add SMAP helpers #566
add SMAP helpers #566
Conversation
This PR adds helpers for SMAP. SMAP is a security feature that can be used to detect accidental access to user memory by the kernel.
josephlr
left a comment
josephlr
left a comment
There was a problem hiding this comment.
LGTM, nice addition.
Do we think adding example usage in the docs would make sense? Up to you.
| { | ||
| let was_enabled = self.is_enabled(); | ||
|
|
||
| self.disable(); |
There was a problem hiding this comment.
Do we want to disable SMAP again if it was already disabled?
There was a problem hiding this comment.
This is intentional. I assume that running stac unnecessarily will be faster than branching, but I did not actually test this.
| /// Disable SMAP access checks by setting [`RFlags::ALIGNMENT_CHECK`] using | ||
| /// the `stac` instruction. |
There was a problem hiding this comment.
Here (and in disable), we should explain what happens if SMAP is already disabled (or enabled respectively) when this function is called.
I think it's a no-op, but we should say so.
src/instructions/smap.rs
Outdated
| /// function does not check CR4 because doing so is much slower than just | ||
| /// checking the AC flag. | ||
| #[inline] | ||
| pub fn is_enabled(&self) -> bool { |
There was a problem hiding this comment.
Should the methods on Smap take it by value? It don't really matter, but for a zero-sized Copy type, I usually have them passed by value.
I would like to do this, but I think any example of these methods would also need to show Rust code accessing user memory and that's a can of worms I don't want to open. |
This PR adds helpers for SMAP. SMAP is a security feature that can be used to detect accidental access to user memory by the kernel.
Closes #562
Cc @ChocolateLoverRaj