[go: up one dir, main page]

|
|
Log in / Subscribe / Register

Control-flow integrity for the kernel

Control-flow integrity for the kernel

Posted Jan 22, 2020 9:47 UTC (Wed) by kees (subscriber, #27264)
In reply to: Control-flow integrity for the kernel by Aaron1011
Parent article: Control-flow integrity for the kernel

I didn't cover the DSO support in Clang's CFI implementation just because things were already pretty complex and I wasn't going to have time to cover everything. The short version is: when a function is not found in the jump table in the main kernel text, it is redirected to a __cfi_check() function exported by modules, and the jump tables are effectively "extended" for each function prototype bucket. More details are here under the "Shared library support" heading.


to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds