From 26057cba30205ed659094a2816557b439c651286 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
Date: Tue, 28 Jun 2016 13:28:29 +0200
Subject: [PATCH 11/17] prctl.2: add description of Intel MPX calls
---
man-pages/man2/prctl.2 | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 81 insertions(+)
diff --git a/man-pages/man2/prctl.2 b/man-pages/man2/prctl.2
index 24e56d2..92eecf9 100644
--- a/man-pages/man2/prctl.2
+++ b/man-pages/man2/prctl.2
@@ -47,6 +47,7 @@
.\" PR_GET_TIMERSLACK
.\" 2013-01-10 Kees Cook, document PR_SET_PTRACER
.\" 2012-02-04 Michael kerrisk, document PR_{SET,GET}_CHILD_SUBREAPER
+.\" 2014-11-10 Dave Hansen, document PR_MPX_{EN,DIS}ABLE_MANAGEMENT
.\"
.\"
.TH PRCTL 2 2013-05-21 "Linux" "Linux Programmer's Manual"
@@ -771,6 +772,77 @@ option.
.\" symbolic-link transitions over all process running in a system.
.\" ========== END FIXME
.RE
+.TP
+.BR PR_MPX_ENABLE_MANAGEMENT ", " PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19) "
+.\" commit fe3d197f84319d3bce379a9c0dc17b1f48ad358c
+.\" See also http://lwn.net/Articles/582712/
+.\" See also https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler
+Enable or disable kernel management of Memory Protection eXtensions (MPX)
+bounds tables.
+The
+.IR arg2 ,
+.IR arg3 ,
+.IR arg4 ,
+and
+.IR arg5
+.\" commit e9d1b4f3c60997fe197bf0243cb4a41a44387a88
+arguments must be zero.
+
+MPX is a hardware-assisted mechanism for performing bounds checking on
+pointers.
+It consists of a set of registers storing bounds information
+and a set of special instruction prefixes that tell the CPU on which
+instructions it should do bounds enforcement.
+There is a limited number of these registers and
+when there are more pointers than registers,
+their contents must be "spilled" into a set of tables.
+These tables are called "bounds tables" and the MPX
+.BR prctl ()
+operations control
+whether the kernel manages their allocation and freeing.
+
+When management is enabled, the kernel will take over allocation
+and freeing of the bounds tables.
+It does this by trapping the #BR exceptions that result
+at first use of missing bounds tables and
+instead of delivering the exception to user space,
+it allocates the table and populates the bounds directory
+with the location of the new table.
+For freeing, the kernel checks to see if bounds tables are
+present for memory which is not allocated, and frees them if so.
+
+Before enabling MPX management using
+.BR PR_MPX_ENABLE_MANAGEMENT ,
+the application must first have allocated a user-space buffer for
+the bounds directory and placed the location of that directory in the
+.I bndcfgu
+register.
+
+These calls will fail if the CPU or kernel does not support MPX.
+Kernel support for MPX is enabled via the
+.BR CONFIG_X86_INTEL_MPX
+configuration option.
+You can check whether the CPU supports MPX by looking for the 'mpx'
+CPUID bit, like with the following command:
+
+ cat /proc/cpuinfo | grep ' mpx '
+
+A thread may not switch in or out of long (64-bit) mode while MPX is
+enabled.
+
+All threads in a process are affected by these calls.
+
+The child of a
+.BR fork (2)
+inherits the state of MPX management.
+During
+.BR execve (2),
+MPX management is reset to a state as if
+.BR PR_MPX_DISABLE_MANAGEMENT
+had been called.
+
+For further information on Intel MPX, see the kernel source file
+.IR Documentation/x86/intel_mpx.txt .
.\"
.SH RETURN VALUE
On success,
@@ -957,6 +1029,15 @@ capability.
.\" is
.\" .BR PR_SET_SECCOMP ,
.\" and secure computing mode is already 1.
+.TP
+.B ENXIO
+.I option
+was
+.BR PR_MPX_ENABLE_MANAGEMENT
+or
+.BR PR_MPX_DISABLE_MANAGEMENT
+and the kernel or the CPU does not support MPX management.
+Check that the kernel and processor have MPX support.
.SH VERSIONS
The
.BR prctl ()
--
2.7.4