From: Dave Hansen <dave@sr71.net>
To: linux-kernel@vger.kernel.org
Cc: x86@kernel.org, tglx@linutronix.de, Dave Hansen <dave@sr71.net>,
dave.hansen@linux.intel.com
Subject: [PATCH 08/17] x86, mpx: boot-time disable
Date: Thu, 26 Mar 2015 11:33:43 -0700 [thread overview]
Message-ID: <20150326183343.F64975EC@viggo.jf.intel.com> (raw)
In-Reply-To: <20150326183327.64807530@viggo.jf.intel.com>
From: Dave Hansen <dave.hansen@linux.intel.com>
MPX has the _potential_ to cause some issues. Say part of your init
system tried to protect one of its components from buffer overflows
with MPX. If there were a false positive, it's possible that MPX
could keep a system from booting.
MPX could also potentially cause performance issues since it is
present in hot paths like the unmap path.
Allow it to be disabled at boot time.
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
---
b/Documentation/kernel-parameters.txt | 4 ++++
b/arch/x86/kernel/cpu/common.c | 16 ++++++++++++++++
2 files changed, 20 insertions(+)
diff -puN arch/x86/kernel/cpu/common.c~x86-mpx-disable-boot-time arch/x86/kernel/cpu/common.c
--- a/arch/x86/kernel/cpu/common.c~x86-mpx-disable-boot-time 2015-03-26 11:27:31.269400935 -0700
+++ b/arch/x86/kernel/cpu/common.c 2015-03-26 11:27:31.275401206 -0700
@@ -172,6 +172,22 @@ static int __init x86_xsaves_setup(char
}
__setup("noxsaves", x86_xsaves_setup);
+static int __init x86_mpx_setup(char *s)
+{
+ /* require an exact match without trailing characters */
+ if (strlen(s))
+ return 0;
+
+ /* do not emit a message if the feature is not present */
+ if (!boot_cpu_has(X86_FEATURE_MPX))
+ return 1;
+
+ setup_clear_cpu_cap(X86_FEATURE_MPX);
+ printk("nompx: Intel Memory Protection Extensions (MPX) disabled\n");
+ return 1;
+}
+__setup("nompx", x86_mpx_setup);
+
#ifdef CONFIG_X86_32
static int cachesize_override = -1;
static int disable_x86_serial_nr = 1;
diff -puN Documentation/kernel-parameters.txt~x86-mpx-disable-boot-time Documentation/kernel-parameters.txt
--- a/Documentation/kernel-parameters.txt~x86-mpx-disable-boot-time 2015-03-26 11:27:31.272401070 -0700
+++ b/Documentation/kernel-parameters.txt 2015-03-26 11:27:31.277401296 -0700
@@ -2340,6 +2340,10 @@ bytes respectively. Such letter suffixes
parameter, xsave area per process might occupy more
memory on xsaves enabled systems.
+ nompx [X86] Disables Intel Memory Protection Extensions.
+ See Documentation/x86/intel_mpx.txt for more
+ information about the feature.
+
eagerfpu= [X86]
on enable eager fpu restore
off disable eager fpu restore
_
next prev parent reply other threads:[~2015-03-26 18:35 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-26 18:33 [PATCH 00/17] x86, mpx updates for 4.1 (take 2) Dave Hansen
2015-03-26 18:33 ` [PATCH 01/17] x86, fpu: wrap get_xsave_addr() to make it safer Dave Hansen
2015-03-27 15:15 ` Borislav Petkov
2015-03-27 16:35 ` Dave Hansen
2015-03-27 18:57 ` Oleg Nesterov
2015-03-26 18:33 ` [PATCH 02/17] x86, mpx: use new tsk_get_xsave_addr() Dave Hansen
2015-03-26 18:33 ` [PATCH 03/17] x86, mpx: trace #BR exceptions Dave Hansen
2015-03-27 10:21 ` Borislav Petkov
2015-03-26 18:33 ` [PATCH 04/17] x86, mpx: trace entry to bounds exception paths Dave Hansen
2015-03-27 12:02 ` Borislav Petkov
2015-03-26 18:33 ` [PATCH 05/17] x86, mpx: trace when MPX is zapping pages Dave Hansen
2015-03-27 12:26 ` Borislav Petkov
2015-03-26 18:33 ` [PATCH 06/17] x86, mpx: trace attempts to find bounds tables Dave Hansen
2015-03-27 12:32 ` Borislav Petkov
2015-03-27 14:08 ` Dave Hansen
2015-03-26 18:33 ` [PATCH 07/17] x86, mpx: trace allocation of new " Dave Hansen
2015-03-26 18:33 ` Dave Hansen [this message]
2015-03-27 15:07 ` [PATCH 08/17] x86, mpx: boot-time disable Borislav Petkov
2015-03-27 15:16 ` Dave Hansen
2015-03-26 18:33 ` [PATCH 09/17] x86: make is_64bit_mm() widely available Dave Hansen
2015-03-26 22:35 ` Andy Lutomirski
2015-03-27 15:21 ` Borislav Petkov
2015-03-26 18:33 ` [PATCH 10/17] x86: make __VIRTUAL_MASK safe to use on 32 bit Dave Hansen
2015-03-26 18:33 ` [PATCH 11/17] x86, mpx: we do not allocate the bounds directory Dave Hansen
2015-03-26 18:33 ` [PATCH 12/17] x86, mpx: remove redundant MPX_BNDCFG_ADDR_MASK Dave Hansen
2015-03-27 17:01 ` Borislav Petkov
2015-03-27 20:45 ` Dave Hansen
2015-03-26 18:33 ` [PATCH 13/17] x86, mpx: Add temporary variable to reduce masking Dave Hansen
2015-03-26 18:33 ` [PATCH 14/17] x86, mpx: new directory entry to addr helper Dave Hansen
2015-03-26 18:33 ` [PATCH 15/17] x86, mpx: do 32-bit-only cmpxchg for 32-bit apps Dave Hansen
2015-03-27 17:29 ` Borislav Petkov
2015-03-27 18:16 ` Dave Hansen
2015-03-28 8:39 ` Borislav Petkov
2015-03-30 16:57 ` Dave Hansen
2015-03-30 16:59 ` Borislav Petkov
2015-03-30 18:58 ` Dave Hansen
2015-03-26 18:33 ` [PATCH 16/17] x86, mpx: support 32-bit binaries on 64-bit kernel Dave Hansen
2015-03-26 18:33 ` [PATCH 17/17] x86, mpx: allow mixed binaries again Dave Hansen
-- strict thread matches above, loose matches on Subject: below --
2015-03-27 21:52 [PATCH 00/17] x86, mpx updates for 4.1 (take 3) Dave Hansen
2015-03-27 21:53 ` [PATCH 08/17] x86, mpx: boot-time disable Dave Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150326183343.F64975EC@viggo.jf.intel.com \
--to=dave@sr71.net \
--cc=dave.hansen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox