dotnet · mdh1418 · Aug 14, 2025 · Aug 14, 2025 · Aug 14, 2025 · Aug 14, 2025
diff --git a/src/coreclr/inc/clrconfigvalues.h b/src/coreclr/inc/clrconfigvalues.h
@@ -599,6 +599,7 @@ RETAIL_CONFIG_DWORD_INFO(INTERNAL_EventPipeCircularMB, W("EventPipeCircularMB"),
 RETAIL_CONFIG_DWORD_INFO(INTERNAL_EventPipeProcNumbers, W("EventPipeProcNumbers"), 0, "Enable/disable capturing processor numbers in EventPipe event headers")
 RETAIL_CONFIG_DWORD_INFO(INTERNAL_EventPipeOutputStreaming, W("EventPipeOutputStreaming"), 1, "Enable/disable streaming for trace file set in DOTNET_EventPipeOutputPath.  Non-zero values enable streaming.")
 RETAIL_CONFIG_DWORD_INFO(INTERNAL_EventPipeEnableStackwalk, W("EventPipeEnableStackwalk"), 1, "Set to 0 to disable collecting stacks for EventPipe events.")
+RETAIL_CONFIG_DWORD_INFO(INTERNAL_EventPipeBufferGuardLevel, W("EventPipeBufferGuardLevel"), 0, "The level of EventPipe buffer header/footer guarding and validation")
 
 //
 // UserEvents

@@ -23,6 +23,7 @@
 #include "rhassert.h"
 #include <RhConfig.h>
 #include <runtime_version.h>
+#include <stdio.h>
 
 #ifdef TARGET_UNIX
 #define sprintf_s snprintf
@@ -507,6 +508,23 @@ ep_rt_config_value_get_enable_stackwalk (void)
     return false;
 }
 
+static
+inline
+uint32_t
+ep_rt_config_value_get_buffer_guard_level (void)
+{
+    STATIC_CONTRACT_NOTHROW;
+
+    uint64_t value;
+    if (RhConfig::Environment::TryGetIntegerValue("EventPipeBufferGuardLevel", &value))
+    {
+        EP_ASSERT(value <= UINT32_MAX);
+        return static_cast<uint32_t>(value);
+    }
+
+    return 0;
+}
+
 /*
  * EventPipeSampleProfiler.
  */
@@ -1803,5 +1821,40 @@ ep_rt_volatile_store_ptr_without_barrier (
     ep_rt_aot_volatile_store_ptr_without_barrier(ptr, value);
 }
 
+/*
+ * Memory Protection
+ */
+
+static
+inline
+bool
+ep_rt_vprotect (
+    void *addr,
+    size_t length,
+    EventPipePageProtection protection)
+{
+    return true;
+}
+
+/*
+ * Fail fast and ensure proper crash dump and diagnostic reporting.
+ */
+
+static
+inline
+void
+ep_rt_fatal_error_with_message (const ep_char8_t *message)
+{
+    STATIC_CONTRACT_NOTHROW;
+    if (message != nullptr)
+    {
+        fputs(reinterpret_cast<const char*>(message), stderr);
+        fputs("\n", stderr);
+        fflush(stderr);
+    }
+
+    RhFailFast();
+}
+
 #endif /* ENABLE_PERFTRACING */
 #endif /* EVENTPIPE_RT_AOT_H */
diff --git a/src/coreclr/vm/eventing/eventpipe/ep-rt-coreclr.h b/src/coreclr/vm/eventing/eventpipe/ep-rt-coreclr.h
@@ -15,11 +15,13 @@
 #include <eventpipe/ep-string.h>
 #include "fstream.h"
 #include "typestring.h"
+#include "clrhost.h"
 #include "clrversion.h"
 #include "hostinformation.h"
 #include <minipal/guid.h>
 #include <minipal/strings.h>
 #include <minipal/time.h>
+#include <stdio.h>
 
 #undef EP_INFINITE_WAIT
 #define EP_INFINITE_WAIT INFINITE
@@ -560,6 +562,15 @@ ep_rt_config_value_get_enable_stackwalk (void)
 	return CLRConfig::GetConfigValue(CLRConfig::INTERNAL_EventPipeEnableStackwalk) != 0;
 }
 
+static
+inline
+uint32_t
+ep_rt_config_value_get_buffer_guard_level (void)
+{
+	STATIC_CONTRACT_NOTHROW;
+	return CLRConfig::GetConfigValue (CLRConfig::INTERNAL_EventPipeBufferGuardLevel);
+}
+
 /*
  * EventPipeSampleProfiler.
  */
@@ -1920,5 +1931,47 @@ ep_rt_volatile_store_ptr_without_barrier (
 	VolatileStoreWithoutBarrier<void *> ((void **)ptr, value);
 }
 
