x86: Enable Intel Indirect Branch Tracking (IBT) (!3048) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Josh Poimboeuf requested to merge jpoimboe/centos-stream-9:ibt into main Sep 12, 2023

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1874115

Enable Intel Indirect Branch Tracking (IBT) in the kernel, which is a security hardening feature which requires that all indirect branch targets have the ENDBR instruction.

Testing: Booted on Sapphire Rapids. The IBT selftest succeeded. Used 'gdb /proc/kcore' to verify that meminfo_proc_show() starts with an ENDBR, and other functions which don't have pointer references to them start with NOP.

Signed-off-by: Josh Poimboeuf jpoimboe@redhat.com

Edited Sep 12, 2023 by Josh Poimboeuf

x86: Enable Intel Indirect Branch Tracking (IBT)

Merge request reports