Intel MPX

From Wikipedia, the free encyclopedia

Intel MPX (Memory Protection Extensions) is a set of extensions to the x86 instruction set architecture. With compiler, runtime library and operating system support, Intel MPX brings increased security to software by checking pointer references whose normal compile-time intentions are maliciously exploited at runtime due to buffer overflows. Intel MPX will introduce new registers, and new instruction set extensions that operate on these registers.[1][2][3][4]

Intel MPX will be introduced as part of the Skylake microarchitecture.[5]

Overview

MPX uses four new 128-bit bounds registers, BND0 to BND3, each storing a pair of 64-bit lower bound (LB) and upper bound (UB) values of a buffer. The upper bound can be stored in ones' complement form, with the load instructions BNDMK and BNDCU performing the conversion. The architecture includes user-mode configuration register BNDCFGU, supervisor-mode configuration register IA32_BNDCFGS (a model-specific register), and status register BNDSTATUS, which provides memory address and error code in case of an exception.[6]

The application can use the Bounds Directory (BD) of several Bounds Tables (BT), which contain linear address pointer of a buffer along with its bounds, stored in compressed form. Two extended load/store instructions BNDLDX and BNDSTX will sync BNDx registers with the Bounds Directory, performing translation as necessary.[6]

See also

  • grsecurity  a set of security patches for the Linux kernel
  • PaX  a Linux kernel patch implementing least privilege protections for memory pages

References

  1. "Intel ISA Extensions". Intel. Retrieved 2013-11-04. 
  2. "Introduction to Intel Memory Protection Extensions". Intel. 2013-07-16. Retrieved 2013-09-10. 
  3. "Discussion of Intel Memory Protection Extensions (MPX) and comparison with AddressSanitizer". Retrieved 2013-11-04. 
  4. "Intel Memory Protection Extensions (Intel MPX) support in the GCC compiler". gnu.org. Retrieved 2013-11-04. 
  5. "Intel Software Development Emulator". Intel. 2012-06-15. Retrieved 2013-11-04. 
  6. 6.0 6.1 "Intel Architecture Instruction Set Extensions Programming Reference" (PDF). intel.com. December 2013. Retrieved 2014-01-17. 

External links

This article is issued from Wikipedia. The text is available under the Creative Commons Attribution/Share Alike; additional terms may apply for the media files.