Re: [PATCH v9 0/7] Introduce Kernel Control Flow Integrity ABI [PR107048]

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Kees Cook <kees@kernel.org>
To: Andrew Pinski <andrew.pinski@oss.qualcomm.com>
Cc: Qing Zhao <qing.zhao@oracle.com>, Uros Bizjak <ubizjak@gmail.com>,
	Joseph Myers <josmyers@redhat.com>,
	Richard Biener <rguenther@suse.de>,
	Jeff Law <jeffreyalaw@gmail.com>,
	Andrew Pinski <pinskia@gmail.com>,
	Jakub Jelinek <jakub@redhat.com>,
	Martin Uecker <uecker@tugraz.at>,
	Peter Zijlstra <peterz@infradead.org>,
	Ard Biesheuvel <ardb@kernel.org>, Jan Hubicka <hubicka@ucw.cz>,
	Richard Earnshaw <richard.earnshaw@arm.com>,
	Richard Sandiford <richard.sandiford@arm.com>,
	Marcus Shawcroft <marcus.shawcroft@arm.com>,
	Kyrylo Tkachov <kyrylo.tkachov@arm.com>,
	Kito Cheng <kito.cheng@gmail.com>,
	Palmer Dabbelt <palmer@dabbelt.com>,
	Andrew Waterman <andrew@sifive.com>,
	Jim Wilson <jim.wilson.gcc@gmail.com>,
	Dan Li <ashimida.1990@gmail.com>,
	Sami Tolvanen <samitolvanen@google.com>,
	Ramon de C Valle <rcvalle@google.com>,
	Joao Moreira <joao@overdrivepizza.com>,
	Nathan Chancellor <nathan@kernel.org>,
	Bill Wendling <morbo@google.com>,
	"Osterlund, Sebastian" <sebastian.osterlund@intel.com>,
	"Constable, Scott D" <scott.d.constable@intel.com>,
	gcc-patches@gcc.gnu.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH v9 0/7] Introduce Kernel Control Flow Integrity ABI [PR107048]
Date: Fri, 9 Jan 2026 10:22:52 -0800	[thread overview]
Message-ID: <202601091022.F01CFC86F@keescook> (raw)
In-Reply-To: <CALvbMcCi8SZs415AE8WYFiijh6K0HYixqz68Nbios=BvuB_jsg@mail.gmail.com>

On Thu, Jan 08, 2026 at 09:48:58PM -0800, Andrew Pinski wrote:
> On Thu, Jan 1, 2026 at 7:42 PM Kees Cook <kees@kernel.org> wrote:
> >
> >
> >
> > On January 1, 2026 2:42:59 PM PST, Andrew Pinski <andrew.pinski@oss.qualcomm.com> wrote:
> > >On Tue, Dec 9, 2025 at 6:22 PM Kees Cook <kees@kernel.org> wrote:
> > >>
> > >> Hi,
> > >>
> > >> This series implements[1][2] the Linux Kernel Control Flow Integrity
> > >> ABI, which provides a function prototype based forward edge control flow
> > >> integrity protection by instrumenting every indirect call to check for
> > >> a hash value before the target function address. If the hash at the call
> > >> site and the hash at the target do not match, execution will trap.
> > >>
> > >> I'm hoping we can land front- and middle-end and do architectures as
> > >> they also pass review. What do folks think? I'd really like to get this
> > >> in a position where more people can test with GCC snapshots, etc.
> > >
> > >So looking back into the other implementation that was submitted a few
> > >years back (https://patchwork.sourceware.org/project/gcc/patch/20230325081117.93245-3-ashimida.1990@gmail.com/),
> > >a regnote (REG_CALL_CFI_TYPEID) was used instead of the wrapping with
> > >kfci rtl.
> > >I get the feeling a regnote would be better as there is less for the
> > >backend to deal with including new patterns.
> > >What do others think?
> >
> > I started there and it created way too many problems that I had to continuously hack around. Switching to RTL solved all of it. (See v1 and v2 of this series where that was how it was implemented.)
> 
> Ok, thanks for confirming that. I will try to give v10 a full review
> by the end of next week. But since GCC is starting stage 4 on Monday
> and I think it is too late to add this feature so this might be the
> first thing to be pushed once GCC 17 stage 1 starts (mid to late March
> depending on how fast regressions are fixed).

