Re: [PATCH v9 0/7] Introduce Kernel Control Flow Integrity ABI [PR107048]

[Kees Cook <kees@kernel.org>]

On Wed, Dec 10, 2025 at 06:55:31PM +0000, Sam James wrote:
> Kees Cook <kees@kernel.org> writes:
> 
> > Hi,
> >
> > This series implements[1][2] the Linux Kernel Control Flow Integrity
> > ABI, which provides a function prototype based forward edge control flow
> > integrity protection by instrumenting every indirect call to check for
> > a hash value before the target function address. If the hash at the call
> > site and the hash at the target do not match, execution will trap.
> >
> > I'm hoping we can land front- and middle-end and do architectures as
> > they also pass review. What do folks think? I'd really like to get this
> > in a position where more people can test with GCC snapshots, etc.
> 
> What's the status of this on the kernel side? Could you link me to
> patches so I can have a play?

This works already with all standard config Linux versions that support
KCFI, though prior to v6.18, you'll get a confusing "CONFIG_CFI_CLANG"
config option for it, which still works since the feature gets detected
as present in the compiler.

Regardless, here's the CONFIG_CFI_CLANG -> CONFIG_CFI renaming patch
that landed in v6.18:
https://lore.kernel.org/all/20250923213422.1105654-3-kees@kernel.org/

And a clean-ups series that also landed in v6.18 I did just to help with
my own debugging while developing GCC KCFI, which contained 2 corner case
fixes:
https://lore.kernel.org/all/20250904033217.it.414-kees@kernel.org/

So, I guess, tl;dr: if you don't want to think about it at all, use
v6.18. Prior to that, it should work as long as you aren't building
without retpolines.

> Thank you for working on this. We get a lot of requests for it and
> pressure to build the kernel with Clang for this feature.

It's been a hoot. :) Thanks for any testing you can do!

-Kees

-- 
Kees Cook