Re: [edk2] [PATCH v2 0/4] Enable page table write protection
I haven't got time to do it in automatic way. V1 may need a shell app to check it, but current implementation might not need it because we now have 2 or 3 continuous 2MB pages to hold all page tables. We just need to verify the page attribute of those 2 or 3 page tables. It's easy to do it in a JTAG debugger manually. > -Original Message- > From: Yao, Jiewen > Sent: Tuesday, December 05, 2017 10:32 AM > To: Wang, Jian J <jian.j.w...@intel.com>; edk2-devel@lists.01.org > Cc: Yao, Jiewen <jiewen@intel.com> > Subject: RE: [edk2] [PATCH v2 0/4] Enable page table write protection > > Hi Jian > In V1 review, I suggest to test in UEFI shell env to make sure all page table > is > read only, with PageTable split in CPU driver. > > May I know if that is done? > > Thank you > Yao Jiewen > > > -Original Message- > > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jian > J > > Wang > > Sent: Monday, December 4, 2017 4:36 PM > > To: edk2-devel@lists.01.org > > Subject: [edk2] [PATCH v2 0/4] Enable page table write protection > > > > > v2 changes: > > > a. Enable protection on any newly added page table after DxeIpl. > > > b. Introduce page table pool concept to make page table allocation > > > and protection easier and error free. > > > > Write Protect feature (CR0.WP) is always enabled in driver > UefiCpuPkg/CpuDxe. > > But the memory pages used for page table are not set as read-only in the > driver > > DxeIplPeim, after the paging is setup. This might jeopardize the page table > > integrity if there's buffer overflow occured in other part of system. > > > > This patch series will change this situation by clearing R/W bit in page > > attribute > > of the pages used as page table. > > > > Validation works include booting Windows (10/server 2016) and Linux > > (Fedora/Ubuntu) > > on OVMF and Intel real platform. > > > > Jian J Wang (4): > > MdeModulePkg/MdeModulePkg.dec: Add new PCDs and Guid > > MdeModulePkg/PageTablePool.h: Page table pool GUID definition file > > MdeModulePkg/DxeIpl: Mark page table as read-only > > UefiCpuPkg/CpuDxe: Enable protection for newly added page table > > > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.h| 34 +++ > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 + > > MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 8 +- > > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 315 > > +- > > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 15 ++ > > MdeModulePkg/Include/Guid/PageTablePool.h| 53 > > MdeModulePkg/MdeModulePkg.dec| 28 ++ > > UefiCpuPkg/CpuDxe/CpuDxe.c | 17 +- > > UefiCpuPkg/CpuDxe/CpuDxe.h | 2 + > > UefiCpuPkg/CpuDxe/CpuDxe.inf | 3 + > > UefiCpuPkg/CpuDxe/CpuPageTable.c | 329 > > ++- > > UefiCpuPkg/CpuDxe/CpuPageTable.h | 22 ++ > > 12 files changed, 816 insertions(+), 13 deletions(-) > > create mode 100644 MdeModulePkg/Include/Guid/PageTablePool.h > > > > -- > > 2.14.1.windows.1 > > > > ___ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v2 0/4] Enable page table write protection
It's for sharing the pool between the DxeIpl and CpuDxe. If we don't care about wasting a little bit memory, it's ok to drop this definition. CpuDxe can reserve a block of memory for page table for its own uses. > -Original Message- > From: Yao, Jiewen > Sent: Tuesday, December 05, 2017 10:27 AM > To: Wang, Jian J <jian.j.w...@intel.com>; Zeng, Star <star.z...@intel.com>; > edk2-devel@lists.01.org > Cc: Ni, Ruiyu <ruiyu...@intel.com>; Dong, Eric <eric.d...@intel.com> > Subject: RE: [edk2] [PATCH v2 0/4] Enable page table write protection > > I do not suggest we define PAGE_TABLE_POOL_HEADER. > If we can figure out other way, that will be better. > > Thank you > Yao Jiewen > > > > -Original Message- > > From: Wang, Jian J > > Sent: Monday, December 4, 2017 5:26 PM > > To: Zeng, Star <star.z...