Protection for stack and heap

The [UEFI] specification allows

"Stack may be marked as non-executable in identity mapped page tables."

As such, we set up the NX stack (https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c, CreateIdentityMappingPageTables()).

The heap protection is based upon the policy, because we already observed some unexpected usage in [[MemMap][1]] white paper. A platform needs to configure a PCD PcdDxeNxMemoryProtectionPolicy

(https://github.com/tianocore/edk2/blob/master/MdeModulePkg/MdeModulePkg.dec) to indicate which type of memory can be set to NX in the page table. The DxeCore ApplyMemoryProtectionPolicy() (https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c) consumes the PCD after the memory allocation service and sets NX attribute for the allocated memory by using CPU_ARCH protocol.

Before CPU_ARCH protocol is ready, the protection takes no effect. In CPU_ARCH callback function – MemoryProtectionCpuArchProtocolNotify()(https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c), the InitializeDxeNxMemoryProtectionPolicy() is called to get current memory map and setup the NX protection.

In addition, we may use some special techniques, such as the guard page, to apply the protection for the allocated memory in order to detect a buffer overflow. This is discussed in [SecurityEnhancement] white paper.

Protection for stack and heap UEFI

Protection for stack and heap

results matching ""

No results matching ""