On Fri, 24 Jul 2020 18:19:21 +0200 Oscar Carter <oscar.carter@xxxxxxx> wrote: > > The linker trick is far less intrusive, and I believe less error prone. > > If we use the linker trick, the warning -Wcast-function-type dissapears, > but in a way that makes impossible to the compiler to get the necessary > info about function prototypes to insert the commented check. As far I > know, this linker trick (redirection of a function) is hidden for the > CFI build. > > So, in my opinion, the linker trick is not suitable if we want to protect > the function pointers of the ftrace subsystem against an attack that > modifiy the normal flow of the kernel. The linker trick should only affect architectures that don't implement the needed features. I can make it so the linker trick is only applied to those archs, and other archs that want more protection only need to add these features to their architectures. It's much less intrusive than this patch. -- Steve
