From: Kees Cook <kees@kernel.org>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Kees Cook <kees@kernel.org>,
Sami Tolvanen <samitolvanen@google.com>,
David Woodhouse <dwmw2@infradead.org>,
Linus Walleij <linus.walleij@linaro.org>,
Mark Rutland <mark.rutland@arm.com>,
Puranjay Mohan <puranjay@kernel.org>,
Jonathan Corbet <corbet@lwn.net>,
Nathan Chancellor <nathan@kernel.org>,
x86@kernel.org, linux-doc@vger.kernel.org,
linux-kbuild@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-riscv@lists.infradead.org, llvm@lists.linux.dev,
linux-hardening@vger.kernel.org
Subject: [PATCH 0/5] kcfi: Prepare for GCC support
Date: Mon, 25 Aug 2025 07:25:47 -0700 [thread overview]
Message-ID: <20250825141316.work.967-kees@kernel.org> (raw)
Hi,
With KCFI support in GCC coming[1], we need to make some (relatively
small) changes in the kernel to deal with it:
- move __nocfi out of compilers-clang.h (so GCC can see it too)
- add cfi=debug so future Kees can find breakage easier
- remove problematic __noinitretpoline usage
- rename CONFIG_CFI_CLANG to CONFIG_CFI (otherwise is it quite confusing)
Thanks!
-Kees
[1] https://lore.kernel.org/linux-hardening/20250821064202.work.893-kees@kernel.org/
Kees Cook (5):
compiler_types.h: Move __nocfi out of compiler-specific header
x86/traps: Clarify KCFI instruction layout
x86/cfi: Add option for cfi=debug bootparam
x86/cfi: Remove __noinitretpoline and __noretpoline
kcfi: Rename CONFIG_CFI_CLANG to CONFIG_CFI
arch/Kconfig | 22 +++++-----
arch/arm/Kconfig | 2 +-
arch/arm64/Kconfig | 4 +-
arch/riscv/Kconfig | 6 +--
arch/x86/Kconfig | 12 +++---
init/Kconfig | 4 +-
kernel/module/Kconfig | 2 +-
lib/Kconfig.debug | 2 +-
Makefile | 2 +-
arch/arm/mm/Makefile | 2 +-
arch/riscv/kernel/Makefile | 2 +-
arch/riscv/purgatory/Makefile | 2 +-
arch/x86/kernel/Makefile | 2 +-
arch/x86/purgatory/Makefile | 2 +-
kernel/Makefile | 2 +-
.../admin-guide/kernel-parameters.txt | 18 ++++++++
arch/riscv/include/asm/cfi.h | 4 +-
arch/x86/include/asm/cfi.h | 4 +-
include/asm-generic/vmlinux.lds.h | 2 +-
include/linux/cfi.h | 6 +--
include/linux/cfi_types.h | 8 ++--
include/linux/compiler-clang.h | 5 ---
include/linux/compiler-gcc.h | 4 --
include/linux/compiler.h | 2 +-
include/linux/compiler_types.h | 4 +-
include/linux/init.h | 8 ----
tools/include/linux/cfi_types.h | 6 +--
tools/perf/util/include/linux/linkage.h | 2 +-
arch/arm/mm/cache-fa.S | 2 +-
arch/arm/mm/cache-v4.S | 2 +-
arch/arm/mm/cache-v4wb.S | 4 +-
arch/arm/mm/cache-v4wt.S | 2 +-
arch/arm/mm/cache-v6.S | 2 +-
arch/arm/mm/cache-v7.S | 2 +-
arch/arm/mm/cache-v7m.S | 2 +-
arch/arm/mm/proc-arm1020.S | 2 +-
arch/arm/mm/proc-arm1020e.S | 2 +-
arch/arm/mm/proc-arm1022.S | 2 +-
arch/arm/mm/proc-arm1026.S | 2 +-
arch/arm/mm/proc-arm920.S | 2 +-
arch/arm/mm/proc-arm922.S | 2 +-
arch/arm/mm/proc-arm925.S | 2 +-
arch/arm/mm/proc-arm926.S | 2 +-
arch/arm/mm/proc-arm940.S | 2 +-
arch/arm/mm/proc-arm946.S | 2 +-
arch/arm/mm/proc-feroceon.S | 2 +-
arch/arm/mm/proc-mohawk.S | 2 +-
arch/arm/mm/proc-xsc3.S | 2 +-
arch/arm/mm/tlb-v4.S | 2 +-
arch/arm/kernel/hw_breakpoint.c | 2 +-
arch/arm64/kernel/debug-monitors.c | 2 +-
arch/arm64/kernel/traps.c | 4 +-
arch/arm64/kvm/handle_exit.c | 2 +-
arch/arm64/net/bpf_jit_comp.c | 2 +-
arch/riscv/net/bpf_jit_comp64.c | 4 +-
arch/x86/kernel/alternative.c | 43 +++++++++++++++----
