Use Clang's Control Flow Integrity (CFI)
modulename: cfi.ko
configname: CONFIG_CFI_CLANG
Linux Kernel Configuration
└─>General architecture-dependent options
└─>Use Clang's Control Flow Integrity (CFI)
In linux kernel since version 4.14.326 (release Date: 2023-09-23)
This option enables Clang's forward-edge Control Flow Integrity
(CFI) checking, where the compiler injects a runtime check to each
indirect function call to ensure the target is a valid function with
the correct static type. This restricts possible call targets and
makes it more difficult for an attacker to exploit bugs that allow
the modification of stored function pointers. More information can be
found from Clang's documentation:
https://clang.llvm.org/docs/ControlFlowIntegrity.html
(CFI) checking, where the compiler injects a runtime check to each
indirect function call to ensure the target is a valid function with
the correct static type. This restricts possible call targets and
makes it more difficult for an attacker to exploit bugs that allow
the modification of stored function pointers. More information can be
found from Clang's documentation:
https://clang.llvm.org/docs/ControlFlowIntegrity.html