> v2 changes: > a. Enable protection on any newly added page table after DxeIpl. > b. Introduce page table pool concept to make page table allocation > and protection easier and error free.
Write Protect feature (CR0.WP) is always enabled in driver UefiCpuPkg/CpuDxe. But the memory pages used for page table are not set as read-only in the driver DxeIplPeim, after the paging is setup. This might jeopardize the page table integrity if there's buffer overflow occured in other part of system. This patch series will change this situation by clearing R/W bit in page attribute of the pages used as page table. Validation works include booting Windows (10/server 2016) and Linux (Fedora/Ubuntu) on OVMF and Intel real platform. Jian J Wang (4): MdeModulePkg/MdeModulePkg.dec: Add new PCDs and Guid MdeModulePkg/PageTablePool.h: Page table pool GUID definition file MdeModulePkg/DxeIpl: Mark page table as read-only UefiCpuPkg/CpuDxe: Enable protection for newly added page table MdeModulePkg/Core/DxeIplPeim/DxeIpl.h | 34 +++ MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 + MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 8 +- MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 315 +++++++++++++++++++++- MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 15 ++ MdeModulePkg/Include/Guid/PageTablePool.h | 53 ++++ MdeModulePkg/MdeModulePkg.dec | 28 ++ UefiCpuPkg/CpuDxe/CpuDxe.c | 17 +- UefiCpuPkg/CpuDxe/CpuDxe.h | 2 + UefiCpuPkg/CpuDxe/CpuDxe.inf | 3 + UefiCpuPkg/CpuDxe/CpuPageTable.c | 329 ++++++++++++++++++++++- UefiCpuPkg/CpuDxe/CpuPageTable.h | 22 ++ 12 files changed, 816 insertions(+), 13 deletions(-) create mode 100644 MdeModulePkg/Include/Guid/PageTablePool.h -- 2.14.1.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel