summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
9b17c65)
Considering following scenario (both NX memory protection and heap guard
are enabled):
1. Allocate 3 pages. The attributes of adjacent memory pages will be
|NOT-PRESENT| present | present | present |NOT-PRESENT|
2. Free the middle page. The attributes of adjacent memory pages should be
|NOT-PRESENT| present |NOT-PRESENT| present |NOT-PRESENT|
But the NX feature will overwrite the attributes of middle page. So it
looks still like below, which is wrong.
|NOT-PRESENT| present | PRESENT | present |NOT-PRESENT|
The solution is checking the first and/or last page of a memory block to be
marked as NX, and skipping them if they are Guard pages.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
return IsMemoryTypeToGuard (MemoryType, AllocateType, GUARD_HEAP_TYPE_PAGE);\r
}\r
\r
return IsMemoryTypeToGuard (MemoryType, AllocateType, GUARD_HEAP_TYPE_PAGE);\r
}\r
\r
+/**\r
+ Check to see if the heap guard is enabled for page and/or pool allocation.\r
+\r
+ @return TRUE/FALSE.\r
+**/\r
+BOOLEAN\r
+IsHeapGuardEnabled (\r
+ VOID\r
+ )\r
+{\r
+ return IsMemoryTypeToGuard (EfiMaxMemoryType, AllocateAnyPages,\r
+ GUARD_HEAP_TYPE_POOL|GUARD_HEAP_TYPE_PAGE);\r
+}\r
+\r
/**\r
Set head Guard and tail Guard for the given memory range.\r
\r
/**\r
Set head Guard and tail Guard for the given memory range.\r
\r
IN EFI_PHYSICAL_ADDRESS Memory\r
);\r
\r
IN EFI_PHYSICAL_ADDRESS Memory\r
);\r
\r
+/**\r
+ Check to see if the heap guard is enabled for page and/or pool allocation.\r
+\r
+ @return TRUE/FALSE.\r
+**/\r
+BOOLEAN\r
+IsHeapGuardEnabled (\r
+ VOID\r
+ );\r
+\r
extern BOOLEAN mOnGuarding;\r
\r
#endif\r
extern BOOLEAN mOnGuarding;\r
\r
#endif\r
#include <Protocol/SimpleFileSystem.h>\r
\r
#include "DxeMain.h"\r
#include <Protocol/SimpleFileSystem.h>\r
\r
#include "DxeMain.h"\r
+#include "Mem/HeapGuard.h"\r
\r
#define CACHE_ATTRIBUTE_MASK (EFI_MEMORY_UC | EFI_MEMORY_WC | EFI_MEMORY_WT | EFI_MEMORY_WB | EFI_MEMORY_UCE | EFI_MEMORY_WP)\r
#define MEMORY_ATTRIBUTE_MASK (EFI_MEMORY_RP | EFI_MEMORY_XP | EFI_MEMORY_RO)\r
\r
#define CACHE_ATTRIBUTE_MASK (EFI_MEMORY_UC | EFI_MEMORY_WC | EFI_MEMORY_WT | EFI_MEMORY_WB | EFI_MEMORY_UCE | EFI_MEMORY_WP)\r
#define MEMORY_ATTRIBUTE_MASK (EFI_MEMORY_RP | EFI_MEMORY_XP | EFI_MEMORY_RO)\r
return EFI_SUCCESS;\r
}\r
\r
return EFI_SUCCESS;\r
}\r
\r
+ //\r
+ // Don't overwrite Guard pages, which should be the first and/or last page,\r
+ // if any.\r
+ //\r
+ if (IsHeapGuardEnabled ()) {\r
+ if (IsGuardPage (Memory)) {\r
+ Memory += EFI_PAGE_SIZE;\r
+ Length -= EFI_PAGE_SIZE;\r
+ if (Length == 0) {\r
+ return EFI_SUCCESS;\r
+ }\r
+ }\r
+\r
+ if (IsGuardPage (Memory + Length - EFI_PAGE_SIZE)) {\r
+ Length -= EFI_PAGE_SIZE;\r
+ if (Length == 0) {\r
+ return EFI_SUCCESS;\r
+ }\r
+ }\r
+ }\r
+\r
//\r
// Update the executable permissions according to the DXE memory\r
// protection policy, but only if\r
//\r
// Update the executable permissions according to the DXE memory\r
// protection policy, but only if\r