.\" Copyright 2014, Dave Hansen / Intel .\" Copyright 2015, Michael Kerrisk .\" .\" SPDX-License-Identifier: Linux-man-pages-copyleft .\" .\" 2014-11-10 Dave Hansen, document PR_MPX_{EN,DIS}ABLE_MANAGEMENT .\" .TH PR_MPX_ENABLE_MANAGEMENT 2 2024-07-23 "Linux man-pages 6.10" .SH NAME PR_MPX_ENABLE_MANAGEMENT, PR_MPX_DISABLE_MANAGEMENT \- enable or disable kernel management of Memory Protection eXtensions (MPX) .SH LIBRARY Standard C library .RI ( libc ,\~ \-lc ) .SH SYNOPSIS .nf .BR "#include " " /* Definition of " PR_* " constants */" .B #include .P .B [[deprecated]] int prctl(PR_MPX_ENABLE_MANAGEMENT, 0L, 0L, 0L, 0L); .B [[deprecated]] int prctl(PR_MPX_DISABLE_MANAGEMENT, 0L, 0L, 0L, 0L); .fi .SH DESCRIPTION Enable or disable kernel management of Memory Protection eXtensions (MPX) bounds tables. .P MPX is a hardware-assisted mechanism for performing bounds checking on pointers. It consists of a set of registers storing bounds information and a set of special instruction prefixes that tell the CPU on which instructions it should do bounds enforcement. There is a limited number of these registers and when there are more pointers than registers, their contents must be "spilled" into a set of tables. These tables are called "bounds tables" and the MPX .BR prctl () operations control whether the kernel manages their allocation and freeing. .P When management is enabled, the kernel will take over allocation and freeing of the bounds tables. It does this by trapping the #BR exceptions that result at first use of missing bounds tables and instead of delivering the exception to user space, it allocates the table and populates the bounds directory with the location of the new table. For freeing, the kernel checks to see if bounds tables are present for memory which is not allocated, and frees them if so. .P Before enabling MPX management using .BR PR_MPX_ENABLE_MANAGEMENT , the application must first have allocated a user-space buffer for the bounds directory and placed the location of that directory in the .I bndcfgu register. .P These calls fail if the CPU or kernel does not support MPX. Kernel support for MPX is enabled via the .B CONFIG_X86_INTEL_MPX configuration option. You can check whether the CPU supports MPX by looking for the .I mpx CPUID bit, like with the following command: .P .in +4n .EX cat /proc/cpuinfo | grep \[aq] mpx \[aq] .EE .in .P A thread may not switch in or out of long (64-bit) mode while MPX is enabled. .P All threads in a process are affected by these calls. .P The child of a .BR fork (2) inherits the state of MPX management. During .BR execve (2), MPX management is reset to a state as if .B PR_MPX_DISABLE_MANAGEMENT had been called. .SH RETURN VALUE On success, 0 is returned. On error, \-1 is returned, and .I errno is set to indicate the error. .SH ERRORS .TP .B ENXIO The kernel or the CPU does not support MPX management. Check that the kernel and processor have MPX support. .SH STANDARDS None. .SH HISTORY Linux 3.19. Removed in Linux 5.4. Only on x86. .\" commit fe3d197f84319d3bce379a9c0dc17b1f48ad358c .\" See also http://lwn.net/Articles/582712/ .\" See also https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler .P .\" commit f240652b6032b48ad7fa35c5e701cc4c8d697c0b .\" See also https://lkml.kernel.org/r/20190705175321.DB42F0AD@viggo.jf.intel.com Due to a lack of toolchain support, .B PR_MPX_ENABLE_MANAGEMENT and .B PR_MPX_DISABLE_MANAGEMENT are not supported in Linux 5.4 and later. .SH SEE ALSO .BR prctl (2) .P For further information on Intel MPX, see the kernel source file .IR Documentation/\:x86/\:intel_mpx.txt .