From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jian.j.wang@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.31; helo=mga06.intel.com;
 envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id A861621B00DC4
 for <edk2-devel@lists.01.org>; Wed, 29 Nov 2017 00:42:19 -0800 (PST)
Received: from orsmga002.jf.intel.com ([10.7.209.21])
 by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 29 Nov 2017 00:46:43 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.44,472,1505804400"; d="scan'208";a="13253640"
Received: from jwang36-mobl2.ccr.corp.intel.com ([10.239.192.50])
 by orsmga002.jf.intel.com with ESMTP; 29 Nov 2017 00:46:42 -0800
From: Jian J Wang <jian.j.wang@intel.com>
To: edk2-devel@lists.01.org
Date: Wed, 29 Nov 2017 16:46:38 +0800
Message-Id: <20171129084640.20076-1-jian.j.wang@intel.com>
X-Mailer: git-send-email 2.14.1.windows.1
Subject: [PATCH 0/2] Enable page table write protection
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 08:42:19 -0000

Write Protect feature (CR0.WP) is always enabled in driver UefiCpuPkg/CpuDxe.
But the memory pages used for page table are not set as read-only in the driver
DxeIplPeim, after the paging is setup. This might jeopardize the page table
integrity if there's buffer overflow occured in other part of system.

This patch series will change this situation by clearing R/W bit in page attribute
of the pages used as page table.

Validation works include booting Windows (10/server 2016) and Linux (Fedora/Ubuntu)
on OVMF and Intel real platform.

Jian J Wang (2):
  UefiCpuPkg/CpuDxe: Check CR0.WP before changing page table
  MdeModulePkg/DxeIpl: Mark page table as read-only

 MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 166 +++++++++++++++++++++++
 MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h |  14 ++
 UefiCpuPkg/CpuDxe/CpuPageTable.c                 |  65 ++++++++-
 3 files changed, 241 insertions(+), 4 deletions(-)

-- 
2.14.1.windows.1