As I've mentioned before, Android uses Clang's forward-edge Control Flow Integrity (CFI) for the Linux kernel on the Pixel 3 to protect indirect calls from control flow hijacking:
android-developers.googleblog.com/2018/10/contro
This includes support for cross-DSO CFI to support dynamic kernel modules.
Conversation
It was used to build the Pixel 2 kernel too. It has the best support for building it on arm64, which is also the architecture with the most focus on Linux kernel hardening. A lot of the hardening is done by ARM compared to x86 where Intel has barely any involvement in most of it.
2
2
github.com/ClangBuiltLinu is a tracker of the remaining issues with it. Only a few patches are generally needed on arm64, which is often the case when using a new GCC version anyway. Using LTO in order to have CFI is more involved, but it's still a quite reasonably sized patch set.
Google got tired of dealing with GCC and never bothered porting MSan, CFI or SafeStack to it. The code and development / contribution process for the GNU toolchain is awful. Google froze GCC at 4.9 permanently which made migrating to Clang more urgent and GCC itself is purged.
1
Show replies

