Debian User Forums

Hi all,
I just came across this :-

Code: Select all

[$] aptitude show libmpx0                                                                                                         
Package: libmpx0                         
State: not installed
Multi-Arch: same
Version: 5-20150321-1
Priority: optional
Section: libs
Maintainer: Debian GCC Maintainers <debian-gcc@lists.debian.org>
Architecture: amd64
Uncompressed Size: 25.6 k
Depends: gcc-5-base (= 5-20150321-1), libc6 (>= 2.17)
PreDepends: multiarch-support
Description: Intel memory protection extensions (runtime)
 Intel MPX is a set of processor features which, with compiler, runtime library and OS support, brings increased robustness to software by checking pointer references whose compile time normal intentions are usurped at runtime due to buffer overflow.
Homepage: http://gcc.gnu.org/


This doesn't tell much but going to https://en.wikipedia.org/wiki/Intel_MPX and then looking at https://en.wikipedia.org/wiki/Skylake_% ... tecture%29 the situation becomes much more clearer. Guess this will by default and will benefit greatly all those who will buy Skylake while with this perhaps legacy users (who won't have Skylake microprocessors) can also emulate the same albeit slowly.

If my understanding is wrong, please correct it.

shirish wrote:Guess this will by default and will benefit greatly all those who will buy Skylake while with this perhaps legacy users (who won't have Skylake microprocessors) can also emulate the same albeit slowly.

If my understanding is wrong, please correct it.

I cannot tell, but I would bet that this won't be used by default anywhere, and certainly not in debian, as this is a very intel 64-bit specific thing.

What to do if You want to keep the income from sales rising, while already sold products are good/fast enough and there's no easy way to build significantly better product? Competitive products are getting to the market, and they are better/cheaper/less power-hungry...
Marketing gives the power - let's spread some bullshits about some "new technology" which increases so much appreciated "safety and robustness".

Why do I say so?
Well, MPX has only 4 registers for pointer bounds checking - taking into account that even relatively small program can use hundreds of pointers and hundreds of buffers, it is obvious, that 4 registers can't be used efficiently to protect all of them. Situation looks even worse, when we'll take into account that there can be hundreds of processes running in parallel and each of them uses that hundreds of pointers and buffers.
Conclusion is simple: only selected, most vulnerable portions of code can benefit from this solution...

That still sounds not bad, until we realise that such protection can be implemented in software, and in fact such techniques are already used for potentially voulnerable code.
The problem is, as always, that nobody knows all the cases when part of code should be protected in this way, until a new virus, new attack technique or a new voulnerability is discovered.

In othre words: MPX offers functionality which sound great, but it can't guarantee anything, and it's not new - as pointer bounds checking is already implemented in serious/high quality/deterministic software.

I really whish companies like Tilera will finally stop to affraid of Intel, and start to sell PC motherboards for their CPUs. Unfortunately, since microshit still holds about 56-78% of the PC market (depending on who is making the statistics) that would need a support for 100+ cores on winblows (what is impossible).

...anyway, it seems that I have to spend another few years with intel clones...