Technique |
HEAD rev / patch |
Prevent memory access in privileged modes |
|
amd64 Supervisor Mode Access Prevention (SMAP) |
|
arm64 Privileged Access Never (PAN) |
|
Prevent execution in privileged modes |
|
amd64 Supervisor Mode Execution Prevention (SMEP) |
|
arm64 Privileged Execute Never (PXN) |
|
Limit permissions on kernel memory |
|
Direct map |
|
Kernel stacks |
|
Recursive page table mappings |
|
Kernel .text, .data, .bss |
|
UMA and malloc(9) |
|
pipe_map and exec_map |
|
Kernel module .text, .data, .bss |
PR 228927 |
The topic was discussed at the August 2017 Cambridge Summit - notes at DevSummit/201708/Security_mitigation