diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2014-12-19 16:22:42 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-12-19 16:22:42 -0500 |
| commit | a54455766b9e3d3c27a6cef758355d2591d81d68 (patch) | |
| tree | c7187cc528befc675d49950332a1d9fe0e3f638b | |
| parent | 1092b596a56b6ac5fa3154dc75bfcbb6f27ac757 (diff) | |
| parent | 72e9b5fe9bee0826e7ce7599adbdc64e544780ef (diff) | |
Merge branch 'x86-mpx-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 MPX fixes from Thomas Gleixner:
"Three updates for the new MPX infrastructure:
- Use the proper error check in the trap handler
- Add a proper config option for it
- Bring documentation up to date"
* 'x86-mpx-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86, mpx: Give MPX a real config option prompt
x86, mpx: Update documentation
x86_64/traps: Fix always true condition
| -rw-r--r-- | Documentation/x86/intel_mpx.txt | 18 | ||||
| -rw-r--r-- | arch/x86/Kconfig | 30 | ||||
| -rw-r--r-- | arch/x86/kernel/traps.c | 2 |
3 files changed, 41 insertions, 9 deletions
diff --git a/Documentation/x86/intel_mpx.txt b/Documentation/x86/intel_mpx.txt index 4472ed2ad921..818518a3ff01 100644 --- a/Documentation/x86/intel_mpx.txt +++ b/Documentation/x86/intel_mpx.txt | |||
| @@ -7,11 +7,15 @@ that can be used in conjunction with compiler changes to check memory | |||
| 7 | references, for those references whose compile-time normal intentions are | 7 | references, for those references whose compile-time normal intentions are |
| 8 | usurped at runtime due to buffer overflow or underflow. | 8 | usurped at runtime due to buffer overflow or underflow. |
| 9 | 9 | ||
| 10 | You can tell if your CPU supports MPX by looking in /proc/cpuinfo: | ||
| 11 | |||
| 12 | cat /proc/cpuinfo | grep ' mpx ' | ||
| 13 | |||
| 10 | For more information, please refer to Intel(R) Architecture Instruction | 14 | For more information, please refer to Intel(R) Architecture Instruction |
| 11 | Set Extensions Programming Reference, Chapter 9: Intel(R) Memory Protection | 15 | Set Extensions Programming Reference, Chapter 9: Intel(R) Memory Protection |
| 12 | Extensions. | 16 | Extensions. |
| 13 | 17 | ||
| 14 | Note: Currently no hardware with MPX ISA is available but it is always | 18 | Note: As of December 2014, no hardware with MPX is available but it is |
| 15 | possible to use SDE (Intel(R) Software Development Emulator) instead, which | 19 | possible to use SDE (Intel(R) Software Development Emulator) instead, which |
| 16 | can be downloaded from | 20 | can be downloaded from |
| 17 | http://software.intel.com/en-us/articles/intel-software-development-emulator | 21 | http://software.intel.com/en-us/articles/intel-software-development-emulator |
| @@ -30,9 +34,15 @@ is how we expect the compiler, application and kernel to work together. | |||
| 30 | instrumentation as well as some setup code called early after the app | 34 | instrumentation as well as some setup code called early after the app |
| 31 | starts. New instruction prefixes are noops for old CPUs. | 35 | starts. New instruction prefixes are noops for old CPUs. |
| 32 | 2) That setup code allocates (virtual) space for the "bounds directory", | 36 | 2) That setup code allocates (virtual) space for the "bounds directory", |
| 33 | points the "bndcfgu" register to the directory and notifies the kernel | 37 | points the "bndcfgu" register to the directory (must also set the valid |
| 34 | (via the new prctl(PR_MPX_ENABLE_MANAGEMENT)) that the app will be using | 38 | bit) and notifies the kernel (via the new prctl(PR_MPX_ENABLE_MANAGEMENT)) |
| 35 | MPX. | 39 | that the app will be using MPX. The app must be careful not to access |
| 40 | the bounds tables between the time when it populates "bndcfgu" and | ||
