git: kernel - Implement support for SMAP and SMEP security

Matthew Dillon dillon at crater.dragonflybsd.org
Thu May 16 17:19:18 PDT 2019


commit 48c77f2b85f9ed807532e99b7187e6f5b5aa2975
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Thu May 16 17:14:58 2019 -0700

    kernel - Implement support for SMAP and SMEP security
    
    * Implement support for SMAP security.  This prevents accidental
      accesses to user address space from the kernel.  When available,
      we wrap intentional user-space accesses from the kernel with
      the 'stac' and 'clac' instructions.
    
      We use a NOP replacement policy to implement the feature.  The wrapper
      is initially a 'nop %eax' (3-byte NOP), and is replaced by 'stac' and
      'clac' via a .section iteration when the feature is supported.
    
    * Implement support for SMEP security.  This prevents accidental
      execution of user code from the kernel and simply requires
      turning the bit on in CR4.
    
    * Reports support in dmesg via the 'CPU Special Features Installed:'
      line.

Summary of changes:
 sys/cpu/x86_64/include/asmacros.h   | 22 ++++++++++++++++++++
 sys/cpu/x86_64/include/specialreg.h |  4 ++++
 sys/platform/pc64/x86_64/identcpu.c | 18 +++++++++++------
 sys/platform/pc64/x86_64/initcpu.c  |  4 +++-
 sys/platform/pc64/x86_64/machdep.c  | 27 +++++++++++++++++++++++++
 sys/platform/pc64/x86_64/pmap.c     | 11 ++++++++++
 sys/platform/pc64/x86_64/support.s  | 40 +++++++++++++++++++++++++++++++++----
 7 files changed, 115 insertions(+), 11 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/48c77f2b85f9ed807532e99b7187e6f5b5aa2975


-- 
DragonFly BSD source repository


More information about the Commits mailing list