On 12/05/17 09:16, Jian J Wang wrote: >> v3 changes: >> a. According to code review comments, remove the public definitions of >> page table pool. Now the DxeIpl and CpuDxe will have their own page >> table pool but in the same mechanism. Related PCDs, GUDI and headers >> are also removed. >> b. Apply protection to all page tables, including new ones added in >> CpuDxe driver. >> c. Code/comments cleanup. > >> v2 changes: >> a. Enable protection on any newly added page table after DxeIpl. >> b. Introduce page table pool concept to make page table allocation >> and protection easier and error free. > > Write Protect feature (CR0.WP) is always enabled in driver UefiCpuPkg/CpuDxe. > But the memory pages used for page table are not set as read-only in the > driver > DxeIplPeim, after the paging is setup. This might jeopardize the page table > integrity if there's buffer overflow occured in other part of system. > > This patch series will change this situation by clearing R/W bit in page > attribute > of the pages used as page table. > > Validation works include booting Windows (10/server 2016) and Linux > (Fedora/Ubuntu) > on OVMF and Intel real platform. > > Jian J Wang (2): > MdeModulePkg/DxeIpl: Mark page table as read-only > UefiCpuPkg/CpuDxe: Enable protection for newly added page table > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.h | 34 +++ > MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 8 +- > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 301 > ++++++++++++++++++++++- > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 26 ++ > UefiCpuPkg/CpuDxe/CpuDxe.c | 17 +- > UefiCpuPkg/CpuDxe/CpuDxe.h | 2 + > UefiCpuPkg/CpuDxe/CpuPageTable.c | 226 ++++++++++++++++- > UefiCpuPkg/CpuDxe/CpuPageTable.h | 34 +++ > 8 files changed, 635 insertions(+), 13 deletions(-) >
series Regression-tested-by: Laszlo Ersek <ler...@redhat.com> Thanks Laszlo _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
