Intel MPX

Not to be confused with Intel XMP.

Intel MPX (Memory Protection Extensions) are a discontinued set of extensions to the x86 instruction set architecture. With compiler, runtime library and operating system support, Intel MPX claimed to enhance security to software by checking pointer references whose normal compile-time intentions are maliciously exploited at runtime due to buffer overflows. In practice, there have been too many flaws discovered in the design for it to be useful, and support has been deprecated or removed from most compilers and operating systems. Intel has listed MPX as removed in 2019 and onward hardware in section 2.5 of its Intel® 64 and IA-32 Architectures Software Developer's Manual Volume 1.[1]

Extensions

Intel MPX introduces new bounds registers, and new instruction set extensions that operate on these registers. Additionally, there is a new set of "bound tables" that store bounds beyond what can fit in the bounds registers.[2][3][4][5][6]

MPX uses four new 128-bit bounds registers, BND0 to BND3, each storing a pair of 64-bit lower bound (LB) and upper bound (UB) values of a buffer. The upper bound is stored in ones' complement form, with BNDMK (create bounds) and BNDCU (check upper bound) performing the conversion. The architecture includes two configuration registers BNDCFGx (BNDCFGU in user space and BNDCFGS in kernel mode), and a status register BNDSTATUS, which provides a memory address and error code in case of an exception.[7][8]

Two-level address translation is used for storing bounds in memory. The top layer consists of a Bounds Directory (BD) created on the application startup. Each BD entry is either empty or contains a pointer to a dynamically created Bounds Table (BT), which in turn contains a set of pointer bounds along with the linear addresses of the pointers. The bounds load (BNDLDX) and store (BNDSTX) instructions transparently perform the address translation and access bounds in the proper BT entry.[7][8]

Intel MPX was introduced as part of the Skylake microarchitecture.[9]

Intel Goldmont microarchitecture also supports Intel MPX.[9]

Software support

  • glibc removed support in version 2.35.
  • GNU Compiler Collection (GCC) 5.0 added support for MPX.[10] In 2018, support for these extensions waned due to maintenance burdens and Intel developers intermittently contributing patches, resulting in a proposal to drop support in GCC 9.0.[11] Support was removed in GCC 9.1.[12]
  • Intel C++ Compiler (icc) 15.0 added support for Intel MPX.[10]
  • Kernel-level software support for Intel MPX was merged into the Linux kernel mainline in kernel version 3.19, which was released on February 8, 2015.[13][14] In 2018, Thomas Gleixner proposed removing MPX support from Linux kernel 4.18.[15] The pull request with its removal was posted in December 2018, during 4.20 development cycle,[16] but wasn't accepted. The second attempt was made in July 2019.[17] MPX support was removed in 5.6.[18]
  • QEMU supported MPX since version 2.6[19] and dropped its support in 4.0 release.[20]
  • Microsoft Visual Studio 2015 Update 1 added experimental support for MPX.[21]

Analysis

A study examined a detailed cross-layer dissection of the MPX system stack and comparison with three prominent software-based memory protection mechanisms (AddressSanitizer, SAFECode, and SoftBound) and presents the following conclusions.[8]

  • Even though Intel MPX is a specially designed hardware-assisted approach with its own added set of hardware registers, it is not faster than any of the software-based approaches. New Intel MPX instructions can cause up to 4× slowdown in the worst case, although compiler optimizations amortize it and lead to runtime overheads of ~50% on average.
  • In contrast to the other software-based solutions, Intel MPX provides no protection against temporal memory safety errors.
  • Reading and writing from the doubly-indirected bounds tables is not thread-safe.
  • MPX does not support several common C/C++ programming idioms, such as flexible array members, referencing one field as an offset from another, etc.
  • MPX conflicts with some other ISA extensions, resulting in performance and security issues. More specifically, these issues arise when Intel MPX is used in combination with other hardware-based protection mechanisms, such as Intel TSX and Intel SGX.
  • MPX instructions incur a significant performance penalty (15+%) even on Intel CPUs without MPX support.

