Skip to content

Commit

Permalink
x86, cpufeature: Add cpufeature flag for SMEP
Browse files Browse the repository at this point in the history 
Add support for newly documented SMEP (Supervisor Mode Execution Protection) CPU
feature flag.

SMEP prevents the CPU in kernel-mode to jump to an executable page
that has the user flag set in the PTE.  This prevents the kernel from
executing user-space code accidentally or maliciously, so it for
example prevents kernel exploits from jumping to specially prepared
user-mode shell code.

[ hpa: added better description by Ingo Molnar ]

Signed-off-by: Fenghua Yu <fenghua.yu@intel.com>
LKML-Reference: <1305683069-25394-2-git-send-email-fenghua.yu@intel.com>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
  • Loading branch information
Fenghua Yu authored and H. Peter Anvin committed May 18, 2011
1 parent 724a92e commit d0281a2
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions arch/x86/include/asm/cpufeature.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,6 +195,7 @@

/* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */
#define X86_FEATURE_FSGSBASE (9*32+ 0) /* {RD/WR}{FS/GS}BASE instructions*/
#define X86_FEATURE_SMEP (9*32+ 7) /* Supervisor Mode Execution Protection */
#define X86_FEATURE_ERMS (9*32+ 9) /* Enhanced REP MOVSB/STOSB */

#if defined(__KERNEL__) && !defined(__ASSEMBLY__)
Expand Down

0 comments on commit d0281a2

Please sign in to comment.