Date: Sat, 8 Sep 2012 21:10:19 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: current@freebsd.org, amd64@freebsd.org Subject: Small Ivy features: FSGSBASE and SMEP. Message-ID: <20120908181019.GK33100@deviant.kiev.zoral.com.ua>
next in thread | raw e-mail | index | archive | help
--ws0tIAL3OFqxTKCX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Please find at http://people.freebsd.org/~kib/misc/smep.1.patch the patch which should enable the FSGSBASE and SMEP features supposedly present in the IvyBridge CPUs. FSGSBASE are four new instructions available in the 64bit mode only. They allow to access bases for %fs and %gs without touching MSRs. This makes it possible to both read and write bases in the user mode, or in ring 0 with lower overhead. At the moment, WRFSBASE/WRGSBASE instructions should work, but are useless since any interrupt or context switch overrides bases with the values set by the arch syscall. Still, RDFSBASE/RDGSBASE might be useful for some code and I see no reason not to enable them. SMEP is the nice feature of the processor which makes it trap if ring 0 tries to execute an instruction from usermode-accessible page. It is another mitigation for things like calling user-controllable function pointer in kernel, as well as a protection for NULL function pointer dereference. I am sure that we never execute anything in kernel from user page, but I did not tested the patch since I have no Ivy machine. I need your reports about boot on Ivy with patch applied. Please include the lines from verbose dmesg with CPU Features. In particular, the 'Standard Extended Features' report should appear in output. Thanks. --ws0tIAL3OFqxTKCX Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (FreeBSD) iEYEARECAAYFAlBLigsACgkQC3+MBN1Mb4iU8wCeKHbqu15vuzYhJcrHq0O/TTF8 r6UAn3N+24R78Xenphvi4wF7kZzMVLqF =eUDd -----END PGP SIGNATURE----- --ws0tIAL3OFqxTKCX--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120908181019.GK33100>