Contents

Implement Intel SMAP and kernel patching framework
tools
weekly status
test results and memos
1. 1
  1. 1.3
commits

Implement Intel SMAP and kernel patching framework

Student: OliverPinter
Mentor: GavinAtkinson

Project description

In first phase, I want to implement the Intel SMAP (Supervisor Mode Access Prevention) technology for x86-64 architecture. In second phase, I plan to implement boot/load time kernel and kernel module patching framework.

Approach to solving the problem

Intel SMAP is a hardware extension to support advanced kernel self-protection. The SMAP technology will prevent unintended data access from kernel to userland memory. The technology will appear in Intel Broadwell architecture in 2014Q2/Q3. Currently there is an emulator - namely Qemu with TCG - which supports this technology.

Runtime kernel/kernel module patching is required, otherwise the processor will fail when processing unknown instruction. Newer processors introducing newer instructions which didn't exist on older one. To solve this situation this framework makes the kernel and kernel modules self-modifiable in common way.

Deliverables

phase #1:

- Improved security of FreeBSD kernel in future x86-64 processors

phase #2:

- generic framework for boot-time/runtime kernel image and kernel modules patching
- elliminate hackish "manual" instruction patching: http://svnweb.freebsd.org/base/head/sys/amd64/amd64/cpu_switch.S?r1=238450&r2=238449&pathrev=238450

Milestones

phase #1:

1.1	May 19 - May 25	update Intel SMAP knowledege	DONE
1.2	May 26 - June 8	update relevant FreeBSD kernel knowledge	DONE
1.3	June 9 - June 15	implement/refine trap handler and add/refine required code to relevant parts of kernel	DONE
1.4	June 16 - June 22	test and fix	DONE

phase #2:

2.1	June 23 - June 29	identify the required places to modify in booting process and kernel module loading process	DONE
2.2	June 30 - July 6	design the kernel patching framework	DONE
2.3	July 7 - July 20	implement the kernel patching framework	DONE
2.4	July 21 - July 27	adapt XSAVE and SMAP instructions to new framework	DONE
2.5	July 27 - August 3	optimize implementation	DONE
2.6	August 3 - EoC August 14	test, test, fix, test	DONE

Test Plan

phase #1 - SMAP:

create a VM image	http://svnweb.freebsd.org/socsvn/soc2014/op/tools/create_smap_test_vm.csh?view=log	DONE
write vulnerable kernel module and PoC, and test	http://svnweb.freebsd.org/socsvn/soc2014/op/tests/smap-tester/	DONE
test in qemu with SMAP emulation	http://svnweb.freebsd.org/socsvn/soc2014/op/tools/run_smap_test_vm.csh?view=log	DONE

phase #2 - kernel patching:

create a VM image		DONE
boot test in qemu		DONE
kernel module test in qemu		DONE
test in qemu with enabled SMAP		DONE
test on real hardware with XSAVE/XSAVEOPT		DONE
stress test		DONE

The Code

https://svnweb.freebsd.org/socsvn/soc2014/op/

https://github.com/opntr

https://github.com/opntr/opBSD/tree/op/gsoc2014/master

https://github.com/opntr/opBSD/tree/op/gsoc2014/smap

https://github.com/opntr/opBSD/tree/op/gsoc2014/kpatch

http://www.crysys.hu/~op/freebsd/vm-image/

Useful links

http://forums.grsecurity.net/viewtopic.php?f=7&t=3046

https://lwn.net/Articles/517475/

http://www.freebsd.org/doc/en_US.ISO8859-1/articles/committers-guide/subversion-primer.html

http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf

https://software.intel.com/sites/default/files/managed/68/8b/319433-019.pdf

http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2012/10/24592_APM_v11.pdf

http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2012/10/24593_APM_v21.pdf

http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2008/10/24594_APM_v3.pdf

http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2012/10/26568_APM_v41.pdf

http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2012/10/26569_APM_v51.pdf

