Intel MPX Memory Protection Still Baking For Linux
Written by Michael Larabel in Intel on 11 January 2014 at 09:15 PM EST. Add A Comment
Intel Linux developers are still working to land Memory Protection Extensions (MPX) support into the mainline Linux kernel for this new feature coming to Skylake.

While we are still waiting for Broadwell to land in the coming months as the next-gen processors succeeding Haswell, Intel Linux developers are already working on early steps towards Intel Skylake enablement. Intel MPX is short for the Memory Protection Extensions and is an x86 iextension for checking pointer references and trying to help developers better fend off possible buffer overflows.

MPX was first detailed by Intel last year as a mix of OS, compiler, and run-time work for increasing software security through checking pointer references. For those not yet familiar with Intel MPX, see the Intel.com articles.

Intel developers have been playing with Intel MPX for GCC since last year while on the kernel side they are still working to land the changes. Qiaowei Ren of Intel published a fresh set of five patches to the Linux kernel on Saturday with this patch series.
Intel(R) Memory Protection Extensions (Intel(R) MPX) is a new capability introduced into Intel Architecture. Intel MPX can increase the robustness of software when it is used in conjunction with compiler changes to check that memory references intended at compile time do not become unsafe at runtime.

Two of the most important goals of Intel MPX are to provide this capability at very low performance overhead for newly compiled code, and to provide compatibility mechanisms with legacy software components. A direct benefit Intel MPX provides is hardening software against malicious attacks designed to cause or exploit buffer overruns.

Intel MPX introduces new registers and new instructions that operate on these registers. Some of the registers added are bounds registers which store a pointer's lower bound and upper bound limits. Whenever the pointer is used, the requested reference is checked against the pointer's associated bounds, thereby preventing out-of-bound memory access (such as buffer overflows and overruns). Out-of-bounds memory references initiate a #BR exception which can then be handled in an appropriate manner.
This new code probably won't end up being mainlined until at least the Linux 3.15 kernel (but could be a surprise for the Linux 3.14 merge window that soon will be opening), but at least that's still well ahead of the expected Intel Skylake debut in 2015. Besides MPX, the 14nm Intel Skylake is expected to also offer new SHA extensions, ADX Add-Carry Instructions, AVX-512F, and various other improvements.
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Intel News
Popular News
Trending Reviews & Featured Articles