HomeFreeBSD
Diffusion FreeBSD src repository 1b9096cd1d2f

arm64: Set the Guarded Page flag in the kernel
1b9096cd1d2f
Actions

Description

arm64: Set the Guarded Page flag in the kernel

Now the kernel and modules are built with branch protection we can
enablethe Guarded Page flag in the page tables. This causes indirect
branches to a location without a correct landing pad instruction to
raise an exception.

This should help mitigate some attacks where a function pointer is
changed to point somewhere other than the start of the function,
however it doesn't stop an attacker pointing it to an unintended
function.

Reviewed by: alc, scottph (both earlier version), markj
Sponsored by: Arm Ltd
Sponsored by: The FreeBSD Foundation (earlier version)
Differential Revision: https://reviews.freebsd.org/D42080

Details

Provenance
andrewAuthored on Oct 3 2023, 2:03 PM
Reviewer
alc
Differential Revision
D42080: arm64: Set the Guarded Page flag in the kernel
Parents
rGfd5aaf2ea017: libc: Teach libc about the BTI elf note
Branches
Unknown
Tags
Unknown

Changes (3)

PathSize
sys/
arm64/
arm64/
include/

rG1b9096cd1d2f

View Options

sys/arm64/arm64/locore.S

Loading...
View Options

sys/arm64/arm64/pmap.c

Loading...
View Options

sys/arm64/include/pte.h

Loading...