arch/x86/kernel/cfi.c | 2 +-
arch/x86/kernel/kprobes/core.c | 2 +-
drivers/misc/lkdtm/cfi.c | 2 +-
kernel/module/tree_lookup.c | 2 +-
kernel/configs/hardening.config | 2 +-
61 files changed, 141 insertions(+), 113 deletions(-)
--
2.34.1
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <kees@kernel.org>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Kees Cook <kees@kernel.org>,
Sami Tolvanen <samitolvanen@google.com>,
David Woodhouse <dwmw2@infradead.org>,
Linus Walleij <linus.walleij@linaro.org>,
Mark Rutland <mark.rutland@arm.com>,
Puranjay Mohan <puranjay@kernel.org>,
Jonathan Corbet <corbet@lwn.net>,
Nathan Chancellor <nathan@kernel.org>,
x86@kernel.org, linux-doc@vger.kernel.org,
linux-kbuild@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-riscv@lists.infradead.org, llvm@lists.linux.dev,
linux-hardening@vger.kernel.org
Subject: [PATCH 0/5] kcfi: Prepare for GCC support
Date: Mon, 25 Aug 2025 07:25:47 -0700 [thread overview]
Message-ID: <20250825141316.work.967-kees@kernel.org> (raw)
Hi,
With KCFI support in GCC coming[1], we need to make some (relatively
small) changes in the kernel to deal with it:
- move __nocfi out of compilers-clang.h (so GCC can see it too)
- add cfi=debug so future Kees can find breakage easier
- remove problematic __noinitretpoline usage
- rename CONFIG_CFI_CLANG to CONFIG_CFI (otherwise is it quite confusing)
Thanks!
-Kees
[1] https://lore.kernel.org/linux-hardening/20250821064202.work.893-kees@kernel.org/
Kees Cook (5):
compiler_types.h: Move __nocfi out of compiler-specific header
x86/traps: Clarify KCFI instruction layout
x86/cfi: Add option for cfi=debug bootparam
x86/cfi: Remove __noinitretpoline and __noretpoline
kcfi: Rename CONFIG_CFI_CLANG to CONFIG_CFI
arch/Kconfig | 22 +++++-----
arch/arm/Kconfig | 2 +-
arch/arm64/Kconfig | 4 +-
arch/riscv/Kconfig | 6 +--
arch/x86/Kconfig | 12 +++---
init/Kconfig | 4 +-
kernel/module/Kconfig | 2 +-
lib/Kconfig.debug | 2 +-
Makefile | 2 +-
arch/arm/mm/Makefile | 2 +-
arch/riscv/kernel/Makefile | 2 +-
arch/riscv/purgatory/Makefile | 2 +-
arch/x86/kernel/Makefile | 2 +-
arch/x86/purgatory/Makefile | 2 +-
kernel/Makefile | 2 +-
.../admin-guide/kernel-parameters.txt | 18 ++++++++
arch/riscv/include/asm/cfi.h | 4 +-
arch/x86/include/asm/cfi.h | 4 +-
include/asm-generic/vmlinux.lds.h | 2 +-
include/linux/cfi.h | 6 +--
include/linux/cfi_types.h | 8 ++--
include/linux/compiler-clang.h | 5 ---
include/linux/compiler-gcc.h | 4 --
include/linux/compiler.h | 2 +-
include/linux/compiler_types.h | 4 +-
include/linux/init.h | 8 ----
tools/include/linux/cfi_types.h | 6 +--
tools/perf/util/include/linux/linkage.h | 2 +-
arch/arm/mm/cache-fa.S | 2 +-
arch/arm/mm/cache-v4.S | 2 +-
arch/arm/mm/cache-v4wb.S | 4 +-
arch/arm/mm/cache-v4wt.S | 2 +-
arch/arm/mm/cache-v6.S | 2 +-
arch/arm/mm/cache-v7.S | 2 +-
arch/arm/mm/cache-v7m.S | 2 +-
arch/arm/mm/proc-arm1020.S | 2 +-
arch/arm/mm/proc-arm1020e.S | 2 +-
arch/arm/mm/proc-arm1022.S | 2 +-
arch/arm/mm/proc-arm1026.S | 2 +-
arch/arm/mm/proc-arm920.S | 2 +-
arch/arm/mm/proc-arm922.S | 2 +-
arch/arm/mm/proc-arm925.S | 2 +-
arch/arm/mm/proc-arm926.S | 2 +-
arch/arm/mm/proc-arm940.S | 2 +-
arch/arm/mm/proc-arm946.S | 2 +-
arch/arm/mm/proc-feroceon.S | 2 +-
arch/arm/mm/proc-mohawk.S | 2 +-
arch/arm/mm/proc-xsc3.S | 2 +-
arch/arm/mm/tlb-v4.S | 2 +-
arch/arm/kernel/hw_breakpoint.c | 2 +-
