Thanks you. It looks good to me. Reviewed-by: [email protected] I suggest CPU owner can have double check the code before check in.
Thank you Yao Jiewen > -----Original Message----- > From: edk2-devel [mailto:[email protected]] On Behalf Of Jian J > Wang > Sent: Tuesday, December 5, 2017 4:16 PM > To: [email protected] > Subject: [edk2] [PATCH v3 0/2] Enable page table write protection > > > v3 changes: > > a. According to code review comments, remove the public definitions of > > page table pool. Now the DxeIpl and CpuDxe will have their own page > > table pool but in the same mechanism. Related PCDs, GUDI and headers > > are also removed. > > b. Apply protection to all page tables, including new ones added in > > CpuDxe driver. > > c. Code/comments cleanup. > > > v2 changes: > > a. Enable protection on any newly added page table after DxeIpl. > > b. Introduce page table pool concept to make page table allocation > > and protection easier and error free. > > Write Protect feature (CR0.WP) is always enabled in driver UefiCpuPkg/CpuDxe. > But the memory pages used for page table are not set as read-only in the > driver > DxeIplPeim, after the paging is setup. This might jeopardize the page table > integrity if there's buffer overflow occured in other part of system. > > This patch series will change this situation by clearing R/W bit in page > attribute > of the pages used as page table. > > Validation works include booting Windows (10/server 2016) and Linux > (Fedora/Ubuntu) > on OVMF and Intel real platform. > > Jian J Wang (2): > MdeModulePkg/DxeIpl: Mark page table as read-only > UefiCpuPkg/CpuDxe: Enable protection for newly added page table > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.h | 34 +++ > MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 8 +- > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 301 > ++++++++++++++++++++++- > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 26 ++ > UefiCpuPkg/CpuDxe/CpuDxe.c | 17 +- > UefiCpuPkg/CpuDxe/CpuDxe.h | 2 + > UefiCpuPkg/CpuDxe/CpuPageTable.c | 226 > ++++++++++++++++- > UefiCpuPkg/CpuDxe/CpuPageTable.h | 34 +++ > 8 files changed, 635 insertions(+), 13 deletions(-) > > -- > 2.15.1.windows.2 > > _______________________________________________ > edk2-devel mailing list > [email protected] > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
