summaryrefslogtreecommitdiff
path: root/MdeModulePkg
diff options
context:
space:
mode:
authorJian J Wang <jian.j.wang@intel.com>2017-12-11 09:32:27 +0800
committerStar Zeng <star.zeng@intel.com>2017-12-13 11:42:57 +0800
commit38d870fc4e9b5a1896c98d12947713fb7b4b9ac4 (patch)
tree1f18804827a12a1d3f1d7d7bb92803fe12323113 /MdeModulePkg
parent6cf0a677a992a86b117e0b9ff3cff62077a29903 (diff)
downloadedk2-38d870fc4e9b5a1896c98d12947713fb7b4b9ac4.zip
edk2-38d870fc4e9b5a1896c98d12947713fb7b4b9ac4.tar.gz
edk2-38d870fc4e9b5a1896c98d12947713fb7b4b9ac4.tar.bz2
MdeModulePkg/PiSmmCore: Fix issues in Heap Guard
One issue is that macros defined in HeapGuard.h GUARD_HEAP_TYPE_PAGE GUARD_HEAP_TYPE_POOL doesn't match the definition of PCD PcdHeapGuardPropertyMask in MdeModulePkg.dec. This patch fixed it by exchanging the BIT0 and BIT1 of them. Another is that method AdjustMemoryF() will return a bigger NumberOfPages than the value passed in. This is caused by counting twice of a shared Guard page which can be used for both head and tail Guard of the memory before it and after it. This happens only when partially freeing just one page in the middle of a bunch of allocated pages. The freed page should be turned into a new Guard page. Cc: Jie Lin <jie.lin@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
Diffstat (limited to 'MdeModulePkg')
-rw-r--r--MdeModulePkg/Core/PiSmmCore/HeapGuard.c91
-rw-r--r--MdeModulePkg/Core/PiSmmCore/HeapGuard.h4
2 files changed, 76 insertions, 19 deletions
diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
index 1d5fb8c..04fa174 100644
--- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
+++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
@@ -776,6 +776,7 @@ UnsetGuardForMemory (
)
{
EFI_PHYSICAL_ADDRESS GuardPage;
+ UINT64 GuardBitmap;
if (NumberOfPages == 0) {
return;
@@ -784,16 +785,29 @@ UnsetGuardForMemory (
//
// Head Guard must be one page before, if any.
//
+ // MSB-> 1 0 <-LSB
+ // -------------------
+ // Head Guard -> 0 1 -> Don't free Head Guard (shared Guard)
+ // Head Guard -> 0 0 -> Free Head Guard either (not shared Guard)
+ // 1 X -> Don't free first page (need a new Guard)
+ // (it'll be turned into a Guard page later)
+ // -------------------
+ // Start -> -1 -2
+ //
GuardPage = Memory - EFI_PAGES_TO_SIZE (1);
- if (IsHeadGuard (GuardPage)) {
- if (!IsMemoryGuarded (GuardPage - EFI_PAGES_TO_SIZE (1))) {
+ GuardBitmap = GetGuardedMemoryBits (Memory - EFI_PAGES_TO_SIZE (2), 2);
+ if ((GuardBitmap & BIT1) == 0) {
+ //
+ // Head Guard exists.
+ //
+ if ((GuardBitmap & BIT0) == 0) {
//
// If the head Guard is not a tail Guard of adjacent memory block,
// unset it.
//
UnsetGuardPage (GuardPage);
}
- } else if (IsMemoryGuarded (GuardPage)) {
+ } else {
//
// Pages before memory to free are still in Guard. It's a partial free
// case. Turn first page of memory block to free into a new Guard.
@@ -804,16 +818,29 @@ UnsetGuardForMemory (
//
// Tail Guard must be the page after this memory block to free, if any.
//
+ // MSB-> 1 0 <-LSB
+ // --------------------
+ // 1 0 <- Tail Guard -> Don't free Tail Guard (shared Guard)
+ // 0 0 <- Tail Guard -> Free Tail Guard either (not shared Guard)
+ // X 1 -> Don't free last page (need a new Guard)
+ // (it'll be turned into a Guard page later)
+ // --------------------
+ // +1 +0 <- End
+ //
GuardPage = Memory + EFI_PAGES_TO_SIZE (NumberOfPages);
- if (IsTailGuard (GuardPage)) {
- if (!IsMemoryGuarded (GuardPage + EFI_PAGES_TO_SIZE (1))) {
+ GuardBitmap = GetGuardedMemoryBits (GuardPage, 2);
+ if ((GuardBitmap & BIT0) == 0) {
+ //
+ // Tail Guard exists.
+ //
+ if ((GuardBitmap & BIT1) == 0) {
//
// If the tail Guard is not a head Guard of adjacent memory block,
// free it; otherwise, keep it.
