CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2012/10/08 22:40:36
Modified files:
sys/arch/amd64/amd64: cpu.c identcpu.c trap.c
sys/arch/amd64/include: cpu.h
sys/arch/i386/i386: cpu.c machdep.c trap.c
sys/arch/i386/include: cpu.h
Log message:
Enable Supervisor Mode Execution Protection (SMEP), found in recent
Intel chips. If the kernel is tricked into running code from a user
page while in supervisor mode we'll now get a page fault and panic
instead of running it.
suggestions and ok guenther@, ok deraadt@