Thanks! Yeah, I'm not expecting to land this in GCC 16. We're very late
in the cycle. :)

-Kees

-- 
Kees Cook

next prev parent reply	other threads:[~2026-01-09 18:22 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-12-10  2:20 [PATCH v9 0/7] Introduce Kernel Control Flow Integrity ABI [PR107048] Kees Cook
2025-12-10  2:20 ` [PATCH v9 1/7] typeinfo: Introduce KCFI typeinfo mangling API Kees Cook
2025-12-12 23:07   ` Andrew Pinski
2025-12-13  1:24     ` Kees Cook
2025-12-13  1:29       ` Andrew Pinski
2025-12-13  1:43         ` Kees Cook
2025-12-10  2:20 ` [PATCH v9 2/7] kcfi: Add core Kernel Control Flow Integrity infrastructure Kees Cook
2025-12-10  4:00   ` Andrew Pinski
2025-12-13  2:30     ` Kees Cook
2025-12-10  2:20 ` [PATCH v9 3/7] kcfi: Add regression test suite Kees Cook
2025-12-10  2:20 ` [PATCH v9 4/7] x86: Add x86_64 Kernel Control Flow Integrity implementation Kees Cook
2025-12-10  2:20 ` [PATCH v9 5/7] aarch64: Add AArch64 " Kees Cook
2025-12-10  3:48   ` Andrew Pinski
2025-12-12 22:47   ` Andrew Pinski
2025-12-13  1:40     ` Kees Cook
2025-12-10  2:20 ` [PATCH v9 6/7] arm: Add ARM 32-bit " Kees Cook
2025-12-10  2:20 ` [PATCH v9 7/7] riscv: Add RISC-V " Kees Cook
2025-12-10 18:55 ` [PATCH v9 0/7] Introduce Kernel Control Flow Integrity ABI [PR107048] Sam James
2025-12-11  0:07   ` Kees Cook
2026-01-01 22:42 ` Andrew Pinski
2026-01-02  3:42   ` Kees Cook
2026-01-09  5:48     ` Andrew Pinski
2026-01-09 18:22       ` Kees Cook [this message]
2026-01-09 18:43         ` Jeffrey Law

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202601091022.F01CFC86F@keescook \
    --to=kees@kernel.org \
    --cc=andrew.pinski@oss.qualcomm.com \
    --cc=andrew@sifive.com \
    --cc=ardb@kernel.org \
    --cc=ashimida.1990@gmail.com \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=hubicka@ucw.cz \
    --cc=jakub@redhat.com \
    --cc=jeffreyalaw@gmail.com \
    --cc=jim.wilson.gcc@gmail.com \
    --cc=joao@overdrivepizza.com \
    --cc=josmyers@redhat.com \
    --cc=kito.cheng@gmail.com \
    --cc=kyrylo.tkachov@arm.com \
    --cc=linux-hardening@vger.kernel.org \
    --cc=marcus.shawcroft@arm.com \
    --cc=morbo@google.com \
    --cc=nathan@kernel.org \
    --cc=palmer@dabbelt.com \
    --cc=peterz@infradead.org \
    --cc=pinskia@gmail.com \
    --cc=qing.zhao@oracle.com \
    --cc=rcvalle@google.com \
    --cc=rguenther@suse.de \
    --cc=richard.earnshaw@arm.com \
    --cc=richard.sandiford@arm.com \
    --cc=samitolvanen@google.com \
    --cc=scott.d.constable@intel.com \
    --cc=sebastian.osterlund@intel.com \
    --cc=ubizjak@gmail.com \
    --cc=uecker@tugraz.at \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.