Control Flow Integrity in the Android kernel (Android Developers)

The Android Developers Blog describesthe control-flow integrity work that is shipping on the Pixel 3handset. "LLVM's CFI implementation adds a check before eachindirect branch to confirm that the target address points to a validfunction with a correct signature. This prevents an indirect branch fromjumping to an arbitrary code location and even limits the functions thatcan be called. As C compilers do not enforce similar restrictions onindirect branches, there were several CFI violations due to function typedeclaration mismatches even in the core kernel that we have addressed inour CFI patch sets for kernels 4.9 and 4.14."