Fwd: [PATCH v2 3/4] x86, head_32/64.S: Enable SMEP
John Baldwin
jhb at freebsd.org
Wed May 18 14:50:31 UTC 2011
On Wednesday, May 18, 2011 8:31:15 am Oliver Pinter wrote:
> On 5/18/11, Kostik Belousov <kostikbel at gmail.com> wrote:
> > On Wed, May 18, 2011 at 02:03:07AM +0200, Oliver Pinter wrote:
> >> ---------- Forwarded message ----------
> >> From: Fenghua Yu <fenghua.yu at intel.com>
> >> Date: Mon, 16 May 2011 14:34:44 -0700
> >> Subject: [PATCH v2 3/4] x86, head_32/64.S: Enable SMEP
> >> To: Ingo Molnar <mingo at elte.hu>, Thomas Gleixner <tglx at linutronix.de>,
> >> H Peter Anvin <hpa at zytor.com>, Asit K Mallick
> >> <asit.k.mallick at intel.com>, Linus Torvalds
> >> <torvalds at linux-foundation.org>, Avi Kivity <avi at redhat.com>, Arjan
> >> van de Ven <arjan at infradead.org>, Andrew Morton
> >> <akpm at linux-foundation.org>, Andi Kleen <andi at firstfloor.org>
> >> Cc: linux-kernel <linux-kernel at vger.kernel.org>, Fenghua Yu
> >> <fenghua.yu at intel.com>
> >>
> >> From: Fenghua Yu <fenghua.yu at intel.com>
> >>
> >> Enable newly documented SMEP (Supervisor Mode Execution Protection) CPU
> >> feature in kernel.
> >>
> >> SMEP prevents the CPU in kernel-mode to jump to an executable page that
> >> does
> >> not have the kernel/system flag set in the pte. This prevents the kernel
> >> from executing user-space code accidentally or maliciously, so it for
> >> example
> >> prevents kernel exploits from jumping to specially prepared user-mode
> >> shell
> >> code. The violation will cause page fault #PF and will have error code
> >> identical to XD violation.
> >>
> >> CR4.SMEP (bit 20) is 0 at power-on. If the feature is supported by CPU
> >> (X86_FEATURE_SMEP), enable SMEP by setting CR4.SMEP. New kernel
> >> option nosmep disables the feature even if the feature is supported by
> >> CPU.
> >>
> >> Signed-off-by: Fenghua Yu <fenghua.yu at intel.com>
> >
> > So, where is the mentioned documentation for SMEP ? Rev. 38 of the
> > Intel(R) 64 and IA-32 Architectures Software Developer's Manual does
> > not contain the description, at least at the places where I looked and
> > expected to find it.
>
> http://www.intel.com/Assets/PDF/manual/325384.pdf
>
> Intel® 64 and IA-32 Architectures Software Developer’s Manual
> Volume 3 (3A & 3B):
> System Programming Guide
Which revision? It is not documented in revision 38 from April 2011.
I just downloaded that link, and it is still revision 38 and has no mention
'SMEP'. Also, bit 20 of CR4 is still marked as Reserved in that manual
(section 2.5).
--
John Baldwin
More information about the freebsd-hackers
mailing list