UefiCpuPkg/PiSmmCpuDxeSmm: Add paging protection.

PiSmmCpuDxeSmm consumes SmmAttributesTable and setup page table:
1) Code region is marked as read-only and Data region is non-executable,
if the PE image is 4K aligned.
2) Important data structure is set to RO, such as GDT/IDT.
3) SmmSaveState is set to non-executable,
and SmmEntrypoint is set to read-only.
4) If static page is supported, page table is read-only.

We use page table to protect other components, and itself.

If we use dynamic paging, we can still provide *partial* protection.
And hope page table is not modified by other components.

The XD enabling code is moved to SmiEntry to let NX take effect.

Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>

1 files changed, 5 insertions, 31 deletions

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.nasm
index 6a328289a8..4d58999e90 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.nasm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.nasm
@@ -1,5 +1,5 @@
 ;------------------------------------------------------------------------------ ;

-; Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>

+; Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>

 ; This program and the accompanying materials

 ; are licensed and made available under the terms and conditions of the BSD License

 ; which accompanies this distribution.  The full text of the license may be found at

@@ -24,6 +24,7 @@ extern  ASM_PFX(SmiPFHandler)
 

 global  ASM_PFX(gcSmiIdtr)

 global  ASM_PFX(gcSmiGdtr)

+global  ASM_PFX(gTaskGateDescriptor)

 global  ASM_PFX(gcPsd)

 

     SECTION .data

@@ -250,21 +251,10 @@ ASM_PFX(gcSmiGdtr):
     DD      NullSeg

 

 ASM_PFX(gcSmiIdtr):

-    DW      IDT_SIZE - 1

-    DD      _SmiIDT

+    DW      0

+    DD      0

 

-_SmiIDT:

-%rep 32

-    DW      0                           ; Offset 0:15

-    DW      CODE_SEL                    ; Segment selector

-    DB      0                           ; Unused

-    DB      0x8e                         ; Interrupt Gate, Present

-    DW      0                           ; Offset 16:31

-%endrep

-

-IDT_SIZE equ $ - _SmiIDT

-

-TaskGateDescriptor:

+ASM_PFX(gTaskGateDescriptor):

     DW      0                           ; Reserved

     DW      EXCEPTION_TSS_SEL           ; TSS Segment selector

     DB      0                           ; Reserved

@@ -717,19 +707,3 @@ ASM_PFX(PageFaultStubFunction):
     clts

     iretd

 

-global ASM_PFX(InitializeIDTSmmStackGuard)

-ASM_PFX(InitializeIDTSmmStackGuard):

-    push    ebx

-;

-; If SMM Stack Guard feature is enabled, the Page Fault Exception entry in IDT

-; is a Task Gate Descriptor so that when a Page Fault Exception occurrs,

-; the processors can use a known good stack in case stack is ran out.

-;

-    lea     ebx, [_SmiIDT + 14 * 8]

-    lea     edx, [TaskGateDescriptor]

-    mov     eax, [edx]

-    mov     [ebx], eax

-    mov     eax, [edx + 4]

-    mov     [ebx + 4], eax

-    pop     ebx

-    ret