[RFC,1/5] x86: add CONFIG_X86_INTEL_MPX_KERNEL to Kconfig
diff mbox

Message ID 20170724133824.27223-2-LiljestrandH@gmail.com
State New
Headers show

Commit Message

Hans Liljestrand July 24, 2017, 1:38 p.m. UTC
Add CONFIG_X86_INTEL_MPX_KERNEL for future kernel-space support for
Intel MPX. Currently depends on CPU_SUP_INTEL.

Signed-off-by: Hans Liljestrand <LiljestrandH@gmail.com>
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
---
 arch/x86/Kconfig | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

Comments

Kees Cook July 25, 2017, 2:51 a.m. UTC | #1
On Mon, Jul 24, 2017 at 6:38 AM, Hans Liljestrand
<liljestrandh@gmail.com> wrote:
> Add CONFIG_X86_INTEL_MPX_KERNEL for future kernel-space support for
> Intel MPX. Currently depends on CPU_SUP_INTEL.
>
> Signed-off-by: Hans Liljestrand <LiljestrandH@gmail.com>
> Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
> ---
>  arch/x86/Kconfig | 19 +++++++++++++++++++
>  1 file changed, 19 insertions(+)
>
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 0efb4c9497bc..b740a8604705 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1771,6 +1771,25 @@ config X86_INTEL_MPX
>
>           If unsure, say N.
>
> +config X86_INTEL_MPX_KERNEL
> +       prompt "Intel MPX for kernel"
> +       def_bool n
> +       depends on CPU_SUP_INTEL
> +       select CONSTRUCTORS
> +       select GCC_PLUGINS

GCC_PLUGINS should be a "depends" here, so that when we finally get
compile-support-testing hooked up to Kconfig we won't get some nasty
surprises.

> +       ---help---
> +         MPX provides hardware features that can be used in
> +         conjunction with compiler-instrumented code to check
> +         memory references.  It is designed to detect buffer
> +         overflow or underflow bugs.
> +
> +         This option enables MPXK, which is a slightly modified
> +         MPX instrumentation for in-kernel code.  This
> +         protection is modular and even when enabled covers
> +         only code that explicitly use this feature.
> +
> +         If unsure, say N

I think this Kconfig should live in whichever patch actually starts
adding things (maybe patch 2?)

-Kees

> +
>  config X86_INTEL_MEMORY_PROTECTION_KEYS
>         prompt "Intel Memory Protection Keys"
>         def_bool y
> --
> 2.11.0
>
Hans Liljestrand July 25, 2017, 7:10 a.m. UTC | #2
On Mon, Jul 24, 2017 at 07:51:34PM -0700, Kees Cook wrote:
>On Mon, Jul 24, 2017 at 6:38 AM, Hans Liljestrand
><liljestrandh@gmail.com> wrote:
>> Add CONFIG_X86_INTEL_MPX_KERNEL for future kernel-space support for
>> Intel MPX. Currently depends on CPU_SUP_INTEL.
>>
>> Signed-off-by: Hans Liljestrand <LiljestrandH@gmail.com>
>> Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
>> ---
>>  arch/x86/Kconfig | 19 +++++++++++++++++++
>>  1 file changed, 19 insertions(+)
>>
>> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
>> index 0efb4c9497bc..b740a8604705 100644
>> --- a/arch/x86/Kconfig
>> +++ b/arch/x86/Kconfig
>> @@ -1771,6 +1771,25 @@ config X86_INTEL_MPX
>>
>>           If unsure, say N.
>>
>> +config X86_INTEL_MPX_KERNEL
>> +       prompt "Intel MPX for kernel"
>> +       def_bool n
>> +       depends on CPU_SUP_INTEL
>> +       select CONSTRUCTORS
>> +       select GCC_PLUGINS
>
>GCC_PLUGINS should be a "depends" here, so that when we finally get
>compile-support-testing hooked up to Kconfig we won't get some nasty
>surprises.

Okay, sounds good. Also realized the CONSTRUCTORS thing is an old leftover, we 
don't use those anymore.

>
>> +       ---help---
>> +         MPX provides hardware features that can be used in
>> +         conjunction with compiler-instrumented code to check
>> +         memory references.  It is designed to detect buffer
>> +         overflow or underflow bugs.
>> +
>> +         This option enables MPXK, which is a slightly modified
>> +         MPX instrumentation for in-kernel code.  This
>> +         protection is modular and even when enabled covers
>> +         only code that explicitly use this feature.
>> +
>> +         If unsure, say N
>
>I think this Kconfig should live in whichever patch actually starts
>adding things (maybe patch 2?)

Ok, thanks!

-hans

>
>-Kees
>
>> +
>>  config X86_INTEL_MEMORY_PROTECTION_KEYS
>>         prompt "Intel Memory Protection Keys"
>>         def_bool y
>> --
>> 2.11.0
>>
>
>
>
>-- 
>Kees Cook
>Pixel Security

Patch
diff mbox

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 0efb4c9497bc..b740a8604705 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1771,6 +1771,25 @@  config X86_INTEL_MPX
 
 	  If unsure, say N.
 
+config X86_INTEL_MPX_KERNEL
+	prompt "Intel MPX for kernel"
+	def_bool n
+	depends on CPU_SUP_INTEL
+	select CONSTRUCTORS
+	select GCC_PLUGINS
+	---help---
+	  MPX provides hardware features that can be used in
+	  conjunction with compiler-instrumented code to check
+	  memory references.  It is designed to detect buffer
+	  overflow or underflow bugs.
+
+	  This option enables MPXK, which is a slightly modified
+	  MPX instrumentation for in-kernel code.  This
+	  protection is modular and even when enabled covers
+	  only code that explicitly use this feature.
+
+	  If unsure, say N
+
 config X86_INTEL_MEMORY_PROTECTION_KEYS
 	prompt "Intel Memory Protection Keys"
 	def_bool y