Hi Steven, On Fri, Jul 24, 2020 at 07:14:18PM +0200, Oscar Carter wrote: > On Fri, Jul 24, 2020 at 12:35:28PM -0400, Steven Rostedt wrote: > > On Fri, 24 Jul 2020 18:19:21 +0200 > > Oscar Carter <oscar.carter@xxxxxxx> wrote: > > > > > > The linker trick is far less intrusive, and I believe less error prone. > > > > > > If we use the linker trick, the warning -Wcast-function-type dissapears, > > > but in a way that makes impossible to the compiler to get the necessary > > > info about function prototypes to insert the commented check. As far I > > > know, this linker trick (redirection of a function) is hidden for the > > > CFI build. > > > > > > So, in my opinion, the linker trick is not suitable if we want to protect > > > the function pointers of the ftrace subsystem against an attack that > > > modifiy the normal flow of the kernel. > > > > The linker trick should only affect architectures that don't implement > > the needed features. I can make it so the linker trick is only applied > > to those archs, and other archs that want more protection only need to > > add these features to their architectures. > > > > It's much less intrusive than this patch. > > Sorry, but I don't understand your proposal. What features an arch need to > add if want the CFI protection? Typo correction. Sorry, but I don't understand your proposal. What features does an arch need to add if want the CFI protection? > > > > > -- Steve > Thanks, Oscar Carter
