Supervisor Mode Access Prevention (SMAP) is a feature of someCPU implementations such as theIntelBroadwell microarchitecture that allowssupervisor mode programs to optionally setuser-spacememory mappings so that access to those mappings from supervisor mode will cause a trap. This makes it harder formalicious programs to "trick" the kernel into usinginstructions ordata from a user-space program.^[1][2]

Supervisor Mode Access Prevention is designed to complementSupervisor Mode Execution Prevention (SMEP), which was introduced earlier. SMEP can be used to prevent supervisor mode from unintentionally executing user-space code. SMAP extends this protection to reads and writes.^[2]

Without Supervisor Mode Access Prevention, supervisor code usually has full read and write access to user-space memory mappings (or has the ability to obtain full access). This has led to the development of several security exploits, includingprivilege escalation exploits, which operate by causing the kernel to access user-space memory when it did not intend to.^[3] Operating systems can block these exploits by using SMAP to force unintended user-space memory accesses to triggerpage faults. Additionally, SMAP can expose flawed kernel code which does not follow the intended procedures for accessing user-space memory.^[1]

However, the use of SMAP in an operating system may lead to a larger kernel size and slower user-space memory accesses from supervisor code, because SMAP must be temporarily disabled any time supervisor code intends to access user-space memory.^[4]

Processors indicate support for Supervisor Mode Access Prevention through theExtended Features CPUID leaf.

SMAP is enabled whenmemory paging is active and the SMAP bit in theCR4 control register is set. SMAP can be temporarily disabled for explicit memory accesses by setting theEFLAGS.AC (Alignment Check) flag. Thestac (Set AC Flag) andclac (Clear AC Flag) instructions can be used to easily set or clear the flag.^[5]

When the SMAP bit in CR4 is set, explicit memory reads and writes to user-mode pages performed by code running with aprivilege level less than 3 will always result in a page fault if the EFLAGS.AC flag is not set. Implicit reads and writes (such as those made todescriptor tables) to user-mode pages will always trigger a page fault if SMAP is enabled, regardless of the value of EFLAGS.AC.^[5]

Linux kernel support for Supervisor Mode Access Prevention was implemented byH. Peter Anvin.^[1] It was merged into the mainline Linux 3.7 kernel (released December 2012) and it is enabled by default for processors which support the feature.^[4]

FreeBSD has supported Supervisor Mode Execution Prevention since 2012^[6] and Supervisor Mode Access Prevention since 2018.^[7]

OpenBSD has supported Supervisor Mode Access Prevention and the related Supervisor Mode Execution Prevention since 2012,^[8] with OpenBSD 5.3 being the first release with support for the feature enabled.^[9]

NetBSD support for Supervisor Mode Execution Prevention (SMEP) was implemented by Maxime Villard in December 2015.^[10] Support for Supervisor Mode Access Prevention (SMAP) was also implemented by Maxime Villard, in August 2017.^[11] NetBSD 8.0 was the first release with both features supported and enabled.^[12]

Haiku support for Supervisor Mode Execution Prevention (SMEP) was implemented by Jérôme Duval in January 2018.^[13]

macOS has support for SMAP at least since macOS 10.13 released 2017.^[14]

• NX bit

• X86 instructions
• X86 memory management
• Computer security
• Intel

• Articles with short description
• Short description is different from Wikidata