I am wondering how i can enable or disable this 3 features from linux kernel:
I have read i have to add something in kernel's command line to enable this features. I have looked into /proc/cmdline. I do not see anything about smep.
But, when i ask /proc/cpuinfo, i can see smep is enabled.
So my question is: What is the correct way to enable or disable this 3 features. And what is the correct way to check if they are enabled at runtime
Thanks
You can use the following kernel boot parameter to disable these features:
nosmap: Disables SMAP. It's supported starting with 3.7, which is also the first version that supports SMAP.nosmep: Disables SMEP. It's supported starting with 3.0, which is also the first version that supports SMEP.nokaslr: Disables KASLR. It's supported starting with 3.14, which is also the first version that supports KASLR.The kernel also enables these features by default at boot-time (if supported by the underlying CPU and the kernel version). They are never enabled or disabled after booting.
You can programmatically disable/enable SMAP and SMEP by simply changing the corresponding flags in the CR4 register on all logical cores using a kernel module.
