Re: kernel control flow integrity (kcfi)

From: Shawn Webb <shawn.webb_at_hardenedbsd.org>
Date: Thu, 30 Nov 2023 21:41:45 UTC
On Tue, Jan 10, 2023 at 11:48:43AM +0530, sahil patidar wrote:
> hello Hackers,
> I want to work on the Freebsd idealist project KCFI (kernel control
> flow integrity), I am new in this community and want to be involved in
> the Freebsd community and become a contributor.
> so I want to know if this project is already done or if someone is
> working on it.
> if no one working on this project so how can I start work on this project?
> I am interested in compiler or kernel dev.

Hey Sahil,

For the past few years, I've slowly been working on Cross-DSO CFI in
HardenedBSD's base userland. I've recently started looking at applying
kCFI to the kernel.

When compiling/linking kernel modules with -fsanitize=kcfi, ld.lld
emits relocation entries that are not supported by the ELF loader in
the kernel. Implementing support for the relocation type
R_X86_64_REX_GOTPCRELX would be a good first step.

I'm a little unsure what needs to happen after implementing support
for that relocation type. But, either way, I'm hoping to find out here
soon. :-)

I'm pretty early on in my research for kCFI integration. I'm curious
if you have made progress and if you have any additional insight.

Thanks,

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc