From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jiewen.yao@intel.com>
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
 (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 4EB6F81CF3
 for <edk2-devel@lists.01.org>; Wed,  2 Nov 2016 23:54:07 -0700 (PDT)
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
 by orsmga103.jf.intel.com with ESMTP; 02 Nov 2016 23:53:59 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.31,585,1473145200"; d="scan'208";a="781806475"
Received: from jyao1-mobl.ccr.corp.intel.com ([10.239.192.158])
 by FMSMGA003.fm.intel.com with ESMTP; 02 Nov 2016 23:53:58 -0700
From: Jiewen Yao <jiewen.yao@intel.com>
To: edk2-devel@lists.01.org
Cc: Jeff Fan <jeff.fan@intel.com>, Feng Tian <feng.tian@intel.com>,
 Star Zeng <star.zeng@intel.com>,
 Michael D Kinney <michael.d.kinney@intel.com>,
 Laszlo Ersek <lersek@redhat.com>
Date: Thu,  3 Nov 2016 14:53:42 +0800
Message-Id: <1478156028-21572-1-git-send-email-jiewen.yao@intel.com>
X-Mailer: git-send-email 2.7.4.windows.1
Subject: [PATCH 0/6] Enable SMM page level protection.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2016 06:54:07 -0000

This series patch enables SMM page level protection.
Features are:
1) PiSmmCore reports SMM PE image code/data information
in EdkiiPiSmmMemoryAttributeTable, if the SMM image is page aligned.
2) PiSmmCpu consumes EdkiiPiSmmMemoryAttributeTable
and set XD for data page and RO for code page.
3) PiSmmCpu enables Static Paging for X64 according to
PcdCpuSmmStaticPageTable. If it is true, 1G paging for above 4G
is used as long as it is supported.
4) PiSmmCpu sets importance data structure to be read only,
such as Gdt, Idt, SmmEntrypoint, and PageTable itself.

tested platform:
1) Intel internal platform (X64).
2) EDKII Quark IA32
3) EDKII Vlv2  X64
4) EDKII OVMF IA32 and IA32X64.

Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>

Jiewen Yao (6):
  MdeModulePkg/Include: Add PiSmmMemoryAttributesTable.h
  MdeModulePkg/dec: Add gEdkiiPiSmmMemoryAttributesTableGuid.
  MdeModulePkg/PiSmmCore: Add MemoryAttributes support.
  UefiCpuPkg/dec: Add PcdCpuSmmStaticPageTable.
  UefiCpuPkg/PiSmmCpuDxeSmm: Add paging protection.
  QuarkPlatformPkg/dsc: enable Smm paging protection.

 MdeModulePkg/Core/PiSmmCore/Dispatcher.c               |   66 +
 MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c    | 1509 ++++++++++++++++++++
 MdeModulePkg/Core/PiSmmCore/Page.c                     |  775 +++++++++-
 MdeModulePkg/Core/PiSmmCore/PiSmmCore.c                |   40 +
 MdeModulePkg/Core/PiSmmCore/PiSmmCore.h                |   91 ++
 MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf              |    2 +
 MdeModulePkg/Core/PiSmmCore/Pool.c                     |   16 +
 MdeModulePkg/Include/Guid/PiSmmMemoryAttributesTable.h |   51 +
 MdeModulePkg/MdeModulePkg.dec                          |    3 +
 QuarkPlatformPkg/Quark.dsc                             |    6 +
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c               |   71 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S              |   67 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm            |   68 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm           |   70 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.S          |  226 +--
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.asm        |   36 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.nasm       |   36 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c          |   37 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c        |    4 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c                  |  110 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c             |  142 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h             |  156 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf           |    5 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c     |  872 +++++++++++
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c                 |   39 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h                 |   15 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c                |  272 +++-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S               |   51 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm             |   54 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm            |   61 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.S           |  250 +---
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.asm         |   35 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.nasm        |   31 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c           |   30 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmProfileArch.c         |    6 +-
 UefiCpuPkg/UefiCpuPkg.dec                              |    8 +
 36 files changed, 4513 insertions(+), 798 deletions(-)
 create mode 100644 MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c
 create mode 100644 MdeModulePkg/Include/Guid/PiSmmMemoryAttributesTable.h
 create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c

-- 
2.7.4.windows.1