http://tigcc.ticalc.org/doc/gnuasm.html#SEC109

http://llvm.org/docs/doxygen/html/AsmParser_8cpp_source.html

http://clang.llvm.org/compatibility.html

http://www.ibm.com/developerworks/aix/library/au-gdb.html

https://sourceware.org/binutils/docs/ld/Scripts.html#Scripts

1.1

doc

319433-019.pdf : 10.3; table 2-5; page 887; page 894

CPUID

CPUID.(EAX=07H,ECX=0H):EBX.SMAP[bit 20] = 1

instructions

stac:
- STAC sets the AC flag bit in EFLAGS/RFLAGS without affecting other bits. Attempt to execute STAC when CPL > 0 will cause #UD. This instruction's operation is the same in non-64-bit modes and 64-bit mode.
clac:
- CLAC clears the AC flag bit in EFLAGS/RFLAGS without affecting other bits. Attempt to execute CLAC when CPL > 0 will cause #UD. This instruction's operation is the same in on-64-bit modes and 64-bit mode.

status bit

EFLAGS.AC

enabling

"System software enables SMAP by setting the SMAP flag in control register CR4 (bit 21)."

1.2

clang SMAP support	YES	https://github.com/freebsd/freebsd/commit/aa45f148926e3461a1fd8b10c990f0a51a908cc9	dim@
gcc SMAP support	YES	https://github.com/freebsd/freebsd/commit/72b58728c7463667c6eb881e2f8a0c6d98e8c661	pfg@
ddb SMAP support	YES	https://github.com/freebsd/freebsd/commit/0fa3283d5a6ef0a3095fd7dd71bf4cea8ecd83ee	jhb@

trap handler memo

"If CPL < 3, SMAP protections are disabled if EFLAGS.AC = 1. If CPL = 3, SMAP applies to all supervisor-mode data accesses (these are implicit supervisor accesses) regardless of the value of EFLAGS.AC." - Intel Ref. # 319433-014 9.3.2

 BOOL
 check_smap_access_violation(FRAME, USERMODE)
 {
  if SMAP_DISABLED :
   RETURN FALSE;
 
  if  CPL == 3 OR RFLAGS@FRAME BITAND EFLAGS.AC :
   RETURN FALSE;
 
