From 3cd5e9837f1cbb3736f8fdf9f8bf20a472415f98 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Sat, 10 Jan 2015 15:15:03 +0100 Subject: [PATCH] prctl.2: Some tweaks to Dave Handsen's patch Signed-off-by: Michael Kerrisk --- man2/prctl.2 | 65 ++++++++++++++++++++++++++++++---------------------- 1 file changed, 38 insertions(+), 27 deletions(-) diff --git a/man2/prctl.2 b/man2/prctl.2 index 3475ebcfb..277f9a08a 100644 --- a/man2/prctl.2 +++ b/man2/prctl.2 @@ -1,6 +1,7 @@ .\" Copyright (C) 1998 Andries Brouwer (aeb@cwi.nl) .\" and Copyright (C) 2002, 2006, 2008, 2012, 2013 Michael Kerrisk .\" and Copyright Guillem Jover +.\" and Copyright (C) 2014 Dave Hansen / Intel .\" .\" %%%LICENSE_START(VERBATIM) .\" Permission is granted to make and distribute verbatim copies of this @@ -817,35 +818,42 @@ This should help system administrators monitor unusual symbolic-link transitions over all processes running on a system. .RE .TP -.BR PR_MPX_ENABLE_MANAGEMENT / PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19) " +.BR PR_MPX_ENABLE_MANAGEMENT ", " PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19) " .\" commit fe3d197f84319d3bce379a9c0dc17b1f48ad358c .\" See also http://lwn.net/Articles/582712/ .\" See also https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler - -Control the kernel's management of Memory Protection eXtensions (MPX) +Enable or disable kernel management of Memory Protection eXtensions (MPX) bounds tables. MPX is a hardware-assisted mechanism for performing bounds checking on -pointers. It consists of a set of registers storing bounds information +pointers. +It consists of a set of registers storing bounds information and a set of special instruction prefixes that tell the CPU on which -instructions it should do bounds enforcement. There is a limited -number of these registers and when there are more pointers than -registers, their contents must be "spilled" in to a set of tables. -These tables are called "bounds tables" and these prctl()s control +instructions it should do bounds enforcement. +There is a limited number of these registers and +when there are more pointers than registers, +their contents must be "spilled" into a set of tables. +These tables are called "bounds tables" and the MPX +.BR prctl () +operations control whether the kernel manages their allocation and freeing. When management is enabled, the kernel will take over allocation -and freeing of the bounds tables. It does this by trapping the #BR -exceptions that result at first use of missing bounds tables and -instead of delivering the exception to userspace, it allocates the -table and populates the bounds directory with the location of the -new table. For freeing, the kernel checks to see if bounds tables are +and freeing of the bounds tables. +It does this by trapping the #BR exceptions that result +at first use of missing bounds tables and +instead of delivering the exception to user space, +it allocates the table and populates the bounds directory +with the location of the new table. +For freeing, the kernel checks to see if bounds tables are present for memory which is not allocated, and frees them if so. -Before enabling MPX management using PR_MPX_ENABLE_MANAGEMENT, +Before enabling MPX management using +.BR PR_MPX_ENABLE_MANAGEMENT , the application must first have allocated a user-space buffer for -the bounds directory and placed the location of that directory in -the bndcfgu register. +the bounds directory and placed the location of that directory in the +.I bndcfgu +register. These calls will fail if the CPU or kernel does not support MPX. Kernel support for MPX is enabled via the @@ -861,14 +869,17 @@ enabled. All threads in a process are affected by these calls. -The child of a fork(2) will inherit the state of MPX management. - -During an execve(2) call, MPX management will be reset to a state -as if PR_MPX_DISABLE_MANAGEMENT had been called. +The child of a +.BR fork (2) +inherits the state of MPX management. +During +.BR execve (2), +MPX management is reset to a state as if +.BR PR_MPX_DISABLE_MANAGEMENT +had been called. For further information on Intel MPX, see the kernel source file .IR Documentation/x86/intel_mpx.txt . - .\" .SH RETURN VALUE On success, @@ -1157,12 +1168,12 @@ is not valid. .TP .B ENXIO .I option -is PR_MPX_ENABLE_MANAGEMENT and the kernel was unable to enable -management. Ensure the kernel and processor have MPX support. -.TP -.B ENXIO -.I option -is PR_MPX_DISABLE_MANAGEMENT and the kernel or CPU does not support MPX. +was +.BR PR_MPX_ENABLE_MANAGEMENT +or +.BR PR_MPX_DISABLE_MANAGEMENT +and the kernel or the CPU does not support MPX management. +Check that the kernel and processor have MPX support. .SH VERSIONS The .BR prctl ()