|
Message-ID: <20170725071052.3jyir34bnpeokldg@ishxps> Date: Tue, 25 Jul 2017 10:10:52 +0300 From: Hans Liljestrand <liljestrandh@...il.com> To: Kees Cook <keescook@...omium.org> Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, "Reshetova, Elena" <elena.reshetova@...el.com>, Dave Hansen <dave.hansen@...el.com>, "H. Peter Anvin" <hpa@...or.com> Subject: Re: [RFC PATCH 1/5] x86: add CONFIG_X86_INTEL_MPX_KERNEL to Kconfig On Mon, Jul 24, 2017 at 07:51:34PM -0700, Kees Cook wrote: >On Mon, Jul 24, 2017 at 6:38 AM, Hans Liljestrand ><liljestrandh@...il.com> wrote: >> Add CONFIG_X86_INTEL_MPX_KERNEL for future kernel-space support for >> Intel MPX. Currently depends on CPU_SUP_INTEL. >> >> Signed-off-by: Hans Liljestrand <LiljestrandH@...il.com> >> Signed-off-by: Elena Reshetova <elena.reshetova@...el.com> >> --- >> arch/x86/Kconfig | 19 +++++++++++++++++++ >> 1 file changed, 19 insertions(+) >> >> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig >> index 0efb4c9497bc..b740a8604705 100644 >> --- a/arch/x86/Kconfig >> +++ b/arch/x86/Kconfig >> @@ -1771,6 +1771,25 @@ config X86_INTEL_MPX >> >> If unsure, say N. >> >> +config X86_INTEL_MPX_KERNEL >> + prompt "Intel MPX for kernel" >> + def_bool n >> + depends on CPU_SUP_INTEL >> + select CONSTRUCTORS >> + select GCC_PLUGINS > >GCC_PLUGINS should be a "depends" here, so that when we finally get >compile-support-testing hooked up to Kconfig we won't get some nasty >surprises. Okay, sounds good. Also realized the CONSTRUCTORS thing is an old leftover, we don't use those anymore. > >> + ---help--- >> + MPX provides hardware features that can be used in >> + conjunction with compiler-instrumented code to check >> + memory references. It is designed to detect buffer >> + overflow or underflow bugs. >> + >> + This option enables MPXK, which is a slightly modified >> + MPX instrumentation for in-kernel code. This >> + protection is modular and even when enabled covers >> + only code that explicitly use this feature. >> + >> + If unsure, say N > >I think this Kconfig should live in whichever patch actually starts >adding things (maybe patch 2?) Ok, thanks! -hans > >-Kees > >> + >> config X86_INTEL_MEMORY_PROTECTION_KEYS >> prompt "Intel Memory Protection Keys" >> def_bool y >> -- >> 2.11.0 >> > > > >-- >Kees Cook >Pixel Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.