On Tue, Mar 16, 2021 at 01:44:33PM -0700, Sami Tolvanen wrote: > On Thu, Mar 11, 2021 at 6:51 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > > > On Thu, Mar 11, 2021 at 04:49:19PM -0800, Sami Tolvanen wrote: > > > Select ARCH_SUPPORTS_CFI_CLANG to allow CFI to be enabled. > > > > > > Signed-off-by: Sami Tolvanen <samitolvanen@xxxxxxxxxx> > > > > Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> > > > > Random thought: the vDSO doesn't need special handling because it > > doesn't make any indirect calls, yes? > > That might be true, but we also filter out CC_FLAGS_LTO for the vDSO, > which disables CFI as well. Oh right! That would do it. :) -- Kees Cook