  RETURN TRUE;
 }

1.3

kernel parts

exception handlers		sys/amd64/amd64/exception.S
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269004
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269065
	git	https://github.com/opntr/opBSD/commit/95042600c3fdaa1be4ed89e0a07cdd087ad8973b
	git	https://github.com/opntr/opBSD/commit/4916593d9b06dded2d9b91ad24fee80db3b01b83
		sys/i386/i386/exception.s
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269490
	git	https://github.com/opntr/opBSD/commit/ff125771d93fd57776bf2482726111cb7fe342ec
cpu identification		sys/amd64/amd64/identcpu.c
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=268999
	git	https://github.com/opntr/opBSD/commit/33b3063c833f2b5d1d04298b38a30ec59a466d01
		sys/i386/i386/identcpu.c
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269491
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269656
	git	https://github.com/opntr/opBSD/commit/a87bb07998a4f5fac9b9dfa1f6f31c11f46e4b62
	git	https://github.com/opntr/opBSD/commit/3a5c691cf6427f5225fe0eb121076d8e4c404239
cpu initialization		sys/amd64/amd64/initcpu.c
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269000
	git	https://github.com/opntr/opBSD/commit/de1859f4cbb12f9ca9517b74e0fa6705094ab34e
		sys/i386/i386/initcpu.c
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269505
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269655
	git	https://github.com/opntr/opBSD/commit/c398ca5d1009d5e77be877afcdf9c4c6e0b5ad34
	git	https://github.com/opntr/opBSD/commit/4b488dfbfcd07aefcc126a6c433283047484ed0e
low-level memory management		sys/amd64/amd64/pmap.c
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269002
	git	https://github.com/opntr/opBSD/commit/de1859f4cbb12f9ca9517b74e0fa6705094ab34e
		sys/i386/i386/pmap.c
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269504
	git	https://github.com/opntr/opBSD/commit/75dde2528c3ebb841f4227a3de5236905bd32965
low-level functions		sys/amd64/amd64/support.S
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269063
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269064
	git	https://github.com/opntr/opBSD/commit/803e9dc13fb7cf182749e3680cd6b4f74e13fcaa
	git	https://github.com/opntr/opBSD/commit/555ad43c95b506b58eaff989a5e3f5b8ca854897
		sys/i386/i386/support.s
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269495
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269496
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269497
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269659
	git	https://github.com/opntr/opBSD/commit/3411fb2ebd8cac1fb759f619e62b7ca3d35ef866
	git	https://github.com/opntr/opBSD/commit/013136cb04966afd3fc4f04abf23ba3f77d701f5
	git	https://github.com/opntr/opBSD/commit/c6b2b9427cac8c43db66b864ebe4eb06c16c3726
	git	https://github.com/opntr/opBSD/commit/f9543ea8d683841ea33b8069617889ff1b195913
trap handler		sys/amd64/amd64/trap.c
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269001
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269489
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269492
	git	https://github.com/opntr/opBSD/commit/2388bdd2fae0cb28964316a1144b8fb6be4d2bf7
	git	https://github.com/opntr/opBSD/commit/907e4c655b4481e6cdb750c0e1b397377cc4fd2f
	git	https://github.com/opntr/opBSD/commit/6dba3deadc1a89fbe733ce6a4bfed242ea8728ec
		sys/i386/i386/trap.c
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269487
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269488
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269657
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269658
	git	https://github.com/opntr/opBSD/commit/1776453a82f80c255f01176821b404f4f3d19aac
	git	https://github.com/opntr/opBSD/commit/37c9163a2ab9259718d74a43a9f6e45bafb718fb
	git	https://github.com/opntr/opBSD/commit/9163a4943f56412f33f80738f5e6bc98a184a499
	git	https://github.com/opntr/opBSD/commit/5a79321d287c35c339a2ef1292140c5af70454a8
asm macros		sys/amd64/include/asmacros.h
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269003
	git	https://github.com/opntr/opBSD/commit/7618c2fb397920fc3908a96784a7b86be344b37e
		sys/i386/include/asmacros.h
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269502
	git	https://github.com/opntr/opBSD/commit/913d70df386e0f509914b927f6ac5fc3820b126a
low-level functions		sys/amd64/include/cpufunc.h
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=268658
	git	https://github.com/opntr/opBSD/commit/ceba73a18c80975382d9ec621efcec36376c7622
		sys/i386/include/cpufunc.h
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269503
	git	https://github.com/opntr/opBSD/commit/d2a7cc7a91a89fba06015840a2b8078eabdb8915
configuration NOTES		sys/conf/NOTES
	svn
	git
configurations		sys/conf/options.amd64
	svn
	git
		sys/conf/options.i386
	svn
	git
eflags flags		sys/x86/include/psl.h
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=268998
	git	https://github.com/opntr/opBSD/commit/4482d7f9a8a9296b3519f46e0f48eea3eee596b6
cpu flags		sys/x86/include/specialreg.h
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=268997
	git	https://github.com/opntr/opBSD/commit/3c7e40e5aad8ddc467949aef6ed8bae2d0729d14
compat exceptions		sys/amd64/ia32/ia32_exception.S
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269062
	git	https://github.com/opntr/opBSD/commit/5c65f66371c725a8fa6155de9dfc352adb88b4e7
disassembler		sys/i386/i386/db_disasm.c
	svn	http://svnweb.freebsd.org/socsvn?view=revision&revision=269486
	git	https://github.com/opntr/opBSD/commit/10ece4f886860feffeb816426fafdf5d69e22601

notes

i386 part originally not part of this project
i386 part currently not tested
do NOT compile the kernel with CPUTYPE=core-avx2

