Blame SOURCES/1297898-mpo-7.3.0-prctl.2.patch

1bb262
From 26057cba30205ed659094a2816557b439c651286 Mon Sep 17 00:00:00 2001
1bb262
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
1bb262
Date: Tue, 28 Jun 2016 13:28:29 +0200
1bb262
Subject: [PATCH 11/17] prctl.2: add description of Intel MPX calls
1bb262
1bb262
---
1bb262
 man-pages/man2/prctl.2 | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++
1bb262
 1 file changed, 81 insertions(+)
1bb262
1bb262
diff --git a/man-pages/man2/prctl.2 b/man-pages/man2/prctl.2
1bb262
index 24e56d2..92eecf9 100644
1bb262
--- a/man-pages/man2/prctl.2
1bb262
+++ b/man-pages/man2/prctl.2
1bb262
@@ -47,6 +47,7 @@
1bb262
 .\"                             PR_GET_TIMERSLACK
1bb262
 .\" 2013-01-10 Kees Cook, document PR_SET_PTRACER
1bb262
 .\" 2012-02-04 Michael kerrisk, document PR_{SET,GET}_CHILD_SUBREAPER
1bb262
+.\" 2014-11-10 Dave Hansen, document PR_MPX_{EN,DIS}ABLE_MANAGEMENT
1bb262
 .\"
1bb262
 .\"
1bb262
 .TH PRCTL 2 2013-05-21 "Linux" "Linux Programmer's Manual"
1bb262
@@ -771,6 +772,77 @@ option.
1bb262
 .\" symbolic-link transitions over all process running in a system.
1bb262
 .\" ========== END FIXME
1bb262
 .RE
1bb262
+.TP
1bb262
+.BR PR_MPX_ENABLE_MANAGEMENT ", " PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19) "
1bb262
+.\" commit fe3d197f84319d3bce379a9c0dc17b1f48ad358c
1bb262
+.\" See also http://lwn.net/Articles/582712/
1bb262
+.\" See also https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler
1bb262
+Enable or disable kernel management of Memory Protection eXtensions (MPX)
1bb262
+bounds tables.
1bb262
+The
1bb262
+.IR arg2 ,
1bb262
+.IR arg3 ,
1bb262
+.IR arg4 ,
1bb262
+and
1bb262
+.IR arg5
1bb262
+.\" commit e9d1b4f3c60997fe197bf0243cb4a41a44387a88
1bb262
+arguments must be zero.
1bb262
+
1bb262
+MPX is a hardware-assisted mechanism for performing bounds checking on
1bb262
+pointers.
1bb262
+It consists of a set of registers storing bounds information
1bb262
+and a set of special instruction prefixes that tell the CPU on which
1bb262
+instructions it should do bounds enforcement.
1bb262
+There is a limited number of these registers and
1bb262
+when there are more pointers than registers,
1bb262
+their contents must be "spilled" into a set of tables.
1bb262
+These tables are called "bounds tables" and the MPX
1bb262
+.BR prctl ()
1bb262
+operations control
1bb262
+whether the kernel manages their allocation and freeing.
1bb262
+
1bb262
+When management is enabled, the kernel will take over allocation
1bb262
+and freeing of the bounds tables.
1bb262
+It does this by trapping the #BR exceptions that result
1bb262
+at first use of missing bounds tables and
1bb262
+instead of delivering the exception to user space,
1bb262
+it allocates the table and populates the bounds directory
1bb262
+with the location of the new table.
1bb262
+For freeing, the kernel checks to see if bounds tables are
1bb262
+present for memory which is not allocated, and frees them if so.
1bb262
+
1bb262
+Before enabling MPX management using
1bb262
+.BR PR_MPX_ENABLE_MANAGEMENT ,
1bb262
+the application must first have allocated a user-space buffer for
1bb262
+the bounds directory and placed the location of that directory in the
1bb262
+.I bndcfgu
1bb262
+register.
1bb262
+
1bb262
+These calls will fail if the CPU or kernel does not support MPX.
1bb262
+Kernel support for MPX is enabled via the
1bb262
+.BR CONFIG_X86_INTEL_MPX
1bb262
+configuration option.
1bb262
+You can check whether the CPU supports MPX by looking for the 'mpx'
1bb262
+CPUID bit, like with the following command:
1bb262
+
1bb262
+	cat /proc/cpuinfo | grep ' mpx '
1bb262
+
1bb262
+A thread may not switch in or out of long (64-bit) mode while MPX is
1bb262
+enabled.
1bb262
+
1bb262
+All threads in a process are affected by these calls.
1bb262
+
1bb262
+The child of a
1bb262
+.BR fork (2)
1bb262
+inherits the state of MPX management.
1bb262
+During
1bb262
+.BR execve (2),
1bb262
+MPX management is reset to a state as if
1bb262
+.BR PR_MPX_DISABLE_MANAGEMENT
1bb262
+had been called.
1bb262
+
1bb262
+For further information on Intel MPX, see the kernel source file
1bb262
+.IR Documentation/x86/intel_mpx.txt .
1bb262
 .\"
1bb262
 .SH RETURN VALUE
1bb262
 On success,
1bb262
@@ -957,6 +1029,15 @@ capability.
1bb262
 .\" is
1bb262
 .\" .BR PR_SET_SECCOMP ,
1bb262
 .\" and secure computing mode is already 1.
1bb262
+.TP
1bb262
+.B ENXIO
1bb262
+.I option
1bb262
+was
1bb262
+.BR PR_MPX_ENABLE_MANAGEMENT
1bb262
+or
1bb262
+.BR PR_MPX_DISABLE_MANAGEMENT
1bb262
+and the kernel or the CPU does not support MPX management.
1bb262
+Check that the kernel and processor have MPX support.
1bb262
 .SH VERSIONS
1bb262
 The
1bb262
 .BR prctl ()
1bb262
-- 
1bb262
2.7.4
1bb262