Post Syndicated from original https://lwn.net/Articles/845469/rss

Kees Cook catches
up with the security-related changes in the 5.8 kernel release.
“With this in place, Jump-Oriented Programming (JOP, where code
gadgets are chained together with jumps and calls) is no longer available
to the attacker. An attacker’s code must make direct function calls. This
basically reduces the ‘usable’ code available to an attacker from every
word in the kernel text to only function entries (or jump targets). This is
a ‘low granularity’ forward-edge Control Flow Integrity (CFI) feature,
which is important (since it greatly reduces the potential targets that can
be used in an attack) and cheap (implemented in hardware). It’s a good
first step to strong CFI, but (as we’ve seen with things like CFG) it isn’t
usually strong enough to stop a motivated attacker.”