On 29.11.2021 16:09, Andrew Cooper wrote: > On 29/11/2021 14:44, Jan Beulich wrote: >> One question though: With the large number of __init functions gaining >> cf_check, wouldn't it be possible to turn on CET-IBT only when we're >> done using .init.text? > > 233 to be precise. > > GCC can't distinguish init from non-init functions as far as the > improved typechecking (patch 56) goes, so omitting __init would cause > compilation issues.
Oh, right. Should have been obvious to me, but wasn't. Jan > Furthermore, CET-IBT is only one Control Flow Integrity scheme > attempting to use a nominally arch-neutral interface. There are others > (PaX RAP, and Intel's FineIBT) which have software components to them, > and for those, the function pointer callers and callees need to have all > appropriate ABI modifications. > > I'm pretty certain that if we skipped annotation of the __init functions > for now, we'd have to add them in due course anyway. > > We could defer enabling CET-IBT until late on boot, but enabling it > early gets us better coverage of issues until the first software scheme > turns up. > > ~Andrew >
