Indirect branch tracking for Intel CPUs
Indirect branch tracking for Intel CPUs
Posted Apr 1, 2022 7:35 UTC (Fri) by Villemoes (subscriber, #91911)Parent article: Indirect branch tracking for Intel CPUs
> For example, the kernel gained support for a compiler-implemented IBT mechanism during the 5.13 development cycle. In this mode, the compiler routes every indirect branch through a "jump table", ensuring that the target is not only meant to be reached by indirect branches, but that the prototype of the called function matches what the caller is expecting. This approach works, at the cost of a fair amount of compile-time and run-time overhead.
That mechanism also proactively prevents attackers from gaining control over the machine by inducing NULL pointer derefs (and who knows what other malfunctions) in perfectly fine C code. If you consider enabling that, make sure none of the code included in your build relies on function pointer (in)equality testing.