Control Flow Integrity in the Android kernel (Android Developers)

The Android Developers Blog describes
the control-flow integrity work
that is shipping on the Pixel 3
handset. “LLVM’s CFI implementation adds a check before each
indirect branch to confirm that the target address points to a valid
function with a correct signature. This prevents an indirect branch from
jumping to an arbitrary code location and even limits the functions that
can be called. As C compilers do not enforce similar restrictions on
indirect branches, there were several CFI violations due to function type
declaration mismatches even in the core kernel that we have addressed in
our CFI patch sets for kernels 4.9 and 4.14.

Source: LWN