Feature Request: CFI #61

Andarwinux · 2024-05-17T12:18:30Z

Hi,
can you add a kernel build of CFI and CET?
just CFI_CLANG,X86_USER_SHADOW_STACK,X86_KERNEL_IBT.

Locietta · 2024-05-17T13:49:26Z

The kernel was built with IBT enabled, but one day it caused WSL2 unbootable, so it was disabled at #32. I think I tried CFI and CET before and got similar result.

I just quickly revisit the build with all your 3 configs on, and sadly, WSL2 fails to boot with that kernel build. It's been sad that many kernel hardening feature just cause WSL2 to not boot. I'd like to add these in a clang-built kernel, but it just breaks 😞

Andarwinux · 2024-05-17T14:55:15Z

I built 6.8.9 kernel locally and IBT does caused wsl2 unbootable, but CFI and CET seem work fine.

4-FLOSS-Free-Libre-Open-Source-Software · 2024-05-17T15:51:37Z

So we could benefit from those other both features at least ?

Locietta · 2024-05-17T16:14:31Z

I've opened a PR(#62) to re-enable CFI & CET.

Locietta added the REQUEST Feature Request about kernel configs or patches label May 17, 2024

Locietta added the UPSTREAM Related to upstream changes or issues label May 17, 2024

Locietta mentioned this issue May 17, 2024

[Kernel Config] Re-enable CFI & CET #62

Merged

Andarwinux closed this as completed May 18, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feature Request: CFI #61

Feature Request: CFI #61

Andarwinux commented May 17, 2024

Locietta commented May 17, 2024

Andarwinux commented May 17, 2024 •

edited

Loading

4-FLOSS-Free-Libre-Open-Source-Software commented May 17, 2024

Locietta commented May 17, 2024

Feature Request: CFI #61

Feature Request: CFI #61

Comments

Andarwinux commented May 17, 2024

Locietta commented May 17, 2024

Andarwinux commented May 17, 2024 • edited Loading

4-FLOSS-Free-Libre-Open-Source-Software commented May 17, 2024

Locietta commented May 17, 2024

Andarwinux commented May 17, 2024 •

edited

Loading