There has been tons of work across both GCC and Clang to provide the Linux kernel with a variety of security features. Let's review and discuss where we are with parity between toolchains, approaches to solving open problems, and exploring new features.
Parity reached since last year:
- zero call-used registers
- structure layout randomization
- stack protector guard location
- Link Time Optimization
- forward edge CFI
- backward edge CFI
- array bounds checking
- C language extension for bounded flexible arrays
- builtin for answering "does this object end with a flexible array?"
- integer overflow protection
- Spectre v1 mitigation
|I agree to abide by the anti-harassment policy||Yes|