arch/arm64/kernel/debug-monitors.c | 2 +-
arch/arm64/kernel/traps.c | 4 +-
arch/arm64/kvm/handle_exit.c | 2 +-
arch/arm64/net/bpf_jit_comp.c | 2 +-
arch/riscv/net/bpf_jit_comp64.c | 4 +-
arch/x86/kernel/alternative.c | 43 +++++++++++++++----
arch/x86/kernel/cfi.c | 2 +-
arch/x86/kernel/kprobes/core.c | 2 +-
drivers/misc/lkdtm/cfi.c | 2 +-
kernel/module/tree_lookup.c | 2 +-
kernel/configs/hardening.config | 2 +-
61 files changed, 141 insertions(+), 113 deletions(-)
--
2.34.1
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next reply other threads:[~2025-08-25 15:16 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-25 14:25 Kees Cook [this message]
2025-08-25 14:25 ` [PATCH 0/5] kcfi: Prepare for GCC support Kees Cook
2025-08-25 14:25 ` [PATCH 1/5] compiler_types.h: Move __nocfi out of compiler-specific header Kees Cook
2025-08-25 14:25 ` Kees Cook
2025-08-27 19:46 ` Nathan Chancellor
2025-08-27 19:46 ` Nathan Chancellor
2025-08-25 14:25 ` [PATCH 2/5] x86/traps: Clarify KCFI instruction layout Kees Cook
2025-08-25 14:25 ` Kees Cook
2025-08-25 14:25 ` [PATCH 3/5] x86/cfi: Add option for cfi=debug bootparam Kees Cook
2025-08-25 14:25 ` Kees Cook
2025-08-25 15:34 ` Kees Cook
2025-08-25 15:34 ` Kees Cook
2025-08-25 15:59 ` Peter Zijlstra
2025-08-25 15:59 ` Peter Zijlstra
2025-08-25 16:16 ` Kees Cook
2025-08-25 16:16 ` Kees Cook
2025-08-27 19:57 ` Nathan Chancellor
2025-08-27 19:57 ` Nathan Chancellor
2025-08-29 1:49 ` Kees Cook
2025-08-29 1:49 ` Kees Cook
2025-08-25 14:25 ` [PATCH 4/5] x86/cfi: Remove __noinitretpoline and __noretpoline Kees Cook
2025-08-25 14:25 ` Kees Cook
2025-08-25 14:25 ` [PATCH 5/5] kcfi: Rename CONFIG_CFI_CLANG to CONFIG_CFI Kees Cook
2025-08-25 14:25 ` Kees Cook
2025-08-25 15:01 ` Miguel Ojeda
2025-08-25 15:01 ` Miguel Ojeda
2025-08-25 15:35 ` Kees Cook
2025-08-25 15:35 ` Kees Cook
2025-08-25 17:00 ` Miguel Ojeda
2025-08-25 17:00 ` Miguel Ojeda
2025-08-25 19:31 ` Kees Cook
2025-08-25 19:31 ` Kees Cook
2025-08-27 1:34 ` Nathan Chancellor
2025-08-27 1:34 ` Nathan Chancellor
2025-08-27 7:35 ` Randy Dunlap
2025-08-27 7:35 ` Randy Dunlap
2025-08-27 19:38 ` Nathan Chancellor
2025-08-27 19:38 ` Nathan Chancellor
2025-08-28 6:14 ` Randy Dunlap
2025-08-28 6:14 ` Randy Dunlap
2025-08-28 12:11 ` Miguel Ojeda
2025-08-28 12:11 ` Miguel Ojeda
2025-08-28 20:19 ` Nathan Chancellor
2025-08-28 20:19 ` Nathan Chancellor
2025-08-28 20:32 ` Kees Cook
2025-08-28 20:32 ` Kees Cook
2025-08-28 22:22 ` Nathan Chancellor
2025-08-28 22:22 ` Nathan Chancellor
2025-08-28 22:55 ` Miguel Ojeda
2025-08-28 22:55 ` Miguel Ojeda
2025-08-28 22:46 ` Miguel Ojeda
2025-08-28 22:46 ` Miguel Ojeda
2025-08-26 21:49 ` Jeff Johnson
2025-08-26 21:49 ` Jeff Johnson
2025-08-28 12:08 ` Linus Walleij
2025-08-28 12:08 ` Linus Walleij
2025-10-14 1:12 ` [PATCH 0/5] kcfi: Prepare for GCC support patchwork-bot+linux-riscv
2025-10-14 1:12 ` patchwork-bot+linux-riscv
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250825141316.work.967-kees@kernel.org \
--to=kees@kernel.org \
--cc=corbet@lwn.net \
--cc=dwmw2@infradead.org \
--cc=linus.walleij@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=llvm@lists.linux.dev \
--cc=mark.rutland@arm.com \
--cc=nathan@kernel.org \
--cc=peterz@infradead.org \
--cc=puranjay@kernel.org \
--cc=samitolvanen@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.