diff options
| -rw-r--r-- | man/man2/prctl.2 | 95 | ||||
| -rw-r--r-- | man/man2const/PR_MPX_DISABLE_MANAGEMENT.2const | 1 | ||||
| -rw-r--r-- | man/man2const/PR_MPX_ENABLE_MANAGEMENT.2const | 128 |
3 files changed, 132 insertions, 92 deletions
diff --git a/man/man2/prctl.2 b/man/man2/prctl.2 index f2e0b453ef..2c46923e40 100644 --- a/man/man2/prctl.2 +++ b/man/man2/prctl.2 @@ -25,7 +25,6 @@ .\" 2012-10-25 Michael Kerrisk, Document PR_SET_TIMERSLACK and .\" PR_GET_TIMERSLACK .\" 2013-01-10 Kees Cook, document PR_SET_PTRACER -.\" 2014-11-10 Dave Hansen, document PR_MPX_{EN,DIS}ABLE_MANAGEMENT .\" .\" .TH prctl 2 (date) "Linux man-pages (unreleased)" @@ -102,91 +101,10 @@ The first argument can be: .B PR_SET_MM .TQ .B PR_SET_VMA -.\" prctl PR_MPX_ENABLE_MANAGEMENT -.TP +.TQ .B PR_MPX_ENABLE_MANAGEMENT .TQ -.BR PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19, removed in Linux 5.4; only on x86)" -.\" commit fe3d197f84319d3bce379a9c0dc17b1f48ad358c -.\" See also http://lwn.net/Articles/582712/ -.\" See also https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler -Enable or disable kernel management of Memory Protection eXtensions (MPX) -bounds tables. -The -.IR arg2 , -.IR arg3 , -.IR arg4 , -and -.I arg5 -.\" commit e9d1b4f3c60997fe197bf0243cb4a41a44387a88 -arguments must be zero. -.IP -MPX is a hardware-assisted mechanism for performing bounds checking on -pointers. -It consists of a set of registers storing bounds information -and a set of special instruction prefixes that tell the CPU on which -instructions it should do bounds enforcement. -There is a limited number of these registers and -when there are more pointers than registers, -their contents must be "spilled" into a set of tables. -These tables are called "bounds tables" and the MPX -.BR prctl () -operations control -whether the kernel manages their allocation and freeing. -.IP -When management is enabled, the kernel will take over allocation -and freeing of the bounds tables. -It does this by trapping the #BR exceptions that result -at first use of missing bounds tables and -instead of delivering the exception to user space, -it allocates the table and populates the bounds directory -with the location of the new table. -For freeing, the kernel checks to see if bounds tables are -present for memory which is not allocated, and frees them if so. -.IP -Before enabling MPX management using -.BR PR_MPX_ENABLE_MANAGEMENT , -the application must first have allocated a user-space buffer for -the bounds directory and placed the location of that directory in the -.I bndcfgu -register. -.IP -These calls fail if the CPU or kernel does not support MPX. -Kernel support for MPX is enabled via the -.B CONFIG_X86_INTEL_MPX -configuration option. -You can check whether the CPU supports MPX by looking for the -.I mpx -CPUID bit, like with the following command: -.IP -.in +4n -.EX -cat /proc/cpuinfo | grep \[aq] mpx \[aq] -.EE -.in -.IP -A thread may not switch in or out of long (64-bit) mode while MPX is -enabled. -.IP -All threads in a process are affected by these calls. -.IP -The child of a -.BR fork (2) -inherits the state of MPX management. -During -.BR execve (2), -MPX management is reset to a state as if .B PR_MPX_DISABLE_MANAGEMENT -had been called. -.IP -For further information on Intel MPX, see the kernel source file -.IR Documentation/x86/intel_mpx.txt . -.IP -.\" commit f240652b6032b48ad7fa35c5e701cc4c8d697c0b -.\" See also https://lkml.kernel.org/r/20190705175321.DB42F0AD@viggo.jf.intel.com -Due to a lack of toolchain support, -.BR PR_MPX_ENABLE_MANAGEMENT " and " PR_MPX_DISABLE_MANAGEMENT -are not supported in Linux 5.4 and later. .\" prctl PR_SET_NAME .TP .BR PR_SET_NAME " (since Linux 2.6.9)" @@ -1572,15 +1490,6 @@ the kernel or CPU does not support the requested speculation misfeature. .B ENXIO .I op was -.B PR_MPX_ENABLE_MANAGEMENT -or -.B PR_MPX_DISABLE_MANAGEMENT -and the kernel or the CPU does not support MPX management. -Check that the kernel and processor have MPX support. -.TP -.B ENXIO -.I op -was .B PR_SET_SPECULATION_CTRL implies that the control of the selected speculation misfeature is not possible. See @@ -1666,4 +1575,6 @@ glibc 2.0.6 .BR PR_MCE_KILL_GET (2const), .BR PR_SET_MM (2const), .BR PR_SET_VMA (2const), +.BR PR_MPX_ENABLE_MANAGEMENT (2const), +.BR PR_MPX_DISABLE_MANAGEMENT (2const), .BR core (5) diff --git a/man/man2const/PR_MPX_DISABLE_MANAGEMENT.2const b/man/man2const/PR_MPX_DISABLE_MANAGEMENT.2const new file mode 100644 index 0000000000..028bde11a5 --- /dev/null +++ b/man/man2const/PR_MPX_DISABLE_MANAGEMENT.2const @@ -0,0 +1 @@ +.so man2const/PR_MPX_ENABLE_MANAGEMENT.2const diff --git a/man/man2const/PR_MPX_ENABLE_MANAGEMENT.2const b/man/man2const/PR_MPX_ENABLE_MANAGEMENT.2const new file mode 100644 index 0000000000..5f18c2fe3f --- /dev/null +++ b/man/man2const/PR_MPX_ENABLE_MANAGEMENT.2const @@ -0,0 +1,128 @@ +.