x86/mpx: Trace entry to bounds exception paths

There are two basic things that can happen as the result of
a bounds exception (#BR):

	1. We allocate a new bounds table
	2. We pass up a bounds exception to userspace.

This patch adds a trace point for the case where we are
passing the exception up to userspace with a signal.

We are also explicit that we're printing out the inverse of
the 'upper' that we encounter.  If you want to filter, for
instance, you need to ~ the value first.  The reason we do
this is because of how 'upper' is stored in the bounds table.

If a pointer's range is:

	0x1000 -> 0x2000

it is stored in the bounds table as (32-bits here for brevity):

	lower: 0x00001000
	upper: 0xffffdfff

That is so that an all 0's entry:

	lower: 0x00000000
	upper: 0x00000000

corresponds to the "init" bounds which store a *range* of:

	0x00000000 -> 0xffffffff

That is, by far, the common case, and that lets us use the
zero page, or deduplicate the memory, etc... The 'upper'
stored in the table is gibberish to print by itself, so we
print ~upper to get the *actual*, logical, human-readable
value printed out.

Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Dave Hansen <dave@sr71.net>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/20150607183703.027BB9B0@viggo.jf.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>

2 files changed, 35 insertions, 0 deletions

diff --git a/arch/x86/include/asm/trace/mpx.h b/arch/x86/include/asm/trace/mpx.h
index 5c03ec8a90d6..5c3af06a2ae1 100644
--- a/arch/x86/include/asm/trace/mpx.h
+++ b/arch/x86/include/asm/trace/mpx.h
@@ -8,6 +8,40 @@
 
 #ifdef CONFIG_X86_INTEL_MPX
 
+TRACE_EVENT(mpx_bounds_register_exception,
+
+        TP_PROTO(void *addr_referenced,
+                 const struct bndreg *bndreg),
+        TP_ARGS(addr_referenced, bndreg),
+
+        TP_STRUCT__entry(
+                __field(void *, addr_referenced)
+                __field(u64, lower_bound)
+                __field(u64, upper_bound)
+        ),
+
+        TP_fast_assign(
+                __entry->addr_referenced = addr_referenced;
+                __entry->lower_bound = bndreg->lower_bound;
+                __entry->upper_bound = bndreg->upper_bound;
+        ),
+        /*
+         * Note that we are printing out the '~' of the upper
+         * bounds register here.  It is actually stored in its
+         * one's complement form so that its 'init' state
+         * corresponds to all 0's.  But, that looks like
+         * gibberish when printed out, so print out the 1's
+         * complement instead of the actual value here.  Note
+         * though that you still need to specify filters for the
+         * actual value, not the displayed one.
+         */
+        TP_printk("address referenced: 0x%p bounds: lower: 0x%llx ~upper: 0x%llx",
+                __entry->addr_referenced,
+                __entry->lower_bound,
+                ~__entry->upper_bound
+        )
+);
+
 TRACE_EVENT(bounds_exception_mpx,
 
         TP_PROTO(const struct bndcsr *bndcsr),
diff --git a/arch/x86/mm/mpx.c b/arch/x86/mm/mpx.c
index 1fef52c17fc8..75e5d7043f65 100644
--- a/arch/x86/mm/mpx.c
+++ b/arch/x86/mm/mpx.c
@@ -335,6 +335,7 @@ siginfo_t *mpx_generate_siginfo(struct pt_regs *regs)
                 err = -EINVAL;
                 goto err_out;
         }
+        trace_mpx_bounds_register_exception(info->si_addr, bndreg);
         return info;
 err_out:
         /* info might be NULL, but kfree() handles that */