Re: [GIT pull] x86 mpx support for 3.19

[Dave Hansen <dave.hansen@linux.intel.com>]

[-- Attachment #1: Type: text/plain, Size: 1172 bytes --]

On 12/12/2014 04:30 AM, Pavel Machek wrote:
>> +	depends on CPU_SUP_INTEL
>> +	---help---
>> +	  MPX provides hardware features that can be used in
>> +	  conjunction with compiler-instrumented code to check
>> +	  memory references.  It is designed to detect buffer
>> +	  overflow or underflow bugs.
>> +
>> +	  This option enables running applications which are
>> +	  instrumented or otherwise use MPX.  It does not use MPX
>> +	  itself inside the kernel or to protect the kernel
>> +	  against bad memory references.
>> +
>> +	  Enabling this option will make the kernel larger:
>> +	  ~8k of kernel text and 36 bytes of data on a 64-bit
>> +	  defconfig.  It adds a long to the 'mm_struct' which
>> +	  will increase the kernel memory overhead of each
>> +	  process and adds some branches to paths used during
>> +	  exec() and munmap().
> 
> Should you explain what kind of CPUs support it? Basically "the kind
> you don't have, yet"?

On a practical level, you can look for mpx in cpuinfo a la:

	cat /proc/cpuinfo  | grep ' mpx '

to see if your CPU supports it.  I will mention that in the the
Documentation/ and also point folks there from the Kconfig text.


[-- Attachment #2: x86-mpx-real-config-option-v4.patch --]
[-- Type: text/x-patch, Size: 3052 bytes --]


From: Dave Hansen <dave.hansen@linux.intel.com>

Give MPX a real config option.  The CPUs that support it
(referenced here):

	https://software.intel.com/en-us/forums/topic/402393

are not available publicly, so we need to make it somewhat
easy to disable.

Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
---

 b/Documentation/x86/intel_mpx.txt |    6 +++++-
 b/arch/x86/Kconfig                |   30 ++++++++++++++++++++++++++----
 2 files changed, 31 insertions(+), 5 deletions(-)

diff -puN arch/x86/Kconfig~x86-mpx-real-config-option-v4 arch/x86/Kconfig
--- a/arch/x86/Kconfig~x86-mpx-real-config-option-v4	2014-12-12 07:33:51.316565922 -0800
+++ b/arch/x86/Kconfig	2014-12-12 07:33:51.323566238 -0800
@@ -248,10 +248,6 @@ config HAVE_INTEL_TXT
 	def_bool y
 	depends on INTEL_IOMMU && ACPI
 
-config X86_INTEL_MPX
-	def_bool y
-	depends on CPU_SUP_INTEL
-
 config X86_32_SMP
 	def_bool y
 	depends on X86_32 && SMP
@@ -1593,6 +1589,32 @@ config X86_SMAP
 
 	  If unsure, say Y.
 
+config X86_INTEL_MPX
+	prompt "Intel MPX (Memory Protection Extensions)"
+	def_bool y
+	depends on CPU_SUP_INTEL
+	---help---
+	  MPX provides hardware features that can be used in
+	  conjunction with compiler-instrumented code to check
+	  memory references.  It is designed to detect buffer
+	  overflow or underflow bugs.
+
+	  This option enables running applications which are
+	  instrumented or otherwise use MPX.  It does not use MPX
+	  itself inside the kernel or to protect the kernel
+	  against bad memory references.
+
+	  Enabling this option will make the kernel larger:
+	  ~8k of kernel text and 36 bytes of data on a 64-bit
+	  defconfig.  It adds a long to the 'mm_struct' which
+	  will increase the kernel memory overhead of each
+	  process and adds some branches to paths used during
+	  exec() and munmap().
+
+	  For details, see Documentation/x86/intel_mpx.txt
+
+	  If unsure, say Y.
+
 config EFI
 	bool "EFI runtime service support"
 	depends on ACPI
diff -puN Documentation/x86/intel_mpx.txt~x86-mpx-real-config-option-v4 Documentation/x86/intel_mpx.txt
--- a/Documentation/x86/intel_mpx.txt~x86-mpx-real-config-option-v4	2014-12-12 07:33:51.318566012 -0800
+++ b/Documentation/x86/intel_mpx.txt	2014-12-12 07:38:53.971216573 -0800
@@ -7,11 +7,15 @@ that can be used in conjunction with com
 references, for those references whose compile-time normal intentions are
 usurped at runtime due to buffer overflow or underflow.
 
+You can tell if your CPU supports MPX by looking in /proc/cpuinfo:
+
+	cat /proc/cpuinfo  | grep ' mpx '
+
 For more information, please refer to Intel(R) Architecture Instruction
 Set Extensions Programming Reference, Chapter 9: Intel(R) Memory Protection
 Extensions.
 
-Note: Currently no hardware with MPX ISA is available but it is always
+Note: As of December 2014, no hardware with MPX is available but it is
 possible to use SDE (Intel(R) Software Development Emulator) instead, which
 can be downloaded from
 http://software.intel.com/en-us/articles/intel-software-development-emulator
_