2.1

linker script	sys/conf/ldscript.amd64
elf linker	sys/kern/kern_linker.c
	sys/kern/link_elf.c
	sys/sys/linker.h
nop tables	XXX
kernel image patching	sys/amd64/amd64/machdep.c
files, which containes stac, clac or xsave	sys/amd64/amd64/support.S
	sys/amd64/include/asmacros.h
	sys/amd64/include/cpufunc.h
	sys/amd64/ia32/ia32_exception.S
	amd64/amd64/cpu_switch.S

potential useable kernel API's:
- linker_file_lookup_set(...)
- pmap_enter(...)
- pmap_kenter(...)
- sys/linker_set.h
- CPU rendezvous

2.2

basic structures

lf_selfpatch_t

typedef struct lf_selfpatch {
        void    *patchable;           /* address of patchable instractions */
        void    *patch;               /* address of patch */
        short   feature_selector;
        int     feature;
        char    *comment;
} lf_selfpatch_t;

elf sections
- selfpatch_metainfo
- selfpatch_patch
assembly instruction size calculation like in https://github.com/freebsd/freebsd/blob/master/sys/amd64/include/asmacros.h#L217
patching scenarios
- kernel
  - -> hammer_time
    - -> lf_selfpatch(linker_kernel_file)
- module
  - -> modload
    - -> lf_selfpatch(linker_module_file)
- module -> kernel (patching the kernel image, from newly loaded kernel modules, probably one way to apply security patches run-time)
  - -> onload
    - -> lf_patch(linker_module_file, linker_destination_file)
      - -> smp_rendezvous_cpu(NULL, lf_selfpatch(foo), NULL, arg)

2.3

implemented kernel image patching on boot
implemented module patching at preload and on load
tested kernel image patching on boot
updated build tools and maintaining tools
see commits in https://github.com/opntr/opBSD/tree/op/gsoc2014/kpatch

tools

svn-cherry-pick-from-git.csh	http://svnweb.freebsd.org/socsvn/soc2014/op/tools/svn-cherry-pick-from-git.csh?view=log
build_kernel_32bit.csh	http://svnweb.freebsd.org/socsvn/soc2014/op/tools/build_kernel_32bit.csh?view=log
build_kernel_64bit.csh	http://svnweb.freebsd.org/socsvn/soc2014/op/tools/build_kernel_64bit.csh?view=log
create_smap_test_vm.csh	http://svnweb.freebsd.org/socsvn/soc2014/op/tools/create_smap_test_vm.csh?view=log
run_smap_test_vm.csh	http://svnweb.freebsd.org/socsvn/soc2014/op/tools/run_smap_test_vm.csh?view=log

weekly status

20140529	http://lists.freebsd.org/pipermail/soc-status/2014-May/000777.html
20140606	http://lists.freebsd.org/pipermail/soc-status/2014-June/000787.html
20140613	http://lists.freebsd.org/pipermail/soc-status/2014-June/000797.html
20140620	http://lists.freebsd.org/pipermail/soc-status/2014-June/000810.html
20140628	http://lists.freebsd.org/pipermail/soc-status/2014-June/000819.html
20140704	http://lists.freebsd.org/pipermail/soc-status/2014-July/000829.html
20140711	http://lists.freebsd.org/pipermail/soc-status/2014-July/000829.html
20140718	http://lists.freebsd.org/pipermail/soc-status/2014-July/000838.html
20140725	http://lists.freebsd.org/pipermail/soc-status/2014-July/000845.html
20140801	http://lists.freebsd.org/pipermail/soc-status/2014-August/000863.html
20140808	http://lists.freebsd.org/pipermail/soc-status/2014-August/000863.html
20140815	http://lists.freebsd.org/pipermail/soc-status/2014-August/000874.html

