Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 24 Jul 2017 16:38:20 +0300
From: Hans Liljestrand <liljestrandh@...il.com>
To: kernel-hardening@...ts.openwall.com
Cc: elena.reshetova@...el.com,
	dave.hansen@...el.com,
	keescook@...omium.org,
	hpa@...or.com,
	Hans Liljestrand <LiljestrandH@...il.com>
Subject: [RFC PATCH 1/5] x86: add CONFIG_X86_INTEL_MPX_KERNEL to Kconfig

Add CONFIG_X86_INTEL_MPX_KERNEL for future kernel-space support for
Intel MPX. Currently depends on CPU_SUP_INTEL.

Signed-off-by: Hans Liljestrand <LiljestrandH@...il.com>
Signed-off-by: Elena Reshetova <elena.reshetova@...el.com>
---
 arch/x86/Kconfig | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 0efb4c9497bc..b740a8604705 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1771,6 +1771,25 @@ config X86_INTEL_MPX
 
 	  If unsure, say N.
 
+config X86_INTEL_MPX_KERNEL
+	prompt "Intel MPX for kernel"
+	def_bool n
+	depends on CPU_SUP_INTEL
+	select CONSTRUCTORS
+	select GCC_PLUGINS
+	---help---
+	  MPX provides hardware features that can be used in
+	  conjunction with compiler-instrumented code to check
+	  memory references.  It is designed to detect buffer
+	  overflow or underflow bugs.
+
+	  This option enables MPXK, which is a slightly modified
+	  MPX instrumentation for in-kernel code.  This
+	  protection is modular and even when enabled covers
+	  only code that explicitly use this feature.
+
+	  If unsure, say N
+
 config X86_INTEL_MEMORY_PROTECTION_KEYS
 	prompt "Intel Memory Protection Keys"
 	def_bool y
-- 
2.11.0

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.