Intel SMAP Comes To Try To Better Secure Linux
Written by Michael Larabel in Intel on 2 October 2012 at 10:40 AM EDT. 11 Comments
Intel SMAP support has landed in the mainline Linux kernel, which is a Supervisor Mode Access Prevention found on newer Intel CPUs.

The Supervisor Mode Access Prevention feature is an instruction set extension whereby the kernel cannot access pages that are user-space. However, when the need comes about for the kernel to access a user-space page, an override is available. This work from Intel was originally published last month and has now been merged into the mainline kernel for Linux 3.7.

Basically SMAP comes down to a hardware feature preventing unintended user-space data access from kernel code. SMAP works alongside SMEP (Supervisor Mode Execution Protection) to try to prevent kernel bugs from being exploited. Intel SMAP is turned on by default for supported hardware. The kernel config option for SMAP does mention though, "There is a small performance cost if this enabled and turned on; there is also a small increase in the kernel size if this is enabled."

The merge of SMAP for Linux 3.7 happened with this commit.
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Intel News
Popular News
Trending Reviews & Featured Articles