~~~~~~~~~~~~~~~~~~~~ Arc.Ask3.Ru ~~~~~~~~~~~~~~~~~~~~~ 
Номер скриншота №:
✰ B08CC3370362B8F8CF8563F05E8BD2C9__1699184760 ✰
Заголовок документа оригинал.:
✰ Supervisor Mode Access Prevention - Wikipedia ✰
Заголовок документа перевод.:
✰ Supervisor Mode Access Prevention - Wikipedia ✰
Снимок документа находящегося по адресу (URL):
✰ https://en.wikipedia.org/wiki/Supervisor_Mode_Access_Prevention ✰
Адрес хранения снимка оригинал (URL):
✰ https://arc.ask3.ru/arc/aa/b0/c9/b08cc3370362b8f8cf8563f05e8bd2c9.html ✰
Адрес хранения снимка перевод (URL):
✰ https://arc.ask3.ru/arc/aa/b0/c9/b08cc3370362b8f8cf8563f05e8bd2c9__translat.html ✰
Дата и время сохранения документа:
✰ 07.07.2024 01:27:20 (GMT+3, MSK) ✰
Дата и время изменения документа (по данным источника):
✰ 5 November 2023, at 14:46 (UTC). ✰ 

~~~~~~~~~~~~~~~~~~~~~~ Ask3.Ru ~~~~~~~~~~~~~~~~~~~~~~ 
Сервисы Ask3.ru: 
 Архив документов (Снимки документов, в формате HTML, PDF, PNG - подписанные ЭЦП, доказывающие существование документа в момент подписи. Перевод сохраненных документов на русский язык.)https://arc.ask3.ruОтветы на вопросы (Сервис ответов на вопросы, в основном, научной направленности)https://ask3.ru/answer2questionТоварный сопоставитель (Сервис сравнения и выбора товаров) ✰✰
✰ https://ask3.ru/product2collationПартнерыhttps://comrades.ask3.ru


Совет. Чтобы искать на странице, нажмите Ctrl+F или ⌘-F (для MacOS) и введите запрос в поле поиска.
Arc.Ask3.ru: далее начало оригинального документа

Supervisor Mode Access Prevention - Wikipedia Jump to content

Supervisor Mode Access Prevention

Edit links
From Wikipedia, the free encyclopedia

Supervisor Mode Access Prevention (SMAP) is a feature of some CPU implementations such as the Intel Broadwell microarchitecture that allows supervisor mode programs to optionally set user-space memory mappings so that access to those mappings from supervisor mode will cause a trap. This makes it harder for malicious programs to "trick" the kernel into using instructions or data from a user-space program.[1][2]

History[edit]

Supervisor Mode Access Prevention is designed to complement Supervisor Mode Execution Prevention (SMEP), which was introduced earlier. SMEP can be used to prevent supervisor mode from unintentionally executing user-space code. SMAP extends this protection to reads and writes.[2]

Benefits[edit]

Without Supervisor Mode Access Prevention, supervisor code usually has full read and write access to user-space memory mappings (or has the ability to obtain full access). This has led to the development of several security exploits, including privilege escalation exploits, which operate by causing the kernel to access user-space memory when it did not intend to.[3] Operating systems can block these exploits by using SMAP to force unintended user-space memory accesses to trigger page faults. Additionally, SMAP can expose flawed kernel code which does not follow the intended procedures for accessing user-space memory.[1]

However, the use of SMAP in an operating system may lead to a larger kernel size and slower user-space memory accesses from supervisor code, because SMAP must be temporarily disabled any time supervisor code intends to access user-space memory.[4]

Technical details[edit]

Processors indicate support for Supervisor Mode Access Prevention through the Extended Features CPUID leaf.

SMAP is enabled when memory paging is active and the SMAP bit in the CR4 control register is set. SMAP can be temporarily disabled for explicit memory accesses by setting the EFLAGS.AC (Alignment Check) flag. The stac (Set AC Flag) and clac (Clear AC Flag) instructions can be used to easily set or clear the flag.[5]

When the SMAP bit in CR4 is set, explicit memory reads and writes to user-mode pages performed by code running with a privilege level less than 3 will always result in a page fault if the EFLAGS.AC flag is not set. Implicit reads and writes (such as those made to descriptor tables) to user-mode pages will always trigger a page fault if SMAP is enabled, regardless of the value of EFLAGS.AC.[5]

Operating system support[edit]

Linux kernel support for Supervisor Mode Access Prevention was implemented by H. Peter Anvin.[1] It was merged into the mainline Linux 3.7 kernel (released December 2012) and it is enabled by default for processors which support the feature.[4]

