Thanks. May I know if this is validated in uefi shell, that all page table is readonly?
I did not find the code to set new allocated split page to be readonly. Can you give me a hand on that? thank you! Yao, Jiewen > 在 2017年11月29日,下午4:47,Jian J Wang <jian.j.w...@intel.com> 写道: > > Write Protect feature (CR0.WP) is always enabled in driver UefiCpuPkg/CpuDxe. > But the memory pages used for page table are not set as read-only in the > driver > DxeIplPeim, after the paging is setup. This might jeopardize the page table > integrity if there's buffer overflow occured in other part of system. > > This patch series will change this situation by clearing R/W bit in page > attribute > of the pages used as page table. > > Validation works include booting Windows (10/server 2016) and Linux > (Fedora/Ubuntu) > on OVMF and Intel real platform. > > Jian J Wang (2): > UefiCpuPkg/CpuDxe: Check CR0.WP before changing page table > MdeModulePkg/DxeIpl: Mark page table as read-only > > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 166 +++++++++++++++++++++++ > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 14 ++ > UefiCpuPkg/CpuDxe/CpuPageTable.c | 65 ++++++++- > 3 files changed, 241 insertions(+), 4 deletions(-) > > -- > 2.14.1.windows.1 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
