From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jian.j.wang@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.24; helo=mga09.intel.com;
 envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id D5FB6220EE07C
 for <edk2-devel@lists.01.org>; Mon,  4 Dec 2017 00:31:31 -0800 (PST)
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
 by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 04 Dec 2017 00:36:00 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.45,358,1508828400"; d="scan'208";a="10201444"
Received: from jwang36-mobl2.ccr.corp.intel.com ([10.239.192.42])
 by fmsmga001.fm.intel.com with ESMTP; 04 Dec 2017 00:36:00 -0800
From: Jian J Wang <jian.j.wang@intel.com>
To: edk2-devel@lists.01.org
Date: Mon,  4 Dec 2017 16:35:52 +0800
Message-Id: <20171204083556.19416-1-jian.j.wang@intel.com>
X-Mailer: git-send-email 2.14.1.windows.1
Subject: [PATCH v2 0/4] Enable page table write protection
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Dec 2017 08:31:32 -0000

> v2 changes:
>  a. Enable protection on any newly added page table after DxeIpl.
>  b. Introduce page table pool concept to make page table allocation
>     and protection easier and error free.

Write Protect feature (CR0.WP) is always enabled in driver UefiCpuPkg/CpuDxe.
But the memory pages used for page table are not set as read-only in the driver
DxeIplPeim, after the paging is setup. This might jeopardize the page table
integrity if there's buffer overflow occured in other part of system.

This patch series will change this situation by clearing R/W bit in page attribute
of the pages used as page table.

Validation works include booting Windows (10/server 2016) and Linux (Fedora/Ubuntu)
on OVMF and Intel real platform.

Jian J Wang (4):
  MdeModulePkg/MdeModulePkg.dec: Add new PCDs and Guid
  MdeModulePkg/PageTablePool.h: Page table pool GUID definition file
  MdeModulePkg/DxeIpl: Mark page table as read-only
  UefiCpuPkg/CpuDxe: Enable protection for newly added page table

 MdeModulePkg/Core/DxeIplPeim/DxeIpl.h            |  34 +++
 MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf          |   3 +
 MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c  |   8 +-
 MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 315 +++++++++++++++++++++-
 MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h |  15 ++
 MdeModulePkg/Include/Guid/PageTablePool.h        |  53 ++++
 MdeModulePkg/MdeModulePkg.dec                    |  28 ++
 UefiCpuPkg/CpuDxe/CpuDxe.c                       |  17 +-
 UefiCpuPkg/CpuDxe/CpuDxe.h                       |   2 +
 UefiCpuPkg/CpuDxe/CpuDxe.inf                     |   3 +
 UefiCpuPkg/CpuDxe/CpuPageTable.c                 | 329 ++++++++++++++++++++++-
 UefiCpuPkg/CpuDxe/CpuPageTable.h                 |  22 ++
 12 files changed, 816 insertions(+), 13 deletions(-)
 create mode 100644 MdeModulePkg/Include/Guid/PageTablePool.h

-- 
2.14.1.windows.1