[PATCH 0/7] CFI for ARM32 using LLVM

Kees Cook keescook at chromium.org
Tue Feb 27 10:01:39 PST 2024


On Tue, Feb 27, 2024 at 02:48:13PM +0100, Linus Walleij wrote:
> On Tue, Feb 27, 2024 at 2:06 AM Kees Cook <keescook at chromium.org> wrote:
> 
> > On Sun, Feb 25, 2024 at 09:08:09PM +0100, Linus Walleij wrote:
> > > This is a first patch set to support CLANG CFI (Control Flow
> > > Integrity) on ARM32.
> >
> > Yay!
> >
> > Is CONFIG_CFI_PERMISSIVE=y expected to work with this series?
> 
> I enable that and what happens when I trigger a crash is that the
> process shell is killed and I return to login prompt (busybox).
> I guess that is expected behaviour for permissive?

No, permissive should just issue a WARN and continue running. I think
you need wire up report_cfi_failure(), see cfi_handler() in arm64.

But non-permissive is working great! :)

-- 
Kees Cook



More information about the linux-arm-kernel mailing list