Re: kernel control flow integrity (kcfi)
- In reply to: sahil patidar : "kernel control flow integrity (kcfi)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 30 Nov 2023 21:41:45 UTC
On Tue, Jan 10, 2023 at 11:48:43AM +0530, sahil patidar wrote: > hello Hackers, > I want to work on the Freebsd idealist project KCFI (kernel control > flow integrity), I am new in this community and want to be involved in > the Freebsd community and become a contributor. > so I want to know if this project is already done or if someone is > working on it. > if no one working on this project so how can I start work on this project? > I am interested in compiler or kernel dev. Hey Sahil, For the past few years, I've slowly been working on Cross-DSO CFI in HardenedBSD's base userland. I've recently started looking at applying kCFI to the kernel. When compiling/linking kernel modules with -fsanitize=kcfi, ld.lld emits relocation entries that are not supported by the ELF loader in the kernel. Implementing support for the relocation type R_X86_64_REX_GOTPCRELX would be a good first step. I'm a little unsure what needs to happen after implementing support for that relocation type. But, either way, I'm hoping to find out here soon. :-) I'm pretty early on in my research for kCFI integration. I'm curious if you have made progress and if you have any additional insight. Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc