UefiCpuPkg/PiSmmCpuDxeSmm: Add paging protection.
authorJiewen Yao <jiewen.yao@intel.com>
Sun, 23 Oct 2016 15:19:52 +0000 (23:19 +0800)
committerJiewen Yao <jiewen.yao@intel.com>
Thu, 17 Nov 2016 08:30:07 +0000 (16:30 +0800)
commit717fb60443fbaedfab9a37fd186361b3b9e1ecfe
treef360f028594e994f452f6e674726bf210643498b
parent28b020b5de1e1bee4a44e2536f71fc96c781863c
UefiCpuPkg/PiSmmCpuDxeSmm: Add paging protection.

PiSmmCpuDxeSmm consumes SmmAttributesTable and setup page table:
1) Code region is marked as read-only and Data region is non-executable,
if the PE image is 4K aligned.
2) Important data structure is set to RO, such as GDT/IDT.
3) SmmSaveState is set to non-executable,
and SmmEntrypoint is set to read-only.
4) If static page is supported, page table is read-only.

We use page table to protect other components, and itself.

If we use dynamic paging, we can still provide *partial* protection.
And hope page table is not modified by other components.

The XD enabling code is moved to SmiEntry to let NX take effect.

Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
25 files changed:
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.S
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.asm
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.nasm
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c
UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c [new file with mode: 0644]
UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h
UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.S
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.asm
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.nasm
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmProfileArch.c