|
@@ -30,9 +30,15 @@ is how we expect the compiler, application and kernel to work together.
|
|
|
instrumentation as well as some setup code called early after the app
|
|
instrumentation as well as some setup code called early after the app
|
|
|
starts. New instruction prefixes are noops for old CPUs.
|
|
starts. New instruction prefixes are noops for old CPUs.
|
|
|
2) That setup code allocates (virtual) space for the "bounds directory",
|
|
2) That setup code allocates (virtual) space for the "bounds directory",
|
|
|
- points the "bndcfgu" register to the directory and notifies the kernel
|
|
|
|
|
- (via the new prctl(PR_MPX_ENABLE_MANAGEMENT)) that the app will be using
|
|
|
|
|
- MPX.
|
|
|
|
|
|
|
+ points the "bndcfgu" register to the directory (must also set the valid
|
|
|
|
|
+ bit) and notifies the kernel (via the new prctl(PR_MPX_ENABLE_MANAGEMENT))
|
|
|
|
|
+ that the app will be using MPX. The app must be careful not to access
|
|
|
|
|
+ the bounds tables between the time when it populates "bndcfgu" and
|
|
|
|
|
+ when it calls the prctl(). This might be hard to guarantee if the app
|
|
|
|
|
+ is compiled with MPX. You can add "__attribute__((bnd_legacy))" to
|
|
|
|
|
+ the function to disable MPX instrumentation to help guarantee this.
|
|
|
|
|
+ Also be careful not to call out to any other code which might be
|
|
|
|
|
+ MPX-instrumented.
|
|
|
3) The kernel detects that the CPU has MPX, allows the new prctl() to
|
|
3) The kernel detects that the CPU has MPX, allows the new prctl() to
|
|
|
succeed, and notes the location of the bounds directory. Userspace is
|
|
succeed, and notes the location of the bounds directory. Userspace is
|
|
|
expected to keep the bounds directory at that locationWe note it
|
|
expected to keep the bounds directory at that locationWe note it
|
Dave Hansen