Re: [PATCH v2 3/4] x86, head_32/64.S: Enable SMEP

From: Matthew Garrett
Date: Mon May 16 2011 - 22:10:50 EST

Next message: Steven Rostedt: "[RFC][PATCH 1/2] kbuild: Add force-deps to fixdep"
Previous message: Tomoya MORINAGA: "RE: Question: GPIO driver how to get irq_base"
In reply to: Fenghua Yu: "[PATCH v2 3/4] x86, head_32/64.S: Enable SMEP"
Next in thread: Yu, Fenghua: "RE: [PATCH v2 3/4] x86, head_32/64.S: Enable SMEP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, May 16, 2011 at 02:34:44PM -0700, Fenghua Yu wrote:
> From: Fenghua Yu <fenghua.yu@xxxxxxxxx>
>
> Enable newly documented SMEP (Supervisor Mode Execution Protection) CPU
> feature in kernel.
>
> SMEP prevents the CPU in kernel-mode to jump to an executable page that does
> not have the kernel/system flag set in the pte. This prevents the kernel
> from executing user-space code accidentally or maliciously, so it for example
> prevents kernel exploits from jumping to specially prepared user-mode shell
> code. The violation will cause page fault #PF and will have error code
> identical to XD violation.

Are EFI runtime service pages currently set up appropriately?

--
Matthew Garrett | mjg59@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steven Rostedt: "[RFC][PATCH 1/2] kbuild: Add force-deps to fixdep"
Previous message: Tomoya MORINAGA: "RE: Question: GPIO driver how to get irq_base"
In reply to: Fenghua Yu: "[PATCH v2 3/4] x86, head_32/64.S: Enable SMEP"
Next in thread: Yu, Fenghua: "RE: [PATCH v2 3/4] x86, head_32/64.S: Enable SMEP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]