OSDev.org

As far as I've understood it raises an exception (a page fault perhaps?) if the kernel (running in ring 0) tries to access a page having the user bit set.

I found this article while browsing the web and tried to search the forum but didn't find anything.

It seems that flipping a bit in CR4 on newer processors is all you need to do to enable this.

Article: http://vulnfactory.org/blog/2011/06/05/ ... -on-linux/

Anyone here had any experience implementing this?

It may take awhile for the hardware to catch up – it doesn’t seem any existing CPUs actually implement SMEP...

The article is dated June 5th, 2011 at 4:40 pm.

Anyone here had any experience implementing this?

So I guess no. For those who (ie CPU makers) might actually had experience, however it would be trade secrets to talk with.

My mistake somehow interpreted that sentence as "only newer cpus" instead of "no cpus".

Jezze wrote:As far as I've understood it raises an exception (a page fault perhaps?) if the kernel (running in ring 0) tries to access a page having the user bit set.

Not any access, it's still allowed to read/write to user pages. It only prevents execution from them.

https://lkml.org/lkml/2011/5/16/500

That's a link to the patchset to the Linux kernel to add support for it that could be used as a reference if you want to implement it. There's not much to it at all except flipping a CR4 bit, as you said, but you just wouldn't be able to actually test it. I wonder how straightforward it would be to add support to QEMU for it, I may have a look at doing so sometime.