Re: [PATCH v3 3/4] x86, mpx: add prctl commands PR_MPX_INIT, PR_MPX_RELEASE

[Ingo Molnar <mingo@kernel.org>]

* Qiaowei Ren <qiaowei.ren@intel.com> wrote:

> @@ -7,6 +9,88 @@
>  #include <asm/fpu-internal.h>
>  #include <asm/alternative.h>
>  
> +static struct mmu_notifier mpx_mn;

> +static struct mmu_notifier_ops mpx_mmuops = {
> +	.invalidate_range_end = mpx_invl_range_end,
> +};
> +
> +int mpx_init(struct task_struct *tsk)
> +{
> +	if (!boot_cpu_has(X86_FEATURE_MPX))
> +		return -EINVAL;
> +
> +	/* register mmu_notifier to delallocate the bound tables */
> +	mpx_mn.ops = &mpx_mmuops;
> +	mmu_notifier_register(&mpx_mn, current->mm);

0)

I do think MPX should be supported by Linux, but this is the best 
thing I can say about the code at the moment:

1)

The above MMU notifier bit is absolutely disgusting: it adds an 
O(nr_mpx_tasks) overhead to every MMU operation!

MPX needs to be called from architecture methods. (And the MMU 
notifier should probably be removed, it literally invites such abuse.)

2)

The whole MPX_INIT() macro wrappery is ugly beyond relief.

3)

The kernel/sys.c bits are x86-only, it probably won't even build on 
other architectures.

4)

I also argue that MPX setup should be automatic through the ELF 
loader:

 - MPX setup could also be initiated through the ELF notes section or
   so - similar to the executable bit stack attribute in ELF binaries. 
   (See PT_GNU_STACK handling in fs/binfmt_elf.c.)

 - What is the typical life time of the bounds table? Does user-space
   get access to it? I don't see where it's discoverable to
   user-space. (for example for debuggers)

5)

Teardown can be done through regular munmap() if the notifier is 
eliminated, so that step falls away as well.

6)

How many entries are in the bounds table? Because mpx_invl_range_end() 
looks utterly unscalable if it has any size beyond 1-2 entries.

Thanks,

	Ingo