//
UnsetGuardPage (GuardPage);
}
- } else if (IsMemoryGuarded (GuardPage)) {
+ } else {
//
// Pages after memory to free are still in Guard. It's a partial free
// case. We need to keep one page to be a head Guard.
@@ -903,6 +930,7 @@ AdjustMemoryF (
EFI_PHYSICAL_ADDRESS Start;
EFI_PHYSICAL_ADDRESS MemoryToTest;
UINTN PagesToFree;
+ UINT64 GuardBitmap;
if (Memory == NULL || NumberOfPages == NULL || *NumberOfPages == 0) {
return;
@@ -914,9 +942,22 @@ AdjustMemoryF (
//
// Head Guard must be one page before, if any.
//
- MemoryToTest = Start - EFI_PAGES_TO_SIZE (1);
- if (IsHeadGuard (MemoryToTest)) {
- if (!IsMemoryGuarded (MemoryToTest - EFI_PAGES_TO_SIZE (1))) {
+ // MSB-> 1 0 <-LSB
+ // -------------------
+ // Head Guard -> 0 1 -> Don't free Head Guard (shared Guard)
+ // Head Guard -> 0 0 -> Free Head Guard either (not shared Guard)
+ // 1 X -> Don't free first page (need a new Guard)
+ // (it'll be turned into a Guard page later)
+ // -------------------
+ // Start -> -1 -2
+ //
+ MemoryToTest = Start - EFI_PAGES_TO_SIZE (2);
+ GuardBitmap = GetGuardedMemoryBits (MemoryToTest, 2);
+ if ((GuardBitmap & BIT1) == 0) {
+ //
+ // Head Guard exists.
+ //
+ if ((GuardBitmap & BIT0) == 0) {
//
// If the head Guard is not a tail Guard of adjacent memory block,
// free it; otherwise, keep it.
@@ -924,10 +965,10 @@ AdjustMemoryF (
Start -= EFI_PAGES_TO_SIZE (1);
PagesToFree += 1;
}
- } else if (IsMemoryGuarded (MemoryToTest)) {
+ } else {
//
- // Pages before memory to free are still in Guard. It's a partial free
- // case. We need to keep one page to be a tail Guard.
+ // No Head Guard, and pages before memory to free are still in Guard. It's a
+ // partial free case. We need to keep one page to be a tail Guard.
//
Start += EFI_PAGES_TO_SIZE (1);
PagesToFree -= 1;
@@ -936,19 +977,32 @@ AdjustMemoryF (
//
// Tail Guard must be the page after this memory block to free, if any.
//
+ // MSB-> 1 0 <-LSB
+ // --------------------
+ // 1 0 <- Tail Guard -> Don't free Tail Guard (shared Guard)
+ // 0 0 <- Tail Guard -> Free Tail Guard either (not shared Guard)
+ // X 1 -> Don't free last page (need a new Guard)
+ // (it'll be turned into a Guard page later)
+ // --------------------
+ // +1 +0 <- End
+ //
MemoryToTest = Start + EFI_PAGES_TO_SIZE (PagesToFree);
- if (IsTailGuard (MemoryToTest)) {
- if (!IsMemoryGuarded (MemoryToTest + EFI_PAGES_TO_SIZE (1))) {
+ GuardBitmap = GetGuardedMemoryBits (MemoryToTest, 2);
+ if ((GuardBitmap & BIT0) == 0) {
+ //
+ // Tail Guard exists.
+ //
+ if ((GuardBitmap & BIT1) == 0) {
//
// If the tail Guard is not a head Guard of adjacent memory block,
// free it; otherwise, keep it.
//
PagesToFree += 1;
}
- } else if (IsMemoryGuarded (MemoryToTest)) {
+ } else if (PagesToFree > 0) {
//
- // Pages after memory to free are still in Guard. It's a partial free
- // case. We need to keep one page to be a head Guard.
+ // No Tail Guard, and pages after memory to free are still in Guard. It's a
+ // partial free case. We need to keep one page to be a head Guard.
//
PagesToFree -= 1;
}
@@ -1146,6 +1200,9 @@ SmmInternalFreePagesExWithGuard (
AdjustMemoryF (&MemoryToFree, &PagesToFree);
UnsetGuardForMemory (Memory, NumberOfPages);
+ if (PagesToFree == 0) {
+ return EFI_SUCCESS;
+ }
return SmmInternalFreePagesEx (MemoryToFree, PagesToFree, AddRegion);
}
diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.h b/MdeModulePkg/Core/PiSmmCore/HeapGuard.h
index a6f92a2..3e4b2a4 100644
--- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.h
+++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.h
@@ -160,8 +160,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// Memory type to guard (matching the related PCD definition)
//
-#define GUARD_HEAP_TYPE_POOL BIT2
-#define GUARD_HEAP_TYPE_PAGE BIT3
+#define GUARD_HEAP_TYPE_PAGE BIT2
+#define GUARD_HEAP_TYPE_POOL BIT3
//
// Debug message level