| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202512101558.C8A68633@keescook> Date: Wed, 10 Dec 2025 16:07:20 -0800 From: Kees Cook <kees@...nel.org> To: Sam James <sam@...too.org> Cc: Qing Zhao <qing.zhao@...cle.com>, Uros Bizjak <ubizjak@...il.com>, Joseph Myers <josmyers@...hat.com>, Richard Biener <rguenther@...e.de>, Jeff Law <jeffreyalaw@...il.com>, Andrew Pinski <pinskia@...il.com>, Jakub Jelinek <jakub@...hat.com>, Martin Uecker <uecker@...raz.at>, Peter Zijlstra <peterz@...radead.org>, Ard Biesheuvel <ardb@...nel.org>, Jan Hubicka <hubicka@....cz>, Richard Earnshaw <richard.earnshaw@....com>, Richard Sandiford <richard.sandiford@....com>, Marcus Shawcroft <marcus.shawcroft@....com>, Kyrylo Tkachov <kyrylo.tkachov@....com>, Kito Cheng <kito.cheng@...il.com>, Palmer Dabbelt <palmer@...belt.com>, Andrew Waterman <andrew@...ive.com>, Jim Wilson <jim.wilson.gcc@...il.com>, Dan Li <ashimida.1990@...il.com>, Sami Tolvanen <samitolvanen@...gle.com>, Ramon de C Valle <rcvalle@...gle.com>, Joao Moreira <joao@...rdrivepizza.com>, Nathan Chancellor <nathan@...nel.org>, Bill Wendling <morbo@...gle.com>, "Osterlund, Sebastian" <sebastian.osterlund@...el.com>, "Constable, Scott D" <scott.d.constable@...el.com>, gcc-patches@....gnu.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH v9 0/7] Introduce Kernel Control Flow Integrity ABI [PR107048] On Wed, Dec 10, 2025 at 06:55:31PM +0000, Sam James wrote: > Kees Cook <kees@...nel.org> writes: > > > Hi, > > > > This series implements[1][2] the Linux Kernel Control Flow Integrity > > ABI, which provides a function prototype based forward edge control flow > > integrity protection by instrumenting every indirect call to check for > > a hash value before the target function address. If the hash at the call > > site and the hash at the target do not match, execution will trap. > > > > I'm hoping we can land front- and middle-end and do architectures as > > they also pass review. What do folks think? I'd really like to get this > > in a position where more people can test with GCC snapshots, etc. > > What's the status of this on the kernel side? Could you link me to > patches so I can have a play? This works already with all standard config Linux versions that support KCFI, though prior to v6.18, you'll get a confusing "CONFIG_CFI_CLANG" config option for it, which still works since the feature gets detected as present in the compiler. Regardless, here's the CONFIG_CFI_CLANG -> CONFIG_CFI renaming patch that landed in v6.18: https://lore.kernel.org/all/20250923213422.1105654-3-kees@kernel.org/ And a clean-ups series that also landed in v6.18 I did just to help with my own debugging while developing GCC KCFI, which contained 2 corner case fixes: https://lore.kernel.org/all/20250904033217.it.414-kees@kernel.org/ So, I guess, tl;dr: if you don't want to think about it at all, use v6.18. Prior to that, it should work as long as you aren't building without retpolines. > Thank you for working on this. We get a lot of requests for it and > pressure to build the kernel with Clang for this feature. It's been a hoot. :) Thanks for any testing you can do! -Kees -- Kees Cook
Powered by blists - more mailing lists