Post Syndicated from original https://lwn.net/Articles/889475/

“Control-flow integrity” (CFI) is a set of technologies intended to prevent
an attacker from redirecting a program’s control flow and taking it over.
One of the
approaches taken by CFI is called “indirect branch tracking” (IBT); its
purpose is to prevent an attacker from causing an indirect branch (a
function call via a pointer variable, for example) to go to an unintended
place. IBT for Intel processors has been under development for some time;
after an abrupt turn, support for protecting the kernel with IBT has been
merged for the upcoming 5.18 release.