From: Kees Cook <kees@kernel.org>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Kees Cook <kees@kernel.org>,
Nathan Chancellor <nathan@kernel.org>,
Vegard Nossum <vegard.nossum@oracle.com>,
Miguel Ojeda <ojeda@kernel.org>,
Linus Walleij <linus.walleij@linaro.org>,
Jeff Johnson <jeff.johnson@oss.qualcomm.com>,
Randy Dunlap <rdunlap@infradead.org>,
David Woodhouse <dwmw2@infradead.org>,
"Russell King (Oracle)" <rmk+kernel@armlinux.org.uk>,
Nick Desaulniers <nick.desaulniers+lkml@gmail.com>,
Bill Wendling <morbo@google.com>,
Justin Stitt <justinstitt@google.com>,
Marco Elver <elver@google.com>,
Przemek Kitszel <przemyslaw.kitszel@intel.com>,
Ramon de C Valle <rcvalle@google.com>,
Jonathan Corbet <corbet@lwn.net>,
"Paul E. McKenney" <paulmck@kernel.org>,
Nicolas Schier <nicolas.schier@linux.dev>,
Masahiro Yamada <masahiroy@kernel.org>,
Arnd Bergmann <arnd@arndb.de>,
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>,
Sami Tolvanen <samitolvanen@google.com>,
Mark Rutland <mark.rutland@arm.com>,
linux-kernel@vger.kernel.org, llvm@lists.linux.dev,
linux-doc@vger.kernel.org, linux-kbuild@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, x86@kernel.org,
linux-hardening@vger.kernel.org
Subject: [PATCH v2 5/9] x86/cfi: Add "debug" option to "cfi=" bootparam
Date: Wed, 3 Sep 2025 20:46:44 -0700 [thread overview]
Message-ID: <20250904034656.3670313-5-kees@kernel.org> (raw)
In-Reply-To: <20250904033217.it.414-kees@kernel.org>
Add "debug" option for "cfi=" bootparam to get details on early CFI
initialization steps so future Kees can find breakage easier.
Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: Peter Zijlstra <peterz@infradead.org>
---
.../admin-guide/kernel-parameters.txt | 1 +
arch/x86/kernel/alternative.c | 23 +++++++++++++++++++
2 files changed, 24 insertions(+)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 8bbffbb334ab..c8337d0e6ba3 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -624,6 +624,7 @@
bhi: Enable register poisoning to stop speculation
across FineIBT. (Disabled by default.)
warn: Do not enforce CFI checking: warn only.
+ debug: Report CFI initialization details.
cgroup_disable= [KNL] Disable a particular controller or optional feature
Format: {name of the controller(s) or feature(s) to disable}
diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
index d8f4ac95b4df..b311e31a9056 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -1177,6 +1177,7 @@ void __init_or_module apply_seal_endbr(s32 *start, s32 *end) { }
#endif
enum cfi_mode cfi_mode __ro_after_init = __CFI_DEFAULT;
+static bool cfi_debug __ro_after_init;
#ifdef CONFIG_FINEIBT_BHI
bool cfi_bhi __ro_after_init = false;
@@ -1259,6 +1260,8 @@ static __init int cfi_parse_cmdline(char *str)
} else if (!strcmp(str, "off")) {
cfi_mode = CFI_OFF;
cfi_rand = false;
+ } else if (!strcmp(str, "debug")) {
+ cfi_debug = true;
} else if (!strcmp(str, "kcfi")) {
cfi_mode = CFI_KCFI;
} else if (!strcmp(str, "fineibt")) {
@@ -1734,6 +1737,8 @@ static void __apply_fineibt(s32 *start_retpoline, s32 *end_retpoline,
* rewrite them. This disables all CFI. If this succeeds but any of the
* later stages fails, we're without CFI.
