Intel Posts Control-Flow Enforcement Support For GCC

Written by Michael Larabel in Intel on 21 June 2017 at 08:39 AM EDT. Add A Comment
INTEL
Last year Intel published a research whitepaper for Control-Flow Enforcement Technology (CET) while they have now posted a set of GCC patches for implementing this safeguard within the GCC compiler.

Control-flow Enforcement Technology is designed to fend off return-oriented programming (ROP) and call-jump-oriented programming (COP/JOP) attacks. This Intel technology fends against these styles of control-flow attacks by introducing a shadow stack to keep track of the expected return addresses and will raise faults if the return addresses don't match what's expected. CET also provides indirect branch tracking to fend against jump/call oriented attacks.

CET is detailed at length in this revised whitepaper now labeled as v2.0 compared to last June's initial v1.0 release of this technology. Current Intel CPUs don't support CET and Intel hasn't been entirely clear when it will be added to their processors, but seeing as they are now adding the support to GCC, it is perhaps only a year or less out (Cannonlake, perhaps?).

The GCC patches adding initial CET support can be found on the mailing list. Executables built for CET are safe to run still on non-CET processors albeit without any protection. Patches are still pending to support CET in the compiler libraries and glibc. The CET option for GCC is currently exposed with -mcet. This work will presumably land in time for next year's GCC 8 release.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week