Closed wryMitts closed 4 months ago
@wryMitts, thanks for creating this issue.
Please see the commit https://github.com/a13xp0p0v/linux-kernel-defence-map/commit/05916b0d9994f0df60ab0b2556047ee1070d1978.
ARM64: CFI_CLANG
is renamed to CFI_CLANG (KCFI)
.
ARM64
is removed from the name because this feature is supported both for X86_64
and ARM64
.
As the documentation says, "KCFI is a proposed forward-edge control-flow integrity scheme for Clang", so I didn't add the link to the "Backward-edge CFI" node.
After extended review, looks like there is two implementations with the name kCFI, one merged, other never made it into the kernel. Made by two different people. That seems to be why documentation was confusing. My mistake
kCFI was merged (6.1 ?) and is now used by default when selecting CFI CLANG
https://lwn.net/Articles/893164/
It is fine grained forward and backward edge:
Page 2:
https://www.blackhat.com/docs/asia-17/materials/asia-17-Moreira-Drop-The-Rop-Fine-Grained-Control-Flow-Integrity-For-The-Linux-Kernel-wp.pdf