From owner-freebsd-hackers@FreeBSD.ORG Wed May 18 00:29:50 2011 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 19B77106566B for ; Wed, 18 May 2011 00:29:50 +0000 (UTC) (envelope-from oliver.pntr@gmail.com) Received: from mail-qw0-f54.google.com (mail-qw0-f54.google.com [209.85.216.54]) by mx1.freebsd.org (Postfix) with ESMTP id C01428FC12 for ; Wed, 18 May 2011 00:29:49 +0000 (UTC) Received: by qwc9 with SMTP id 9so729284qwc.13 for ; Tue, 17 May 2011 17:29:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=ejdqE/Wqv+mmmMVnq0ln5MXHL09TEgV6SKVlvXpM2dA=; b=eIghuMJAcVQphrfYITW5hVCoxcedCAoHrkd7YaP5q0tbXGeUXNn0Qmtfga4J0p4ubh 51LNDbQHfVM71BRkXhmn2XTIUr3/2l+UsUoIznTemSx8wJtpUyZa+5hp1RVY7LQHNvlC DrWGUP3bghCYyNxO9hx41b6Arg2IWfA8gN2iA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=YjWCQo/pvisHqaWFeWnjkhhdHynREeD6T7FHyUacP6NoJUHDIIIc10h/ahwIY5/P22 TBjlcn2gLihhwZwR5B5dYyvQrZO9ulr45GuiD5jCBvnEtrWk99FaW5w3UdFHaHt0K/il e8ShLnb7xsOy6dgaOka64IZt5a6Nzm1wl9XSw= MIME-Version: 1.0 Received: by 10.229.102.165 with SMTP id g37mr954026qco.120.1305676987666; Tue, 17 May 2011 17:03:07 -0700 (PDT) Received: by 10.229.88.131 with HTTP; Tue, 17 May 2011 17:03:07 -0700 (PDT) In-Reply-To: <1305581685-5144-4-git-send-email-fenghua.yu@intel.com> References: <1305581685-5144-1-git-send-email-fenghua.yu@intel.com> <1305581685-5144-4-git-send-email-fenghua.yu@intel.com> Date: Wed, 18 May 2011 02:03:07 +0200 Message-ID: From: Oliver Pinter To: freebsd-hackers@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Fwd: [PATCH v2 3/4] x86, head_32/64.S: Enable SMEP X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2011 00:29:50 -0000 ---------- Forwarded message ---------- From: Fenghua Yu Date: Mon, 16 May 2011 14:34:44 -0700 Subject: [PATCH v2 3/4] x86, head_32/64.S: Enable SMEP To: Ingo Molnar , Thomas Gleixner , H Peter Anvin , Asit K Mallick , Linus Torvalds , Avi Kivity , Arjan van de Ven , Andrew Morton , Andi Kleen Cc: linux-kernel , Fenghua Yu From: Fenghua Yu Enable newly documented SMEP (Supervisor Mode Execution Protection) CPU feature in kernel. SMEP prevents the CPU in kernel-mode to jump to an executable page that does not have the kernel/system flag set in the pte. This prevents the kernel from executing user-space code accidentally or maliciously, so it for example prevents kernel exploits from jumping to specially prepared user-mode shell code. The violation will cause page fault #PF and will have error code identical to XD violation. CR4.SMEP (bit 20) is 0 at power-on. If the feature is supported by CPU (X86_FEATURE_SMEP), enable SMEP by setting CR4.SMEP. New kernel option nosmep disables the feature even if the feature is supported by CPU. Signed-off-by: Fenghua Yu --- arch/x86/kernel/head_32.S | 17 +++++++++++++---- arch/x86/kernel/head_64.S | 13 +++++++++++-- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S index ce0be7c..5325c02 100644 --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S @@ -308,11 +308,20 @@ default_entry: movl cr4_bits,%edx andl %edx,%edx jz 6f - movl %cr4,%eax # Turn on paging options (PSE,PAE,..) - orl %edx,%eax - movl %eax,%cr4 + movl %cr4,%edi # Turn on paging options (PSE,PAE,..) + orl %edx,%edi - testb $X86_CR4_PAE, %al # check if PAE is enabled + /* Check if SMEP is supported by the processor */ + movl $0x7, %eax + movl $0, %ecx + cpuid + btl $7, %ebx + jnc 1f + /* Enable SMEP */ + orl $(X86_CR4_SMEP), %edi +1: movl %edi, %cr4 + + test $X86_CR4_PAE, %di # check if PAE is enabled jz 6f /* Check if extended functions are implemented */ diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index e11e394..220ec5f 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -161,8 +161,17 @@ ENTRY(secondary_startup_64) */ /* Enable PAE mode and PGE */ - movl $(X86_CR4_PAE | X86_CR4_PGE), %eax - movq %rax, %cr4 + movl $(X86_CR4_PAE | X86_CR4_PGE), %edi + + /* Check if SMEP is supported by the processor */ + movl $0x7, %eax + movl $0, %ecx + cpuid + btl $7, %ebx + jnc 1f + /* Enable PAE mode, PGE, and SMEP */ + movl $(X86_CR4_PAE | X86_CR4_PGE | X86_CR4_SMEP), %edi +1: movq %rdi, %cr4 /* Setup early boot stage 4 level pagetables. */ movq $(init_level4_pgt - __START_KERNEL_map), %rax -- 1.7.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/