Base: Mitigations(7) add -fzero-call-used-regs and Process Protection

Update the man page to describe more mitigations that we have applied.

1 files changed, 34 insertions, 0 deletions

diff --git a/Base/usr/share/man/man7/Mitigations.md b/Base/usr/share/man/man7/Mitigations.md
index 9e0b86d93b..a4010dd881 100644
--- a/Base/usr/share/man/man7/Mitigations.md
+++ b/Base/usr/share/man/man7/Mitigations.md
@@ -237,6 +237,40 @@ Date:   Fri Jan 1 15:27:42 2021 -0800
 
 Build + LibC: Enable -fstack-protector-strong in user space
 ```
+### Protected Kernel Process Data
+
+The kernel applies a exploit mitigation technique where vulnerable data
+related to the state of a process is separated out into it's own region
+in memory which is always remmaped as read-only after it's initialized
+or updated. This means that an attacker needs more than an arbitrary
+kernel write primitive to be able to elevate a process to root for example.
+
+It was first enabled in the following [commit](https://github.com/SerenityOS/serenity/commit/cbcf891040e9921ff628fdda668c9738f358a178):
+```
+commit cbcf891040e9921ff628fdda668c9738f358a178
+Author: Andreas Kling <kling@serenityos.org>
+Date:   Wed Mar 10 19:59:46 2021 +0100
+
+Kernel: Move select Process members into protected memory
+```
+
+### -fzero-call-used-regs
+
+GCC-11 added a new option `-fzero-call-used-regs` which causes the
+compiler to zero function arguments before return of a function. The
+goal being to reduce the possible attack surface by disarming ROP
+gadgets that might be potentially useful to attackers, and reducing
+the risk of information leaks via stale register data.
+
+It was first enabled when compiling the Kernel in the following [commit](https://github.com/SerenityOS/serenity/commit/204d5ff8f86547a8b100cf26a958aaabf49211f2):
+
+```
+commit 204d5ff8f86547a8b100cf26a958aaabf49211f2
+Author: Brian Gianforcaro <bgianf@serenityos.org>
+Date:   Fri Jul 23 00:42:54 2021 -0700
+
+Kernel: Reduce useful ROP gadgets by zeroing used function registers
+```
 
 ## See also