Intel Skylake's MPX Is Closer To Providing Linux Memory Protection
Besides Intel publicly working on Skylake "Gen9" graphics support for Linux, Intel open-source developers are also working on other areas of Skylake hardware enablement for Linux. Work on supporting the Intel Memory Protection Extensions (MPX) that are new to the Skylake micro-architecture are still being revised for the Linux kernel and the many other operating system code-bases that need to be updated to work with this security feature.
MPX is an x86 instruction set extension that allows for greater software security by allowing low-overhead checking of pointer references. MPX allows checking and fending against malicious exploitation of pointer references in event of buffer overflows or other memory related crisis. Work on the Memory Protection Extensions has been ongoing since the start of the year and many months later is still ongoing due to the feature's complexity and support needing to be implemented throughout the stack.
Glibc Git code currently has MPX support implemented for all of the GNU C library's memory-related routines while the GCC support for MPX is still not mainlined. MPX for GCC will hopefully make it for the GCC 5 release due in H1'2015 but it just hasn't landed yet and still being furthered in its own branch. All code wishing to use MPX needs to be compiled with the new -fmpx switch on supported compilers. There's also needed MPX runtime library support for handling this memory protection feature. While the prerequisites are heavy, MPX should work with most software without having to make any source code modifications (just a recompile).
Lastly, there's kernel code involved with MPX. That code has been in the works for several months and as of Thursday the eighth revision to the code was published on the Linux kernel mailing list. Intel's Qiaowei Ren sent out the ten patches needed for supporting MPX on the kernel side. The kernel work is still ongoing and there isn't yet support for 32-bit Linux binaries on 64-bit kernels, but based on the slowing rate of change, hopefully this code will be ready for landing in an upcoming kernel release (Linux 3.18? It's still probably too early to tell based upon these just-posted patches). Those wishing to see the latest MPX kernel patches can find them on the IU LKML.
Add A Comment