Diffusion FreeBSD src repository - subversion rS354193

Set the userspace execute never bit on kernel mappings.
rS354193
Actions

Edit Commit
Download Raw Diff
Edit Related Objects...
Edit Revisions
Mute Notifications
Flag For Later
Award Token

Description

Set the userspace execute never bit on kernel mappings.

Arm64 allows us to create execute only mappings. To make sure userspace is
unable to accidentally execute kernel code set the user execute never
bit in the kernel page tables.

MFC after: 1 week
Sponsored by: DARPA, AFRL

Details

Provenance

andrew

Authored on

Parents

rS354192: Make hyperv keyboard work again.

Branches

Unknown

Tags

Unknown

Event Timeline

andrew committed rS354193: Set the userspace execute never bit on kernel mappings..Oct 30 2019, 5:32 PM

val_packett.cool mentioned this in D22141: Let arm64 pmap_qenter() and pmap_kenter() unconditionally set NX..Nov 3 2019, 11:27 PM

Changes (2)

Path

Size

head/

sys/

arm64/

locore.S

pmap.c

rS354193

View Options

head/sys/arm64/arm64/locore.S