Re: [GIT pull] x86 mpx support for 3.19
From: Dave Hansen
Date: Fri Dec 12 2014 - 10:48:00 EST
On 12/12/2014 04:30 AM, Pavel Machek wrote:
>> + depends on CPU_SUP_INTEL
>> + ---help---
>> + MPX provides hardware features that can be used in
>> + conjunction with compiler-instrumented code to check
>> + memory references. It is designed to detect buffer
>> + overflow or underflow bugs.
>> + This option enables running applications which are
>> + instrumented or otherwise use MPX. It does not use MPX
>> + itself inside the kernel or to protect the kernel
>> + against bad memory references.
>> + Enabling this option will make the kernel larger:
>> + ~8k of kernel text and 36 bytes of data on a 64-bit
>> + defconfig. It adds a long to the 'mm_struct' which
>> + will increase the kernel memory overhead of each
>> + process and adds some branches to paths used during
>> + exec() and munmap().
> Should you explain what kind of CPUs support it? Basically "the kind
> you don't have, yet"?
On a practical level, you can look for mpx in cpuinfo a la:
cat /proc/cpuinfo | grep ' mpx '
to see if your CPU supports it. I will mention that in the the
Documentation/ and also point folks there from the Kconfig text.
From: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
Give MPX a real config option. The CPUs that support it
are not available publicly, so we need to make it somewhat
easy to disable.
Signed-off-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
b/Documentation/x86/intel_mpx.txt | 6 +++++-
b/arch/x86/Kconfig | 30 ++++++++++++++++++++++++++----
2 files changed, 31 insertions(+), 5 deletions(-)
diff -puN arch/x86/Kconfig~x86-mpx-real-config-option-v4 arch/x86/Kconfig
--- a/arch/x86/Kconfig~x86-mpx-real-config-option-v4 2014-12-12 07:33:51.316565922 -0800
+++ b/arch/x86/Kconfig 2014-12-12 07:33:51.323566238 -0800
@@ -248,10 +248,6 @@ config HAVE_INTEL_TXT
depends on INTEL_IOMMU && ACPI
- def_bool y
- depends on CPU_SUP_INTEL
depends on X86_32 && SMP
@@ -1593,6 +1589,32 @@ config X86_SMAP
If unsure, say Y.
+ prompt "Intel MPX (Memory Protection Extensions)"
+ def_bool y
+ depends on CPU_SUP_INTEL
+ MPX provides hardware features that can be used in
+ conjunction with compiler-instrumented code to check
+ memory references. It is designed to detect buffer
+ overflow or underflow bugs.
+ This option enables running applications which are
+ instrumented or otherwise use MPX. It does not use MPX
+ itself inside the kernel or to protect the kernel
+ against bad memory references.
+ Enabling this option will make the kernel larger:
+ ~8k of kernel text and 36 bytes of data on a 64-bit
+ defconfig. It adds a long to the 'mm_struct' which
+ will increase the kernel memory overhead of each
+ process and adds some branches to paths used during
+ exec() and munmap().
+ For details, see Documentation/x86/intel_mpx.txt
+ If unsure, say Y.
bool "EFI runtime service support"
depends on ACPI
diff -puN Documentation/x86/intel_mpx.txt~x86-mpx-real-config-option-v4 Documentation/x86/intel_mpx.txt
--- a/Documentation/x86/intel_mpx.txt~x86-mpx-real-config-option-v4 2014-12-12 07:33:51.318566012 -0800
+++ b/Documentation/x86/intel_mpx.txt 2014-12-12 07:38:53.971216573 -0800
@@ -7,11 +7,15 @@ that can be used in conjunction with com
references, for those references whose compile-time normal intentions are
usurped at runtime due to buffer overflow or underflow.
+You can tell if your CPU supports MPX by looking in /proc/cpuinfo:
+ cat /proc/cpuinfo | grep ' mpx '
For more information, please refer to Intel(R) Architecture Instruction
Set Extensions Programming Reference, Chapter 9: Intel(R) Memory Protection
-Note: Currently no hardware with MPX ISA is available but it is always
+Note: As of December 2014, no hardware with MPX is available but it is
possible to use SDE (Intel(R) Software Development Emulator) instead, which
can be downloaded from