*/
+ if (cfi_debug)
+ pr_info("CFI: disabling all indirect call checking\n");
ret = cfi_disable_callers(start_retpoline, end_retpoline);
if (ret)
goto err;
@@ -1744,14 +1749,23 @@ static void __apply_fineibt(s32 *start_retpoline, s32 *end_retpoline,
cfi_bpf_hash = cfi_rehash(cfi_bpf_hash);
cfi_bpf_subprog_hash = cfi_rehash(cfi_bpf_subprog_hash);
}
+ if (cfi_debug)
+ pr_info("CFI: cfi_seed: 0x%08x\n", cfi_seed);
+ if (cfi_debug)
+ pr_info("CFI: rehashing all preambles\n");
ret = cfi_rand_preamble(start_cfi, end_cfi);
if (ret)
goto err;
+ if (cfi_debug)
+ pr_info("CFI: rehashing all indirect calls\n");
ret = cfi_rand_callers(start_retpoline, end_retpoline);
if (ret)
goto err;
+ } else {
+ if (cfi_debug)
+ pr_info("CFI: rehashing disabled\n");
}
switch (cfi_mode) {
@@ -1761,6 +1775,8 @@ static void __apply_fineibt(s32 *start_retpoline, s32 *end_retpoline,
return;
case CFI_KCFI:
+ if (cfi_debug)
+ pr_info("CFI: enabling all indirect call checking\n");
ret = cfi_enable_callers(start_retpoline, end_retpoline);
if (ret)
goto err;
@@ -1771,17 +1787,23 @@ static void __apply_fineibt(s32 *start_retpoline, s32 *end_retpoline,
return;
case CFI_FINEIBT:
+ if (cfi_debug)
+ pr_info("CFI: adding FineIBT to all preambles\n");
/* place the FineIBT preamble at func()-16 */
ret = cfi_rewrite_preamble(start_cfi, end_cfi);
if (ret)
goto err;
/* rewrite the callers to target func()-16 */
+ if (cfi_debug)
+ pr_info("CFI: rewriting indirect call sites to use FineIBT\n");
ret = cfi_rewrite_callers(start_retpoline, end_retpoline);
if (ret)
goto err;
/* now that nobody targets func()+0, remove ENDBR there */
+ if (cfi_debug)
+ pr_info("CFI: removing old endbr insns\n");
cfi_rewrite_endbr(start_cfi, end_cfi);
if (builtin) {
@@ -2324,6 +2346,7 @@ void __init alternative_instructions(void)
__apply_fineibt(__retpoline_sites, __retpoline_sites_end,
__cfi_sites, __cfi_sites_end, true);
+ cfi_debug = false;
/*
* Rewrite the retpolines, must be done before alternatives since
--
2.34.1
next prev parent reply other threads:[~2025-09-04 4:01 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-04 3:46 [PATCH v2 0/9] kcfi: Prepare for GCC support Kees Cook
2025-09-04 3:46 ` [PATCH v2 1/9] compiler_types.h: Move __nocfi out of compiler-specific header Kees Cook
2025-09-04 18:28 ` Nathan Chancellor
2025-09-04 3:46 ` [PATCH v2 2/9] x86/traps: Clarify KCFI instruction layout Kees Cook
2025-09-04 3:46 ` [PATCH v2 3/9] x86/cfi: Document the "cfi=" bootparam options Kees Cook
2025-09-04 18:32 ` Nathan Chancellor
2025-09-04 3:46 ` [PATCH v2 4/9] x86/cfi: Standardize on common "CFI:" prefix for CFI reports Kees Cook
2025-09-04 18:40 ` Nathan Chancellor
2025-09-05 0:40 ` Kees Cook
2025-09-04 3:46 ` Kees Cook [this message]
2025-09-04 7:00 ` [PATCH v2 5/9] x86/cfi: Add "debug" option to "cfi=" bootparam Peter Zijlstra
2025-09-04 3:46 ` [PATCH v2 6/9] x86/cfi: Remove __noinitretpoline and __noretpoline Kees Cook
2025-09-04 3:46 ` [PATCH v2 7/9] kconfig: Add transitional symbol attribute for migration support Kees Cook
2025-09-04 3:46 ` [PATCH v2 8/9] kcfi: Rename CONFIG_CFI_CLANG to CONFIG_CFI Kees Cook
2025-09-04 3:46 ` [PATCH v2 9/9] ARM: traps: Implement KCFI trap handler for ARM32 Kees Cook
2025-09-04 7:04 ` [PATCH v2 0/9] kcfi: Prepare for GCC support Peter Zijlstra
2025-09-04 16:37 ` Kees Cook
2025-09-04 20:01 ` Peter Zijlstra
2025-09-05 0:42 ` Kees Cook
2025-09-05 7:44 ` Miguel Ojeda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250904034656.3670313-5-kees@kernel.org \
--to=kees@kernel.org \
--cc=arnd@arndb.de \
--cc=corbet@lwn.net \
--cc=dwmw2@infradead.org \
--cc=elver@google.com \
--cc=jeff.johnson@oss.qualcomm.com \
--cc=justinstitt@google.com \
--cc=krzysztof.kozlowski@linaro.org \
--cc=linus.walleij@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=mark.rutland@arm.com \
--cc=masahiroy@kernel.org \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=nick.desaulniers+lkml@gmail.com \
--cc=nicolas.schier@linux.dev \
--cc=ojeda@kernel.org \
--cc=paulmck@kernel.org \
--cc=peterz@infradead.org \
--cc=przemyslaw.kitszel@intel.com \
--cc=rcvalle@google.com \
--cc=rdunlap@infradead.org \
--cc=rmk+kernel@armlinux.org.uk \
--cc=samitolvanen@google.com \
--cc=vegard.nossum@oracle.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.