test results and memos

1

1.3

SummerOfCode2014/IntelSMAPandKernelPatching/Notes

commits

https://github.com/opntr/opBSD/commit/27512683485c9e7f8abce01321d57e643692c7b8	SMAP AMD64	added stac() and clac() to cpufunc.h
https://github.com/opntr/opBSD/commit/544b84ff8c3e2eba516f342cdf06a7380ecb48a1	SMAP AMD64	added CR4_SMAP to sys/x86/include/specialreg.h
https://github.com/opntr/opBSD/commit/76cd0b0a49986d2a701e37fdbe4a4bca2bc2302a	SMAP AMD64	updated PSL_AC's comment in sys/x86/include/psl.h
https://github.com/opntr/opBSD/commit/d55f53e21819a4da9ad9fe9f30841953c938505d	SMAP AMD64	disable SMAP when running in hypervisor (like SMEP)
https://github.com/opntr/opBSD/commit/eb67cf29473e970f779ebac0156e4e4198bf6603	SMAP AMD64	postpone enabling of SMAP, same like in SMEP case
https://github.com/opntr/opBSD/commit/6382c129a4e9e5911601bb28bc8bcc3618534ad4	SMAP AMD64	added related trap handler
https://github.com/opntr/opBSD/commit/3a06a3742094a918ffc6497f9bbcb7f08241a450	SMAP AMD64	enable SMAP at boot time
https://github.com/opntr/opBSD/commit/21675c19df9ed8b650c2ca97376d7ba6bf34496a	SMAP AMD64	clear SMAP state in PUSH_FRAME asmacro
https://github.com/opntr/opBSD/commit/4d401ca69e248501f49cb093c1d24461bbbd1780	SMAP AMD64	clear SMAP state on exceptions
https://github.com/opntr/opBSD/commit/bec88d94ecf7cd8a6e28fdad887482030cd94dae	AMD64 SMAP	clear SMAP state on exceptions in ia32 case
https://github.com/opntr/opBSD/commit/15bf832e4b3709410a3edb0ba1e6b36279f7be29	SMAP AMD64	trim whitespaces in amd64/support.S
https://github.com/opntr/opBSD/commit/23e4a57a8a34092e49fff4df8bf2c03de97c3eb9	SMAP AMD64	added stac and clac to funtions which live in support.S and interacted with user-space
https://github.com/opntr/opBSD/commit/eb5736dfcfdae1918d022c039bb6235dafc92916	SMAP AMD64	clear SMAP state in NMI handler, as soon as possible
https://github.com/opntr/opBSD/commit/5f46ad1484feea2c41da2be47064ab82a1859e95	SMAP i386	added stac and clac to i386/i386/db_disasm.c
https://github.com/opntr/opBSD/commit/0b1a6777bfaa8ecd9ef89e4bc5451c7994e3938e	SMAP i386	added related trap handler
https://github.com/opntr/opBSD/commit/b9aa413e7b96c3d7fb385752ca9931018935e6ed	SMAP i386	updated trap handler
https://github.com/opntr/opBSD/commit/e20b27feec7d46a82a2cdde17fb641b0fccc21a8	SMAP AMD64	updated trap handler
https://github.com/opntr/opBSD/commit/7a9b369faa86763cb629d45bb6e6feb9d69ee8c4	SMAP i386	clear SMAP state on exception
https://github.com/opntr/opBSD/commit/05dcc22c06f18b09d1b56b625d7ebc3e9c69596c	SMAP i386	identify SMAP on boot
https://github.com/opntr/opBSD/commit/346e9fdf36bd58fa6473b436005cbab9b7c9c202	SMAP AMD64	typo fix in amd64/amd64/trap.c
https://github.com/opntr/opBSD/commit/734168ba4a8a720f8659e304fd9151d67fd01e34	SMAP i386	trim whitespaces from support.s
https://github.com/opntr/opBSD/commit/5cd64c2229ec86f8eadb2e2e636620f059ef133e	SMAP i386	added stac and clac to funtions which live in support.s and interacted with user-space
