我如何启用/禁用内核kaslr，smep和smap [英] How can i enable/disable kernel kaslr, smep and smap

问题描述

我想知道如何从Linux内核启用或禁用这3个功能:

I am wondering how i can enable or disable this 3 features from linux kernel:

• kaslr
• s脚
• 地图

我已阅读过我必须在内核的命令行中添加一些内容才能启用此功能. 我研究了/proc/cmdline.我没有发现任何有关smeep的信息.

I have read i have to add something in kernel's command line to enable this features. I have looked into /proc/cmdline. I do not see anything about smep.

但是，当我询问/proc/cpuinfo时，我可以看到smep已启用.

But, when i ask /proc/cpuinfo, i can see smep is enabled.

所以我的问题是:启用或禁用这3个功能的正确方法是什么. 检查它们是否在运行时启用的正确方法是什么

So my question is: What is the correct way to enable or disable this 3 features. And what is the correct way to check if they are enabled at runtime

谢谢

推荐答案

您可以使用以下内核引导参数来禁用这些功能:

You can use the following kernel boot parameter to disable these features:

• nosmap:禁用SMAP.从3.7开始支持，这也是第一个支持SMAP的版本.
• nosmep:禁用SMEP.从3.0开始受支持，这也是第一个支持SMEP的版本.
• nokaslr:禁用KASLR.从3.14开始支持，这也是第一个支持KASLR的版本.

• nosmap: Disables SMAP. It's supported starting with 3.7, which is also the first version that supports SMAP.
• nosmep: Disables SMEP. It's supported starting with 3.0, which is also the first version that supports SMEP.
• nokaslr: Disables KASLR. It's supported starting with 3.14, which is also the first version that supports KASLR.

默认情况下，内核还会在引导时启用这些功能(如果基础CPU和内核版本支持的话).引导后永远不会启用或禁用它们.

The kernel also enables these features by default at boot-time (if supported by the underlying CPU and the kernel version). They are never enabled or disabled after booting.

您可以通过简单地使用内核模块更改所有逻辑内核上CR4寄存器中的相应标志来以编程方式禁用/启用SMAP和SMEP.

You can programmatically disable/enable SMAP and SMEP by simply changing the corresponding flags in the CR4 register on all logical cores using a kernel module.

这篇关于我如何启用/禁用内核kaslr，smep和smap的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！