x86/mpx: Introduce a boot-time disable flag
authorDave Hansen <dave.hansen@linux.intel.com>
Sun, 7 Jun 2015 18:37:02 +0000 (11:37 -0700)
committerIngo Molnar <mingo@kernel.org>
Tue, 9 Jun 2015 10:24:31 +0000 (12:24 +0200)
MPX has the _potential_ to cause some issues.  Say part of your
init system tried to protect one of its components from buffer
overflows with MPX.  If there were a false positive, it's
possible that MPX could keep a system from booting.

MPX could also potentially cause performance issues since it is
present in hot paths like the unmap path.

Allow it to be disabled at boot time.

Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Dave Hansen <dave@sr71.net>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20150607183702.2E8B77AB@viggo.jf.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Documentation/kernel-parameters.txt
arch/x86/kernel/cpu/common.c

index 61ab1628a057cc2c4d8b11d892d834f7e5f7773a..8b7e5c342302f75f4566da2fdbc8554f2277481e 100644 (file)
@@ -937,6 +937,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
                        Enable debug messages at boot time.  See
                        Documentation/dynamic-debug-howto.txt for details.
 
+       nompx           [X86] Disables Intel Memory Protection Extensions.
+                       See Documentation/x86/intel_mpx.txt for more
+                       information about the feature.
+
        eagerfpu=       [X86]
                        on      enable eager fpu restore
                        off     disable eager fpu restore
index 401ccb03054e1db8ce44a81babbf7af5a404ab28..3956858e53124121e2c5faa0d486559699a99833 100644 (file)
@@ -144,6 +144,22 @@ DEFINE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page) = { .gdt = {
 } };
 EXPORT_PER_CPU_SYMBOL_GPL(gdt_page);
 
+static int __init x86_mpx_setup(char *s)
+{
+       /* require an exact match without trailing characters */
+       if (strlen(s))
+               return 0;
+
+       /* do not emit a message if the feature is not present */
+       if (!boot_cpu_has(X86_FEATURE_MPX))
+               return 1;
+
+       setup_clear_cpu_cap(X86_FEATURE_MPX);
+       pr_info("nompx: Intel Memory Protection Extensions (MPX) disabled\n");
+       return 1;
+}
+__setup("nompx", x86_mpx_setup);
+
 #ifdef CONFIG_X86_32
 static int cachesize_override = -1;
 static int disable_x86_serial_nr = 1;