Is this code in CPU driver?
thank you!
Yao, Jiewen
> 在 2017年11月29日,下午6:24,Wang, Jian J <jian.j.w...@intel.com> 写道:
>
> Yes, I validated them manually with JTAG debug tool.
>
> if ((L3PageTable[Index3] & IA32_PG_PS) != 0) {
> // 1G page. Split to 2M.
> L2PageTable = AllocatePages (1);
> ASSERT (L2PageTable != NULL);
> PhysicalAddress = L3PageTable[Index3] & PAGING_1G_ADDRESS_MASK_64;
> for (Index = 0; Index < EFI_PAGE_SIZE/sizeof (UINT64); ++Index) {
> L2PageTable[Index] = PhysicalAddress | AddressEncMask |
> IA32_PG_PS | IA32_PG_P | IA32_PG_RW;
> PhysicalAddress += SIZE_2MB;
> }
> L3PageTable[Index3] = (UINT64) (UINTN) L2PageTable | AddressEncMask |
> IA32_PG_P | IA32_PG_RW;
> SetPageReadOnly (PageTableBase, (EFI_PHYSICAL_ADDRESS)(UINTN)L2PageTable);
> }
>
> The newly allocated page table is set in the SetPageReadOnly() itself
> recursively, like
> above code in which L2PageTable is allocated and then set it to be read-only
> after
> initializing the table content.
>
>> -----Original Message-----
>> From: Yao, Jiewen
>> Sent: Wednesday, November 29, 2017 5:16 PM
>> To: Wang, Jian J <jian.j.w...@intel.com>
>> Cc: edk2-devel@lists.01.org
>> Subject: Re: [edk2] [PATCH 0/2] Enable page table write protection
>>
>> Thanks.
>>
>> May I know if this is validated in uefi shell, that all page table is
>> readonly?
>>
>> I did not find the code to set new allocated split page to be readonly. Can
>> you
>> give me a hand on that?
>>
>> thank you!
>> Yao, Jiewen
>>
>>
>>> 在 2017年11月29日,下午4:47,Jian J Wang <jian.j.w...@intel.com> 写
>> 道:
>>>
>>> Write Protect feature (CR0.WP) is always enabled in driver
>> UefiCpuPkg/CpuDxe.
>>> But the memory pages used for page table are not set as read-only in the
>> driver
>>> DxeIplPeim, after the paging is setup. This might jeopardize the page table
>>> integrity if there's buffer overflow occured in other part of system.
>>>
>>> This patch series will change this situation by clearing R/W bit in page
>>> attribute
>>> of the pages used as page table.
>>>
>>> Validation works include booting Windows (10/server 2016) and Linux
>> (Fedora/Ubuntu)
>>> on OVMF and Intel real platform.
>>>
>>> Jian J Wang (2):
>>> UefiCpuPkg/CpuDxe: Check CR0.WP before changing page table
>>> MdeModulePkg/DxeIpl: Mark page table as read-only
>>>
>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 166
>> +++++++++++++++++++++++
>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 14 ++
>>> UefiCpuPkg/CpuDxe/CpuPageTable.c | 65 ++++++++-
>>> 3 files changed, 241 insertions(+), 4 deletions(-)
>>>
>>> --
>>> 2.14.1.windows.1
>>>
>>> _______________________________________________
>>> edk2-devel mailing list
>>> edk2-devel@lists.01.org
>>> https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
