From owner-freebsd-hackers@FreeBSD.ORG Wed May 18 14:50:31 2011 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B240E106566B for ; Wed, 18 May 2011 14:50:31 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 870C38FC1C for ; Wed, 18 May 2011 14:50:31 +0000 (UTC) Received: from bigwig.baldwin.cx (66.111.2.69.static.nyinternet.net [66.111.2.69]) by cyrus.watson.org (Postfix) with ESMTPSA id 27C3146B06; Wed, 18 May 2011 10:50:31 -0400 (EDT) Received: from jhbbsd.localnet (unknown [209.249.190.124]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id AA37A8A050; Wed, 18 May 2011 10:50:30 -0400 (EDT) From: John Baldwin To: freebsd-hackers@freebsd.org Date: Wed, 18 May 2011 10:50:30 -0400 User-Agent: KMail/1.13.5 (FreeBSD/8.2-CBSD-20110325; KDE/4.5.5; amd64; ; ) References: <1305581685-5144-1-git-send-email-fenghua.yu@intel.com> <20110518010353.GQ48734@deviant.kiev.zoral.com.ua> In-Reply-To: MIME-Version: 1.0 Content-Type: Text/Plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable Message-Id: <201105181050.30128.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.6 (bigwig.baldwin.cx); Wed, 18 May 2011 10:50:30 -0400 (EDT) Cc: Kostik Belousov , Oliver Pinter Subject: Re: Fwd: [PATCH v2 3/4] x86, head_32/64.S: Enable SMEP X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2011 14:50:31 -0000 On Wednesday, May 18, 2011 8:31:15 am Oliver Pinter wrote: > On 5/18/11, Kostik Belousov wrote: > > On Wed, May 18, 2011 at 02:03:07AM +0200, Oliver Pinter wrote: > >> ---------- Forwarded message ---------- > >> From: Fenghua Yu > >> Date: Mon, 16 May 2011 14:34:44 -0700 > >> Subject: [PATCH v2 3/4] x86, head_32/64.S: Enable SMEP > >> To: Ingo Molnar , Thomas Gleixner , > >> H Peter Anvin , Asit K Mallick > >> , Linus Torvalds > >> , Avi Kivity , Arjan > >> van de Ven , Andrew Morton > >> , Andi Kleen > >> Cc: linux-kernel , Fenghua Yu > >> > >> > >> From: Fenghua Yu > >> > >> Enable newly documented SMEP (Supervisor Mode Execution Protection) CPU > >> feature in kernel. > >> > >> SMEP prevents the CPU in kernel-mode to jump to an executable page that > >> does > >> not have the kernel/system flag set in the pte. This prevents the kern= el > >> from executing user-space code accidentally or maliciously, so it for > >> example > >> prevents kernel exploits from jumping to specially prepared user-mode > >> shell > >> code. The violation will cause page fault #PF and will have error code > >> identical to XD violation. > >> > >> CR4.SMEP (bit 20) is 0 at power-on. If the feature is supported by CPU > >> (X86_FEATURE_SMEP), enable SMEP by setting CR4.SMEP. New kernel > >> option nosmep disables the feature even if the feature is supported by > >> CPU. > >> > >> Signed-off-by: Fenghua Yu > > > > So, where is the mentioned documentation for SMEP ? Rev. 38 of the > > Intel(R) 64 and IA-32 Architectures Software Developer's Manual does > > not contain the description, at least at the places where I looked and > > expected to find it. >=20 > http://www.intel.com/Assets/PDF/manual/325384.pdf >=20 > Intel=AE 64 and IA-32 Architectures Software Developer=92s Manual > Volume 3 (3A & 3B): > System Programming Guide Which revision? It is not documented in revision 38 from April 2011. I just downloaded that link, and it is still revision 38 and has no mention= =20 'SMEP'. Also, bit 20 of CR4 is still marked as Reserved in that manual=20 (section 2.5). =2D-=20 John Baldwin