@intel.com>; edk2-devel@lists.01.org > > Cc: Yao, Jiewen <jiewen....@intel.com>; Ni, Ruiyu <ruiyu...@intel.com>; > Dong, > > Eric <eric.d...@intel.com> > > Subject: RE: [edk2] [PATCH v2 0/4] Enable page table write protection > > > > That means we can't share page table pool between DxeIpl and CpuDxe. If this > is > > acceptable, I can remove them. > > > > > -Original Message- > > > From: Zeng, Star > > > Sent: Monday, December 04, 2017 5:11 PM > > > To: Wang, Jian J <jian.j.w...@intel.com>; edk2-devel@lists.01.org > > > Cc: Yao, Jiewen <jiewen@intel.com>; Ni, Ruiyu <ruiyu...@intel.com>; > > Dong, > > > Eric <eric.d...@intel.com>; Zeng, Star <star.z...@intel.com> > > > Subject: RE: [edk2] [PATCH v2 0/4] Enable page table write protection > > > > > > Recommend to not introduce the new header file and PCDs as new > interfaces, > > > but handle the page table pool separately in DxeIpl and CpuDxe. > > > > > > Thanks, > > > Star > > > -Original Message- > > > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jian > > J > > > Wang > > > Sent: Monday, December 4, 2017 4:36 PM > > > To: edk2-devel@lists.01.org > > > Subject: [edk2] [PATCH v2 0/4] Enable page table write protection > > > > > > > v2 changes: > > > > a. Enable protection on any newly added page table after DxeIpl. > > > > b. Introduce page table pool concept to make page table allocation > > > > and protection easier and error free. > > > > > > Write Protect feature (CR0.WP) is always enabled in driver > > UefiCpuPkg/CpuDxe. > > > But the memory pages used for page table are not set as read-only in the > driver > > > DxeIplPeim, after the paging is setup. This might jeopardize the page > > > table > > > integrity if there's buffer overflow occured in other part of system. > > > > > > This patch series will change this situation by clearing R/W bit in page > attribute > > > of the pages used as page table. > > > > > > Validation works include booting Windows (10/server 2016) and Linux > > > (Fedora/Ubuntu) on OVMF and Intel real platform. > > > > > > Jian J Wang (4): > > > MdeModulePkg/MdeModulePkg.dec: Add new PCDs and Guid > > > MdeModulePkg/PageTablePool.h: Page table pool GUID definition file > > > MdeModulePkg/DxeIpl: Mark page table as read-only > > > UefiCpuPkg/CpuDxe: Enable protection for newly added page table > > > > > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.h| 34 +++ > > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 + > > > MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 8 +- > > > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 315 > > > +- > > > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 15 ++ > > > MdeModulePkg/Include/Guid/PageTablePool.h| 53 > > > MdeModulePkg/MdeModulePkg.dec| 28 ++ > > > UefiCpuPkg/CpuDxe/CpuDxe.c | 17 +- > > > UefiCpuPkg/CpuDxe/CpuDxe.h | 2 + > > > UefiCpuPkg/CpuDxe/CpuDxe.inf | 3 + > > > UefiCpuPkg/CpuDxe/CpuPageTable.c | 329 > > > ++- > > > UefiCpuPkg/CpuDxe/CpuPageTable.h | 22 ++ > > > 12 files changed, 816 insertions(+), 13 deletions(-) create mode 100644 > > > MdeModulePkg/Include/Guid/PageTablePool.h > > > > > > -- > > > 2.14.1.windows.1 > > > > > > ___ > > > edk2-devel mailing list > > > edk2-devel@lists.01.org > > > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v2 0/4] Enable page table write protection
