On Fri, Jul 24, 2020 at 12:35:28PM -0400, Steven Rostedt wrote: > On Fri, 24 Jul 2020 18:19:21 +0200 > Oscar Carter <oscar.carter@xxxxxxx> wrote: > > > > The linker trick is far less intrusive, and I believe less error prone. > > > > If we use the linker trick, the warning -Wcast-function-type dissapears, > > but in a way that makes impossible to the compiler to get the necessary > > info about function prototypes to insert the commented check. As far I > > know, this linker trick (redirection of a function) is hidden for the > > CFI build. > > > > So, in my opinion, the linker trick is not suitable if we want to protect > > the function pointers of the ftrace subsystem against an attack that > > modifiy the normal flow of the kernel. > > The linker trick should only affect architectures that don't implement > the needed features. I can make it so the linker trick is only applied > to those archs, and other archs that want more protection only need to > add these features to their architectures. > > It's much less intrusive than this patch. Sorry, but I don't understand your proposal. What features an arch need to add if want the CFI protection? > > -- Steve Thanks, Oscar Carter