From patchwork Mon Jul 24 13:38:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans Liljestrand X-Patchwork-Id: 9860083 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 29236601A1 for ; Mon, 24 Jul 2017 18:56:52 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1D1D6284B2 for ; Mon, 24 Jul 2017 18:56:52 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 11CCB2852B; Mon, 24 Jul 2017 18:56:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 3E118284B2 for ; Mon, 24 Jul 2017 18:56:51 +0000 (UTC) Received: (qmail 14318 invoked by uid 550); 24 Jul 2017 18:56:49 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Delivered-To: moderator for kernel-hardening@lists.openwall.com Received: (qmail 28485 invoked from network); 24 Jul 2017 13:39:31 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=IZHa68/5kRtITlbIii0xXev8mREVfbPVYgsTdqNwlV8=; b=VunTK8vPXpoVKMUo5R5zBKRd6QFzhBy9FGOqD/jrK/Qc5ALW6uyKbdEHlIaRgIQfTm ZfvmS6wOCKY2zqpwy25G+r7k6bCR/XUBgIiAKPMAcf6j1bdOqtB98e6yMSccSEekSAJF bAU+Q765N0sY8NSMaSymWb8IImMFKzHubHZ+vLd7sozWoOf8JDF3YjNx1djmPLEpz7h+ Ios+HLzaT/sQ/EMmOKbaawPw19F8ulEMFtug6mOD74ophqJLjWA5mdj0f1CcZ4hN2GgV qERpECoBgJflXTejf/dUeNDJWcKDB3txCHOMy64rStDdtkhCjiHnoKtvlH7BBqqZA4Se y0IA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=IZHa68/5kRtITlbIii0xXev8mREVfbPVYgsTdqNwlV8=; b=d/5LPE+DihvijekTvA7qsV75JCR5May7d/ExiO9lN0hq46mltkPQ1cBMGoF86t9aeH MwSpOBsnhRXCA0WZXr9r7orJ234cf/KHXRBteR/DWDIWFJw3Frv2XBfpGcWo8oWyVVa8 ep3nKJrMayJnwe6/Ouymw0Dop1oDlRpkQzGGogS/HnZRYoMyIfV/pb4YaXEMO5DTzbzV ju0UIQSQZklA94XwpT9q4R1NmWPxAfH5GhbTZHFRClIMuvt5ELvgEdfx6g1No/cNG501 gRhC8K050RWMb8PiCMiKkH7eZ/uScJlp5I+3xf2Dmzw97etrbYyzihMWWcKqC9VE5f3u wRIw== X-Gm-Message-State: AIVw1134sqGzDl2DYOWSuOCbQdi3vqTAHPO1GrbqMw2TEuW9isxiAch8 gIjU/ajb69tzGnSgoQ8d6g== X-Received: by 10.25.90.152 with SMTP id y24mr1260780lfk.182.1500903559727; Mon, 24 Jul 2017 06:39:19 -0700 (PDT) Sender: Hans Liljestrand From: Hans Liljestrand X-Google-Original-From: Hans Liljestrand To: kernel-hardening@lists.openwall.com Cc: elena.reshetova@intel.com, dave.hansen@intel.com, keescook@chromium.org, hpa@zytor.com, Hans Liljestrand Date: Mon, 24 Jul 2017 16:38:20 +0300 Message-Id: <20170724133824.27223-2-LiljestrandH@gmail.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170724133824.27223-1-LiljestrandH@gmail.com> References: <20170724133824.27223-1-LiljestrandH@gmail.com> Subject: [kernel-hardening] [RFC PATCH 1/5] x86: add CONFIG_X86_INTEL_MPX_KERNEL to Kconfig X-Virus-Scanned: ClamAV using ClamSMTP Add CONFIG_X86_INTEL_MPX_KERNEL for future kernel-space support for Intel MPX. Currently depends on CPU_SUP_INTEL. Signed-off-by: Hans Liljestrand Signed-off-by: Elena Reshetova --- arch/x86/Kconfig | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 0efb4c9497bc..b740a8604705 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1771,6 +1771,25 @@ config X86_INTEL_MPX If unsure, say N. +config X86_INTEL_MPX_KERNEL + prompt "Intel MPX for kernel" + def_bool n + depends on CPU_SUP_INTEL + select CONSTRUCTORS + select GCC_PLUGINS + ---help--- + MPX provides hardware features that can be used in + conjunction with compiler-instrumented code to check + memory references. It is designed to detect buffer + overflow or underflow bugs. + + This option enables MPXK, which is a slightly modified + MPX instrumentation for in-kernel code. This + protection is modular and even when enabled covers + only code that explicitly use this feature. + + If unsure, say N + config X86_INTEL_MEMORY_PROTECTION_KEYS prompt "Intel Memory Protection Keys" def_bool y