| 41 | when it calls the prctl(). This might be hard to guarantee if the app | ||
| 42 | is compiled with MPX. You can add "__attribute__((bnd_legacy))" to | ||
| 43 | the function to disable MPX instrumentation to help guarantee this. | ||
| 44 | Also be careful not to call out to any other code which might be | ||
| 45 | MPX-instrumented. | ||
| 36 | 3) The kernel detects that the CPU has MPX, allows the new prctl() to | 46 | 3) The kernel detects that the CPU has MPX, allows the new prctl() to |
| 37 | succeed, and notes the location of the bounds directory. Userspace is | 47 | succeed, and notes the location of the bounds directory. Userspace is |
| 38 | expected to keep the bounds directory at that locationWe note it | 48 | expected to keep the bounds directory at that locationWe note it |
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index d69f1cd87fd9..2995788bcb1d 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig | |||
| @@ -249,10 +249,6 @@ config HAVE_INTEL_TXT | |||
| 249 | def_bool y | 249 | def_bool y |
| 250 | depends on INTEL_IOMMU && ACPI | 250 | depends on INTEL_IOMMU && ACPI |
| 251 | 251 | ||
| 252 | config X86_INTEL_MPX | ||
| 253 | def_bool y | ||
| 254 | depends on CPU_SUP_INTEL | ||
| 255 | |||
| 256 | config X86_32_SMP | 252 | config X86_32_SMP |
| 257 | def_bool y | 253 | def_bool y |
| 258 | depends on X86_32 && SMP | 254 | depends on X86_32 && SMP |
| @@ -1594,6 +1590,32 @@ config X86_SMAP | |||
| 1594 | 1590 | ||
| 1595 | If unsure, say Y. | 1591 | If unsure, say Y. |
| 1596 | 1592 | ||
| 1593 | config X86_INTEL_MPX | ||
| 1594 | prompt "Intel MPX (Memory Protection Extensions)" | ||
| 1595 | def_bool n | ||
| 1596 | depends on CPU_SUP_INTEL | ||
| 1597 | ---help--- | ||
| 1598 | MPX provides hardware features that can be used in | ||
| 1599 | conjunction with compiler-instrumented code to check | ||
| 1600 | memory references. It is designed to detect buffer | ||
| 1601 | overflow or underflow bugs. | ||
| 1602 | |||
| 1603 | This option enables running applications which are | ||
| 1604 | instrumented or otherwise use MPX. It does not use MPX | ||
| 1605 | itself inside the kernel or to protect the kernel | ||
| 1606 | against bad memory references. | ||
| 1607 | |||
| 1608 | Enabling this option will make the kernel larger: | ||
| 1609 | ~8k of kernel text and 36 bytes of data on a 64-bit | ||
| 1610 | defconfig. It adds a long to the 'mm_struct' which | ||
| 1611 | will increase the kernel memory overhead of each | ||
| 1612 | process and adds some branches to paths used during | ||
| 1613 | exec() and munmap(). | ||
| 1614 | |||
| 1615 | For details, see Documentation/x86/intel_mpx.txt | ||
| 1616 | |||
| 1617 | If unsure, say N. | ||
| 1618 | |||
| 1597 | config EFI | 1619 | config EFI |
| 1598 | bool "EFI runtime service support" | 1620 | bool "EFI runtime service support" |
| 1599 | depends on ACPI | 1621 | depends on ACPI |
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index a9ae20579895..88900e288021 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c | |||
| @@ -331,7 +331,7 @@ dotraplinkage void do_bounds(struct pt_regs *regs, long error_code) | |||
| 331 | break; /* Success, it was handled */ | 331 | break; /* Success, it was handled */ |
| 332 | case 1: /* Bound violation. */ | 332 | case 1: /* Bound violation. */ |
| 333 | info = mpx_generate_siginfo(regs, xsave_buf); | 333 | info = mpx_generate_siginfo(regs, xsave_buf); |
| 334 | if (PTR_ERR(info)) { | 334 | if (IS_ERR(info)) { |
| 335 | /* | 335 | /* |
| 336 | * We failed to decode the MPX instruction. Act as if | 336 | * We failed to decode the MPX instruction. Act as if |
| 337 | * the exception was not caused by MPX. | 337 | * the exception was not caused by MPX. |