mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-06 09:10:28 +00:00
mitigations.7: mention supervisor mode memory access protections
Reviewed by: imp (earlier), olce (earlier), kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D45420
This commit is contained in:
parent
164fdee111
commit
72ece341b4
|
@ -25,7 +25,7 @@
|
||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.Dd October 6, 2023
|
.Dd May 31, 2024
|
||||||
.Dt MITIGATIONS 7
|
.Dt MITIGATIONS 7
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -234,8 +234,26 @@ and it is possible that some applications may not function correctly.
|
||||||
.\"
|
.\"
|
||||||
.\".Ss Stack Smashing Protection (SSP)
|
.\".Ss Stack Smashing Protection (SSP)
|
||||||
.\"
|
.\"
|
||||||
.\".Ss Supervisor mode memory protection
|
.Ss Supervisor mode memory protection
|
||||||
.\"
|
Certain processors include features that prevent unintended access to memory
|
||||||
|
pages accessible to userspace (non-privileged) code, while in a privileged
|
||||||
|
mode.
|
||||||
|
One feature prevents execution, intended to mitigate exploitation of kernel
|
||||||
|
vulnerabilities from userland.
|
||||||
|
Another feature prevents unintended reads from or writes to user space memory
|
||||||
|
from the kernel.
|
||||||
|
This also provides effective protection against NULL pointer dereferences from
|
||||||
|
kernel.
|
||||||
|
.Bl -column -offset indent "Architecture" "Feature" "Access Type Prevented"
|
||||||
|
.It Sy Architecture Ta Sy Feature Ta Sy Access Type Prevented
|
||||||
|
.It amd64 Ta SMAP Ta Read / Write
|
||||||
|
.It amd64 Ta SMEP Ta Execute
|
||||||
|
.It arm64 Ta PAN Ta Read / Write
|
||||||
|
.It arm64 Ta PXN Ta Execute
|
||||||
|
.El
|
||||||
|
.Pp
|
||||||
|
These features are automatically used by the kernel.
|
||||||
|
There is no user-facing configuration.
|
||||||
.Ss Hardware vulnerability controls
|
.Ss Hardware vulnerability controls
|
||||||
See
|
See
|
||||||
.Xr security 7
|
.Xr security 7
|
||||||
|
|
Loading…
Reference in a new issue