git: f8c73ba5981c - stable/14 - mitigations.7: mention supervisor mode memory access protections
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 01 Aug 2024 14:47:15 UTC
The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=f8c73ba5981c6d66384d5c173b650906b9741ae8 commit f8c73ba5981c6d66384d5c173b650906b9741ae8 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2024-05-31 14:13:11 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2024-08-01 14:46:46 +0000 mitigations.7: mention supervisor mode memory access protections Reviewed by: imp (earlier), olce (earlier), kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D45420 (cherry picked from commit 72ece341b42707af7837357dbb1f2c2fe17507fa) --- share/man/man7/mitigations.7 | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/share/man/man7/mitigations.7 b/share/man/man7/mitigations.7 index 950d84042c71..f68e3041c88f 100644 --- a/share/man/man7/mitigations.7 +++ b/share/man/man7/mitigations.7 @@ -25,7 +25,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd October 6, 2023 +.Dd May 31, 2024 .Dt MITIGATIONS 7 .Os .Sh NAME @@ -234,8 +234,26 @@ and it is possible that some applications may not function correctly. .\" .\".Ss Stack Smashing Protection (SSP) .\" -.\".Ss Supervisor mode memory protection -.\" +.Ss Supervisor mode memory protection +Certain processors include features that prevent unintended access to memory +pages accessible to userspace (non-privileged) code, while in a privileged +mode. +One feature prevents execution, intended to mitigate exploitation of kernel +vulnerabilities from userland. +Another feature prevents unintended reads from or writes to user space memory +from the kernel. +This also provides effective protection against NULL pointer dereferences from +kernel. +.Bl -column -offset indent "Architecture" "Feature" "Access Type Prevented" +.It Sy Architecture Ta Sy Feature Ta Sy Access Type Prevented +.It amd64 Ta SMAP Ta Read / Write +.It amd64 Ta SMEP Ta Execute +.It arm64 Ta PAN Ta Read / Write +.It arm64 Ta PXN Ta Execute +.El +.Pp +These features are automatically used by the kernel. +There is no user-facing configuration. .Ss Hardware vulnerability controls See .Xr security 7