Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.freenode.net ##linux-hardened. Currently maintained at https://github.com/anthraxx/linux-hardened.
figure out how serious Google is about implementing SafeStack + CFI for the kernel and a rough timeline as it can aid an alternate CFI implementation #61
If they worked on Clang CFI, they would end up resolving the incorrectly typed function pointers so it would help an effort to use a stronger CFI implementation.
thestinger
commented
6 years ago
If they worked on Clang CFI, they would end up resolving the incorrectly typed function pointers so it would help an effort to use a stronger CFI implementation.