On 5/18/11, Kostik Belousov <kostik...@gmail.com> wrote: > On Wed, May 18, 2011 at 10:50:30AM -0400, John Baldwin wrote: >> On Wednesday, May 18, 2011 8:31:15 am Oliver Pinter wrote: >> > On 5/18/11, Kostik Belousov <kostik...@gmail.com> wrote: >> > > On Wed, May 18, 2011 at 02:03:07AM +0200, Oliver Pinter wrote: >> > >> ---------- Forwarded message ---------- >> > >> From: Fenghua Yu <fenghua...@intel.com> >> > >> Date: Mon, 16 May 2011 14:34:44 -0700 >> > >> Subject: [PATCH v2 3/4] x86, head_32/64.S: Enable SMEP >> > >> To: Ingo Molnar <mi...@elte.hu>, Thomas Gleixner >> > >> <t...@linutronix.de>, >> > >> H Peter Anvin <h...@zytor.com>, Asit K Mallick >> > >> <asit.k.mall...@intel.com>, Linus Torvalds >> > >> <torva...@linux-foundation.org>, Avi Kivity <a...@redhat.com>, Arjan >> > >> van de Ven <ar...@infradead.org>, Andrew Morton >> > >> <a...@linux-foundation.org>, Andi Kleen <a...@firstfloor.org> >> > >> Cc: linux-kernel <linux-ker...@vger.kernel.org>, Fenghua Yu >> > >> <fenghua...@intel.com> >> > >> >> > >> From: Fenghua Yu <fenghua...@intel.com> >> > >> >> > >> Enable newly documented SMEP (Supervisor Mode Execution Protection) >> > >> CPU >> > >> feature in kernel. >> > >> >> > >> SMEP prevents the CPU in kernel-mode to jump to an executable page >> > >> that >> > >> does >> > >> not have the kernel/system flag set in the pte. This prevents the >> > >> kernel >> > >> from executing user-space code accidentally or maliciously, so it for >> > >> example >> > >> prevents kernel exploits from jumping to specially prepared user-mode >> > >> shell >> > >> code. The violation will cause page fault #PF and will have error >> > >> code >> > >> identical to XD violation. >> > >> >> > >> CR4.SMEP (bit 20) is 0 at power-on. If the feature is supported by >> > >> CPU >> > >> (X86_FEATURE_SMEP), enable SMEP by setting CR4.SMEP. New kernel >> > >> option nosmep disables the feature even if the feature is supported >> > >> by >> > >> CPU. >> > >> >> > >> Signed-off-by: Fenghua Yu <fenghua...@intel.com> >> > > >> > > So, where is the mentioned documentation for SMEP ? Rev. 38 of the >> > > Intel(R) 64 and IA-32 Architectures Software Developer's Manual does >> > > not contain the description, at least at the places where I looked and >> > > expected to find it. >> > >> > http://www.intel.com/Assets/PDF/manual/325384.pdf >> > >> > Intel? 64 and IA-32 Architectures Software Developer?s Manual >> > Volume 3 (3A & 3B): >> > System Programming Guide >> >> Which revision? It is not documented in revision 38 from April 2011. >> >> I just downloaded that link, and it is still revision 38 and has no >> mention
no, under the original intel link i find rev.39 Order Number: 325384-039US May 2011 uploaded here: http://oliverp.teteny.bme.hu/up/325384.pdf >> 'SMEP'. Also, bit 20 of CR4 is still marked as Reserved in that manual >> (section 2.5). > This is exactly what I said about rev. 38 in my original reply. > _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