Hi Jian In V1 review, I suggest to test in UEFI shell env to make sure all page table is read only, with PageTable split in CPU driver. May I know if that is done? Thank you Yao Jiewen > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jian J > Wang > Sent: Monday, December 4, 2017 4:36 PM > To: edk2-devel@lists.01.org > Subject: [edk2] [PATCH v2 0/4] Enable page table write protection > > > v2 changes: > > a. Enable protection on any newly added page table after DxeIpl. > > b. Introduce page table pool concept to make page table allocation > > and protection easier and error free. > > Write Protect feature (CR0.WP) is always enabled in driver UefiCpuPkg/CpuDxe. > But the memory pages used for page table are not set as read-only in the > driver > DxeIplPeim, after the paging is setup. This might jeopardize the page table > integrity if there's buffer overflow occured in other part of system. > > This patch series will change this situation by clearing R/W bit in page > attribute > of the pages used as page table. > > Validation works include booting Windows (10/server 2016) and Linux > (Fedora/Ubuntu) > on OVMF and Intel real platform. > > Jian J Wang (4): > MdeModulePkg/MdeModulePkg.dec: Add new PCDs and Guid > MdeModulePkg/PageTablePool.h: Page table pool GUID definition file > MdeModulePkg/DxeIpl: Mark page table as read-only > UefiCpuPkg/CpuDxe: Enable protection for newly added page table > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.h| 34 +++ > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 + > MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 8 +- > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 315 > +- > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 15 ++ > MdeModulePkg/Include/Guid/PageTablePool.h| 53 > MdeModulePkg/MdeModulePkg.dec| 28 ++ > UefiCpuPkg/CpuDxe/CpuDxe.c | 17 +- > UefiCpuPkg/CpuDxe/CpuDxe.h | 2 + > UefiCpuPkg/CpuDxe/CpuDxe.inf | 3 + > UefiCpuPkg/CpuDxe/CpuPageTable.c | 329 > ++- > UefiCpuPkg/CpuDxe/CpuPageTable.h | 22 ++ > 12 files changed, 816 insertions(+), 13 deletions(-) > create mode 100644 MdeModulePkg/Include/Guid/PageTablePool.h > > -- > 2.14.1.windows.1 > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v2 0/4] Enable page table write protection
I do not suggest we define PAGE_TABLE_POOL_HEADER. If we can figure out other way, that will be better. Thank you Yao Jiewen > -Original Message- > From: Wang, Jian J > Sent: Monday, December 4, 2017 5:26 PM > To: Zeng, Star <star.z...@intel.com>; edk2-devel@lists.01.org > Cc: Yao, Jiewen <jiewen@intel.com>; Ni, Ruiyu <ruiyu...@intel.com>; Dong, > Eric <eric.d...@intel.com> > Subject: RE: [edk2] [PATCH v2 0/4] Enable page table write protection > > That means we can't share page table pool between DxeIpl and CpuDxe. If this > is > acceptable, I can remove them. > > > -Original Message- > > From: Zeng, Star > > Sent: Monday, December 04, 2017 5:11 PM > > To: Wang, Jian J <jian.j.w...@intel.com>; edk2-devel@lists.01.org > > Cc: Yao, Jiewen <jiewen@intel.com>; Ni, Ruiyu <ruiyu...@intel.com>; > Dong, > > Eric <eric.d...@intel.com>; Zeng, Star <star.z...@intel.com> > > Subject: RE: [edk2] [PATCH v2 0/4] Enable page table write protection > > > > Recommend to not introduce the new header file and PCDs as new interfaces, > > but handle the page table pool separately in DxeIpl and CpuDxe. > > > > Thanks, > > Star > > -Original Message- > > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jian > J > > Wang > > Sent: Monday, December 4, 2017 4:36 PM > > To: edk2-devel@lists.01.org > > Subject: [edk2] [PATCH v2 0/4] Enable page table write protection > > > > > v2 changes: > > > a. Enable protection on any newly added page table after DxeIpl. > > > b. Introduce page table pool concept to make page table allocation > > > and protection easier and error free. > > > > Write Protect feature (CR0.WP) is always enabled in driver > UefiCpuPkg/CpuDxe. > > But the memory pages used for page table are not set as read-only in the > > driver > > DxeIplPeim, after the paging is setup. This might jeopardize the page table > > integrity if there's buffer overflow occured in other part of system. > > > > This patch series will change this situation by clearing R/W bit in page > > attribute > > of the pages used as page table. > > > > Validation works include booting Windows (10/server 2016) and Linux > > (Fedora/Ubuntu) on