Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'x86-mpx-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 MPX fixes from Thomas Gleixner:
"Three updates for the new MPX infrastructure:
- Use the proper error check in the trap handler
- Add a proper config option for it
- Bring documentation up to date"

* 'x86-mpx-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86, mpx: Give MPX a real config option prompt
x86, mpx: Update documentation
x86_64/traps: Fix always true condition

+41 -9
+14 -4
Documentation/x86/intel_mpx.txt
··· 7 7 references, for those references whose compile-time normal intentions are 8 8 usurped at runtime due to buffer overflow or underflow. 9 9 10 + You can tell if your CPU supports MPX by looking in /proc/cpuinfo: 11 + 12 + cat /proc/cpuinfo | grep ' mpx ' 13 + 10 14 For more information, please refer to Intel(R) Architecture Instruction 11 15 Set Extensions Programming Reference, Chapter 9: Intel(R) Memory Protection 12 16 Extensions. 13 17 14 - Note: Currently no hardware with MPX ISA is available but it is always 18 + Note: As of December 2014, no hardware with MPX is available but it is 15 19 possible to use SDE (Intel(R) Software Development Emulator) instead, which 16 20 can be downloaded from 17 21 http://software.intel.com/en-us/articles/intel-software-development-emulator ··· 34 30 instrumentation as well as some setup code called early after the app 35 31 starts. New instruction prefixes are noops for old CPUs. 36 32 2) That setup code allocates (virtual) space for the "bounds directory", 37 - points the "bndcfgu" register to the directory and notifies the kernel 38 - (via the new prctl(PR_MPX_ENABLE_MANAGEMENT)) that the app will be using 39 - MPX. 33 + points the "bndcfgu" register to the directory (must also set the valid 34 + bit) and notifies the kernel (via the new prctl(PR_MPX_ENABLE_MANAGEMENT)) 35 + that the app will be using MPX. The app must be careful not to access 36 + the bounds tables between the time when it populates "bndcfgu" and 37 + when it calls the prctl(). This might be hard to guarantee if the app 38 + is compiled with MPX. You can add "__attribute__((bnd_legacy))" to 39 + the function to disable MPX instrumentation to help guarantee this. 40 + Also be careful not to call out to any other code which might be 41 + MPX-instrumented. 40 42 3) The kernel detects that the CPU has MPX, allows the new prctl() to 41 43 succeed, and notes the location of the bounds directory. Userspace is 42 44 expected to keep the bounds directory at that locationWe note it
+26 -4
arch/x86/Kconfig
··· 249 249 def_bool y 250 250 depends on INTEL_IOMMU && ACPI 251 251 252 - config X86_INTEL_MPX 253 - def_bool y 254 - depends on CPU_SUP_INTEL 255 - 256 252 config X86_32_SMP 257 253 def_bool y 258 254 depends on X86_32 && SMP ··· 1589 1593 also a small increase in the kernel size if this is enabled. 1590 1594 1591 1595 If unsure, say Y. 1596 + 1597 + config X86_INTEL_MPX 1598 + prompt "Intel MPX (Memory Protection Extensions)" 1599 + def_bool n 1600 + depends on CPU_SUP_INTEL 1601 + ---help--- 1602 + MPX provides hardware features that can be used in 1603 + conjunction with compiler-instrumented code to check 1604 + memory references. It is designed to detect buffer 1605 + overflow or underflow bugs. 1606 + 1607 + This option enables running applications which are 1608 + instrumented or otherwise use MPX. It does not use MPX 1609 + itself inside the kernel or to protect the kernel 1610 + against bad memory references. 1611 + 1612 + Enabling this option will make the kernel larger: 1613 + ~8k of kernel text and 36 bytes of data on a 64-bit 1614 + defconfig. It adds a long to the 'mm_struct' which 1615 + will increase the kernel memory overhead of each 1616 + process and adds some branches to paths used during 1617 + exec() and munmap(). 1618 + 1619 + For details, see Documentation/x86/intel_mpx.txt 1620 + 1621 + If unsure, say N. 1592 1622 1593 1623 config EFI 1594 1624 bool "EFI runtime service support"
+1 -1
arch/x86/kernel/traps.c
··· 331 331 break; /* Success, it was handled */ 332 332 case 1: /* Bound violation. */ 333 333 info = mpx_generate_siginfo(regs, xsave_buf); 334 - if (PTR_ERR(info)) { 334 + if (IS_ERR(info)) { 335 335 /* 336 336 * We failed to decode the MPX instruction. Act as if 337 337 * the exception was not caused by MPX.