Re: [PATCH 4/7] x86: ban 32-bit sigreturn when user IBT enabled

[H. Peter Anvin]

On May 17, 2026 11:30:21 AM PDT, Richard Patel <ripatel@xxxxxxx> wrote:
>IBT enforces that indirect branch targets land on an endbr
>instruction. The CPU enforces this by setting the 'WAIT_FOR_ENDBR'
>bit after executing an indirect branch/jump.
>
>The only relevant edge case with user IBT is signal handling:
>When entering/leaving a signal handler, the WAIT_FOR_ENDBR bit must
>be backed up/restored.
>
>IBT is not implemented for 32-bit and cannot be enabled using a
>32-bit syscall. However, a 64-bit thread could far jump into 32-bit.
>Therefore, 32-bit sigreturn must be banned until IBT supports that
>environment.
>
>Signed-off-by: Richard Patel <ripatel@xxxxxxx>
>Based-on-patch-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
>Link: https://lwn.net/ml/linux-kernel/20210830182221.3535-5-yu-cheng.yu@xxxxxxxxx/
>---
> arch/x86/kernel/signal_32.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
>diff --git a/arch/x86/kernel/signal_32.c b/arch/x86/kernel/signal_32.c
>index e55cf19e68fe..7cb76d794366 100644
>--- a/arch/x86/kernel/signal_32.c
>+++ b/arch/x86/kernel/signal_32.c
>@@ -143,6 +143,11 @@ static bool ia32_restore_sigcontext(struct pt_regs *regs,
> 	regs->ds = fixup_rpl(sc.ds);
> #endif
> 
>+#ifdef CONFIG_X86_USER_IBT
>+	if (current->thread.ibt)
>+		return false;
>+#endif
>+
> 	return fpu__restore_sig(compat_ptr(sc.fpstate), 1);
> }
> 

Dumb question: is there any reason not to just enable it for 32 bits? It doesn't seem that it would be that big of a delta to Just Do It.™

That being said, I suspect the number of users will be very small if any.