From: Ren Qiaowei <qiaowei.ren@intel.com>
To: Randy Dunlap <rdunlap@infradead.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 1/4] x86, mpx: add documentation on Intel MPX
Date: Sun, 26 Jan 2014 11:15:06 +0800 [thread overview]
Message-ID: <52E47DBA.4080203@intel.com> (raw)
In-Reply-To: <52E47BD1.4050105@infradead.org>
On 01/26/2014 11:06 AM, Randy Dunlap wrote:
> On 01/26/2014 01:08 AM, Qiaowei Ren wrote:
>> This patch adds the Documentation/x86/intel_mpx.txt file with some
>> information about Intel MPX.
>>
>> Signed-off-by: Qiaowei Ren <qiaowei.ren@intel.com>
>> ---
>> Documentation/x86/intel_mpx.txt | 226 +++++++++++++++++++++++++++++++++++++++
>> 1 files changed, 226 insertions(+), 0 deletions(-)
>> create mode 100644 Documentation/x86/intel_mpx.txt
>>
>> diff --git a/Documentation/x86/intel_mpx.txt b/Documentation/x86/intel_mpx.txt
>> new file mode 100644
>> index 0000000..052001c
>> --- /dev/null
>> +++ b/Documentation/x86/intel_mpx.txt
>> @@ -0,0 +1,226 @@
>> +1. Intel(R) MPX Overview
>> +========================
>> +
>> +
>> +Intel(R) Memory Protection Extensions (Intel(R) MPX) is a new
>> +capability introduced into Intel Architecture. Intel MPX provides
>> +hardware features that can be used in conjunction with compiler
>> +changes to check memory references, for those references whose
>> +compile-time normal intentions are usurped at runtime due to
>> +buffer overflow or underflow.
>> +
>> +Two of the most important goals of Intel MPX are to provide
>> +this capability at very low performance overhead for newly
>> +compiled code, and to provide compatibility mechanisms with
>> +legacy software components. MPX architecture is designed
>
> designed to
>
>> +allow a machine (i.e., the processor(s) and the OS software)
>> +to run both MPX enabled software and legacy software that
>> +is MPX unaware. In such a case, the legacy software does not
>> +benefit from MPX, but it also does not experience any change
>> +in functionality or reduction in performance.
>> +
>> +Intel(R) MPX Programming Model
>> +------------------------------
>> +
>> +Intel MPX introduces new registers and new instructions that
>> +operate on these registers. Some of the registers added are
>> +bounds registers which store a pointer's lower bound and upper
>> +bound limits. Whenever the pointer is used, the requested
>> +reference is checked against the pointer's associated bounds,
>> +thereby preventing out-of-bound memory access (such as buffer
>> +overflows and overruns). Out-of-bounds memory references
>> +initiate a #BR exception which can then be handled in an
>> +appropriate manner.
>> +
>> +Loading and Storing Bounds using Translation
>> +--------------------------------------------
>> +
>> +Intel MPX defines two instructions for load/store of the linear
>> +address of a pointer to a buffer, along with the bounds of the
>> +buffer into a paging structure of extended bounds. Specifically
>> +when storing extended bounds, the processor will perform address
>> +translation of the address where the pointer is stored to an
>> +address in the Bound Table (BT) to determine the store location
>> +of extended bounds. Loading of an extended bounds performs the
>> +reverse sequence.
>> +
>> +The structure in memory to load/store an extended bound is a
>> +4-tuple consisting of lower bound, upper bound, pointer value
>> +and a reserved field. Bound loads and stores access 32-bit or
>> +64-bit operand size according to the operation mode. Thus,
>> +a bound table entry is 4*32 bits in 32-bit mode and 4*64 bits
>> +in 64-bit mode.
>> +
>> +The linear address of a bound table is stored in a Bound
>> +Directory (BD) entry. And the linear address of the bound
>
> The linear address
>
>> +directory is derived from either BNDCFGU or BNDCFGS registers.
>> +Bounds in memory are stored in Bound Tables (BT) as an extended
>> +bound, which are accessed via Bound Directory (BD) and address
>> +translation performed by BNDLDX/BNDSTX instructions.
>> +
>> +Bounds Directory (BD) and Bounds Tables (BT) are stored in
>> +application memory and are allocated by the application (in case
>> +of kernel use, the structures will be in kernel memory). The
>> +bound directory and each instance of bound table are in contiguous
>> +linear memory.
>> +
>> +XSAVE/XRESTOR Support of Intel MPX State
>> +----------------------------------------
>> +
>> +Enabling Intel MPX requires an OS to manage two bits in XCR0:
>> + - BNDREGS for saving and restoring registers BND0-BND3,
>> + - BNDCSR for saving and restoring the user-mode configuration
>> +(BNDCFGU) and the status register (BNDSTATUS).
