Control-Flow Enforcement Technology Begins To Land In GCC 8

Written by Michael Larabel in Intel on 20 October 2017 at 01:39 PM EDT. 1 Comment
INTEL
Intel Control-flow Enforcement Technology (CET) support has begun landing within the GNU Compiler Collection (GCC) for this code safety feature.

Patches have been in the works for several months while now the start of the patches are being merged to mainline. Coincidentally, at the same time Intel is also landing their GFNI instruction patches in GCC as well.

Control-flow Enforcement Technology aims to prevent return-oriented programming (ROP) and call-jump-oriented programming (COP/JOP) attacks. The Intel-developed technology tries to prevent control-flow attacks by the concept of having a shadow stack to keep track of the expected return addresses and will raise faults if the return addresses does not match what is expected by the shadow stack. CET also has indirect branch tracking for stopping jump/call oriented attacks.

Intel Control-flow Enforcement Technology with their shadow stack and indirect branch tracking approaches is described in much more technical detail via this whitepaper. Intel initially revealed their CET research back in 2016 while the past few months on the public GCC mailing list we've been seeing a lot of the compiler-side work happen.

As of this morning, the start of the patches have landed while the rest will presumably make it in plenty of time for the stable GCC 8.1 release around March or April of next year. Intel hasn't officially commented on when CET will be featured in new CPUs for control flow integrity protection, but given the timing of the GCC work, hopefully we'll see it in place for Cannonlake or worst case Ice lake.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week