SMEP - Supervisor Mode Execution Protection
Supervisor Mode Execution Prevention (SMEP) can be used to prevent the supervisor mode from unintentionally executing user space code. for example kernel pointers (symbols) found in /proc/kallsyms can not be used without bypass.
By default in a linux system the cpu protection is activated via the control register the smep protection is activated via the CR4
By setting the 20th bit to 1 in the CR4 register smep is enabled. On linux a function implemented in the kernel has the role to assign the right value to the CR4 register according to the activated protection


grep "smep" /proc/cpuinfo | head -1
kernel boot parameter to disable smep with flag
nosmep
EN
Last modified 1yr ago