Merge branch 'x86-mpx-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 MPX fixes from Thomas Gleixner: "Three updates for the new MPX infrastructure: - Use the proper error check in the trap handler - Add a proper config option for it - Bring documentation up to date" * 'x86-mpx-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86, mpx: Give MPX a real config option prompt x86, mpx: Update documentation x86_64/traps: Fix always true condition
author: Linus Torvalds <torvalds@linux-foundation.org> 2014-12-19 16:22:42 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2014-12-19 16:22:42 -0500
commit: a54455766b9e3d3c27a6cef758355d2591d81d68 (patch)
tree: c7187cc528befc675d49950332a1d9fe0e3f638b /Documentation
parent: 1092b596a56b6ac5fa3154dc75bfcbb6f27ac757 (diff)
parent: 72e9b5fe9bee0826e7ce7599adbdc64e544780ef (diff)
1 files changed, 14 insertions, 4 deletions
diff --git a/Documentation/x86/intel_mpx.txt b/Documentation/x86/intel_mpx.txt
index 4472ed2ad921..818518a3ff01 100644
--- a/Documentation/x86/intel_mpx.txt
+++ b/Documentation/x86/intel_mpx.txt
@@ -7,11 +7,15 @@ that can be used in conjunction with compiler changes to check memory
 references, for those references whose compile-time normal intentions are
 usurped at runtime due to buffer overflow or underflow.
+You can tell if your CPU supports MPX by looking in /proc/cpuinfo:
+        cat /proc/cpuinfo  | grep ' mpx '
 For more information, please refer to Intel(R) Architecture Instruction
 Set Extensions Programming Reference, Chapter 9: Intel(R) Memory Protection
 Extensions.
-Note: Currently no hardware with MPX ISA is available but it is always
+Note: As of December 2014, no hardware with MPX is available but it is
 possible to use SDE (Intel(R) Software Development Emulator) instead, which
 can be downloaded from
 http://software.intel.com/en-us/articles/intel-software-development-emulator
@@ -30,9 +34,15 @@ is how we expect the compiler, application and kernel to work together.
   instrumentation as well as some setup code called early after the app
   starts. New instruction prefixes are noops for old CPUs.
 2) That setup code allocates (virtual) space for the "bounds directory",
-   points the "bndcfgu" register to the directory and notifies the kernel
+   points the "bndcfgu" register to the directory (must also set the valid
-   (via the new prctl(PR_MPX_ENABLE_MANAGEMENT)) that the app will be using
+   bit) and notifies the kernel (via the new prctl(PR_MPX_ENABLE_MANAGEMENT))
-   MPX.
+   that the app will be using MPX.  The app must be careful not to access
+   the bounds tables between the time when it populates "bndcfgu" and
+   when it calls the prctl().  This might be hard to guarantee if the app
+   is compiled with MPX.  You can add "__attribute__((bnd_legacy))" to
+   the function to disable MPX instrumentation to help guarantee this.
+   Also be careful not to call out to any other code which might be
+   MPX-instrumented.
 3) The kernel detects that the CPU has MPX, allows the new prctl() to
   succeed, and notes the location of the bounds directory. Userspace is
   expected to keep the bounds directory at that locationWe note it
author	Linus Torvalds <torvalds@linux-foundation.org>	2014-12-19 16:22:42 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2014-12-19 16:22:42 -0500
commit	a54455766b9e3d3c27a6cef758355d2591d81d68 (patch)
tree	c7187cc528befc675d49950332a1d9fe0e3f638b /Documentation
parent	1092b596a56b6ac5fa3154dc75bfcbb6f27ac757 (diff)
parent	72e9b5fe9bee0826e7ce7599adbdc64e544780ef (diff)