[edk2] [PATCH v3 0/2] Enable page table write protection

Jian J Wang posted 2 patches 6 years, 3 months ago
Failed in applying to current master (apply log)
There is a newer version of this series
MdeModulePkg/Core/DxeIplPeim/DxeIpl.h            |  34 +++
MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c  |   8 +-
MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 301 ++++++++++++++++++++++-
MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h |  26 ++
UefiCpuPkg/CpuDxe/CpuDxe.c                       |  17 +-
UefiCpuPkg/CpuDxe/CpuDxe.h                       |   2 +
UefiCpuPkg/CpuDxe/CpuPageTable.c                 | 226 ++++++++++++++++-
UefiCpuPkg/CpuDxe/CpuPageTable.h                 |  34 +++
8 files changed, 635 insertions(+), 13 deletions(-)
[edk2] [PATCH v3 0/2] Enable page table write protection
Posted by Jian J Wang 6 years, 3 months ago
> v3 changes:
>  a. According to code review comments, remove the public definitions of
>     page table pool. Now the DxeIpl and CpuDxe will have their own page
>     table pool but in the same mechanism. Related PCDs, GUDI and headers
>     are also removed.
>  b. Apply protection to all page tables, including new ones added in
>     CpuDxe driver.
>  c. Code/comments cleanup.

> v2 changes:
>  a. Enable protection on any newly added page table after DxeIpl.
>  b. Introduce page table pool concept to make page table allocation
>     and protection easier and error free.

Write Protect feature (CR0.WP) is always enabled in driver UefiCpuPkg/CpuDxe.
But the memory pages used for page table are not set as read-only in the driver
DxeIplPeim, after the paging is setup. This might jeopardize the page table
integrity if there's buffer overflow occured in other part of system.

This patch series will change this situation by clearing R/W bit in page attribute
of the pages used as page table.

Validation works include booting Windows (10/server 2016) and Linux (Fedora/Ubuntu)
on OVMF and Intel real platform.

Jian J Wang (2):
  MdeModulePkg/DxeIpl: Mark page table as read-only
  UefiCpuPkg/CpuDxe: Enable protection for newly added page table

 MdeModulePkg/Core/DxeIplPeim/DxeIpl.h            |  34 +++
 MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c  |   8 +-
 MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 301 ++++++++++++++++++++++-
 MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h |  26 ++
 UefiCpuPkg/CpuDxe/CpuDxe.c                       |  17 +-
 UefiCpuPkg/CpuDxe/CpuDxe.h                       |   2 +
 UefiCpuPkg/CpuDxe/CpuPageTable.c                 | 226 ++++++++++++++++-
 UefiCpuPkg/CpuDxe/CpuPageTable.h                 |  34 +++
 8 files changed, 635 insertions(+), 13 deletions(-)

-- 
2.15.1.windows.2

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v3 0/2] Enable page table write protection
Posted by Laszlo Ersek 6 years, 3 months ago
On 12/05/17 09:16, Jian J Wang wrote:
>> v3 changes:
>>  a. According to code review comments, remove the public definitions of
>>     page table pool. Now the DxeIpl and CpuDxe will have their own page
>>     table pool but in the same mechanism. Related PCDs, GUDI and headers
>>     are also removed.
>>  b. Apply protection to all page tables, including new ones added in
>>     CpuDxe driver.
>>  c. Code/comments cleanup.
> 
>> v2 changes:
>>  a. Enable protection on any newly added page table after DxeIpl.
>>  b. Introduce page table pool concept to make page table allocation
>>     and protection easier and error free.
> 
> Write Protect feature (CR0.WP) is always enabled in driver UefiCpuPkg/CpuDxe.
> But the memory pages used for page table are not set as read-only in the driver
> DxeIplPeim, after the paging is setup. This might jeopardize the page table
> integrity if there's buffer overflow occured in other part of system.
> 
> This patch series will change this situation by clearing R/W bit in page attribute
> of the pages used as page table.
> 
> Validation works include booting Windows (10/server 2016) and Linux (Fedora/Ubuntu)
> on OVMF and Intel real platform.
> 
> Jian J Wang (2):
>   MdeModulePkg/DxeIpl: Mark page table as read-only
>   UefiCpuPkg/CpuDxe: Enable protection for newly added page table
> 
>  MdeModulePkg/Core/DxeIplPeim/DxeIpl.h            |  34 +++
>  MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c  |   8 +-
>  MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 301 ++++++++++++++++++++++-
>  MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h |  26 ++
>  UefiCpuPkg/CpuDxe/CpuDxe.c                       |  17 +-
>  UefiCpuPkg/CpuDxe/CpuDxe.h                       |   2 +
>  UefiCpuPkg/CpuDxe/CpuPageTable.c                 | 226 ++++++++++++++++-
>  UefiCpuPkg/CpuDxe/CpuPageTable.h                 |  34 +++
>  8 files changed, 635 insertions(+), 13 deletions(-)
> 

series
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>

Thanks
Laszlo
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v3 0/2] Enable page table write protection
Posted by Wang, Jian J 6 years, 3 months ago
Hi Laszlo,

Thanks for the test.