+/*
+ * Memory Protection
+ */
+
+static
+inline
+bool
+ep_rt_vprotect (
+	void *addr,
+	size_t length,
+	EventPipePageProtection protection)
+{
+	STATIC_CONTRACT_NOTHROW;
+	DWORD oldProtect;
+	bool result = false;
+
+	if (protection == EP_PAGE_PROTECTION_READONLY)
+		result = ClrVirtualProtect (addr, length, PAGE_READONLY, &oldProtect);
+	else if (protection == EP_PAGE_PROTECTION_READWRITE)
+		result = ClrVirtualProtect (addr, length, PAGE_READWRITE, &oldProtect);
+
+	return result;
+}
+
+/*
+ * Fail fast and ensure proper crash dump and diagnostic reporting.
+ */
+
+static
+EP_ALWAYS_INLINE
+void
+ep_rt_fatal_error_with_message (const ep_char8_t *message)
+{
+	if (message != nullptr) {
+		fputs(reinterpret_cast<const char*>(message), stderr);
+		fputs("\n", stderr);
+		fflush(stderr);
+	}
+
+	RaiseFailFastException (NULL, NULL, 0);
+}
+
 #endif /* ENABLE_PERFTRACING */
 #endif /* __EVENTPIPE_RT_CORECLR_H__ */
@@ -637,6 +637,19 @@ ep_rt_config_value_get_enable_stackwalk (void)
 	return value_uint32_t != 0;
 }
 
+static
+inline
+uint32_t
+ep_rt_config_value_get_buffer_guard_level (void)
+{
+	uint32_t buffer_guard_level = 0;
+	gchar *value = g_getenv ("DOTNET_EventPipeBufferGuardLevel");
+	if (value)
+		buffer_guard_level = (uint32_t)atoi (value);
+	g_free (value);
+	return buffer_guard_level;
+}
+
 /*
  * EventPipeSampleProfiler.
  */
@@ -1901,6 +1914,34 @@ ep_rt_volatile_store_ptr_without_barrier (
 	*ptr = value;
 }
 
+
+/*
+ * Memory Protection
+ */
+
+static
+inline
+bool
+ep_rt_vprotect (
+	void *addr,
+	size_t length,
+	EventPipePageProtection protection)
+{
+	return true;
+}
+
+/*
+ * Fail fast
+ */
+
+static
+inline
+void
+ep_rt_fatal_error_with_message (const ep_char8_t *message)
+{
+    /* Not implemented, no-op */
+}
+
 /*
  * EventPipe Native Events.
  */

@@ -512,6 +512,7 @@ bool
 ep_event_block_base_write_event (
 	EventPipeEventBlockBase *event_block_base,
 	EventPipeEventInstance *event_instance,
+	uint32_t metadata_id,
 	uint64_t capture_thread_id,
 	uint32_t sequence_number,
 	uint32_t stack_id,
@@ -539,7 +540,6 @@ ep_event_block_base_write_event (
 
 		ep_write_buffer_uint32_t (&write_pointer, total_size);
 
-		uint32_t metadata_id = ep_event_instance_get_metadata_id (event_instance);
 		EP_ASSERT ((metadata_id & (1 << 31)) == 0);
 
 		metadata_id |= (!is_sorted_event ? 1 << 31 : 0);
@@ -579,16 +579,16 @@ ep_event_block_base_write_event (
 		uint8_t *header_write_pointer = &event_block_base->compressed_header[0];
 		EventPipeEventHeader *last_header = &event_block_base->last_header;
 
-		if (ep_event_instance_get_metadata_id (event_instance) != last_header->metadata_id) {
-			header_write_pointer = event_block_base_write_var_uint32 (header_write_pointer, ep_event_instance_get_metadata_id (event_instance));
+		if (metadata_id != last_header->metadata_id) {
+			header_write_pointer = event_block_base_write_var_uint32 (header_write_pointer, metadata_id);
 			flags |= 1;
 		}
 
 		if (is_sorted_event) {
 			flags |= (1 << 6);
 		}
 
-		if (last_header->sequence_number + (ep_event_instance_get_metadata_id (event_instance) != 0 ? 1 : 0) != sequence_number ||
+		if (last_header->sequence_number + (metadata_id != 0 ? 1 : 0) != sequence_number ||
 			last_header->capture_thread_id != capture_thread_id || last_header->capture_proc_number != capture_proc_number) {
 			header_write_pointer = event_block_base_write_var_uint32 (header_write_pointer, sequence_number - last_header->sequence_number - 1);
 			header_write_pointer = event_block_base_write_var_uint64 (header_write_pointer, capture_thread_id);
@@ -638,7 +638,7 @@ ep_event_block_base_write_event (
 			ep_raise_error ();
 		}
 