In addition, a review concluded MPX was not production ready, and AddressSanitizer was a better option.[8] A review by Kostya Serebryany at Google, AddressSanitizer's developer,[22] had similar findings.[23]

Meltdown

Another study[24] exploring the scope of Spectre and Meltdown security vulnerabilities discovered that Meltdown can be used to bypass Intel MPX, using the Bound Range Exceeded (#BR) hardware exception. According to their publication, the researchers were able to leak information through a Flush+Reload covert channel from an out-of-bound access on an array safeguarded by the MPX system. Their Proof Of Concept has not been publicly disclosed.

See also

References

  1. ^ Intel® 64 and IA-32 Architectures Software Developer's Manual Volume 1: Basic Architecture. Intel. November 2020. Retrieved 2021-03-03.
  2. ^ "Intel ISA Extensions". Intel. Retrieved 2013-11-04.
  3. ^ "Introduction to Intel Memory Protection Extensions". Intel. 2013-07-16. Retrieved 2013-09-10.
  4. ^ "Discussion of Intel Memory Protection Extensions (MPX) and comparison with AddressSanitizer". code.google.com. Retrieved 2013-11-04.
  5. ^ "Intel® Memory Protection Extensions (Intel® MPX) support in the GCC compiler". gcc.gnu.org. Retrieved 2013-11-04.
  6. ^ "Intel MPX Explained: Storing bounds in memory". intel-mpx.github.io. Retrieved 2017-02-06.
  7. ^ a b "Intel Architecture Instruction Set Extensions Programming Reference" (PDF). Intel. December 2013. Retrieved 2014-01-17.
  8. ^ a b c d Oleksenko, Oleksii; Kuvaiskii, Dmitrii; Bhatotia, Pramod; Felber, Pascal; Fetzer, Christof (2017). "Intel MPX Explained: An Empirical Study of Intel MPX and Software-based Bounds Checking Approaches". arXiv:1702.00719 [cs.CR].
  9. ^ a b "Intel Software Development Emulator". Intel. 2012-06-15. Retrieved 2013-11-04.
  10. ^ a b "Design of Intel MPX". Intel.
  11. ^ "GCC 9 Looks Set To Remove Intel MPX Support". Phoronix. Retrieved 2018-04-27.
  12. ^ "Intel MPX Support Removed From GCC 9 - Phoronix". www.phoronix.com.
  13. ^ "Linux kernel 3.19, Section 1.2. Support for the Intel Memory Protection Extensions". kernelnewbies.org. February 9, 2015. Retrieved February 9, 2015.
  14. ^ Jonathan Corbet (January 29, 2014). "Supporting Intel MPX in Linux". LWN.net. Retrieved February 9, 2015.
  15. ^ "The Linux Kernel Might Drop Memory Protection Extensions Support". Phoronix.
  16. ^ "[GIT PULL] x86: remove Intel MPX".
  17. ^ "[PATCH 0/3] [RFC] x86: start the MPX removal process".
  18. ^ "Intel MPX Support Is Dead With Linux 5.6 - Phoronix". www.phoronix.com.
  19. ^ "ChangeLog/2.6".
  20. ^ "QEMU 4 arrives with toys for Arm admirers, RISC-V revolutionaries, POWER patriots... you get the idea". The Register.
  21. ^ "Visual Studio 2015 Update 1: New Experimental Feature – MPX". Microsoft. 2016-01-20.
  22. ^ Serebryany, Konstantin. "Konstantin Serebryany". Google Research. Archived from the original on 2023-07-27. Retrieved 2024-07-18.
  23. ^ "Address Sanitizer Intel Memory Protection Extensions". GitHub. Archived from the original on 2024-07-18. Retrieved 2013-11-04.
  24. ^ Canella, Claudio; Van Bulck, Jo; Schwarz, Michael; Lipp, Moritz; von Berg, Benjamin; Ortner, Philipp; Piessens, Frank; Evtyushkin, Dmitry; Gruss, Daniel (2018). "A Systematic Evaluation of Transient Execution Attacks and Defenses". arXiv:1811.05441 [cs.CR].

