Skip to content

Split CFI jump tables between core kernel and entry code so KPTI doesn't have to map the entire jump table #23

New issue
New issue
Closed
Closed
Split CFI jump tables between core kernel and entry code so KPTI doesn't have to map the entire jump table#23
Labels
[ARCH] x86_64Needed on the 64-bit x86 architecture (ARCH=x86)[Feature] CFIInvolves Control Flow Integrity
@kees

Description

@kees
kees
opened on Nov 21, 2019

https://outflux.net/blog/archives/2019/11/20/experimenting-with-clang-cfi-in-upstream-linux/

There seems to be some generated code that is being run at syscall entry that is not mapped. I suspect there is something still doing CFI checks on entry (and their resulting jump tables are missing), but I haven't found them yet. For now, disable KPTI under CFI (at run time, so test kernels can still boot with "pti" to enable it again).

Metadata

Metadata

Assignees

No one assigned

    Labels

    [ARCH] x86_64Needed on the 64-bit x86 architecture (ARCH=x86)[Feature] CFIInvolves Control Flow Integrity

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions