New Linux Patch Series Provides A Fresh Take On Intel Indirect Branch Tracking
Written by Michael Larabel in Intel on 22 November 2021 at 02:25 PM EST. Add A Comment
INTEL --
Last year with Intel "Tiger Lake" was the introduction of Control-Flow Enforcement Technology (CET) for helping fend off return/jump-oriented attacks and as part of CET is hardware Indirect Branch Tracking (IBT) support. There have been patch series working to implement CET's IBT support but after having gone through 30 rounds of review and not being merged, a new take on it was submitted today.

For months there has been work on supporting Intel Control-Flow Enforcement Technology's Indirect Branch Tracking feature in the Linux kernel. The most recent revision of that I am aware of is the v30 patches sent out last August. But those patches were never merged nor even any Linux kernel mailing list comments to that revision.


With that current Intel CET/IBT work appearing to have stalled without being mainlined, Intel's Peter Zijlstra has posted a new and different IBT patch series. This new series though is in a "request for comments" phase and hasn't even been tested on newer processors with IBT hardware yet.


The code is incomplete on this new take but adds the X86_IBT build option, enables "-fcf-protection=branch" support for the compiler, and has the objtool changes and other work for adding the ENDBR instruction for possible indirect branch targets. Kernel entry points have the ENDBR "end branch" instruction added.

This new Linux kernel IBT patch series can be found on the kernel mailing list. We'll see this time if it gets worked into something that will ultimately be upstreamed.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week