[$] Control-flow integrity for the kernel

Control-flowintegrity (CFI) is a technique used to reduce the ability toredirect the execution of a program's code in attacker-specified ways. TheClang compiler has some features that can assist in maintainingcontrol-flow integrity, which have been applied to the Android kernel. KeesCook gave a talk about CFI for the Linux kernel at the recently concludedlinux.conf.au in Gold Coast, Australia.