lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 13 Jun 2022 10:04:12 -0700
From:   Kees Cook <>
To:     Sami Tolvanen <>
Cc:, Josh Poimboeuf <>,
        Peter Zijlstra <>,,
        Catalin Marinas <>,
        Will Deacon <>,
        Mark Rutland <>,
        Nathan Chancellor <>,
        Nick Desaulniers <>,
        Joao Moreira <>,
        Sedat Dilek <>,
        Steven Rostedt <>,,,
Subject: Re: [RFC PATCH v3 00/20] KCFI support

On Fri, Jun 10, 2022 at 04:34:53PM -0700, Sami Tolvanen wrote:
> KCFI is a proposed forward-edge control-flow integrity scheme for
> Clang, which is more suitable for kernel use than the existing CFI
> scheme used by CONFIG_CFI_CLANG. KCFI doesn't require LTO, doesn't
> alter function references to point to a jump table, and won't break
> function address equality. The latest LLVM patch is here:
> This RFC series replaces the current arm64 CFI implementation with
> KCFI and adds support for x86_64.

I think the "RFC" prefix for this series can be dropped. :)

It looks to me like all of Peter's concerns have been addressed. I'd say
let's get the Clang side landed, and once that's done, land this via x86

Peter and Will does this sound right to you? It touches arm64, so if
-tip isn't okay, I could take it in one of my trees?

Kees Cook

Powered by blists - more mailing lists