https://github.com/opntr/opBSD/commit/292645c2fcb68bb3f919b8def4f59f61466955ee	SMAP i386	stac instruction should fail when used with lock prefix
https://github.com/opntr/opBSD/commit/da3af8d42d6b1f65efc34457eaba77b6c0e81cfa	SMAP i386	clear SMAP status on PUSH_FRAME
https://github.com/opntr/opBSD/commit/566c9004bc12eb74754214b52b4e64386d7f31ee	SMAP i386	added stac and clac functions to cpufunc.h
https://github.com/opntr/opBSD/commit/500493e25319c5d7baa575c2cc0610f15248a59c	SMAP i386	enable SMAP at boot time
https://github.com/opntr/opBSD/commit/36d88ed54f9336a73e9549be11fa01046980f6e0	SMAP i386	enable SMAP in !BSP case in initcpu
https://github.com/opntr/opBSD/commit/14cd0c4d0345dce11548a67bfe09a966940fa16b	SMAP i386	added IS_BSP() macro to i386/include/pcpu.h
https://github.com/opntr/opBSD/commit/66742f9eec750d6f7bcac2868256ffb3a7912d16	SMAP i386	fix build, added forgotted variables
https://github.com/opntr/opBSD/commit/0cbb66d1900cacac57575e5a27918a1f516dee75	SMAP i386	fix typo in trap.c - rflags -> eflags
https://github.com/opntr/opBSD/commit/72c906bf6e824672b51e961babb69a2f680ea267	SMAP i386	smap_access_violation() declaration
https://github.com/opntr/opBSD/commit/b7a37535251e00dad64857b5b8b7a888bf3d7bd2	SMAP i386	fix comment in support.s
https://github.com/opntr/opBSD/commit/e4031c3f50c749da1b63424e1ffc5108b6cb7f74	KSP	added elf sections to ldscript.amd64
https://github.com/opntr/opBSD/commit/09fa416fec4428eb0a06a0aad3610fa683f6f63f	KSP	added basic structures and files
https://github.com/opntr/opBSD/commit/a8728bc48f8f5f35db68656f3e31181a96dda15c	KSP	create abstraction for MD parts
https://github.com/opntr/opBSD/commit/9dede2764de767426b0eb266c1c2556ab84a6e46	KSP	fixed build
https://github.com/opntr/opBSD/commit/e8dfbf0f24773e073326961dcf1e97df141bb2e9	KSP	added stubs
https://github.com/opntr/opBSD/commit/50bb19d3bd057277712962858ef974643c24b39f	KSP	added stubs 2
https://github.com/opntr/opBSD/commit/3d328d257561ded7bf0fb76aac8d6703e939ef58	KSP	implement lf_selfpatch_patch_needed(struct lf_selfpatch *p)
https://github.com/opntr/opBSD/commit/3b682d9b319e397494edf286626407566bf00207	other	added .gitignore
https://github.com/opntr/opBSD/commit/2f28c0b34c1103c3767e940cdcf467b6814c0cf6	KSP	implemented basic kernel patching
https://github.com/opntr/opBSD/commit/df6b887be3799f12d6c710ab3c30c0fa46ee9a2b	KSP	hook in kernel patching at hammer_time
https://github.com/opntr/opBSD/commit/5aca5071efaf0cecd1603719ae84f9fbdf247f27	KSP	in early initialization the linker_kernel_file yet not initialized, workaround this sitation
https://github.com/opntr/opBSD/commit/9446f20a67bbffa4b4ae338bd8ac12d5d5110283	KSP	added debug code
https://github.com/opntr/opBSD/commit/8eff15ca5e29708c25c4ac9f0c0769d61ad1191d	KSP	print the patchable kernel object name
https://github.com/opntr/opBSD/commit/feec6808338b6986b4337dc2d6a8edd107b2922b	KSP	hook in lf_selfpatch in kldload and preload case
https://github.com/opntr/opBSD/commit/ece962fa1f72b8c583b7d395a4236cd575d2f700	KSP	rename ELF sets
