From 26057cba30205ed659094a2816557b439c651286 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikola=20Forr=C3=B3?= Date: Tue, 28 Jun 2016 13:28:29 +0200 Subject: [PATCH 11/17] prctl.2: add description of Intel MPX calls --- man-pages/man2/prctl.2 | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) diff --git a/man-pages/man2/prctl.2 b/man-pages/man2/prctl.2 index 24e56d2..92eecf9 100644 --- a/man-pages/man2/prctl.2 +++ b/man-pages/man2/prctl.2 @@ -47,6 +47,7 @@ .\" PR_GET_TIMERSLACK .\" 2013-01-10 Kees Cook, document PR_SET_PTRACER .\" 2012-02-04 Michael kerrisk, document PR_{SET,GET}_CHILD_SUBREAPER +.\" 2014-11-10 Dave Hansen, document PR_MPX_{EN,DIS}ABLE_MANAGEMENT .\" .\" .TH PRCTL 2 2013-05-21 "Linux" "Linux Programmer's Manual" @@ -771,6 +772,77 @@ option. .\" symbolic-link transitions over all process running in a system. .\" ========== END FIXME .RE +.TP +.BR PR_MPX_ENABLE_MANAGEMENT ", " PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19) " +.\" commit fe3d197f84319d3bce379a9c0dc17b1f48ad358c +.\" See also http://lwn.net/Articles/582712/ +.\" See also https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler +Enable or disable kernel management of Memory Protection eXtensions (MPX) +bounds tables. +The +.IR arg2 , +.IR arg3 , +.IR arg4 , +and +.IR arg5 +.\" commit e9d1b4f3c60997fe197bf0243cb4a41a44387a88 +arguments must be zero. + +MPX is a hardware-assisted mechanism for performing bounds checking on +pointers. +It consists of a set of registers storing bounds information +and a set of special instruction prefixes that tell the CPU on which +instructions it should do bounds enforcement. +There is a limited number of these registers and +when there are more pointers than registers, +their contents must be "spilled" into a set of tables. +These tables are called "bounds tables" and the MPX +.BR prctl () +operations control +whether the kernel manages their allocation and freeing. + +When management is enabled, the kernel will take over allocation +and freeing of the bounds tables. +It does this by trapping the #BR exceptions that result +at first use of missing bounds tables and +instead of delivering the exception to user space, +it allocates the table and populates the bounds directory +with the location of the new table. +For freeing, the kernel checks to see if bounds tables are +present for memory which is not allocated, and frees them if so. + +Before enabling MPX management using +.BR PR_MPX_ENABLE_MANAGEMENT , +the application must first have allocated a user-space buffer for +the bounds directory and placed the location of that directory in the +.I bndcfgu +register. + +These calls will fail if the CPU or kernel does not support MPX. +Kernel support for MPX is enabled via the +.BR CONFIG_X86_INTEL_MPX +configuration option. +You can check whether the CPU supports MPX by looking for the 'mpx' +CPUID bit, like with the following command: + + cat /proc/cpuinfo | grep ' mpx ' + +A thread may not switch in or out of long (64-bit) mode while MPX is +enabled. + +All threads in a process are affected by these calls. + +The child of a +.BR fork (2) +inherits the state of MPX management. +During +.BR execve (2), +MPX management is reset to a state as if +.BR PR_MPX_DISABLE_MANAGEMENT +had been called. + +For further information on Intel MPX, see the kernel source file +.IR Documentation/x86/intel_mpx.txt . .\" .SH RETURN VALUE On success, @@ -957,6 +1029,15 @@ capability. .\" is .\" .BR PR_SET_SECCOMP , .\" and secure computing mode is already 1. +.TP +.B ENXIO +.I option +was +.BR PR_MPX_ENABLE_MANAGEMENT +or +.BR PR_MPX_DISABLE_MANAGEMENT +and the kernel or the CPU does not support MPX management. +Check that the kernel and processor have MPX support. .SH VERSIONS The .BR prctl () -- 2.7.4