OVMF and Intel real platform. > > > > Jian J Wang (4): > > MdeModulePkg/MdeModulePkg.dec: Add new PCDs and Guid > > MdeModulePkg/PageTablePool.h: Page table pool GUID definition file > > MdeModulePkg/DxeIpl: Mark page table as read-only > > UefiCpuPkg/CpuDxe: Enable protection for newly added page table > > > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.h| 34 +++ > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 + > > MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 8 +- > > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 315 > > +- > > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 15 ++ > > MdeModulePkg/Include/Guid/PageTablePool.h| 53 > > MdeModulePkg/MdeModulePkg.dec| 28 ++ > > UefiCpuPkg/CpuDxe/CpuDxe.c | 17 +- > > UefiCpuPkg/CpuDxe/CpuDxe.h | 2 + > > UefiCpuPkg/CpuDxe/CpuDxe.inf | 3 + > > UefiCpuPkg/CpuDxe/CpuPageTable.c | 329 > > ++- > > UefiCpuPkg/CpuDxe/CpuPageTable.h | 22 ++ > > 12 files changed, 816 insertions(+), 13 deletions(-) create mode 100644 > > MdeModulePkg/Include/Guid/PageTablePool.h > > > > -- > > 2.14.1.windows.1 > > > > ___ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v2 0/4] Enable page table write protection
That means we can't share page table pool between DxeIpl and CpuDxe. If this is acceptable, I can remove them. > -Original Message- > From: Zeng, Star > Sent: Monday, December 04, 2017 5:11 PM > To: Wang, Jian J <jian.j.w...@intel.com>; edk2-devel@lists.01.org > Cc: Yao, Jiewen <jiewen@intel.com>; Ni, Ruiyu <ruiyu...@intel.com>; Dong, > Eric <eric.d...@intel.com>; Zeng, Star <star.z...@intel.com> > Subject: RE: [edk2] [PATCH v2 0/4] Enable page table write protection > > Recommend to not introduce the new header file and PCDs as new interfaces, > but handle the page table pool separately in DxeIpl and CpuDxe. > > Thanks, > Star > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jian J > Wang > Sent: Monday, December 4, 2017 4:36 PM > To: edk2-devel@lists.01.org > Subject: [edk2] [PATCH v2 0/4] Enable page table write protection > > > v2 changes: > > a. Enable protection on any newly added page table after DxeIpl. > > b. Introduce page table pool concept to make page table allocation > > and protection easier and error free. > > Write Protect feature (CR0.WP) is always enabled in driver UefiCpuPkg/CpuDxe. > But the memory pages used for page table are not set as read-only in the > driver > DxeIplPeim, after the paging is setup. This might jeopardize the page table > integrity if there's buffer overflow occured in other part of system. > > This patch series will change this situation by clearing R/W bit in page > attribute > of the pages used as page table. > > Validation works include booting Windows (10/server 2016) and Linux > (Fedora/Ubuntu) on OVMF and Intel real platform. > > Jian J Wang (4): > MdeModulePkg/MdeModulePkg.dec: Add new PCDs and Guid > MdeModulePkg/PageTablePool.h: Page table pool GUID definition file > MdeModulePkg/DxeIpl: Mark page table as read-only > UefiCpuPkg/CpuDxe: Enable protection for newly added page table > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.h| 34 +++ > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 + > MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 8 +- > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 315 > +- > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 15 ++ > MdeModulePkg/Include/Guid/PageTablePool.h| 53 > MdeModulePkg/MdeModulePkg.dec| 28 ++ > UefiCpuPkg/CpuDxe/CpuDxe.c | 17 +- > UefiCpuPkg/CpuDxe/CpuDxe.h | 2 + > UefiCpuPkg/CpuDxe/CpuDxe.inf | 3 + > UefiCpuPkg/CpuDxe/CpuPageTable.c | 329 > ++- > UefiCpuPkg/CpuDxe/CpuPageTable.h | 22 ++ > 12 files changed, 816 insertions(+), 13 deletions(-) create mode 100644 > MdeModulePkg/Include/Guid/PageTablePool.h > > -- > 2.14.1.windows.1 > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v2 0/4] Enable page table write protection
