Split CFI jump tables between core kernel and entry code so KPTI doesn't have to map the entire jump table #23
Labels
[ARCH] x86_64
Needed on the 64-bit x86 architecture (ARCH=x86)
[Feature] CFI
Involves Control Flow Integrity
Comments
kees
added
[ARCH] x86_64
|
Looks like current best solution is to just always map the jump tables. |
kees
changed the title
|
No longer an issue; the entry code is using the opaque types to avoid CFI instrumentation. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://outflux.net/blog/archives/2019/11/20/experimenting-with-clang-cfi-in-upstream-linux/
There seems to be some generated code that is being run at syscall entry that is not mapped. I suspect there is something still doing CFI checks on entry (and their resulting jump tables are missing), but I haven't found them yet. For now, disable KPTI under CFI (at run time, so test kernels can still boot with "pti" to enable it again).
The text was updated successfully, but these errors were encountered: