Feature Request: CFI - Githubissues

Locietta / xanmod-kernel-WSL2

Xanmod kernel for WSL2, built by clang with ThinLTO enabled. Build & Release are automated by Github Action.

GNU General Public License v2.0

83 stars 15 forks source link

Feature Request: CFI #61

Closed Andarwinux closed 3 months ago

Andarwinux commented 3 months ago

Hi, can you add a kernel build of CFI and CET? just CFI_CLANG,X86_USER_SHADOW_STACK,X86_KERNEL_IBT.

Locietta commented 3 months ago

The kernel was built with IBT enabled, but one day it caused WSL2 unbootable, so it was disabled at #32. I think I tried CFI and CET before and got similar result.

I just quickly revisit the build with all your 3 configs on, and sadly, WSL2 fails to boot with that kernel build. It's been sad that many kernel hardening feature just cause WSL2 to not boot. I'd like to add these in a clang-built kernel, but it just breaks :disappointed:

Andarwinux commented 3 months ago

I built 6.8.9 kernel locally and IBT does caused wsl2 unbootable, but CFI and CET seem work fine.

4-FLOSS-Free-Libre-Open-Source-Software commented 3 months ago

So we could benefit from those other both features at least ?

Locietta commented 3 months ago

I've opened a PR(#62) to re-enable CFI & CET.