Recommend to not introduce the new header file and PCDs as new interfaces, but handle the page table pool separately in DxeIpl and CpuDxe. Thanks, Star -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jian J Wang Sent: Monday, December 4, 2017 4:36 PM To: edk2-devel@lists.01.org Subject: [edk2] [PATCH v2 0/4] Enable page table write protection > v2 changes: > a. Enable protection on any newly added page table after DxeIpl. > b. Introduce page table pool concept to make page table allocation > and protection easier and error free. Write Protect feature (CR0.WP) is always enabled in driver UefiCpuPkg/CpuDxe. But the memory pages used for page table are not set as read-only in the driver DxeIplPeim, after the paging is setup. This might jeopardize the page table integrity if there's buffer overflow occured in other part of system. This patch series will change this situation by clearing R/W bit in page attribute of the pages used as page table. Validation works include booting Windows (10/server 2016) and Linux (Fedora/Ubuntu) on OVMF and Intel real platform. Jian J Wang (4): MdeModulePkg/MdeModulePkg.dec: Add new PCDs and Guid MdeModulePkg/PageTablePool.h: Page table pool GUID definition file MdeModulePkg/DxeIpl: Mark page table as read-only UefiCpuPkg/CpuDxe: Enable protection for newly added page table MdeModulePkg/Core/DxeIplPeim/DxeIpl.h| 34 +++ MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 + MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 8 +- MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 315 +- MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 15 ++ MdeModulePkg/Include/Guid/PageTablePool.h| 53 MdeModulePkg/MdeModulePkg.dec| 28 ++ UefiCpuPkg/CpuDxe/CpuDxe.c | 17 +- UefiCpuPkg/CpuDxe/CpuDxe.h | 2 + UefiCpuPkg/CpuDxe/CpuDxe.inf | 3 + UefiCpuPkg/CpuDxe/CpuPageTable.c | 329 ++- UefiCpuPkg/CpuDxe/CpuPageTable.h | 22 ++ 12 files changed, 816 insertions(+), 13 deletions(-) create mode 100644 MdeModulePkg/Include/Guid/PageTablePool.h -- 2.14.1.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v2 0/4] Enable page table write protection
> v2 changes: > a. Enable protection on any newly added page table after DxeIpl. > b. Introduce page table pool concept to make page table allocation > and protection easier and error free. Write Protect feature (CR0.WP) is always enabled in driver UefiCpuPkg/CpuDxe. But the memory pages used for page table are not set as read-only in the driver DxeIplPeim, after the paging is setup. This might jeopardize the page table integrity if there's buffer overflow occured in other part of system. This patch series will change this situation by clearing R/W bit in page attribute of the pages used as page table. Validation works include booting Windows (10/server 2016) and Linux (Fedora/Ubuntu) on OVMF and Intel real platform. Jian J Wang (4): MdeModulePkg/MdeModulePkg.dec: Add new PCDs and Guid MdeModulePkg/PageTablePool.h: Page table pool GUID definition file MdeModulePkg/DxeIpl: Mark page table as read-only UefiCpuPkg/CpuDxe: Enable protection for newly added page table MdeModulePkg/Core/DxeIplPeim/DxeIpl.h| 34 +++ MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 + MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 8 +- MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 315 +- MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 15 ++ MdeModulePkg/Include/Guid/PageTablePool.h| 53 MdeModulePkg/MdeModulePkg.dec| 28 ++ UefiCpuPkg/CpuDxe/CpuDxe.c | 17 +- UefiCpuPkg/CpuDxe/CpuDxe.h | 2 + UefiCpuPkg/CpuDxe/CpuDxe.inf | 3 + UefiCpuPkg/CpuDxe/CpuPageTable.c | 329 ++- UefiCpuPkg/CpuDxe/CpuPageTable.h | 22 ++ 12 files changed, 816 insertions(+), 13 deletions(-) create mode 100644 MdeModulePkg/Include/Guid/PageTablePool.h -- 2.14.1.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
