mirror of
https://github.com/torvalds/linux.git
synced 2026-03-14 00:56:20 +01:00
894af4a1cd
Validate that all indirect calls adhere to kCFI rules. Notably doing nocfi indirect call to a cfi function is broken. Apparently some Rust 'core' code violates this and explodes when ran with FineIBT. All the ANNOTATE_NOCFI_SYM sites are prime targets for attackers. - runtime EFI is especially henous because it also needs to disable IBT. Basically calling unknown code without CFI protection at runtime is a massice security issue. - Kexec image handover; if you can exploit this, you get to keep it :-) Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: Josh Poimboeuf <jpoimboe@kernel.org> Acked-by: Sean Christopherson <seanjc@google.com> Link: https://lkml.kernel.org/r/20250714103441.496787279@infradead.org |
||
|---|---|---|
| .. | ||
| arch | ||
| Documentation | ||
| include/objtool | ||
| .gitignore | ||
| Build | ||
| builtin-check.c | ||
| check.c | ||
| elf.c | ||
| Makefile | ||
| noreturns.h | ||
| objtool.c | ||
| orc_dump.c | ||
| orc_gen.c | ||
| special.c | ||
| sync-check.sh | ||
| weak.c | ||