I am writing a usermode tool that watches for changes to CPU flags such as WP from CR0, and SMEP from CR4. I can read the WP bit using smsw %rax but there is no similar opcode for reading CR4 (or its SMEP bit).
Is there a way to get the state of SMEP from usermode ?
The Linux kernel never changes the SMEP bit after booting. See How can i enable/disable kernel kaslr, smep and smap. By default, it's enabled if it's supported on the processor starting with kernel 3.0. So if you want to check whether SMEP is enabled, do the following:
cpuid with leaf 0x7. The processor supports SMEP if EBX[0x7] is 1.nosmep is specified in the kernel command line argument list. This can be done using either the sysctl system call or something like cat /proc/cmdline | grep nosmep.If it's supported on the processor and nosmep is not specified, then it's enabled. Otherwise, it's disabled or not supported.