https://github.com/opntr/opBSD/commit/9b47f93561001985e87958397c2ae6a65216502f	KSP	change pmap_kenter_attr(vm_offset_t va, vm_paddr_t pa, int mode) visibility
https://github.com/opntr/opBSD/commit/5781c199b46eff60d7509dd5efe51ec1fcdb9499	KSP	change destination memory region from RX to RWX, and after patching back to RX
https://github.com/opntr/opBSD/commit/78ee00407870204d07cf20b7a90558198b6ec03a	KSP	added selftest
https://github.com/opntr/opBSD/commit/3d7b95def57d276412afd0c5c0f2d6fd5345960f	KSP	fixed a typo ...
https://github.com/opntr/opBSD/commit/2b57e7b2544afa9fda6323c44487470a3c96f290	KSP	malloc does not exists in early stage of initialization, not use them
https://github.com/opntr/opBSD/commit/72462f329ae9d55e88e38679f906a07ff05b0d32	KSP	remove redundant debug message, and fix one
https://github.com/opntr/opBSD/commit/23cdd436905a667d6869d9ab57256c5c5a48e667	KSP	disallow inlining of lf_selfpatch_selftest, and change test bytes
https://github.com/opntr/opBSD/commit/a4f35b13f2e95b63dc176d3731d0d97fad4d09c5	KSP	refactor, renamed */_selfpatch.h to selfpatch-machdep.h
https://github.com/opntr/opBSD/commit/af96be6ebadaf34e363e4add4e41b22f6abfc433	KSP	added SMAP and XSAVE related patch definitions
https://github.com/opntr/opBSD/commit/2efb915ea797a1e85f496cb07f52a1f0bfdc08d9	KSP	renamed feature selectors
https://github.com/opntr/opBSD/commit/e631e9d44fdbae9a9b968b6c8307a3683ee53c2d	KSP	updated selfpatches
https://github.com/opntr/opBSD/commit/a321ab1e1270ed67384c53627a57833c0fdc02ea	KSP	convert xsave <-> xsaveopt hack to selfpatches
https://github.com/opntr/opBSD/commit/66a82b57a02dcc34456440197ecd1765a002b5d4	KSP	lower nesting level of round brackets
https://github.com/opntr/opBSD/commit/7143d2dbd21074126b1248cdf2110cb9f6c3fd71	KSP	fix xsaveopt
https://github.com/opntr/opBSD/commit/5ea9ada53ab84d4acb62a84a4bd0c628cd067ba5	KSP	move cpu_extstate to common place
https://github.com/opntr/opBSD/commit/1975693199f6412d9727f96140b58c86cabec418	KSP	as Intel SDM Vol3B 13.2 say, we must check against XSAVE instead of OSXSAVE
https://github.com/opntr/opBSD/commit/41f35eb635871d99c4d14dc65ba40d986ac0fac2	KSP	removed unneeded extern variable
https://github.com/opntr/opBSD/commit/465152a433e23d856f6cf4856f7f6e948e70f9e2	KSP SMAP	use selfpatch for stac, clac in sys/amd64/amd64/exception.S
https://github.com/opntr/opBSD/commit/249f8403152677488afce5e78e13f6623fc63f43	KSP SMAP	use selfpatch for stac, clac in amd64/support.S
https://github.com/opntr/opBSD/commit/efd10da1a9a801407b59f5b281ca294f4d5ded4b	KSP SMAP	use selfpatch for stac, clac in ia32/ia32_exception.S
https://github.com/opntr/opBSD/commit/2ce125f8bd0f5faacfeb0d4235efd40f4d34d3a8	KSP SMAP	use selfpatch for stac, clac in include/asmacros.h
https://github.com/opntr/opBSD/commit/c5ea91eb55e8baf80deedcb26874294e53a0a142	KSP SMAP	use selfpatch for stac, clac in amd64/include/cpufunc.h
https://github.com/opntr/opBSD/commit/545cfdd72914e5246f173e2aa0a12c44c5da048c	KSP	added stringified version of NOPs, required by C inline assembly
