From 69e9464117eff84e88b9646c0e9c2e95a807fe60 Mon Sep 17 00:00:00 2001
From: Oliver Smith-Denny <osde@microsoft.com>
Date: Tue, 23 Jul 2024 12:51:31 -0700
Subject: [PATCH] UefiTestingPkg: DxePagingAuditTestApp Fix Inaccessible Memory
 Test

Security.Misc.MemoryOutsideEfiMemoryMapIsInaccessible was failing
because it was not checking the return status of
ValidateRegionAttributes, which could return EFI_NO_MAPPING to
indicate a given range was not in the page table. There are two
independent criteria that can be satisfied to indicate that a region
is inaccessible: it is marked EFI_MEMORY_RP or it is not mapped in
the page table. This test was only checking the first case and not
the second case. With this update it now correctly checks both
cases.
---
 .../UEFI/Dxe/App/DxePagingAuditTestApp.c      | 67 ++++++++++---------
 1 file changed, 37 insertions(+), 30 deletions(-)

diff --git a/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/App/DxePagingAuditTestApp.c b/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/App/DxePagingAuditTestApp.c
index 3617bb58ab..fe68ad7dd5 100644
--- a/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/App/DxePagingAuditTestApp.c
+++ b/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/App/DxePagingAuditTestApp.c
@@ -1370,6 +1370,7 @@ MemoryOutsideEfiMemoryMapIsInaccessible (
   EFI_MEMORY_DESCRIPTOR  *CurrentEfiMemoryMapEntry;
   BOOLEAN                TestFailure;
   EFI_PHYSICAL_ADDRESS   LastMemoryMapEntryEnd;
+  EFI_STATUS             Status;
 
   DEBUG ((DEBUG_INFO, "%a Enter...\n", __FUNCTION__));
 
@@ -1388,16 +1389,18 @@ MemoryOutsideEfiMemoryMapIsInaccessible (
   CurrentEfiMemoryMapEntry = mEfiMemoryMap;
 
   if (CurrentEfiMemoryMapEntry->PhysicalStart > StartOfAddressSpace) {
-    if (!ValidateRegionAttributes (
-           &mMap,
-           StartOfAddressSpace,
-           CurrentEfiMemoryMapEntry->PhysicalStart - StartOfAddressSpace,
-           EFI_MEMORY_RP,
-           TRUE,
-           TRUE,
-           TRUE
-           ))
-    {
+    Status = ValidateRegionAttributes (
+               &mMap,
+               StartOfAddressSpace,
+               CurrentEfiMemoryMapEntry->PhysicalStart - StartOfAddressSpace,
+               EFI_MEMORY_RP,
+               TRUE,
+               TRUE,
+               TRUE
+               );
+
+    // Inaccessible could mean EFI_MEMORY_RP or completely unmapped in page table
+    if (EFI_ERROR (Status) && (Status != EFI_NO_MAPPING)) {
       TestFailure = TRUE;
     }
   }
@@ -1408,16 +1411,18 @@ MemoryOutsideEfiMemoryMapIsInaccessible (
 
   while ((UINTN)CurrentEfiMemoryMapEntry < (UINTN)EndOfEfiMemoryMap) {
     if (CurrentEfiMemoryMapEntry->PhysicalStart > LastMemoryMapEntryEnd) {
-      if (!ValidateRegionAttributes (
-             &mMap,
-             LastMemoryMapEntryEnd,
-             CurrentEfiMemoryMapEntry->PhysicalStart - LastMemoryMapEntryEnd,
-             EFI_MEMORY_RP,
-             TRUE,
-             TRUE,
-             TRUE
-             ))
-      {
+      Status = ValidateRegionAttributes (
+                 &mMap,
+                 LastMemoryMapEntryEnd,
+                 CurrentEfiMemoryMapEntry->PhysicalStart - LastMemoryMapEntryEnd,
+                 EFI_MEMORY_RP,
+                 TRUE,
+                 TRUE,
+                 TRUE
+                 );
+
+      // Inaccessible could mean EFI_MEMORY_RP or completely unmapped in page table
+      if (EFI_ERROR (Status) && (Status != EFI_NO_MAPPING)) {
         TestFailure = TRUE;
       }
     }
@@ -1428,16 +1433,18 @@ MemoryOutsideEfiMemoryMapIsInaccessible (
   }
 
   if (LastMemoryMapEntryEnd < EndOfAddressSpace) {
-    if (!ValidateRegionAttributes (
-           &mMap,
-           LastMemoryMapEntryEnd,
-           EndOfAddressSpace - LastMemoryMapEntryEnd,
-           EFI_MEMORY_RP,
-           TRUE,
-           TRUE,
-           TRUE
-           ))
-    {
+    Status = ValidateRegionAttributes (
+               &mMap,
+               LastMemoryMapEntryEnd,
+               EndOfAddressSpace - LastMemoryMapEntryEnd,
+               EFI_MEMORY_RP,
+               TRUE,
+               TRUE,
+               TRUE
+               );
+
+    // Inaccessible could mean EFI_MEMORY_RP or completely unmapped in page table
+    if (EFI_ERROR (Status) && (Status != EFI_NO_MAPPING)) {
       TestFailure = TRUE;
     }
   }