Intel IBT Patches For Linux Back On Track

Written by Michael Larabel in Intel on 20 February 2022 at 07:06 AM EST. Add A Comment
INTEL
Last month Intel posted a new set of Linux patches for shadow stack support as part of the Control-flow Enforcement Technology (CET) found within their latest processors. Also part of Intel's CET is Indirect Branch Tracking (IBT) while Intel said they were going to first focus on shadow stack (SS) and worry about IBT later. Less than one month later, new Indirect Branch Tracking patches for the Linux kernel have been taking shape.

The SS portion of CET is focused on protecting against return-oriented programming (ROP) attacks. The Indirect Branch Tracking meanwhile provides hardware safeguards against jump/call oriented programming attacks (JOP / COP). While IBT Linux patches have been posted before, they haven't been mainlined yet and apparently not as much of a focus as the SS capabilities. In any event, Peter Zijlstra recently took to working on IBT integration for the Linux kernel and it's been making great progress.


On Friday there were 29 patches sent out by Zijlstra for the latest IBT kernel support. In there he shared the promising state of this IBT support:
This is an (almost!) complete Kernel IBT implementation. It's been self-hosting for a few days now. That is, it runs on IBT enabled hardware (Tigerlake) and is capable of building the next kernel.

It is also almost clean on allmodconfig using GCC-11.2.

The biggest TODO item at this point is Clang, I've not yet looked at that.

More details on CET can be found at Intel.com. CET hardware support initially premiered with Intel Tiger Lake processors.
Add A Comment
Related News
Intel XeSS SDK 1.1 Released
Intel Prepares More Meteor Lake Graphics Code For Linux 6.4
Intel LAM Will Try Again For Linux 6.4
Raja Koduri Departing Intel To Start New Software Company
Intel CET Shadow Stack Support Set To Be Introduced With Linux 6.4
Intel's Habana Labs Accelerator Driver Readying More Gaudi2 Code For Linux 6.4
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Intel Thunder Bay Is Officially Canceled, Linux Driver Code To Be Removed
Still Have A Use For Adobe Flash? Ruffle Is Working To Safely Emulate It In Rust
Linux 6.4 AMD Graphics Driver Picking Up New Power Features For The Steam Deck
Raja Koduri Departing Intel To Start New Software Company
Codon Looks Very Promising For Super-Fast Python Code
Valve Officially Announces Counter-Strike 2
Wine 8.4 Released With The Early Wayland Graphics Driver Code, 51 Bug Fixes
Debian 12 "Bookworm" Enters Its Hard Freeze