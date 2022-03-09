Indirect Branch Tracking Ready Ahead Of Linux 5.18
Written by Michael Larabel in Intel on 9 March 2022 at 05:40 AM EST. Add A Comment
INTEL --
Indirect Branch Tracking (IBT) as part of Intel's Control-flow Enforcement Technology (CET) is set to be supported as part of the upcoming Linux 5.18 kernel. Last night the IBT patch series has queued into TIP's x86/core ahead of the Linux 5.18 merge window.

Indirect Branch Tracking is hardware-based, course-grain forward-edge Control Flow Integrity (CFI) protection. When enabled for the kernel build, it ensures indirect calls land on an ENDBR instruction. Besides all of the Linux kernel patches to make IBT a reality, there is compiler-side support necessary that means GCC 9 and newer or LLVM Clang 14 and newer.


IBT is for protecting against jump/call oriented programming attacks. Indirect Branch Tracking is part of Intel CET found since Tiger Lake. The other portion of CET is the Intel Shadow Stack also seeing Linux work.

While Intel was recently focusing more on the Shadow Stack (SS) patches and shifted IBT to the back-burner, well known kernel developer Peter Zijlstra recently began working on the IBT support for Linux. He's been sending out many revisions to the patches and now it looks like everything is good to go for Linux 5.18.


After sending out the latest round yesterday, the latest milestone is as of last night all the IBT kernel patches were queued into TIP's x86/core Git thus putting it on the platter for Linux 5.18. This security feature can be enabled with the X86_KERNEL_IBT option when building the Linux kernel with GCC 9+ or Clang 14+.
Add A Comment
Related News
Intel "Madison Peak" Bluetooth Support Coming For Linux 5.18
Intel Prepares More DG2/Alchemist & Xe HP Driver Improvements For Linux 5.18
Intel's Idle Linux Driver Finally Seeing Xeon Sapphire Rapids Support
Intel "In-Field Scan" Coming With Sapphire Rapids As New Silicon Failure Testing Feature
Intel Continues Linux Preparations For Xe HP Compute Accelerators
Intel's IWD 1.25 Adds Support For Encrypting Network Credentials, Other Improvements
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week
Microsoft Has Another Go At Their DirectX Linux Kernel Driver
The Worst Razer Mouse I've Tested In The Past 17 Years
EXT4 Fast Commit Mode To Be Even Faster With Linux 5.18
OpenBLAS Deciding Whether To Drop Support For Russia's Elbrus CPUs
Imagination Tech Publishes Open-Source PowerVR Vulkan Driver For Mesa
LatencyFlex v0.1 Released As Drop-In Replacement To NVIDIA Reflex
Commercial-Only Qt 5.15.3 LTS Now Released As Open-Source
AMD-Powered Lenovo ThinkPads To Soon Have Working Platform Profile Support On Linux