Read other articles:

List of Glasgow Subway stations

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: List of Glasgow Subway stations – news · newspapers · books · scholar · JSTOR (June 2017) (Learn how and when to remove this template message) Map of the Glasgow Subway The Glasgow Subway is an underground rail service in Scotland that serves the city of Glasg...

 

 

Inarzo

Inarzo commune di Italia Tempat categoria:Articles mancats de coordenades Negara berdaulatItaliaRegion di ItaliaLombardyProvinsi di ItaliaProvinsi Varese NegaraItalia Ibu kotaInarzo PendudukTotal1.064  (2023 )GeografiLuas wilayah2,43 km² [convert: unit tak dikenal]Ketinggian283 m Berbatasan denganBodio Lomnago Cazzago Brabbia Ternate Biandronno Casale Litta Varano Borghi SejarahSanto pelindungSimon Petrus Informasi tambahanKode pos21020 Zona waktuUTC+1 UTC+2 Kode telepon0332 ID IST...

 

 

Donald Trump's The Art of the Deal: The Movie

Halaman ini berisi artikel tentang film parodi Funny or Die. Untuk buku asli yang ditulis oleh Donald Trump, lihat Trump: The Art of the Deal. Donald Trump's The Art of the Deal:The MovieSutradaraJeremy Konner[1]Ditulis olehJoe Randazzo[1]BerdasarkanTrump: The Art of the Dealoleh Donald Trump& Tony SchwartzPemeran Johnny Depp Michaela Watkins Jack McBrayer Patton Oswalt Alfred Molina Henry Winkler Andy Richter Albert Tsai Ron Howard Penata musikDan Gross dan Kenny Lo...

دوري السوبر الألباني 2013–14

دوري السوبر الألباني 2013–14 تفاصيل الموسم دوري السوبر الألباني  النسخة 75  البلد ألبانيا  التاريخ بداية:31 أغسطس 2013  نهاية:10 مايو 2014  المنظم اتحاد ألبانيا لكرة القدم  البطل نادي سكندربيو كورتشه  الهابطون نادي لوشنيا  مباريات ملعوبة 198   عدد المشاركين 12 ...

 

 

John William Reid

American politician John ReidMember of the U.S. House of Representativesfrom Missouri's 5th districtIn officeMarch 4, 1861 – August 3, 1861Preceded bySamuel WoodsonSucceeded byThomas PriceMember of the Missouri House of RepresentativesIn office1854–1856 Personal detailsBornJohn William Reid(1821-06-14)June 14, 1821near Lynchburg, Virginia, U.S.DiedNovember 22, 1881(1881-11-22) (aged 60)Lees Summit, Missouri, U.S.Political partyDemocraticSpouseSallie Cochrane McGr...

 

 

George Kennedy

George Kennedy pada tahun 1975 George Harris Kennedy Jr. (18 Februari 1925 – 28 Februari 2016) merupakan seorang aktor berkebangsaan Amerika Serikat yang memenangkan nominasi Academy Award sebagai aktor terbaik. Dia dilahirkan di New York City. Dia mulai berkarier di dunia film sejak tahun 1961. Filmografi The Little Shepherd of Kingdom Come (1961) Lonely are the Brave (1962) Charade (1963) McHale's Navy (1964) Hush… Hush, Sweet Charlotte (1964) The Flight of the Phoenix (19...

