git: kernel - Implement support for SMAP and SMEP security
Matthew Dillon
dillon at crater.dragonflybsd.org
Thu May 16 17:19:18 PDT 2019
commit 48c77f2b85f9ed807532e99b7187e6f5b5aa2975
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Thu May 16 17:14:58 2019 -0700
kernel - Implement support for SMAP and SMEP security
* Implement support for SMAP security. This prevents accidental
accesses to user address space from the kernel. When available,
we wrap intentional user-space accesses from the kernel with
the 'stac' and 'clac' instructions.
We use a NOP replacement policy to implement the feature. The wrapper
is initially a 'nop %eax' (3-byte NOP), and is replaced by 'stac' and
'clac' via a .section iteration when the feature is supported.
* Implement support for SMEP security. This prevents accidental
execution of user code from the kernel and simply requires
turning the bit on in CR4.
* Reports support in dmesg via the 'CPU Special Features Installed:'
line.
Summary of changes:
sys/cpu/x86_64/include/asmacros.h | 22 ++++++++++++++++++++
sys/cpu/x86_64/include/specialreg.h | 4 ++++
sys/platform/pc64/x86_64/identcpu.c | 18 +++++++++++------
sys/platform/pc64/x86_64/initcpu.c | 4 +++-
sys/platform/pc64/x86_64/machdep.c | 27 +++++++++++++++++++++++++
sys/platform/pc64/x86_64/pmap.c | 11 ++++++++++
sys/platform/pc64/x86_64/support.s | 40 +++++++++++++++++++++++++++++++++----
7 files changed, 115 insertions(+), 11 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/48c77f2b85f9ed807532e99b7187e6f5b5aa2975
--
DragonFly BSD source repository
More information about the Commits
mailing list