\" Copyright 2014, Dave Hansen / Intel +.\" Copyright 2015, Michael Kerrisk <mtk.manpages@gmail.com> +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.\" 2014-11-10 Dave Hansen, document PR_MPX_{EN,DIS}ABLE_MANAGEMENT +.\" +.TH PR_MPX_ENABLE_MANAGEMENT 2 (date) "Linux man-pages (unreleased)" +.SH NAME +PR_MPX_ENABLE_MANAGEMENT, +PR_MPX_DISABLE_MANAGEMENT +\- +enable or disable kernel management of Memory Protection eXtensions (MPX) +.SH LIBRARY +Standard C library +.RI ( libc ", " \-lc ) +.SH SYNOPSIS +.nf +.B #include <sys/prctl.h> +.P +.BI "int prctl(int " op ", ...);" +.fi +.SH DESCRIPTION +.TP +.B PR_MPX_ENABLE_MANAGEMENT +.TQ +.BR PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19, removed in Linux 5.4; only on x86)" +.\" commit fe3d197f84319d3bce379a9c0dc17b1f48ad358c +.\" See also http://lwn.net/Articles/582712/ +.\" See also https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler +Enable or disable kernel management of Memory Protection eXtensions (MPX) +bounds tables. +The +.IR arg2 , +.IR arg3 , +.IR arg4 , +and +.I arg5 +.\" commit e9d1b4f3c60997fe197bf0243cb4a41a44387a88 +arguments must be zero. +.IP +MPX is a hardware-assisted mechanism for performing bounds checking on +pointers. +It consists of a set of registers storing bounds information +and a set of special instruction prefixes that tell the CPU on which +instructions it should do bounds enforcement. +There is a limited number of these registers and +when there are more pointers than registers, +their contents must be "spilled" into a set of tables. +These tables are called "bounds tables" and the MPX +.BR prctl () +operations control +whether the kernel manages their allocation and freeing. +.IP +When management is enabled, the kernel will take over allocation +and freeing of the bounds tables. +It does this by trapping the #BR exceptions that result +at first use of missing bounds tables and +instead of delivering the exception to user space, +it allocates the table and populates the bounds directory +with the location of the new table. +For freeing, the kernel checks to see if bounds tables are +present for memory which is not allocated, and frees them if so. +.IP +Before enabling MPX management using +.BR PR_MPX_ENABLE_MANAGEMENT , +the application must first have allocated a user-space buffer for +the bounds directory and placed the location of that directory in the +.I bndcfgu +register. +.IP +These calls fail if the CPU or kernel does not support MPX. +Kernel support for MPX is enabled via the +.B CONFIG_X86_INTEL_MPX +configuration option. +You can check whether the CPU supports MPX by looking for the +.I mpx +CPUID bit, like with the following command: +.IP +.in +4n +.EX +cat /proc/cpuinfo | grep \[aq] mpx \[aq] +.EE +.in +.IP +A thread may not switch in or out of long (64-bit) mode while MPX is +enabled. +.IP +All threads in a process are affected by these calls. +.IP +The child of a +.BR fork (2) +inherits the state of MPX management. +During +.BR execve (2), +MPX management is reset to a state as if +.B PR_MPX_DISABLE_MANAGEMENT +had been called. +.IP +For further information on Intel MPX, see the kernel source file +.IR Documentation/x86/intel_mpx.txt . +.IP +.\" commit f240652b6032b48ad7fa35c5e701cc4c8d697c0b +.\" See also https://lkml.kernel.org/r/20190705175321.DB42F0AD@viggo.jf.intel.com +Due to a lack of toolchain support, +.BR PR_MPX_ENABLE_MANAGEMENT " and " PR_MPX_DISABLE_MANAGEMENT +are not supported in Linux 5.4 and later. +.SH RETURN VALUE +On success, +0 is returned. +On error, \-1 is returned, and +.I errno +is set to indicate the error. +.SH ERRORS +.TP +.B ENXIO +.I op +was +.B PR_MPX_ENABLE_MANAGEMENT +or +.B PR_MPX_DISABLE_MANAGEMENT +and the kernel or the CPU does not support MPX management. +Check that the kernel and processor have MPX support. +.SH STANDARDS +Linux. +.SH HISTORY +.SH SEE ALSO +.BR prctl (2) |