Jian
> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Wednesday, December 06, 2017 4:05 AM
> To: Wang, Jian J <jian.j.wang@intel.com>; edk2-devel@lists.01.org
> Subject: Re: [edk2] [PATCH v3 0/2] Enable page table write protection
> 
> On 12/05/17 09:16, Jian J Wang wrote:
> >> v3 changes:
> >>  a. According to code review comments, remove the public definitions of
> >>     page table pool. Now the DxeIpl and CpuDxe will have their own page
> >>     table pool but in the same mechanism. Related PCDs, GUDI and headers
> >>     are also removed.
> >>  b. Apply protection to all page tables, including new ones added in
> >>     CpuDxe driver.
> >>  c. Code/comments cleanup.
> >
> >> v2 changes:
> >>  a. Enable protection on any newly added page table after DxeIpl.
> >>  b. Introduce page table pool concept to make page table allocation
> >>     and protection easier and error free.
> >
> > Write Protect feature (CR0.WP) is always enabled in driver
> UefiCpuPkg/CpuDxe.
> > But the memory pages used for page table are not set as read-only in the
> driver
> > DxeIplPeim, after the paging is setup. This might jeopardize the page table
> > integrity if there's buffer overflow occured in other part of system.
> >
> > This patch series will change this situation by clearing R/W bit in page attribute
> > of the pages used as page table.
> >
> > Validation works include booting Windows (10/server 2016) and Linux
> (Fedora/Ubuntu)
> > on OVMF and Intel real platform.
> >
> > Jian J Wang (2):
> >   MdeModulePkg/DxeIpl: Mark page table as read-only
> >   UefiCpuPkg/CpuDxe: Enable protection for newly added page table
> >
> >  MdeModulePkg/Core/DxeIplPeim/DxeIpl.h            |  34 +++
> >  MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c  |   8 +-
> >  MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 301
> ++++++++++++++++++++++-
> >  MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h |  26 ++
> >  UefiCpuPkg/CpuDxe/CpuDxe.c                       |  17 +-
> >  UefiCpuPkg/CpuDxe/CpuDxe.h                       |   2 +
> >  UefiCpuPkg/CpuDxe/CpuPageTable.c                 | 226 ++++++++++++++++-
> >  UefiCpuPkg/CpuDxe/CpuPageTable.h                 |  34 +++
> >  8 files changed, 635 insertions(+), 13 deletions(-)
> >
> 
> series
> Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
> 
> Thanks
> Laszlo
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v3 0/2] Enable page table write protection
Posted by Yao, Jiewen 6 years, 3 months ago
Thanks you. It looks good to me.
Reviewed-by: Jiewen.yao@intel.com

I suggest CPU owner can have double check the code before check in.

Thank you
Yao Jiewen


> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Jian J
> Wang
> Sent: Tuesday, December 5, 2017 4:16 PM
> To: edk2-devel@lists.01.org
> Subject: [edk2] [PATCH v3 0/2] Enable page table write protection
> 
> > v3 changes:
> >  a. According to code review comments, remove the public definitions of
> >     page table pool. Now the DxeIpl and CpuDxe will have their own page
> >     table pool but in the same mechanism. Related PCDs, GUDI and headers
> >     are also removed.
> >  b. Apply protection to all page tables, including new ones added in
> >     CpuDxe driver.
> >  c. Code/comments cleanup.
> 
> > v2 changes:
> >  a. Enable protection on any newly added page table after DxeIpl.
> >  b. Introduce page table pool concept to make page table allocation
> >     and protection easier and error free.
> 
> Write Protect feature (CR0.WP) is always enabled in driver UefiCpuPkg/CpuDxe.
> But the memory pages used for page table are not set as read-only in the driver
> DxeIplPeim, after the paging is setup. This might jeopardize the page table
> integrity if there's buffer overflow occured in other part of system.
> 
> This patch series will change this situation by clearing R/W bit in page attribute
> of the pages used as page table.
> 
> Validation works include booting Windows (10/server 2016) and Linux
> (Fedora/Ubuntu)
> on OVMF and Intel real platform.
> 
> Jian J Wang (2):
>   MdeModulePkg/DxeIpl: Mark page table as read-only
>   UefiCpuPkg/CpuDxe: Enable protection for newly added page table
> 
>  MdeModulePkg/Core/DxeIplPeim/DxeIpl.h            |  34 +++
>  MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c  |   8 +-
>  MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 301
> ++++++++++++++++++++++-
>  MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h |  26 ++
>  UefiCpuPkg/CpuDxe/CpuDxe.c                       |  17 +-
>  UefiCpuPkg/CpuDxe/CpuDxe.h                       |   2 +
>  UefiCpuPkg/CpuDxe/CpuPageTable.c                 | 226
> ++++++++++++++++-
>  UefiCpuPkg/CpuDxe/CpuPageTable.h                 |  34 +++
>  8 files changed, 635 insertions(+), 13 deletions(-)
> 
> --
> 2.15.1.windows.2
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel