New Linux Patch Series Provides A Fresh Take On Intel Indirect Branch Tracking

Written by Michael Larabel in Intel on 22 November 2021 at 02:25 PM EST. Add A Comment
INTEL
Last year with Intel "Tiger Lake" was the introduction of Control-Flow Enforcement Technology (CET) for helping fend off return/jump-oriented attacks and as part of CET is hardware Indirect Branch Tracking (IBT) support. There have been patch series working to implement CET's IBT support but after having gone through 30 rounds of review and not being merged, a new take on it was submitted today.

For months there has been work on supporting Intel Control-Flow Enforcement Technology's Indirect Branch Tracking feature in the Linux kernel. The most recent revision of that I am aware of is the v30 patches sent out last August. But those patches were never merged nor even any Linux kernel mailing list comments to that revision.


With that current Intel CET/IBT work appearing to have stalled without being mainlined, Intel's Peter Zijlstra has posted a new and different IBT patch series. This new series though is in a "request for comments" phase and hasn't even been tested on newer processors with IBT hardware yet.


The code is incomplete on this new take but adds the X86_IBT build option, enables "-fcf-protection=branch" support for the compiler, and has the objtool changes and other work for adding the ENDBR instruction for possible indirect branch targets. Kernel entry points have the ENDBR "end branch" instruction added.

This new Linux kernel IBT patch series can be found on the kernel mailing list. We'll see this time if it gets worked into something that will ultimately be upstreamed.
Add A Comment
Related News
Linux Fixing A "Hilarious/Revolting Performance Regression" Around Intel KVM Virtualization
Intel P-State Energy Aware Scheduling Patches Updated For Lunar Lake
Intel Lands "Round Robin Strict" Driver Optimization For Helping Battlemage/Xe2
Intel Looking To Raise SPIR-V Backend To Becoming An Official LLVM Target
Intel Panther Lake & Clearwater Forest Power Management Patches For Linux 6.14
Intel Begins Readying Graphics Driver Changes For The Linux 6.14 Kernel
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
NTSYNC Linux Patches Revived To Help Boost Steam Play Gaming Performance
KDE Starts December By Landing A Number Of New Features
Rust-Based, Memory-Safe PNG Decoders "Vastly Outperform" C-Based PNG Libraries