Vanguard SLV-5

Failed rocket launch Vanguard SLV-5Vanguard rocket on LC-18A prior to its launchNamesVanguard Space Launch Vehicle-FiveMission typeMagnetic Field ExperimentAir Density ExperimentOperatorNaval Research LaboratoryMission durationFailed to orbit (500 seconds) Spacecraft propertiesSpacecraftVanguard 3ASpacecraft typeVanguardManufacturerNaval Research LaboratoryLaunch mass10.3 kg (23 lb) Start of missionLaunch date14 April 1959, 02:49:46 GMTRocketVanguard SLV-5Launch siteCape Canaveral, ...

 

 

Basilika Bunda Hati Kudus, Sittard

Basilika Bunda Hati KudusBasilika Minor Bunda Hati KudusBelanda: Basiliek van Onze-Lieve-Vrouw van het Heilig Hartcode: nl is deprecated Basilika Bunda Hati KudusLokasiSittardNegara BelandaDenominasiGereja Katolik RomaArsitekturStatusBasilika minorStatus fungsionalAktif Basilika Bunda Hati Kudus (Belanda: Basiliek van Onze-Lieve-Vrouw van het Heilig Hartcode: nl is deprecated ) adalah sebuah gereja basilika minor Katolik yang terletak di Sittard, Belanda. Basilika ini ditetapkan statusny...

 

 

Alterra Power

Renewable power generation company based in Vancouver, British Columbia, Canada Alterra Power Inc.Company typeSubsidiaryTraded asTSX: INEIndustryRenewable energyPredecessorMagma EnergyPlutonic PowerHeadquartersVancouver, CanadaKey peopleMichel Letellier,President and CEOJean Perron, Chief Financial OfficerProductsRun-of-the-river hydroelectricityWind powerSolar Power[1]ParentInnergex Renewable EnergyWebsitewww.innergex.com Alterra Power Corp. a subsidiary of Innergex Renewable En...

Стеллерова корова

† Стеллерова корова Муляж стеллеровой коровы в Лондонском музее естествознания Научная классификация Домен:ЭукариотыЦарство:ЖивотныеПодцарство:ЭуметазоиБез ранга:Двусторонне-симметричныеБез ранга:ВторичноротыеТип:ХордовыеПодтип:ПозвоночныеИнфратип:Челюстно�...

 

 

Bud Walton Arena

Indoor arena at the University of Arkansas Nolan Richardson Court at Bud Walton ArenaBasketball Palace of Mid-AmericaLocation1270 Nolan Richardson DriveFayetteville, Arkansas 72701-5570Coordinates36°03′41″N 94°10′41″W / 36.061518°N 94.178188°W / 36.061518; -94.178188OwnerUniversity of ArkansasOperatorUniversity of ArkansasCapacity19,368 (2009–present)19,200 (1993–2009)Record attendance20,344 (November 29, 2023 vs. Duke)SurfaceHardwood FloorConstructionB...

 

 

سوبر برستيج بيرنود 1974

سوبر برستيج بيرنود 1974تفاصيل السباقسلسلة16. سوبر برستيج بيرنودمراحل20التاريخ1974المسافات18٬683٫7 كمالمنصةالفائز إيدي ميركس (Molteni  [لغات أخرى]‏)الثاني روجر دي فلايمينك (بروكلين [الإنجليزية]‏)الثالث فرانز فيربيك (Watney-Maes Pils  [لغات أخرى]‏) ▶19731975◀ توثيق سوب�...

哈萨克斯坦总统

此条目序言章节没有充分总结全文内容要点。 (2019年3月21日)请考虑扩充序言,清晰概述条目所有重點。请在条目的讨论页讨论此问题。 哈萨克斯坦總統哈薩克總統旗現任Қасым-Жомарт Кемелұлы Тоқаев卡瑟姆若马尔特·托卡耶夫自2019年3月20日在任任期7年首任努尔苏丹·纳扎尔巴耶夫设立1990年4月24日(哈薩克蘇維埃社會主義共和國總統) 哈萨克斯坦 哈萨克斯坦政府...