https://github.com/opntr/opBSD/commit/026ab1e5221cced259dec0e804bf68ba2d2d5628	KSP SMAP	removed safety check, after the KSP merge
https://github.com/opntr/opBSD/commit/ae08f33b15cd1290fd2697a3d61b27779d4e55c8	SMAP	change enable to enabled in warning message
https://github.com/opntr/opBSD/commit/078a753aed57bd2de2cd9af6729c70258e4c7ca6	KSP	added debug output
https://github.com/opntr/opBSD/commit/653253e3f44d3ce91e75187214fcf7617ad9f8a3	KSP	convert KASSERT to panic
https://github.com/opntr/opBSD/commit/24152996822ba8a5401d4709358df5d98f3b25a2	KSP	fix module patching in preloaded case
https://github.com/opntr/opBSD/commit/d4e3de5adc59dfb3854e62b90a5f8ffeb197d425	KSP SMAP	fix alert message in trap, and removed unused code
https://github.com/opntr/opBSD/commit/97aa941de940fcecea7267c6756a03bb264a0265	KSP	try to fix panic on kldunload when the module loaded at run-time
https://github.com/opntr/opBSD/commit/72a6a1dd12054055da679120e6f89168456f0f3b	KSP	check securelevel before do anything
https://github.com/opntr/opBSD/commit/f725aa7751718a75abc5b7bc26b6fa2c6d1e184d	KSP	separate out MI and MD part of KSP code
https://github.com/opntr/opBSD/commit/28d7f3224a3f7e13f7a4b9726e584208d0a73c9a	KSP	disable selftest + style
https://github.com/opntr/opBSD/commit/fd3c3a203229e6cf21a9d9505404c9b40cc39a41	KSP	print out the real start and stop
https://github.com/opntr/opBSD/commit/f95314cb826de10718221cc9f8d03d3fa3ce9f43	KSP	temporary disable RWX setting
https://github.com/opntr/opBSD/commit/d3f803968d2ced13156b5b201fed7c1366919d23	KSP	fixed panic on module unload case, and added stubs for protection changes
https://github.com/opntr/opBSD/commit/36ba94f267232d467e56c648f040314636087393	KSP	added KSP_WxorX_KERNEL guard, and added more code to KSP_WxorX_KERNEL case
https://github.com/opntr/opBSD/commit/5c2b35c2e332e95403a9136f836242b279485674	KSP	constify ksp_selector_table
https://github.com/opntr/opBSD/commit/4a7f9f375378ed51b11d072284b67132c8b6b6e0	KSP	new lines at end of DBG messages
https://github.com/opntr/opBSD/commit/5be2b1d530d6c1d485658e92244cb4a32fb52b05	KSP	added critical_{enter,exit} to lf_selfpatch
https://github.com/opntr/opBSD/commit/b29c2636b7a45bfc123b70afa01d7c95fbc9692d	KSP	added variable sized patch support
https://github.com/opntr/opBSD/commit/5ae181d2f6a58f87460cb9d465b20c210bd64a26	KSP	enable variable sized patches
https://github.com/opntr/opBSD/commit/057196b121a297b4ba8c2e45d499bf1a504fcbc4	KSP	added more debug output
https://github.com/opntr/opBSD/commit/6a7086d6b9abc6512e0b12a71b99dd87d25c0a06	KSP	disable debug log by default
https://github.com/opntr/opBSD/commit/06f4e2796718d0b385f247d897b977cb58f52c4e	KSP SMAP	added KSP_FRAMEWORK and INTEL_SMAP_SUPPORT knobs
https://github.com/opntr/opBSD/commit/5522267a7c879507d067f17c40c25b1a2281c708	KSP	added KSP_FRAMEWORK to GENERIC, required by amd64's fpu code
https://github.com/opntr/opBSD/commit/acfbd2db231bf040ab8521268f170a4b3a416bd4	SMAP	added INTEL_SMAP_SUPPORT to GENERIC

SummerOfCode2014/IntelSMAPandKernelPatching (last edited 2017-09-18T13:59:27+0000 by KubilayKocak)