Wednesday, December 2, 2015

Intel Memory Protection Technology - Some informational links

Definition is taken from wikipedia (https://en.wikipedia.org/wiki/Intel_MPX) :

"Intel MPX (Memory Protection Extensions) is a set of extensions to the x86 instruction set architecture. With compilerruntime library and operating system support, Intel MPX brings increased security to software by checking pointer references whose normal compile-time intentions are maliciously exploited at runtime due to buffer overflows."

This is indeed great.  Many complicated problems that developer spend lot of time in debugging are related to  memory overwrites/underwrites,   leaks,  accessing freed memory,  Stack overwrites etc.. 

Intel MPX, at its current technology solves overwrites/underwrites issues.   Any user space application compiled/linked using -fmpx should would detect issues. 

It is not only useful for debugging, but also helps in preventing some types of malware injections. 

Since the checks are done in the hardware, there would not be much performance penalty and hence can be used even in production environments. 

From developer perspective too, most of the work is part of the compiler (GCC) and a library.  Hence, there is almost no additional effort required from the developers.

Some informational links are here:

http://lwn.net/Articles/582712/  :  MPX integration in Linux Kernel.



No comments: