UefiTestingPkg: DxePagingAuditTestApp Fix Inaccessible Memory Test

Security.Misc.MemoryOutsideEfiMemoryMapIsInaccessible was failing because it was not checking the return status of ValidateRegionAttributes, which could return EFI_NO_MAPPING to indicate a given range was not in the page table. There are two independent criteria that can be satisfied to indicate that a region is inaccessible: it is marked EFI_MEMORY_RP or it is not mapped in the page table. This test was only checking the first case and not the second case. With this update it now correctly checks both cases.
microsoft · Jul 23, 2024 · 69e9464 · 69e9464
1 parent 9467126
commit 69e9464
Showing 1 changed file with 37 additions and 30 deletions.
diff --git a/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/App/DxePagingAuditTestApp.c b/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/App/DxePagingAuditTestApp.c
@@ -1370,6 +1370,7 @@ MemoryOutsideEfiMemoryMapIsInaccessible (
   EFI_MEMORY_DESCRIPTOR  *CurrentEfiMemoryMapEntry;
   BOOLEAN                TestFailure;
   EFI_PHYSICAL_ADDRESS   LastMemoryMapEntryEnd;
+  EFI_STATUS             Status;
 
   DEBUG ((DEBUG_INFO, "%a Enter...\n", __FUNCTION__));
 
@@ -1388,16 +1389,18 @@ MemoryOutsideEfiMemoryMapIsInaccessible (
   CurrentEfiMemoryMapEntry = mEfiMemoryMap;
 
   if (CurrentEfiMemoryMapEntry->PhysicalStart > StartOfAddressSpace) {
-    if (!ValidateRegionAttributes (
-           &mMap,
-           StartOfAddressSpace,
-           CurrentEfiMemoryMapEntry->PhysicalStart - StartOfAddressSpace,
-           EFI_MEMORY_RP,
-           TRUE,
-           TRUE,
-           TRUE
-           ))
-    {
+    Status = ValidateRegionAttributes (
+               &mMap,
+               StartOfAddressSpace,
+               CurrentEfiMemoryMapEntry->PhysicalStart - StartOfAddressSpace,
+               EFI_MEMORY_RP,
+               TRUE,
+               TRUE,
+               TRUE
+               );
+
+    // Inaccessible could mean EFI_MEMORY_RP or completely unmapped in page table
+    if (EFI_ERROR (Status) && (Status != EFI_NO_MAPPING)) {
       TestFailure = TRUE;
     }
   }
@@ -1408,16 +1411,18 @@ MemoryOutsideEfiMemoryMapIsInaccessible (
 
   while ((UINTN)CurrentEfiMemoryMapEntry < (UINTN)EndOfEfiMemoryMap) {
     if (CurrentEfiMemoryMapEntry->PhysicalStart > LastMemoryMapEntryEnd) {
-      if (!ValidateRegionAttributes (
-             &mMap,
-             LastMemoryMapEntryEnd,
-             CurrentEfiMemoryMapEntry->PhysicalStart - LastMemoryMapEntryEnd,
-             EFI_MEMORY_RP,
-             TRUE,
-             TRUE,
-             TRUE
-             ))
-      {
+      Status = ValidateRegionAttributes (
+                 &mMap,
+                 LastMemoryMapEntryEnd,
+                 CurrentEfiMemoryMapEntry->PhysicalStart - LastMemoryMapEntryEnd,
+                 EFI_MEMORY_RP,
+                 TRUE,
+                 TRUE,
+                 TRUE
+                 );
+
+      // Inaccessible could mean EFI_MEMORY_RP or completely unmapped in page table
+      if (EFI_ERROR (Status) && (Status != EFI_NO_MAPPING)) {
         TestFailure = TRUE;
       }
     }
@@ -1428,16 +1433,18 @@ MemoryOutsideEfiMemoryMapIsInaccessible (
   }
 
   if (LastMemoryMapEntryEnd < EndOfAddressSpace) {
-    if (!ValidateRegionAttributes (
-           &mMap,
-           LastMemoryMapEntryEnd,
-           EndOfAddressSpace - LastMemoryMapEntryEnd,
-           EFI_MEMORY_RP,
-           TRUE,
-           TRUE,
-           TRUE
-           ))
-    {
+    Status = ValidateRegionAttributes (
+               &mMap,
+               LastMemoryMapEntryEnd,
+               EndOfAddressSpace - LastMemoryMapEntryEnd,
+               EFI_MEMORY_RP,
+               TRUE,
+               TRUE,
+               TRUE
+               );
+
+    // Inaccessible could mean EFI_MEMORY_RP or completely unmapped in page table
+    if (EFI_ERROR (Status) && (Status != EFI_NO_MAPPING)) {
       TestFailure = TRUE;
     }
   }