How can i enable/disable kernel kaslr, smep and smap

Question

I am wondering how i can enable or disable this 3 features from linux kernel:

• kaslr
• smep
• smap

I have read i have to add something in kernel's command line to enable this features. I have looked into /proc/cmdline. I do not see anything about smep.

But, when i ask /proc/cpuinfo, i can see smep is enabled.

So my question is: What is the correct way to enable or disable this 3 features. And what is the correct way to check if they are enabled at runtime

Thanks

Answer 1

You can use the following kernel boot parameter to disable these features:

• nosmap: Disables SMAP. It's supported starting with 3.7, which is also the first version that supports SMAP.
• nosmep: Disables SMEP. It's supported starting with 3.0, which is also the first version that supports SMEP.
• nokaslr: Disables KASLR. It's supported starting with 3.14, which is also the first version that supports KASLR.

The kernel also enables these features by default at boot-time (if supported by the underlying CPU and the kernel version). They are never enabled or disabled after booting.

You can programmatically disable/enable SMAP and SMEP by simply changing the corresponding flags in the CR4 register on all logical cores using a kernel module.