RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 11:18:11 +00:00
Code Issues Activity Actions

Kernel: Enable x86 SMEP (Supervisor Mode Execution Protection)

Browse source 
This prevents the kernel from jumping to code in userspace memory.
This commit is contained in:
Andreas Kling 2020-01-01 01:56:58 +01:00
parent cece0d230d
commit 8602fa5b49
2 changed files with 23 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

23
Kernel/VM/MemoryManager.cpp
View file

@ -21,10 +21,18 @@ MemoryManager& MM
return *s_the;
}
void MemoryManager::detect_cpu_features()
{
CPUID extended_processor_info(0x80000001);
m_has_nx_support = (extended_processor_info.edx() & (1 << 20)) != 0;
CPUID extended_features(0x7);
m_has_smep_support = (extended_features.ebx() & (1 << 7)) != 0;
}
MemoryManager::MemoryManager(u32 physical_address_for_kernel_page_tables)
{
CPUID id(0x80000001);
m_has_nx_support = (id.edx() & (1 << 20)) != 0;
detect_cpu_features();
m_kernel_page_directory = PageDirectory::create_at_fixed_address(PhysicalAddress(physical_address_for_kernel_page_tables));
for (size_t i = 0; i < 4; ++i) {
@ -185,6 +193,17 @@ void MemoryManager::initialize_paging()
"orl $0x20, %eax\n"
"mov %eax, %cr4\n");
if (m_has_smep_support) {
kprintf("MM: SMEP support detected; enabling\n");
// Turn on CR4.SMEP
asm volatile(
"mov %cr4, %eax\n"
"orl $0x100000, %eax\n"
"mov %eax, %cr4\n");
} else {
kprintf("MM: SMEP support not detected\n");
}
if (m_has_nx_support) {
kprintf("MM: NX support detected; enabling NXE flag\n");