[New-bugs-announce] [issue25300] Enable Intel MPX (Memory protection Extensions) feature

Florin Papa report at bugs.python.org
Fri Oct 2 14:25:37 CEST 2015 

New submission from Florin Papa:

Hi all,

My name is Florin Papa and I work in the Server Languages Optimizations Team at Intel Corporation.

I would like to submit a patch that enables the use of the Intel MPX (Memory Protection Extensions) feature on Python default and 2.7. Invalid memory access problem is commonly found in C/C++ programs and leads to time consuming debugging, program instability and vulnerability. Many attacks exploit software bugs related to invalid memory access caused by buffer overflow/underflow. Existing set of techniques to avoid such memory bugs represent software only solutions which result in poor protection and performance.

Intel MPX introduces new registers and new instructions that operate on these registers. Some of the registers added are bounds registers which store a pointer’s lower bound and upper bound limits. Whenever the pointer is used, the requested reference is checked against the pointer’s associated bounds, thereby preventing out-of-bound memory access (such as buffer overflows and overruns). Out-of-bounds memory references initiate a #BR exception which can then be handled in an appropriate manner.

MPX technology was introduced on the sixth generation of Intel Core processors, code name SkyLake, the successor to Broadwell microarchitecture (only desktop processor is available on the market, server has not been released). For older generations of Intel processors that do not support MPX, nop’s will be added to the instruction stream [1]. 

MPX enabled builds are only possible using gcc 5.1 and newer [2].

To apply the patch please follow these steps:
hg clone https://hg.python.org/cpython
cd cpython
copy mpx_enable.patch to the current directory
hg import --no-commit mpx_enable.patch
./configure –with-mpx
make –j #cores

[1] https://software.intel.com/en-us/articles/introduction-to-intel-memory-protection-extensions
[2] https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler

Regards,
Florin

----------
components: Extension Modules
files: mpx_enable_3_6.patch
keywords: patch
messages: 252110
nosy: florin.papa
priority: normal
severity: normal
status: open
title: Enable Intel MPX (Memory protection Extensions) feature
type: security
versions: Python 3.6
Added file: http://bugs.python.org/file40657/mpx_enable_3_6.patch

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue25300>
_______________________________________

More information about the New-bugs-announce mailing list