Abstract: This document describes Intel® Memory Protection Extensions (Intel® MPX), its motivation, and programming model. It also describes the enabling requirements and the current status of enabling in the supported OSs: Linux* and Windows* and compilers: Intel® C++ Compiler, GCC, and Visual Studio*. Finally, the paper describes how ISVs can incrementally enable bounds checking in their Intel MPX applications.
The -check-pointers switch, which enables the Pointer Checker feature, cannot be used with the -static flag on Linux* (/MT on Windows*) which forces all Intel libraries to be linked statically. The reason is that, by design, the Pointer Checker library “libchkp.so” must be shared by all executables and libraries in a process without duplication. While it is certainly possible to ensure, manually, that only a single library copy is linked, we found in testing that it was quite easy for users to accidentally include multiple copies of the library, causing unpredictable runtime errors.
Intel® SDE includes a software validation mechanism to restrict executed instructions to a particular microprocessor. This is intended to be a helpful diagnostic tool for use when deploying new software. Use chip check when you want to make sure that your program is not using instruction features that are not present on a specific microarchitecture implementation.
In the output of "sde -long-help" there is a section describing the controls for this feature:
Enabling an application to use Intel MPX will generally not require source code updates but there is some runtime code needed in order to make use of Intel MPX. For most applications this runtime support will be available by linking to a library supplied by the compiler or possibly it will come directly from the OS once OS versions that support Intel MPX are available. The runtime code has 3 responsibilities:
My very first exposure to buffer overflow was with Morris worm in 80’s and since then, we collectively have tried to get a good handle on buffer overflow as it impacts both security and robustness of C/C++ software. Needless to say, we have made significant progress with addressing buffer overflow via execute disable bit, Canary on stack etc. through which we are able to prevent a class of exploits after the buffer overflow has taken place.
Intel has announced a new technology called Intel® Memory Protection Extensions (Intel® MPX). To find out more, check out the Instruction Set Extensions web pages. Once you know about Intel MPX, you may want to experiment with Intel® SDE. This article explains how to run Intel MPX with Intel SDE and some different behavior when using Intel SDE than when running Intel MPX in production systems.
Invalid memory access problem is commonly found in many C/C++ programs and leads to time consuming debugging, program instability and vulnerability. Many attacks exploit software bugs related to inappropriate memory accesses caused by buffer overflow (or buffer overruns). Existing set of techniques/tools to find such memory bugs in the programs and defend them from the attacks are software only solutions which result in poor performance of the protected code.
by Milind Girkar, Hongjiu Lu, David Kreitzer, and Vyacheslav Zakharin (Intel)
Description of the Intel® AVX, Intel® AVX2, Intel® AVX-512 and Intel® MPX extensions required for the Intel® 64 architecture application binary interface.
The C and C++ languages provide for memory access via pointers, however, these languages do not ensure the safe use of pointers. Left undetected, the unsafe use of pointers puts an application at risk of data corruption or malicious attack via buffer overruns and overflows.
The Intel Intrinsics Guide is an interactive reference tool for Intel intrinsic instructions, which are C style functions that provide access to many Intel instructions – including Intel® Streaming SIMD Extensions (Intel® SSE), Intel® Advanced Vector Extensions (Intel® AVX), and more – without the need to write assembly code.
This guide provides searching and filtering functionality, in addition to reference information for every intrinsic. Reference information includes synopsis, description, functional operation, and corresponding instruction(s).
- Página 1