Control-flow integrity in 5.13
Control-flow integrity in 5.13
[Kernel] Posted May 21, 2021 14:36 UTC (Fri) by corbet
Among the many changes merged for the 5.13 kernel is support for the LLVM control-flow integrity (CFI) mechanism. CFI defends against exploits by ensuring that indirect function calls have not been redirected by an attacker. Quite a bit of work was needed to make this feature work well for the kernel, but the result appears to be production-ready and able to defend Linux systems from a range of attacks.