Page Menu
Home
FreeBSD
Search
Configure Global Search
Log In
Files
F102995598
D45420.id139272.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
1 KB
Referenced Files
None
Subscribers
None
D45420.id139272.diff
View Options
diff --git a/share/man/man7/mitigations.7 b/share/man/man7/mitigations.7
--- a/share/man/man7/mitigations.7
+++ b/share/man/man7/mitigations.7
@@ -25,7 +25,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd October 6, 2023
+.Dd May 31, 2024
.Dt MITIGATIONS 7
.Os
.Sh NAME
@@ -234,8 +234,26 @@
.\"
.\".Ss Stack Smashing Protection (SSP)
.\"
-.\".Ss Supervisor mode memory protection
-.\"
+.Ss Supervisor mode memory protection
+Certain processors include features that prevent unintended access to memory
+pages accessible to userspace (non-privileged) code, while in a privileged
+mode.
+One feature prevents execution, intended to mitigate exploitation of kernel
+vulnerabilities from userland.
+Another feature prevents unintended reads from or writes to user space memory
+from the kernel.
+This also provides effective protection against NULL pointer dereferences from
+kernel.
+.Bl -column -offset indent "Architecture" "Feature" "Access Type Prevented"
+.It Sy Architecture Ta Sy Feature Ta Sy Access Type Prevented
+.It amd64 Ta SMAP Ta Read / Write
+.It amd64 Ta SMEP Ta Execute
+.It arm64 Ta PAN Ta Read / Write
+.It arm64 Ta PXN Ta Execute
+.El
+.Pp
+These features are automatically used by the kernel.
+There is no user-facing configuration.
.Ss Hardware vulnerability controls
See
.Xr security 7
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Wed, Nov 20, 3:04 PM (18 h, 42 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
14741080
Default Alt Text
D45420.id139272.diff (1 KB)
Attached To
Mode
D45420: mitigations.7: mention supervisor mode memory access protections
Attached
Detach File
Event Timeline
Log In to Comment