When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft pulls a Windows as it breaks Linux on Intel CPUs and angers AMD in the process

Microsoft loves Linux but with a black heart

Earlier today, we reported about a happy and content Linus Torvalds, who is offering to make a guitar pedal for one of the lucky Linux devs out there since he is pleased with how things have been this holiday season and the progress with the Linux kernel version 6.13.

Unfortunately for Torvalds, a Microsoft-contributed change nearly ruined it, but Intel and AMD had intervened just in time to save the day.

The change in question was related to a ARCH_HAS_EXECMEM_ROX kernel configuration, which would allow caching of executable memory (EXECMEM) with read-only execute (ROX) permissions. It was being added as a performance improvement feature on Linux 6.13 for x86_64/ AMD64, ie, 64-bit AMD and Intel CPUs.

Unfortunately, this was pushed out without acknowledgement (Ack) from an x86 kernel maintainer, and it has broken the CFI or Control Flow Integrity on such CPUs.

Intel's Peter Zijlstra sent this in today to urgently revert the changes related to EXECMEM_ROX support since there is a lot of work left to be done before it is ready to be pushed out. He wrote:

x86: Disable EXECMEM_ROX support

The whole module_writable_address() nonsense made a giant mess of alternative.c, not to mention it still contains bugs -- notable some of the CFI variants crash and burn.

Mike has been working on patches to clean all this up again, but given the current state of things, this stuff just isn't ready.

Disable for now, lets try again next cycle.

AMD's Borislav Petkov also expressed his annoyance on the matter as he wrote:

I just love it how this went in without a single x86 maintainer Ack, it broke a bunch of things and then it is still there instead of getting reverted. Let's not do this again please.

-- Regards/Gruss, Boris.

For those who may not know, Control-flow Enforcement Technology (CET) is an important security feature, and it introduced Shadow Stack and Indirect Branch Targeting (IBT). The former helps defend a system against Return Oriented Programming (ROP) attacks, while the latter protects against Call or Jump Oriented Programming (COP/JOP) attacks.

CET is able to do so by checking the normal program stack against a hardware-stored copy (the Shadow Stack) to ensure that the integrity of return addresses is maintained. In simple words, Shadow Stack stops malware from taking over the process steps of legitimate software as it flags potentially compromised software from executing.

Report a problem with article
The Mastodon logo
Next Article

Mastodon is shifting control to a new nonprofit organization

Ashampoo WinOptimizer 27
Previous Article

Get Ashampoo WinOptimizer 27 at 70% off

Join the conversation!

Login or Sign Up to read and post a comment.

4 Comments - Add comment