Intel IBT Patches For Linux Back On Track

Written by Michael Larabel in Intel on 20 February 2022 at 07:06 AM EST. Add A Comment
INTEL
Last month Intel posted a new set of Linux patches for shadow stack support as part of the Control-flow Enforcement Technology (CET) found within their latest processors. Also part of Intel's CET is Indirect Branch Tracking (IBT) while Intel said they were going to first focus on shadow stack (SS) and worry about IBT later. Less than one month later, new Indirect Branch Tracking patches for the Linux kernel have been taking shape.

The SS portion of CET is focused on protecting against return-oriented programming (ROP) attacks. The Indirect Branch Tracking meanwhile provides hardware safeguards against jump/call oriented programming attacks (JOP / COP). While IBT Linux patches have been posted before, they haven't been mainlined yet and apparently not as much of a focus as the SS capabilities. In any event, Peter Zijlstra recently took to working on IBT integration for the Linux kernel and it's been making great progress.


On Friday there were 29 patches sent out by Zijlstra for the latest IBT kernel support. In there he shared the promising state of this IBT support:
This is an (almost!) complete Kernel IBT implementation. It's been self-hosting for a few days now. That is, it runs on IBT enabled hardware (Tigerlake) and is capable of building the next kernel.

It is also almost clean on allmodconfig using GCC-11.2.

The biggest TODO item at this point is Clang, I've not yet looked at that.

More details on CET can be found at Intel.com. CET hardware support initially premiered with Intel Tiger Lake processors.
Add A Comment
Related News
Intel Lands "Round Robin Strict" Driver Optimization For Helping Battlemage/Xe2
Intel Looking To Raise SPIR-V Backend To Becoming An Official LLVM Target
Intel Panther Lake & Clearwater Forest Power Management Patches For Linux 6.14
Intel Begins Readying Graphics Driver Changes For The Linux 6.14 Kernel
UMD Direct Submission "Proof Of Concept" For The Intel Xe Linux Driver
Intel Linux Display Driver Being Adapted For DRM Panic "Blue Screen of Death" Support
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features