On Mon, Oct 9, 2023 at 6:01 PM Matthew Maurer <mmaurer@xxxxxxxxxx> wrote: > > If the IBT part would be helpful by itself immediately, I can split > that out - it's only the KCFI portion that won't currently work. Thanks Matthew. I don't think we are in a rush, but if it is not too much work to split it, that would be great, instead of adding the restriction. For retthunk, by the way, I forgot to mention to Greg above that (in the original discussion with PeterZ) that I did a quick test back then to hack the equivalent of `-mfunction-return=thunk-extern` into `rustc` to show that the compiler could use it via LLVM (by passing the attribute in the IR). At least at a basic level it seemed to work: I got a userspace program to count the times that it went through the return thunk. I didn't try to do anything on the kernel side, but at least for the compiler side, it seemed OK. So it may be way easier (on the compiler side) than the CFI work? Cheers, Miguel
