![]() ![]() ![]() Afterwards fast and efficient whole-program analysis is performed on the combined summary index. During the link step, only the summaries are read and merged into a combined summary index, which includes an index of function locations for later cross-module function importing. The ThinLTO bitcode is augmented with a compact summary of the module. In ThinLTO mode, as with regular LTO, Clang emits LLVM bitcode after the compile phase. ThinLTO has nearly caught up to LTOs performance improvement. Supplementary to permitting the usage of CFI, LTO achieves better runtime performance through whole-program analysis and cross-module optimization. LLVM's CFI requires the usage of LTO, where the compiler produces LLVM-specific bitcode for all C compilation units, and an LTO-aware linker uses the LLVM backend to combine the bitcode and compile it into native code. The usage of LTO ( Link Time Optimization) makes this possible. In order to determine all valid call targets for each indirect branch, the compiler needs to see all of the kernel code at once. But LLVM's CFI limits 55% of indirect calls to at most 5 possible targets and 80% to at most 20 targets. An attacker will still be able to change a function pointer, if a bug allows access. This prevents an indirect branch from jumping to an arbitrary code location and even limits the functions that can be called. A check is added before each indirect branch to confirm that the target address points to a valid function with a correct signature. LLVM's CFI attempts to mitigate these attacks by restricting valid call targets and forcing a kernel panic when detecting a CFI violation. Even if attackers cannot inject executable code of their own, arbitrary parts of existing kernel code can be executed to complete their exploit. "The availability of a huge number of function pointers in the kernel assists the popularity of this attack pattern. Technical details about Control Flow Integrity Instead of fixing every single line of exploitable code, it's beneficial to make the system more resilient against attacks by rendering the existing security bugs non-exploitable. Due to the complexity and size of the Android kernel, as well as the sheer diversity of the Android ecosystem, it's difficult to fix every single exploit. Additionally, the Android kernel consists of thousands and thousands of lines of code that are out of tree. However, as we all know, these updates aren't rolled out as regularly by all OEMs as we would like them to be. This, amongst others, is done regularly by the monthly Android security updates. Improving security by fixing exploitable code is a very important aspect of kernel development. ![]() ![]() OnePlus 8 Pro XDA Forums What is Control Flow Integrity and how is it related to hardening? The mechanism is called Control Flow Integrity (CFI), which is designed to be a runtime hardening feature, but could also be classified as a bug-finding tool - making it quite distinctive. XDA Recognized Developer Freak07, better known as the maintainer of Kirisakura kernel, has now introduced a nifty security feature to the OnePlus 8 Pro through his custom kernel. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |