Extensões Intel® de proteção de memória

Intel® Memory Protection Extensions Enabling Guide

Abstract: This document describes Intel® Memory Protection Extensions (Intel® MPX), its motivation, and programming model. It also describes the enabling requirements and the current status of enabling in the supported OSs: Linux* and Windows* and compilers: Intel® C++ Compiler, GCC, and Visual Studio*.  Finally, the paper describes how ISVs can incrementally enable bounds checking in their Intel MPX applications.

Introduction

  • Desenvolvedores
  • Linux*
  • Microsoft Windows* 8.x
  • Servidor
  • C/C++
  • Intermediário
  • Compilador C++ Intel®
  • Extensões Intel® de proteção de memória
  • Intel® MPX
  • Pointer Checker in ICC: requires dynamic linking of runtime libraries

    The -check-pointers switch, which enables the Pointer Checker feature, cannot be used with the -static flag on Linux* (/MT on Windows*) which forces all Intel libraries to be linked statically. The reason is that, by design, the Pointer Checker library “libchkp.so” must be shared by all executables and libraries in a process without duplication. While it is certainly possible to ensure, manually, that only a single library copy is linked, we found in testing that it was quite easy for users to accidentally include multiple copies of the library, causing unpredictable runtime errors.

  • Desenvolvedores
  • Parceiros
  • Professores
  • Estudantes
  • Linux*
  • Microsoft Windows* (XP, Vista, 7)
  • Microsoft Windows* 8.x
  • Unix*
  • C/C++
  • Principiante
  • Intermediário
  • Compilador C++ Intel®
  • Extensões Intel® de proteção de memória
  • pointer checker
  • Ferramentas de desenvolvimento
  • Using Intel® SDE's chip-check feature

    Intel® SDE includes a software validation mechanism to restrict executed instructions to a particular microprocessor. This is intended to be a helpful diagnostic tool for use when deploying new software. Use chip check when you want to make sure that your program is not using instruction features that are not present on a specific microarchitecture implementation.

    In the output of "sde -long-help" there is a section describing the controls for this feature:

  • Desenvolvedores
  • Apple OS X*
  • Linux*
  • Microsoft Windows* (XP, Vista, 7)
  • Microsoft Windows* 8.x
  • Intel SDE
  • Intel® Advanced Vector Extensions
  • Extensões Intel® de proteção de memória
  • Extensões Intel® Streaming SIMD
  • Extensões Intel® de sincronização transacional
  • Intel® Memory Protection Extensions (Intel® MPX) Runtime Support

    Enabling an application to use Intel MPX will generally not require source code updates but there is some runtime code needed in order to make use of Intel MPX.  For most applications this runtime support will be available by linking to a library supplied by the compiler or possibly it will come directly from the OS once OS versions that support Intel MPX are available.  The runtime code has 3 responsibilities: 

    Intel® Memory Protection Extensions (Intel® MPX) Design Considerations

    My very first exposure to buffer overflow was with Morris worm in 80’s and since then, we collectively have tried to get a good handle on buffer overflow as it impacts both security and robustness of C/C++ software. Needless to say, we have made significant progress with addressing buffer overflow via execute disable bit, Canary on stack etc. through which we are able to prevent a class of exploits after the buffer overflow has taken place.

    Using Intel® MPX with the Intel® Software Development Emulator

    Intel has announced a new technology called Intel® Memory Protection Extensions (Intel® MPX). To find out more, check out the Instruction Set Extensions web pages.  Once you know about Intel MPX, you may want to experiment with Intel® SDE. This article explains how to run Intel MPX with Intel SDE and some different behavior when using Intel SDE than when running Intel MPX in production systems.

  • Desenvolvedores
  • Extensões Intel® de proteção de memória
  • MPX SDE
  • Intel® Memory Protection Extensions (Intel® MPX) support in the GNU toolchain

    Invalid memory access problem is commonly found in many C/C++ programs and leads to time consuming debugging, program instability and vulnerability. Many attacks exploit software bugs related to inappropriate memory accesses caused by buffer overflow (or buffer overruns). Existing set of techniques/tools to find such memory bugs in the programs and defend them from the attacks are software only solutions which result in poor performance of the protected code.

    Introduction to Intel® Memory Protection Extensions

    The C and C++ languages provide for memory access via pointers, however, these languages do not ensure the safe use of pointers. Left undetected, the unsafe use of pointers puts an application at risk of data corruption or malicious attack via buffer overruns and overflows.

  • Desenvolvedores
  • Extensões Intel® de proteção de memória
  • Intel® Intrinsics Guide

    Overview

    The Intel Intrinsics Guide is an interactive reference tool for Intel intrinsic instructions, which are C style functions that provide access to many Intel instructions – including Intel® Streaming SIMD Extensions (Intel® SSE), Intel® Advanced Vector Extensions (Intel® AVX), and more – without the need to write assembly code.

    This guide provides searching and filtering functionality, in addition to reference information for every intrinsic. Reference information includes synopsis, description, functional operation, and corresponding instruction(s).

  • Desenvolvedores
  • Intel® Advanced Vector Extensions
  • Extensões Intel® de proteção de memória
  • Extensões Intel de Secure Hash Algorithm
  • Extensões Intel® Streaming SIMD
  • Assine o Extensões Intel® de proteção de memória