Opened 10 years ago
Last modified 8 years ago
#624 new enhancement
Add support for Supervisor Mode Access Prevention (SMAP)
Reported by: | Martin Decky | Owned by: | Jakub Jermář |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | helenos/kernel/amd64 | Version: | mainline |
Keywords: | Cc: | ||
Blocker for: | Depends on: | ||
See also: |
Description
Supervisor Mode Access Prevention (SMAP) is a feature of the Haswell microarchitecture (and later) that prevents the kernel from accessing user space memory. This basically limits the attack surface on the kernel because the kernel can decide to access the user space memory only in certain, tightly controlled situations (e.g. in copy_from_uspace(), copy_to_uspace(), etc.).
Note:
See TracTickets
for help on using tickets.