Date: Wed, 18 May 2011 04:03:55 +0300 From: Kostik Belousov <kostikbel@gmail.com> To: Oliver Pinter <oliver.pntr@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Fwd: [PATCH v2 3/4] x86, head_32/64.S: Enable SMEP Message-ID: <20110518010353.GQ48734@deviant.kiev.zoral.com.ua> In-Reply-To: <BANLkTi=ij7n8qiZ=n7mtUB5uZP-T6S1uRw@mail.gmail.com> References: <1305581685-5144-1-git-send-email-fenghua.yu@intel.com> <1305581685-5144-4-git-send-email-fenghua.yu@intel.com> <BANLkTi=ij7n8qiZ=n7mtUB5uZP-T6S1uRw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--H6JajqBy5V+yykme Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 18, 2011 at 02:03:07AM +0200, Oliver Pinter wrote: > ---------- Forwarded message ---------- > From: Fenghua Yu <fenghua.yu@intel.com> > Date: Mon, 16 May 2011 14:34:44 -0700 > Subject: [PATCH v2 3/4] x86, head_32/64.S: Enable SMEP > To: Ingo Molnar <mingo@elte.hu>, Thomas Gleixner <tglx@linutronix.de>, > H Peter Anvin <hpa@zytor.com>, Asit K Mallick > <asit.k.mallick@intel.com>, Linus Torvalds > <torvalds@linux-foundation.org>, Avi Kivity <avi@redhat.com>, Arjan > van de Ven <arjan@infradead.org>, Andrew Morton > <akpm@linux-foundation.org>, Andi Kleen <andi@firstfloor.org> > Cc: linux-kernel <linux-kernel@vger.kernel.org>, Fenghua Yu > <fenghua.yu@intel.com> >=20 > From: Fenghua Yu <fenghua.yu@intel.com> >=20 > Enable newly documented SMEP (Supervisor Mode Execution Protection) CPU > feature in kernel. >=20 > SMEP prevents the CPU in kernel-mode to jump to an executable page that d= oes > not have the kernel/system flag set in the pte. This prevents the kernel > from executing user-space code accidentally or maliciously, so it for exa= mple > prevents kernel exploits from jumping to specially prepared user-mode she= ll > code. The violation will cause page fault #PF and will have error code > identical to XD violation. >=20 > CR4.SMEP (bit 20) is 0 at power-on. If the feature is supported by CPU > (X86_FEATURE_SMEP), enable SMEP by setting CR4.SMEP. New kernel > option nosmep disables the feature even if the feature is supported by CP= U. >=20 > Signed-off-by: Fenghua Yu <fenghua.yu@intel.com> So, where is the mentioned documentation for SMEP ? Rev. 38 of the Intel(R) 64 and IA-32 Architectures Software Developer's Manual does not contain the description, at least at the places where I looked and expected to find it. Looking forward to hear from you. --H6JajqBy5V+yykme Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEARECAAYFAk3TGvkACgkQC3+MBN1Mb4grKQCeLFCbpD4Im9Es+5wj7T1F49Zp rTcAoIoLUlOSTGGqJSWOH6UVihcuiHVG =yV+Y -----END PGP SIGNATURE----- --H6JajqBy5V+yykme--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110518010353.GQ48734>