On Wed, May 18, 2011 at 02:03:07AM +0200, Oliver Pinter wrote: > ---------- Forwarded message ---------- > From: Fenghua Yu <[email protected]> > Date: Mon, 16 May 2011 14:34:44 -0700 > Subject: [PATCH v2 3/4] x86, head_32/64.S: Enable SMEP > To: Ingo Molnar <[email protected]>, Thomas Gleixner <[email protected]>, > H Peter Anvin <[email protected]>, Asit K Mallick > <[email protected]>, Linus Torvalds > <[email protected]>, Avi Kivity <[email protected]>, Arjan > van de Ven <[email protected]>, Andrew Morton > <[email protected]>, Andi Kleen <[email protected]> > Cc: linux-kernel <[email protected]>, Fenghua Yu > <[email protected]> > > From: Fenghua Yu <[email protected]> > > Enable newly documented SMEP (Supervisor Mode Execution Protection) CPU > feature in kernel. > > SMEP prevents the CPU in kernel-mode to jump to an executable page that does > not have the kernel/system flag set in the pte. This prevents the kernel > from executing user-space code accidentally or maliciously, so it for example > prevents kernel exploits from jumping to specially prepared user-mode shell > code. The violation will cause page fault #PF and will have error code > identical to XD violation. > > CR4.SMEP (bit 20) is 0 at power-on. If the feature is supported by CPU > (X86_FEATURE_SMEP), enable SMEP by setting CR4.SMEP. New kernel > option nosmep disables the feature even if the feature is supported by CPU. > > Signed-off-by: Fenghua Yu <[email protected]>
So, where is the mentioned documentation for SMEP ? Rev. 38 of the Intel(R) 64 and IA-32 Architectures Software Developer's Manual does not contain the description, at least at the places where I looked and expected to find it. Looking forward to hear from you.
pgpYcKGUj9rIq.pgp
Description: PGP signature