 

 

SS Brittany (1910)

History Name Brittany (1910-33) Aldershot (1933-37) Hercules (1937-41) Owner London Brighton and South Coast Railway (1910-12) London and South Western Railway (1912-22) Southern Railway (1923-36) D Tripcovich & Compagnie (1936-41) Operator London Brighton and South Coast Railway (1910-12) London and South Western Railway (1912-22) Southern Railway (1923-36) Società Anonima di Navigazione Rimorchi e Salvataggi (1936-41) Port of registry Newhaven (1910-12) Southampton (1912-36) Trieste (...

 

 

Francs Peak

Mountain in Wyoming, United States Francs PeakFrancs Peak from Haymaker PassHighest pointElevation13,158 ft (4,011 m)[1]Prominence4,056 ft (1,236 m)[1]ListingNorth America highest peaks 120thUS highest major peaks 100thCoordinates43°57′41″N 109°19′51″W / 43.96139°N 109.33083°W / 43.96139; -109.33083[2]GeographyFrancs PeakLocation in WyomingShow map of WyomingFrancs PeakLocation in the United StatesShow map of...

1980 IBF World Championships – Men's doubles

Men's doubles at the 1980 IBF World ChampionshipsVenueIstoraLocationJakarta, IndonesiaDatesMay 27, 1980 (1980-05-27) – June 1, 1980 (1980-06-01)Medalists  Ade Chandra Christian Hadinata   Indonesia Hariamanto Kartono Rudy Heryanto   Indonesia Flemming Delfs Steen Skovgaard   Denmark Misbun Sidek Jalani Sidek   Malaysia← 1977 Malmö1983 Copenhagen → Events at the 1980 IBF Worl...

 

 

Social influence

Alteration of attitudes and behaviors based on outside influences Not to be confused with Social media influencer. Social influence comprises the ways in which individuals adjust their behavior to meet the demands of a social environment. It takes many forms and can be seen in conformity, socialization, peer pressure, obedience, leadership, persuasion, sales, and marketing. Typically social influence results from a specific action, command, or request, but people also alter their attitudes an...

 

 

Kematian tahun 2015

Artikel ini tidak memiliki referensi atau sumber tepercaya sehingga isinya tidak bisa dipastikan. Tolong bantu perbaiki artikel ini dengan menambahkan referensi yang layak. Tulisan tanpa sumber dapat dipertanyakan dan dihapus sewaktu-waktu.Cari sumber: Kematian tahun 2015 – berita · surat kabar · buku · cendekiawan · JSTORArtikel ini perlu diwikifikasi agar memenuhi standar kualitas Wikipedia. Anda dapat memberikan bantuan berupa penambahan pranala dal...

Carmit Bachar

Carmit BacharLahir4 September 1974 (umur 49) Los Angeles, Amerika SerikatPekerjaanPenyanyiPenariModelAktrisTahun aktif1995—sekarang Carmit Bachar (lahir 4 September 1974) adalah seorang penyanyi, penari, model dan aktris berkebangsaan Amerika Serikat. Ia merupakan anggota grup musik Pussycat Dolls, sebelum akhirnya memutuskan untuk keluar dari grup tersebut pada Maret 2008. Dalam grup tersebut ia merupakan salah satu vokalis utama bersama Nicole Scherzinger dan Melody Thornton. B...

 

 

Yoshirō Mori

Prime Minister of Japan from 2000 to 2001 For the mathematician, see Yoshiro Mori (mathematician). The native form of this personal name is Mori Yoshirō. This article uses Western name order when mentioning individuals. Yoshiro Mori森 喜朗Official portrait, 2000Prime Minister of JapanIn office5 April 2000 – 26 April 2001MonarchAkihitoPreceded byKeizō ObuchiSucceeded byJunichiro KoizumiPresident of the Liberal Democratic PartyIn office5 April 2000 – 24 April 2001...