Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore advanced kernel security mechanisms in this 27-minute conference talk from the Linux Plumbers Conference that examines finer-grained control flow integrity (CFI) implementation challenges in the Linux kernel. Delve into the technical details of kernel CFI RFC patches that leverage existing shadow call stack configurations for RISC-V hardware-assisted shadow stacks. Learn about forward CFI implementation using toolchain-based landing pad label matching between call sites and target destinations. Understand the emerging challenges in backward CFI, including faster shadow stack allocation methods and the complexities of kernel shadow stack creation requiring direct mapping unmapping to prevent alternate attack vectors. Examine the performance implications of TLB shootdowns during memory permission changes and their impact on fork operations. Discover solutions for forward CFI coexistence with execution contexts sharing S-mode without landing pad awareness, specifically addressing UEFI runtime services and loadable kernel modules. Analyze common challenges affecting both forward and backward CFI, including eBPF integration, tracing mechanisms, probes functionality, and policy considerations for enabling and lockdown procedures.