>> +
>> +The reason for having two separate bits is that BND0-BND3 is
>
> are
>
>> +likely to be volatile state, while BNDCFGU and BNDSTATUS are not.
>> +Therefore, an OS has flexibility in handling these two states
>> +differently in saving or restoring them.
>> +
>> +For details about the Intel MPX instructions, see "Intel(R)
>> +Architecture Instruction Set Extensions Programming Reference".
>> +
>> +
>> +2. How to get the advantage of MPX
>
> drop trailing space above.
>
>> +==================================
>> +
>> +
>> +To get the advantage of MPX, changes are required in
>> +the OS kernel, binutils, compiler, system libraries support.
>
> and system libraries support.
>
>> +
>> +MPX support in the GNU toolchain
>> +--------------------------------
>> +
>> +This section describes changes in GNU Binutils, GCC and Glibc
>> +to support MPX.
>> +
>> +The first step of MPX support is to implement support for new
>> +hardware features in binutils and the GCC.
>> +
>> +The second step is implementation of MPX instrumentation pass
>> +in the GCC compiler which is responsible for instrumenting all
>> +memory accesses with pointer checks. Compiler changes for runtime
>> +bound checks include:
>> +
>> + * Bounds creation for statically allocated objects, objects
>> + allocated on the stack and statically initialized pointers.
>> +
>> + * MPX support in ABI: ABI extension allows passing bounds for
>> + the pointers passed as function arguments and provide returned
>
> provides
>
>> + bounds with the pointers.
>> +
>> + * Bounds table content management: each pointer is stored into
>
> that is stored into
>
>> + the memory should have its bounds stored in the corresponding
>
> drop "the":
> memory should
>
>
Ok. Thanks for your review.
Thanks,
Qiaowei
next prev parent reply other threads:[~2014-01-26 3:20 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-26 9:08 [PATCH v3 0/4] Intel MPX support Qiaowei Ren
2014-01-26 8:19 ` Ingo Molnar
2014-01-26 8:20 ` Ren Qiaowei
2014-01-28 6:42 ` Ingo Molnar
2014-01-28 7:01 ` Ren Qiaowei
2014-01-28 18:26 ` H. Peter Anvin
2014-01-26 9:08 ` [PATCH v3 1/4] x86, mpx: add documentation on Intel MPX Qiaowei Ren
2014-01-26 3:06 ` Randy Dunlap
2014-01-26 3:15 ` Ren Qiaowei [this message]
2014-01-27 20:27 ` Andy Lutomirski
2014-01-28 3:40 ` Ren Qiaowei
2014-01-26 9:08 ` [PATCH v3 2/4] x86, mpx: hook #BR exception handler to allocate bound tables Qiaowei Ren
2014-01-27 20:36 ` Andy Lutomirski
2014-01-28 3:35 ` Ren Qiaowei
2014-01-28 5:21 ` Andy Lutomirski
2014-01-28 5:39 ` Ren Qiaowei
2014-01-28 6:42 ` Andy Lutomirski
2014-01-28 6:46 ` Ren Qiaowei
2014-01-26 9:08 ` [PATCH v3 3/4] x86, mpx: add prctl commands PR_MPX_INIT, PR_MPX_RELEASE Qiaowei Ren
2014-01-26 8:22 ` Ingo Molnar
2014-01-26 8:23 ` Ren Qiaowei
2014-01-26 8:39 ` Ingo Molnar
2014-01-26 11:37 ` Ren, Qiaowei
2014-01-27 1:50 ` H. Peter Anvin
2014-01-27 1:55 ` Ren Qiaowei
2014-01-27 2:10 ` H. Peter Anvin
2014-01-27 2:16 ` Ren Qiaowei
2014-01-27 21:54 ` Andy Lutomirski
2014-01-27 22:01 ` H. Peter Anvin
2014-01-26 9:08 ` Ingo Molnar
2014-01-26 12:49 ` Ren, Qiaowei
2014-01-26 15:14 ` Ingo Molnar
2014-01-27 2:01 ` Ren Qiaowei
2014-01-27 20:59 ` Andy Lutomirski
2014-01-26 9:08 ` [PATCH v3 4/4] x86, mpx: extend siginfo structure to include bound violation information Qiaowei Ren
2014-01-26 4:22 ` David Rientjes
2014-01-26 4:39 ` Ren Qiaowei
2014-01-26 21:38 ` David Rientjes
2014-01-27 1:34 ` Ren Qiaowei
2014-01-27 1:53 ` H. Peter Anvin
2014-01-27 1:56 ` Ren Qiaowei
2014-01-27 21:58 ` Andy Lutomirski
2014-01-28 2:43 ` Ren Qiaowei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52E47DBA.4080203@intel.com \
--to=qiaowei.ren@intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=rdunlap@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.