Conversation

As I've mentioned before, Android uses Clang's forward-edge Control Flow Integrity (CFI) for the Linux kernel on the Pixel 3 to protect indirect calls from control flow hijacking: android-developers.googleblog.com/2018/10/contro This includes support for cross-DSO CFI to support dynamic kernel modules.

android-developers.googleblog.com

Control Flow Integrity in the Android kernel

Android’s security model is enforced by the Linux kernel, which makes it a tempting target for attackers. We have put a lot of effort into hardening the kernel in previous Android releases and in...

Replying to

and

TIL clang can build Linux now

Replying to

and

It was used to build the Pixel 2 kernel too. It has the best support for building it on arm64, which is also the architecture with the most focus on Linux kernel hardening. A lot of the hardening is done by ARM compared to x86 where Intel has barely any involvement in most of it.

Replying to

and

github.com/ClangBuiltLinu is a tracker of the remaining issues with it. Only a few patches are generally needed on arm64, which is often the case when using a new GCC version anyway. Using LTO in order to have CFI is more involved, but it's still a quite reasonably sized patch set.

12:11 AM · Mar 30, 2019Twitter Web Client

Replying to

and

Google got tired of dealing with GCC and never bothered porting MSan, CFI or SafeStack to it. The code and development / contribution process for the GNU toolchain is awful. Google froze GCC at 4.9 permanently which made migrating to Clang more urgent and GCC itself is purged.

Replying to

and

Are any non-Android distros using a Clang-built kernel?

Show replies