Hi! On Tue, 2025-09-16 at 10:20:43 -0700, H.J. Lu wrote: > On Tue, Sep 16, 2025 at 9:26 AM Edgecombe, Rick P wrote: > > On Tue, 2025-09-16 at 09:50 +0200, Guillem Jover wrote: > > > > I'm not aware of any current public activities to enable userspace > > > > IBT. I haven't see any recent attempt to define a userspace/kernel ABI, > > > > or to test (and port where necessary) userspace. > > > > > > Thanks. So, do any of you (Florian, Rick, Yu-cheng, H.J., or perhaps > > > other people who have been working on this elsewhere) think we should > > > switch to -fcf-protection=return (from -fcf-protection)? Or are there > > > plans to add the userland IBT support in Linux in the near future? > > > Otherwise it indeed seems like a bit of a waste for now? > > > > I'd still like to do it, but it's fair to say it's not imminent. This seems > > like a reasonable course of action.
Ah, thanks! It was really not clear whether these efforts had died off, or were just on pause. But if there's intention to implement it, even if it might take a couple of years, then I think leaving the -fct-protection option as is might be fine, as long as the current ABI is not going to change (see below). > With ENDBR64 in place, dynamic user space binaries will get IBT enhancement > automatically via a glibc update when user space IBT is enabled in Linux > kernel. Right, that was my initial thinking as well [M], but that would depend on whether the implementation will still rely on endbr64 being in all function prologues or whether it might end up with something like what Florian proposed in <https://groups.google.com/g/x86-64-abi/c/iQWEW-iW8DQ>. Because at that point we'd need to rebuild everything anyway. [M] <https://lists.debian.org/debian-devel/2025/09/msg00109.html> Thanks, Guillem
