From: Hans Liljestrand <liljestrandh@gmail.com>
To: kernel-hardening@lists.openwall.com
Cc: elena.reshetova@intel.com, dave.hansen@intel.com,
keescook@chromium.org, hpa@zytor.com,
Hans Liljestrand <LiljestrandH@gmail.com>
Subject: [kernel-hardening] [RFC PATCH 1/5] x86: add CONFIG_X86_INTEL_MPX_KERNEL to Kconfig
Date: Mon, 24 Jul 2017 16:38:20 +0300 [thread overview]
Message-ID: <20170724133824.27223-2-LiljestrandH@gmail.com> (raw)
In-Reply-To: <20170724133824.27223-1-LiljestrandH@gmail.com>
Add CONFIG_X86_INTEL_MPX_KERNEL for future kernel-space support for
Intel MPX. Currently depends on CPU_SUP_INTEL.
Signed-off-by: Hans Liljestrand <LiljestrandH@gmail.com>
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
---
arch/x86/Kconfig | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 0efb4c9497bc..b740a8604705 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1771,6 +1771,25 @@ config X86_INTEL_MPX
If unsure, say N.
+config X86_INTEL_MPX_KERNEL
+ prompt "Intel MPX for kernel"
+ def_bool n
+ depends on CPU_SUP_INTEL
+ select CONSTRUCTORS
+ select GCC_PLUGINS
+ ---help---
+ MPX provides hardware features that can be used in
+ conjunction with compiler-instrumented code to check
+ memory references. It is designed to detect buffer
+ overflow or underflow bugs.
+
+ This option enables MPXK, which is a slightly modified
+ MPX instrumentation for in-kernel code. This
+ protection is modular and even when enabled covers
+ only code that explicitly use this feature.
+
+ If unsure, say N
+
config X86_INTEL_MEMORY_PROTECTION_KEYS
prompt "Intel Memory Protection Keys"
def_bool y
--
2.11.0
next prev parent reply other threads:[~2017-07-24 13:38 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-24 13:38 [kernel-hardening] [RFC PATCH 0/5] MPXK: Intel MPX for in-kernel use Hans Liljestrand
2017-07-24 13:38 ` Hans Liljestrand [this message]
2017-07-25 2:51 ` [kernel-hardening] Re: [RFC PATCH 1/5] x86: add CONFIG_X86_INTEL_MPX_KERNEL to Kconfig Kees Cook
2017-07-25 7:10 ` Hans Liljestrand
2017-07-24 13:38 ` [kernel-hardening] [RFC PATCH 2/5] gcc-plugins: adds MPXK gcc plugin Hans Liljestrand
2017-07-25 2:40 ` [kernel-hardening] " Kees Cook
2017-07-25 7:16 ` Hans Liljestrand
2017-07-24 13:38 ` [kernel-hardening] [RFC PATCH 3/5] x86: add mpxk-wrappers Hans Liljestrand
2017-07-25 2:45 ` [kernel-hardening] " Kees Cook
2017-07-25 7:52 ` Hans Liljestrand
2017-07-25 18:22 ` Kees Cook
2017-07-26 9:15 ` Hans Liljestrand
2017-07-24 13:38 ` [kernel-hardening] [RFC PATCH 4/5] x86: MPXK base Hans Liljestrand
2017-07-25 2:48 ` [kernel-hardening] " Kees Cook
2017-07-25 7:57 ` Hans Liljestrand
2017-07-24 13:38 ` [kernel-hardening] [RFC PATCH 5/5] lkdtm: Add kernel MPX testing Hans Liljestrand
2017-07-25 3:11 ` [kernel-hardening] " Kees Cook
2017-07-25 8:17 ` Hans Liljestrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170724133824.27223-2-LiljestrandH@gmail.com \
--to=liljestrandh@gmail.com \
--cc=dave.hansen@intel.com \
--cc=elena.reshetova@intel.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.