FreeBSD has supported Supervisor Mode Execution Prevention since 2012[6] and Supervisor Mode Access Prevention since 2018.[7]

OpenBSD has supported Supervisor Mode Access Prevention and the related Supervisor Mode Execution Prevention since 2012,[8] with OpenBSD 5.3 being the first release with support for the feature enabled.[9]

NetBSD support for Supervisor Mode Execution Prevention (SMEP) was implemented by Maxime Villard in December 2015.[10] Support for Supervisor Mode Access Prevention (SMAP) was also implemented by Maxime Villard, in August 2017.[11] NetBSD 8.0 was the first release with both features supported and enabled.[12]

Haiku support for Supervisor Mode Execution Prevention (SMEP) was implemented by Jérôme Duval in January 2018.[13]

macOS has support for SMAP at least since macOS 10.13 released 2017.[14]

See also[edit]

References[edit]

  1. ^ Jump up to: a b c Corbet, Jonathan (2012-09-26). "Supervisor mode access prevention". LWN.net. Retrieved 2017-08-04.
  2. ^ Jump up to: a b Mulnix, David (2015-05-22). "Intel Xeon Processor D Product Family Technical Overview: Supervisor Mode Access Protection (SMAP) 4". Intel. Retrieved 2017-08-04.
  3. ^ Corbet, Jonathan (2009-07-20). "Fun with NULL pointers, part 1". LWN.net. Retrieved 2017-08-04.
  4. ^ Jump up to: a b Larabel, Michael (2012-10-02). "Intel SMAP Comes To Try To Better Secure Linux". Phoronix. Retrieved 2017-08-04.
  5. ^ Jump up to: a b "Intel 64 and IA-32 Architectures Software Developer's Manual, Volume 3A: System Programming Guide, Part 1" (PDF). Intel. July 2017. Retrieved 2017-08-04.
  6. ^ Belousov, Konstantin (2012-11-01). "Revision 242433". Retrieved 2018-01-19.
  7. ^ Belousov, Konstantin (2018-07-29). "Revision 336876". Retrieved 2018-07-30.
  8. ^ Henderson, Stuart (2017-03-26). "Re: Does OpenBSD have SMEP and SMAP implementation? or MPX?". Retrieved 2017-08-04 – via marc.info.
  9. ^ "OpenBSD 5.3". OpenBSD. 2013-05-01. Retrieved 2017-08-04.
  10. ^ "Significant changes from NetBSD 7.0 to 8.0". NetBSD. 2017-10-12. Retrieved 2018-01-09.
  11. ^ Maxime Villard (2017-08-23). "amd64: smap support". Retrieved 2018-01-09.
  12. ^ "Announcing NetBSD 8.0 (July 17, 2018)". NetBSD. 2018-07-17. Retrieved 2018-07-29.
  13. ^ "kernel: support for Intel SMAP and SMEP on x86_64". Haiku (operating system). 2018-01-30. Retrieved 2018-09-04.
  14. ^ "/osfmk/x86_64/idt64.s.auto.html". Apple Inc. 2017-09-25. Retrieved 2018-09-19.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Supervisor_Mode_Access_Prevention&oldid=1183627345"
Arc.Ask3.Ru: конец оригинального документа.
Arc.Ask3.Ru
Номер скриншота №: B08CC3370362B8F8CF8563F05E8BD2C9__1699184760
URL1:https://en.wikipedia.org/wiki/Supervisor_Mode_Access_Prevention
Заголовок, (Title) документа по адресу, URL1:
Supervisor Mode Access Prevention - Wikipedia
Данный printscreen веб страницы (снимок веб страницы, скриншот веб страницы), визуально-программная копия документа расположенного по адресу URL1 и сохраненная в файл, имеет: квалифицированную, усовершенствованную (подтверждены: метки времени, валидность сертификата), открепленную ЭЦП (приложена к данному файлу), что может быть использовано для подтверждения содержания и факта существования документа в этот момент времени. Права на данный скриншот принадлежат администрации Ask3.ru, использование в качестве доказательства только с письменного разрешения правообладателя скриншота. Администрация Ask3.ru не несет ответственности за информацию размещенную на данном скриншоте. Права на прочие зарегистрированные элементы любого права, изображенные на снимках принадлежат их владельцам. Качество перевода предоставляется как есть, любые претензии не могут быть предъявлены. Если вы не согласны с любым пунктом перечисленным выше, немедленно покиньте данный сайт. В случае нарушения любого пункта перечисленного выше, штраф 55! (Пятьдесят пять факториал, денежную единицу можете выбрать самостоятельно, выплаичвается товарами в течение 7 дней с момента нарушения.)