Intel MPX

Intel MPX (Memory Protection Extensions) is a set of extensions to the x86 instruction set architecture. With compiler, runtime library and operating system support, Intel MPX brings increased security to software by checking pointer references whose normal compile-time intentions are maliciously exploited at runtime due to buffer overflows. Intel MPX introduces new bounds registers, and new instruction set extensions that operate on these registers. Additionally, there is a new set of "bound tables" that store bounds beyond what can fit in the bounds registers.[1][2][3][4]

MPX uses four new 128-bit bounds registers, BND0 to BND3, each storing a pair of 64-bit lower bound (LB) and upper bound (UB) values of a buffer. The upper bound is stored in ones' complement form, with the load instructions BNDMK and BNDCU performing the conversion. The architecture includes user-mode configuration register BNDCFGU, supervisor-mode configuration register IA32_BNDCFGS (a model-specific register), and status register BNDSTATUS, which provides a memory address and error code in case of an exception.[5]

The application can use the Bounds Directory (BD) of several Bounds Tables (BT), which contain the linear address pointer of a buffer, along with its bounds. Two extended load/store instructions BNDLDX and BNDSTX will sync BNDx registers with the Bounds Directory, performing translation as necessary.[5]

Intel MPX was introduced as part of the Skylake microarchitecture.[6] Kernel-level software support for Intel MPX was merged into the Linux kernel mainline in kernel version 3.19, which was released on February 8, 2015.[7][8]

Intel Goldmont microarchitecture also supports Intel MPX.[9]

References

External links

This article is issued from Wikipedia - version of the Saturday, April 16, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.