Indirect Branch Tracking Ready Ahead Of Linux 5.18

Written by Michael Larabel in Intel on 9 March 2022 at 05:40 AM EST. 1 Comment
INTEL
Indirect Branch Tracking (IBT) as part of Intel's Control-flow Enforcement Technology (CET) is set to be supported as part of the upcoming Linux 5.18 kernel. Last night the IBT patch series has queued into TIP's x86/core ahead of the Linux 5.18 merge window.

Indirect Branch Tracking is hardware-based, course-grain forward-edge Control Flow Integrity (CFI) protection. When enabled for the kernel build, it ensures indirect calls land on an ENDBR instruction. Besides all of the Linux kernel patches to make IBT a reality, there is compiler-side support necessary that means GCC 9 and newer or LLVM Clang 14 and newer.


IBT is for protecting against jump/call oriented programming attacks. Indirect Branch Tracking is part of Intel CET found since Tiger Lake. The other portion of CET is the Intel Shadow Stack also seeing Linux work.

While Intel was recently focusing more on the Shadow Stack (SS) patches and shifted IBT to the back-burner, well known kernel developer Peter Zijlstra of Intel recently began working on the IBT support for Linux. He's been sending out many revisions to the patches and now it looks like everything is good to go for Linux 5.18.


After sending out the latest round yesterday, the latest milestone is as of last night all the IBT kernel patches were queued into TIP's x86/core Git thus putting it on the platter for Linux 5.18. This security feature can be enabled with the X86_KERNEL_IBT option when building the Linux kernel with GCC 9+ or Clang 14+.
1 Comment
Related News
Intel Lands "Round Robin Strict" Driver Optimization For Helping Battlemage/Xe2
Intel Looking To Raise SPIR-V Backend To Becoming An Official LLVM Target
Intel Panther Lake & Clearwater Forest Power Management Patches For Linux 6.14
Intel Begins Readying Graphics Driver Changes For The Linux 6.14 Kernel
UMD Direct Submission "Proof Of Concept" For The Intel Xe Linux Driver
Intel Linux Display Driver Being Adapted For DRM Panic "Blue Screen of Death" Support
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features