Fennix/Kernel
1
0
Fork 0
mirror of https://github.com/Fennix-Project/Kernel.git synced 2025-05-25 22:14:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update CPU prevention features

Browse Source
This commit is contained in:
EnderIce2 2024-02-28 05:50:12 +02:00
parent 7059cd5f5e
commit ef542145f7
Signed by untrusted user who does not match committer: enderice2
GPG Key ID: EACC3AD603BAB4DD
1 changed files with 22 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
core/cpu.cpp
View File

@ -241,7 +241,6 @@ namespace CPU
bool UMIP = false; bool UMIP = false;
bool SMEP = false; bool SMEP = false;
bool SMAP = false; bool SMAP = false;
bool FSGSBASE = false;
}; };
SupportedFeat GetCPUFeat() SupportedFeat GetCPUFeat()
@ -258,7 +257,6 @@ namespace CPU
feat.SMEP = cpuid7.EBX.SMEP; feat.SMEP = cpuid7.EBX.SMEP;
feat.SMAP = cpuid7.EBX.SMAP; feat.SMAP = cpuid7.EBX.SMAP;
feat.UMIP = cpuid7.ECX.UMIP; feat.UMIP = cpuid7.ECX.UMIP;
feat.FSGSBASE = cpuid7.EBX.FSGSBASE;
} }
else if (strcmp(CPU::Vendor(), x86_CPUID_VENDOR_INTEL) == 0) else if (strcmp(CPU::Vendor(), x86_CPUID_VENDOR_INTEL) == 0)
{ {
@ -270,7 +268,6 @@ namespace CPU
feat.SMEP = cpuid7_0.EBX.SMEP; feat.SMEP = cpuid7_0.EBX.SMEP;
feat.SMAP = cpuid7_0.EBX.SMAP; feat.SMAP = cpuid7_0.EBX.SMAP;
feat.UMIP = cpuid7_0.ECX.UMIP; feat.UMIP = cpuid7_0.ECX.UMIP;
feat.FSGSBASE = cpuid7_0.EBX.FSGSBase;
} }
return feat; return feat;
@ -351,58 +348,34 @@ namespace CPU
*/ */
cr0.AM = true; cr0.AM = true;
debug("Updating CR0...");
writecr0(cr0); writecr0(cr0);
debug("Updated CR0.");
if (strcmp(Hypervisor(), x86_CPUID_VENDOR_VIRTUALBOX) != 0 && debug("CPU Prevention Features:%s%s%s",
strcmp(Hypervisor(), x86_CPUID_VENDOR_TCG) != 0) feat.SMEP ? " SMEP" : "",
{ feat.SMAP ? " SMAP" : "",
debug("Enabling UMIP, SMEP & SMAP support..."); feat.UMIP ? " UMIP" : "");
if (feat.UMIP) /* User-Mode Instruction Prevention
{ This prevents user-mode code from executing these instructions:
if (!BSP) SGDT, SIDT, SLDT, SMSW, STR
KPrint("UMIP is supported."); If any of these instructions are executed with CPL > 0, a #GP is generated.
fixme("UMIP is supported."); */
// cr4.UMIP = true; // cr4.UMIP = feat.UMIP;
}
if (feat.SMEP) /* Supervisor Mode Execution Prevention
{ This prevents user-mode code from executing code in the supervisor mode.
if (!BSP) */
KPrint("SMEP is supported."); cr4.SMEP = feat.SMEP;
fixme("SMEP is supported.");
// cr4.SMEP = true;
}
if (feat.SMAP) /* Supervisor Mode Access Prevention
{ This prevents supervisor-mode code from accessing user-mode pages.
if (!BSP) */
KPrint("SMAP is supported."); cr4.SMAP = feat.SMAP;
fixme("SMAP is supported.");
// cr4.SMAP = true;
}
}
else
{
if (!BSP)
{
if (strcmp(Hypervisor(), x86_CPUID_VENDOR_VIRTUALBOX) == 0)
KPrint("VirtualBox detected. Not using UMIP, SMEP & SMAP");
else if (strcmp(Hypervisor(), x86_CPUID_VENDOR_TCG) == 0)
KPrint("QEMU (TCG) detected. Not using UMIP, SMEP & SMAP");
}
}
if (feat.FSGSBASE) debug("Updating CR4...");
{
if (!BSP)
KPrint("FSGSBASE is supported.");
fixme("FSGSBASE is supported.");
// cr4.FSGSBASE = true;
}
debug("Writing CR4...");
writecr4(cr4); writecr4(cr4);
debug("Wrote CR4."); debug("Updated CR4.");
debug("Enabling PAT support..."); debug("Enabling PAT support...");
wrmsr(MSR_CR_PAT, 0x6 | (0x0 << 8) | (0x1 << 16)); wrmsr(MSR_CR_PAT, 0x6 | (0x0 << 8) | (0x1 << 16));