Intel Sends Out Latest Patches Preparing Linux CET Virtualization

Written by Michael Larabel in Intel on 11 May 2023 at 06:50 AM EDT. Add A Comment
INTEL
Since Linux 5.18 there has been Indirect Branch Tracking (IBT) in the mainline kernel that was contributed by Intel as part of their Control-flow Enforcement Technology (CET). For Linux 6.4 Intel engineers tried to get the Shadow Stack support mainlined as the other part of CET, but issues were uncovered at the last minute. Hopefully Shadow Stack support will be merged for the v6.5 cycle but beyond that host support, Intel engineers have also been working on CET virtualization for enabling these security features for use within virtual machines.

Today marks the third iteration of the patches from Intel for CET virtualization for leveraging these CPU hardware features -- found since Intel Tiger Lake processors -- to help fend off ROP/JOP style control-flow subversion attacks within VMs.

Intel slide on CET


The current patches get Control-flow Enforcement Technology working for user Shadow Stack and Indirect Branch Tracking as well as kernel Indirect Branch Tracking support. Intel CET supervisor Shadow Stack support is left to be worked on in the future.

Besides needing this pending code as well as the Shadow Stack code not yet mainlined as of v6.4, there are also some pending QEMU patches needed for this CET virtualization. Those interested in the latest kernel patches for this effort, they can be found via this LKML patch series. The v3 patches have been re-based against linux-next and contain several fixes over the prior patch iterations.
Add A Comment
Related News
Intel P-State Energy Aware Scheduling Patches Updated For Lunar Lake
Intel Lands "Round Robin Strict" Driver Optimization For Helping Battlemage/Xe2
Intel Looking To Raise SPIR-V Backend To Becoming An Official LLVM Target
Intel Panther Lake & Clearwater Forest Power Management Patches For Linux 6.14
Intel Begins Readying Graphics Driver Changes For The Linux 6.14 Kernel
UMD Direct Submission "Proof Of Concept" For The Intel Xe Linux Driver
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features
NTSYNC Linux Patches Revived To Help Boost Steam Play Gaming Performance
Rust-Based, Memory-Safe PNG Decoders "Vastly Outperform" C-Based PNG Libraries