[PATCH v4 0/8] CFI for ARM32 using LLVM
Nathan Chancellor
nathan at kernel.org
Fri Apr 12 15:07:35 PDT 2024
On Fri, Apr 12, 2024 at 09:38:24AM +0200, Linus Walleij wrote:
> On Thu, Mar 28, 2024 at 9:19 AM Linus Walleij <linus.walleij at linaro.org> wrote:
>
> > This is a first patch set to support CLANG CFI (Control Flow
> > Integrity) on ARM32.
>
> Not much reaction to this apart from Kees' ACK and I think
> most patches are pretty straight-forward so I'll soon put them
> in Russell's tracker, I can always update them if there is some
> issue.
I've given the patches a quick glance and I do not see anything
obviously wrong so consider this a soft LGTM. Given that it is an option
and I am sure there are arm64 and x86_64 configurations that are not
clean, I don't think having all CFI issues patched before the support
lands is necessary or desirable.
> As mentioned, there will be some rough edges (e.g. eBPF)
> but a slew of machines boot fine with it and it should be able
> to provide additional hardening on a slew of embedded use
> cases.
Agreed.
I will try to file an issue for the EFI issue I noticed before so that
it can be investigated and fixed at some point.
Cheers,
Nathan
More information about the linux-arm-kernel
mailing list