No announcement yet.

GCC 9 Looks Set To Remove Intel MPX Support

  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by RealNC View Post
    Before getting out the pitchforks, it's worth investigating why this feature is seldom used. Is the performance impact higher compared to software-based protection techniques? It would seem so, and especially on GCC:

    Evaluation of Intel Memory Protection Extensions (Intel MPX) from three perspectives: performance, security, and usability

    I don't think it's a surprise that not many are willing to use this. MPX does look like a failure in general, not just in GCC.
    Also you have to take note the gcc platform generic items like AddressSanitizer has improved since then and its not breaking stuff. The broken is there is really bad. Broken means you are running a program without a defect and it go splat.

    Yes MPX shows that just because something is implemented in hardware does not mean its that useful.


    • #12
      MPX isn't production ready according to that review. The Google AddressSanitizer devs had a similar opinion that their software is production ready unlike the hardware implementation . Any news from Intel about the future of MPX or do we speculate from the lack of gcc maintenance that it's deprecated at Intel?


      • #13
        Michael's new article about kernel dropping MPX support shouldn't be surprising given that compiling with ICC is effort


        • #14
          Originally posted by jpg44 View Post
          This is one of the dumbest and most outrageous things I've ever heard of. It shows the flagrant disregard for the safety of the users that they are unwilling to maintain relatively simple and absolutely essential security code that protects users from C/C++ code that is always full of serious vulnerabilities. With the enormous number of exploits found in nearly every C and C++ project, removing protections against these errors is beyond stupid. Its severe willful negligence.

          How can Linux be considered to be a secure OS when it will not allow users to use hardware features that can make things more secure? After all of the uproar over Spectre we are now actually CREATING a security weakness in Linux by not protecting users? What are these brain dead fools thinking?

          Everyone needs to complain loudly to SUSE and Red Hat to retract these ridiculous patch and commit to supporting MPX.
          Actually MPX is a big failure and broken in general. Current MPX hardware implementations are so buggy, that it is actually possible to use it for exploits. There is at least one exploit in the wild (BoundHook) which is quite powerful and works with every Core out there, which has the MPX feature. So the best way to avoid broken hardware is to disable the feature in the kernel and the toolchain. And that is exactly what the developers of these components are doing.