-		last_header->metadata_id = ep_event_instance_get_metadata_id (event_instance);
+		last_header->metadata_id = metadata_id;
 		last_header->sequence_number = sequence_number;
 		last_header->thread_id = ep_event_instance_get_thread_id (event_instance);
 		last_header->capture_thread_id = capture_thread_id;

@@ -184,6 +184,7 @@ bool
 ep_event_block_base_write_event (
 	EventPipeEventBlockBase *event_block_base,
 	EventPipeEventInstance *event_instance,
+	uint32_t metadata_id,
 	uint64_t capture_thread_id,
 	uint32_t sequence_number,
 	uint32_t stack_id,

@@ -472,17 +472,17 @@ buffer_manager_allocate_buffer_for_thread (
 	uint32_t buffer_size = base_buffer_size * size_multiplier;
 	EP_ASSERT(buffer_size > 0);
 
-
-	buffer_size = EP_MAX (request_size, buffer_size);
+	uint32_t guard_overhead = (buffer_manager->buffer_guard_level > EP_BUFFER_GUARD_LEVEL_NONE) ? EP_BUFFER_HEADER_GUARD_SIZE + EP_BUFFER_FOOTER_GUARD_SIZE : 0;
+	buffer_size = EP_MAX (request_size + guard_overhead, buffer_size);
 
 	// Don't allow the buffer size to exceed 1MB.
 	const uint32_t max_buffer_size = 1024 * 1024;
 	buffer_size = EP_MIN (buffer_size, max_buffer_size);
 
 
-	// Make sure that buffer size >= request size so that the buffer size does not
+	// Make sure that buffer size >= request size + guard overhead so that the buffer size does not
 	// determine the max event size.
-	EP_ASSERT (request_size <= buffer_size);
+	EP_ASSERT (request_size + guard_overhead <= buffer_size);
 
 	// Make the buffer size fit into with pagesize-aligned block, since ep_rt_valloc0 expects page-aligned sizes to be passed as arguments
 	buffer_size = (buffer_size + ep_rt_system_get_alloc_granularity () - 1) & ~(uint32_t)(ep_rt_system_get_alloc_granularity () - 1);
@@ -493,7 +493,7 @@ buffer_manager_allocate_buffer_for_thread (
 
 	// The sequence counter is exclusively mutated on this thread so this is a thread-local read.
 	sequence_number = ep_thread_session_state_get_volatile_sequence_number (thread_session_state);
-	new_buffer = ep_buffer_alloc (buffer_size, ep_thread_session_state_get_thread (thread_session_state), sequence_number);
+	new_buffer = ep_buffer_alloc (buffer_size, ep_thread_session_state_get_thread (thread_session_state), sequence_number, buffer_manager->buffer_guard_level);
 	ep_raise_error_if_nok (new_buffer != NULL);
 
 	// Adding a buffer to the buffer list requires us to take the lock.
@@ -808,6 +808,7 @@ ep_buffer_manager_alloc (
 	size_t max_size_of_all_buffers,
 	size_t sequence_point_allocation_budget)
 {
+	uint32_t buffer_guard_level;
 	EventPipeBufferManager *instance = ep_rt_object_alloc (EventPipeBufferManager);
 	ep_raise_error_if_nok (instance != NULL);
 
@@ -851,6 +852,9 @@ ep_buffer_manager_alloc (
 		instance->remaining_sequence_point_alloc_budget = sequence_point_allocation_budget;
 	}
 
+	buffer_guard_level = EP_MIN (ep_rt_config_value_get_buffer_guard_level (), EP_BUFFER_GUARD_LEVEL_MAX);
+	instance->buffer_guard_level = (EventPipeBufferGuardLevel)buffer_guard_level;
+
 ep_on_exit:
 	return instance;
 

@@ -128,6 +128,8 @@ struct _EventPipeBufferManager_Internal {
 	// number of times an event was dropped due to it being too
 	// large to fit in the 64KB size limit
 	volatile int64_t num_oversized_events_dropped;
+	// EventPipeBufferGuardLevel during allocation
+	EventPipeBufferGuardLevel buffer_guard_level;
 
 #ifdef EP_CHECKED_BUILD
 	volatile int64_t num_events_stored;
@@ -146,6 +148,7 @@ struct _EventPipeBufferManager {
 #endif
 
 EP_DEFINE_GETTER_REF(EventPipeBufferManager *, buffer_manager, ep_rt_wait_event_handle_t *, rt_wait_event)
+EP_DEFINE_GETTER(EventPipeBufferManager *, buffer_manager, EventPipeBufferGuardLevel, buffer_guard_level)
 
 EventPipeBufferManager *
 ep_buffer_manager_alloc (