Intel IBT Patches For Linux Back On Track

Written by Michael Larabel in Intel on 20 February 2022 at 07:06 AM EST. Add A Comment
INTEL
Last month Intel posted a new set of Linux patches for shadow stack support as part of the Control-flow Enforcement Technology (CET) found within their latest processors. Also part of Intel's CET is Indirect Branch Tracking (IBT) while Intel said they were going to first focus on shadow stack (SS) and worry about IBT later. Less than one month later, new Indirect Branch Tracking patches for the Linux kernel have been taking shape.

The SS portion of CET is focused on protecting against return-oriented programming (ROP) attacks. The Indirect Branch Tracking meanwhile provides hardware safeguards against jump/call oriented programming attacks (JOP / COP). While IBT Linux patches have been posted before, they haven't been mainlined yet and apparently not as much of a focus as the SS capabilities. In any event, Peter Zijlstra recently took to working on IBT integration for the Linux kernel and it's been making great progress.


On Friday there were 29 patches sent out by Zijlstra for the latest IBT kernel support. In there he shared the promising state of this IBT support:
This is an (almost!) complete Kernel IBT implementation. It's been self-hosting for a few days now. That is, it runs on IBT enabled hardware (Tigerlake) and is capable of building the next kernel.

It is also almost clean on allmodconfig using GCC-11.2.

The biggest TODO item at this point is Clang, I've not yet looked at that.

More details on CET can be found at Intel.com. CET hardware support initially premiered with Intel Tiger Lake processors.
Add A Comment
Related News
New Intel P-State Linux Driver Patches To Better Handle Hybrid Core CPUs
Intel Talks Up Their Latest Compiler Toolchain Enhancements For AVX10.1, AMX & More
Rework For Intel CPU Model Handling To Land With Linux 6.10
Linux 6.10 Adding Intel Low-Latency Hint To Aggressively Boost GT Frequency For GPU Compute
Intel Releases OpenVINO 2024.1 With More Gen AI & LLM Features
Intel ANV Vulkan Driver Enables VK_KHR_shader_float_controls2
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
systemd Rolling Out "run0" As sudo Alternative
Linux Mint Looks To Fork More GNOME Software, Make XApp More Independent
Microsoft Updates Cascadia Code: Its Open-Source Font For Developers
Rust-Written Redox OS Gets USB Keyboards & Mice Working
NetBSD On The State & Future Of X.Org/X11
AMD Enabling "Fast CPPC" For Even Greater Linux Performance & Power Efficiency On Some CPUs
Wine 9.8 Fixes Nearly 20 Year Old Bug For Installing Microsoft Office 97
Valve Publishes Steam Survey Numbers For April 2024