projects / dragonfly.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d4e0b0c) | patch
kernel - Implement support for SMAP and SMEP security
authorMatthew Dillon <dillon@apollo.backplane.com>
Fri, 17 May 2019 00:14:58 +0000 (17:14 -0700)
committerMatthew Dillon <dillon@apollo.backplane.com>
Fri, 17 May 2019 00:14:58 +0000 (17:14 -0700)
commit48c77f2b85f9ed807532e99b7187e6f5b5aa2975
tree09a8a7b34c856993fcbea755008183adec04323atree | snapshot
parentd4e0b0cdf7ba6c17a511731dd6a2abfd96516cbbcommit | diff
kernel - Implement support for SMAP and SMEP security

* Implement support for SMAP security.  This prevents accidental
  accesses to user address space from the kernel.  When available,
  we wrap intentional user-space accesses from the kernel with
  the 'stac' and 'clac' instructions.

  We use a NOP replacement policy to implement the feature.  The wrapper
  is initially a 'nop %eax' (3-byte NOP), and is replaced by 'stac' and
  'clac' via a .section iteration when the feature is supported.

* Implement support for SMEP security.  This prevents accidental
  execution of user code from the kernel and simply requires
  turning the bit on in CR4.

* Reports support in dmesg via the 'CPU Special Features Installed:'
  line.
sys/cpu/x86_64/include/asmacros.h diff | blob | blame | history
sys/cpu/x86_64/include/specialreg.h diff | blob | blame | history
sys/platform/pc64/x86_64/identcpu.c diff | blob | blame | history
sys/platform/pc64/x86_64/initcpu.c diff | blob | blame | history
sys/platform/pc64/x86_64/machdep.c diff | blob | blame | history
sys/platform/pc64/x86_64/pmap.c diff | blob | blame | history
sys/platform/pc64/x86_64/support.s diff | blob | blame | history
DragonFly Project Source