    #   BIT0 - Enable UEFI page guard.<BR>\r
    #   BIT1 - Enable UEFI pool guard.<BR>\r
    #   BIT2 - Enable SMM page guard.<BR>\r
    #   BIT3 - Enable SMM pool guard.<BR>\r
+  #   BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory detection).<BR>\r
    #   BIT6 - Enable non-stop mode.<BR>\r
    #   BIT7 - The direction of Guard Page for Pool Guard.\r
    #          0 - The returned pool is near the tail guard page.<BR>\r
diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni

index 9d2e473fa974225c843b5f1e5e801d8a3771c797..5fa7a6ae30cc96068d75dc3c05a27f4741e05dc5 100644 (file)
--- a/MdeModulePkg/MdeModulePkg.uni
+++ b/MdeModulePkg/MdeModulePkg.uni
@@ -1224,14 +1224,20 @@
  #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPropertyMask_PROMPT  #language en-US "The Heap Guard feature mask"\r
  \r
  #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPropertyMask_HELP    #language en-US "This mask is to control Heap Guard behavior.\n"\r
-                                                                                            "Note that due to the limit of pool memory implementation and the alignment\n"\r
-                                                                                            "requirement of UEFI spec, BIT7 is a try-best setting which cannot guarantee\n"\r
-                                                                                            "that the returned pool is exactly adjacent to head guard page or tail guard\n"\r
-                                                                                            "page.\n"\r
+                                                                                            " Note:\n"\r
+                                                                                            "   a) Heap Guard is for debug purpose and should not be enabled in product"\r
+                                                                                            "      BIOS.\n"\r
+                                                                                            "   b) Due to the limit of pool memory implementation and the alignment"\r
+                                                                                            "      requirement of UEFI spec, BIT7 is a try-best setting which cannot"\r
+                                                                                            "      guarantee that the returned pool is exactly adjacent to head guard"\r
+                                                                                            "      page or tail guard page.\n"\r
+                                                                                            "   c) UEFI freed-memory guard and UEFI pool/page guard cannot be enabled"\r
+                                                                                            "      at the same time.\n"\r
                                                                                              "   BIT0 - Enable UEFI page guard.<BR>\n"\r
                                                                                              "   BIT1 - Enable UEFI pool guard.<BR>\n"\r
                                                                                              "   BIT2 - Enable SMM page guard.<BR>\n"\r
                                                                                              "   BIT3 - Enable SMM pool guard.<BR>\n"\r
+                                                                                            "   BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory detection).<BR>\n"\r
                                                                                              "   BIT7 - The direction of Guard Page for Pool Guard.\n"\r
                                                                                              "          0 - The returned pool is near the tail guard page.<BR>\n"\r
                                                                                              "          1 - The returned pool is near the head guard page.<BR>"\r
author	Jian J Wang <jian.j.wang@intel.com>
	Wed, 24 Oct 2018 02:26:07 +0000 (10:26 +0800)
committer	Jian J Wang <jian.j.wang@intel.com>
	Fri, 26 Oct 2018 02:27:20 +0000 (10:27 +0800)
MdeModulePkg/MdeModulePkg.dec		patch \| blob \| blame \| history
MdeModulePkg/MdeModulePkg.uni		patch \| blob \| blame \| history