From: Dave Hansen Give MPX a real config option. The CPUs that support it (referenced here): https://software.intel.com/en-us/forums/topic/402393 are not available publicly, so we need to make it somewhat easy to disable. Signed-off-by: Dave Hansen --- b/arch/x86/Kconfig | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff -puN arch/x86/Kconfig~x86-mpx-real-config-option-v3 arch/x86/Kconfig --- a/arch/x86/Kconfig~x86-mpx-real-config-option-v3 2014-12-11 07:37:05.147501580 -0800 +++ b/arch/x86/Kconfig 2014-12-11 07:38:55.864495123 -0800 @@ -248,10 +248,6 @@ config HAVE_INTEL_TXT def_bool y depends on INTEL_IOMMU && ACPI -config X86_INTEL_MPX - def_bool y - depends on CPU_SUP_INTEL - config X86_32_SMP def_bool y depends on X86_32 && SMP @@ -1575,6 +1571,30 @@ config X86_SMAP If unsure, say Y. +config X86_INTEL_MPX + prompt "Intel MPX (Memory Protection Extensions)" + def_bool y + depends on CPU_SUP_INTEL + ---help--- + MPX provides hardware features that can be used in + conjunction with compiler-instrumented code to check + memory references. It is designed to detect buffer + overflow or underflow bugs. + + This option enables running applications which are + instrumented or otherwise use MPX. It does not use MPX + itself inside the kernel or to protect the kernel + against bad memory references. + + Enabling this option will make the kernel larger: + ~8k of kernel text and 36 bytes of data on a 64-bit + defconfig. It adds a long to the 'mm_struct' which + will increase the kernel memory overhead of each + process and adds some branches to paths used during + exec() and munmap(). + + If unsure, say Y. + config EFI bool "EFI runtime service support" depends on ACPI _