From owner-freebsd-amd64@FreeBSD.ORG Sat Sep 8 18:10:24 2012 Return-Path: Delivered-To: amd64@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 321E4106566B; Sat, 8 Sep 2012 18:10:24 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from mail.zoral.com.ua (mx0.zoral.com.ua [91.193.166.200]) by mx1.freebsd.org (Postfix) with ESMTP id 8583F8FC08; Sat, 8 Sep 2012 18:10:22 +0000 (UTC) Received: from skuns.kiev.zoral.com.ua (localhost [127.0.0.1]) by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id q88IAVkR075350; Sat, 8 Sep 2012 21:10:31 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.14.5/8.14.5) with ESMTP id q88IAJa4090888; Sat, 8 Sep 2012 21:10:19 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.14.5/8.14.5/Submit) id q88IAJv8090887; Sat, 8 Sep 2012 21:10:19 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Sat, 8 Sep 2012 21:10:19 +0300 From: Konstantin Belousov To: current@freebsd.org, amd64@freebsd.org Message-ID: <20120908181019.GK33100@deviant.kiev.zoral.com.ua> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ws0tIAL3OFqxTKCX" Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-Virus-Scanned: clamav-milter 0.95.2 at skuns.kiev.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-4.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on skuns.kiev.zoral.com.ua Cc: Subject: Small Ivy features: FSGSBASE and SMEP. X-BeenThere: freebsd-amd64@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting FreeBSD to the AMD64 platform List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Sep 2012 18:10:24 -0000 --ws0tIAL3OFqxTKCX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Please find at http://people.freebsd.org/~kib/misc/smep.1.patch the patch which should enable the FSGSBASE and SMEP features supposedly present in the IvyBridge CPUs. FSGSBASE are four new instructions available in the 64bit mode only. They allow to access bases for %fs and %gs without touching MSRs. This makes it possible to both read and write bases in the user mode, or in ring 0 with lower overhead. At the moment, WRFSBASE/WRGSBASE instructions should work, but are useless since any interrupt or context switch overrides bases with the values set by the arch syscall. Still, RDFSBASE/RDGSBASE might be useful for some code and I see no reason not to enable them. SMEP is the nice feature of the processor which makes it trap if ring 0 tries to execute an instruction from usermode-accessible page. It is another mitigation for things like calling user-controllable function pointer in kernel, as well as a protection for NULL function pointer dereference. I am sure that we never execute anything in kernel from user page, but I did not tested the patch since I have no Ivy machine. I need your reports about boot on Ivy with patch applied. Please include the lines from verbose dmesg with CPU Features. In particular, the 'Standard Extended Features' report should appear in output. Thanks. --ws0tIAL3OFqxTKCX Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (FreeBSD) iEYEARECAAYFAlBLigsACgkQC3+MBN1Mb4iU8wCeKHbqu15vuzYhJcrHq0O/TTF8 r6UAn3N+24R78Xenphvi4wF7kZzMVLqF =eUDd -----END PGP SIGNATURE----- --ws0tIAL3OFqxTKCX--