Another Round Of Intel CET Patches, Still Working Toward Linux Kernel Integration

Written by Michael Larabel in Intel on 21 August 2021 at 06:40 AM EDT. 1 Comment
INTEL
While Intel is normally very punctual in providing support for major new CPU features under Linux and often landing them well in advance of general hardware availability, their work around Control-flow Enforcement Technology (CET) has taken a long longer than normal and is still going through new rounds of code review to get accepted into the mainline Linux kernel.

Intel Tiger Lake SoCs with CET support have been available now for about one year and Intel CET work for Linux goes back to 2017. Intel Control-Flow Enforcement Technology aims to prevent ROP and COP/JOP style attacks through indirect branch tracking and a shadow stack. The compiler-side CET patches quickly landed but the Linux kernel support for this security feature has long been ongoing and as of yesterday is up to its 29th round of review.


On Friday the 29th round of the CET shadow stack patches and CET indirect branch tracking patches were posted.

The 32 Linux patches for the CET shadow stack support saw most of the changes with various low-level code improvements and tweaks plus re-basing against the latest upstream kernel state. The ten patches for the CET indirect branch tracking were just re-basing the patches against the upstream kernel state.

Some Linux distributions and vendor kernels are already carrying the Intel CET patches in their out-of-tree form while we await to see if the patches are now deemed ready for mainline next cycle or will still require more rounds of review... Hopefully it's not like Intel SGX that took 40+ rounds of review before being ready for the mainline kernel.
1 Comment
Related News
Intel Talks Up Their Latest Compiler Toolchain Enhancements For AVX10.1, AMX & More
Rework For Intel CPU Model Handling To Land With Linux 6.10
Linux 6.10 Adding Intel Low-Latency Hint To Aggressively Boost GT Frequency For GPU Compute
Intel Releases OpenVINO 2024.1 With More Gen AI & LLM Features
Intel ANV Vulkan Driver Enables VK_KHR_shader_float_controls2
Intel Has Many Improvements For The Xe Graphics Driver In Linux 6.10
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
systemd Rolling Out "run0" As sudo Alternative
Linux Mint Looks To Fork More GNOME Software, Make XApp More Independent
Microsoft Updates Cascadia Code: Its Open-Source Font For Developers
Microsoft Open-Sources MS-DOS 4.0 Under MIT License
Systemd 256-rc1 Brings A Huge Number Of New Features
NVIDIA Developer Opens Feature Pull Request For Open-Source NVK Driver
Rust-Based Coreutils 0.0.26 Increases Compatibility With GNU Coreutils
Ubuntu 24.04 LTS Downloads Now Available