kernel - Implement support for SMAP and SMEP security
* Implement support for SMAP security. This prevents accidental
accesses to user address space from the kernel. When available,
we wrap intentional user-space accesses from the kernel with
the 'stac' and 'clac' instructions.
We use a NOP replacement policy to implement the feature. The wrapper
is initially a 'nop %eax' (3-byte NOP), and is replaced by 'stac' and
'clac' via a .section iteration when the feature is supported.
* Implement support for SMEP security. This prevents accidental
execution of user code from the kernel and simply requires
turning the bit on in CR4.
* Reports support in dmesg via the 'CPU Special Features Installed:'
line.