Linux Kernel To Better Fend Off Exploits That Disable SMAP / SMEP / UMIP Protections

Written by Michael Larabel in Linux Kernel on 23 February 2019 at 07:47 AM EST. Add A Comment
LINUX KERNEL
A change made courtesy of Google engineers to the Linux kernel will make it so exploits on Linux have a tougher time trying to disable SMAP and SMEP protections as part of their exploit path.

Supervisor Mode Execution Protection (SMEP) and Supervisor Mode Access Prevention (SMAP) are security features of recent generations of Intel CPUs to prevent the kernel from accessing unintended user-space memory and in turn helping fend off various exploits. But some exploits have been calling the Linux kernel's native_write_cr4 function to disable SMEP/SMAP, since the status of these security options are controlled through bits in the CR4 control register.

With a new patch now pending in the tip tree ahead of the Linux 5.1 kernel cycle, the bits for SMEP and SMAP as well as UMIP are pinned so they can no longer be easily altered. UMIP meanwhile is the User-Mode Instruction Prevention feature to prevent execution of certain instructions in higher privilege levels and its behavior too is controlled via a CR4 bit.

Google's Project Zero previously demonstrated an exploit path via using this CR4 kernel function to disable SMAP/SMEP protection before proceeding on to its nefarious activities. Now thanks to Google engineers, these SMAP/SMEP/UMIP bits are pinned within the native_write_cr4 function so they can't be trivially disabled from that call on supported CPUs.
Add A Comment
Related News
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.9-rc4 Brings More Bcachefs Fixes, Native BHI Mitigation
Linux 6.10 To Account For NUMA Node When Allocating Per-CPU Cpumasks
Linux 6.10 SLUB Optimization To Reduce Memory Consumption In Extreme Scenarios
Linux 6.8.5 & Other Stable Kernel Updates Due To Native BHI Vulnerability
Linux 6.10 AES-XTS For Disk/File Encryption As Much As ~155% Faster For AMD Zen 4 CPUs
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives
Ubuntu Maker Canonical Announces New Collaboration With Qualcomm
Fedora 41 Looks To "-O3" Optimizations For Its Python Build
APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
KDE's KWin Merges Wayland Explicit Sync Support
Gentoo Linux Now An SPI Project