Re: [PATCH v9 0/7] Introduce Kernel Control Flow Integrity ABI [PR107048]

public inbox for linux-hardening@vger.kernel.org
 help / color / mirror / Atom feed

From: Kees Cook <kees@kernel.org>
To: Andrew Pinski <andrew.pinski@oss.qualcomm.com>
Cc: Qing Zhao <qing.zhao@oracle.com>, Uros Bizjak <ubizjak@gmail.com>,
	Joseph Myers <josmyers@redhat.com>,
	Richard Biener <rguenther@suse.de>,
	Jeff Law <jeffreyalaw@gmail.com>,
	Andrew Pinski <pinskia@gmail.com>,
	Jakub Jelinek <jakub@redhat.com>,
	Martin Uecker <uecker@tugraz.at>,
	Peter Zijlstra <peterz@infradead.org>,
	Ard Biesheuvel <ardb@kernel.org>, Jan Hubicka <hubicka@ucw.cz>,
	Richard Earnshaw <richard.earnshaw@arm.com>,
	Richard Sandiford <richard.sandiford@arm.com>,
	Marcus Shawcroft <marcus.shawcroft@arm.com>,
	Kyrylo Tkachov <kyrylo.tkachov@arm.com>,
	Kito Cheng <kito.cheng@gmail.com>,
	Palmer Dabbelt <palmer@dabbelt.com>,
	Andrew Waterman <andrew@sifive.com>,
	Jim Wilson <jim.wilson.gcc@gmail.com>,
	Dan Li <ashimida.1990@gmail.com>,
	Sami Tolvanen <samitolvanen@google.com>,
	Ramon de C Valle <rcvalle@google.com>,
	Joao Moreira <joao@overdrivepizza.com>,
	Nathan Chancellor <nathan@kernel.org>,
	Bill Wendling <morbo@google.com>,
	"Osterlund, Sebastian" <sebastian.osterlund@intel.com>,
	"Constable, Scott D" <scott.d.constable@intel.com>,
	gcc-patches@gcc.gnu.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH v9 0/7] Introduce Kernel Control Flow Integrity ABI [PR107048]
Date: Fri, 9 Jan 2026 10:22:52 -0800	[thread overview]
Message-ID: <202601091022.F01CFC86F@keescook> (raw)
In-Reply-To: <CALvbMcCi8SZs415AE8WYFiijh6K0HYixqz68Nbios=BvuB_jsg@mail.gmail.com>

On Thu, Jan 08, 2026 at 09:48:58PM -0800, Andrew Pinski wrote:
> On Thu, Jan 1, 2026 at 7:42 PM Kees Cook <kees@kernel.org> wrote:
> >
> >
> >
> > On January 1, 2026 2:42:59 PM PST, Andrew Pinski <andrew.pinski@oss.qualcomm.com> wrote:
> > >On Tue, Dec 9, 2025 at 6:22 PM Kees Cook <kees@kernel.org> wrote:
> > >>
> > >> Hi,
> > >>
> > >> This series implements[1][2] the Linux Kernel Control Flow Integrity
> > >> ABI, which provides a function prototype based forward edge control flow
> > >> integrity protection by instrumenting every indirect call to check for
> > >> a hash value before the target function address. If the hash at the call
> > >> site and the hash at the target do not match, execution will trap.
> > >>
> > >> I'm hoping we can land front- and middle-end and do architectures as
> > >> they also pass review. What do folks think? I'd really like to get this
> > >> in a position where more people can test with GCC snapshots, etc.
> > >
> > >So looking back into the other implementation that was submitted a few
> > >years back (https://patchwork.sourceware.org/project/gcc/patch/20230325081117.93245-3-ashimida.1990@gmail.com/),
> > >a regnote (REG_CALL_CFI_TYPEID) was used instead of the wrapping with
> > >kfci rtl.
> > >I get the feeling a regnote would be better as there is less for the
> > >backend to deal with including new patterns.
> > >What do others think?
> >
> > I started there and it created way too many problems that I had to continuously hack around. Switching to RTL solved all of it. (See v1 and v2 of this series where that was how it was implemented.)
> 
> Ok, thanks for confirming that. I will try to give v10 a full review
> by the end of next week. But since GCC is starting stage 4 on Monday
> and I think it is too late to add this feature so this might be the
> first thing to be pushed once GCC 17 stage 1 starts (mid to late March
> depending on how fast regressions are fixed).

Thanks! Yeah, I'm not expecting to land this in GCC 16. We're very late
in the cycle. :)

-Kees

-- 
Kees Cook

next prev parent reply	other threads:[~2026-01-09 18:22 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-12-10  2:20 [PATCH v9 0/7] Introduce Kernel Control Flow Integrity ABI [PR107048] Kees Cook
2025-12-10  2:20 ` [PATCH v9 1/7] typeinfo: Introduce KCFI typeinfo mangling API Kees Cook
2025-12-12 23:07   ` Andrew Pinski
2025-12-13  1:24     ` Kees Cook
2025-12-13  1:29       ` Andrew Pinski
2025-12-13  1:43         ` Kees Cook
2025-12-10  2:20 ` [PATCH v9 2/7] kcfi: Add core Kernel Control Flow Integrity infrastructure Kees Cook
2025-12-10  4:00   ` Andrew Pinski
2025-12-13  2:30     ` Kees Cook
2025-12-10  2:20 ` [PATCH v9 3/7] kcfi: Add regression test suite Kees Cook
2025-12-10  2:20 ` [PATCH v9 4/7] x86: Add x86_64 Kernel Control Flow Integrity implementation Kees Cook
2025-12-10  2:20 ` [PATCH v9 5/7] aarch64: Add AArch64 " Kees Cook
2025-12-10  3:48   ` Andrew Pinski
2025-12-12 22:47   ` Andrew Pinski
2025-12-13  1:40     ` Kees Cook
2025-12-10  2:20 ` [PATCH v9 6/7] arm: Add ARM 32-bit " Kees Cook
2025-12-10  2:20 ` [PATCH v9 7/7] riscv: Add RISC-V " Kees Cook
2025-12-10 18:55 ` [PATCH v9 0/7] Introduce Kernel Control Flow Integrity ABI [PR107048] Sam James
2025-12-11  0:07   ` Kees Cook
2026-01-01 22:42 ` Andrew Pinski
2026-01-02  3:42   ` Kees Cook
2026-01-09  5:48     ` Andrew Pinski
2026-01-09 18:22       ` Kees Cook [this message]
2026-01-09 18:43         ` Jeffrey Law

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202601091022.F01CFC86F@keescook \
    --to=kees@kernel.org \
    --cc=andrew.pinski@oss.qualcomm.com \
    --cc=andrew@sifive.com \
    --cc=ardb@kernel.org \
    --cc=ashimida.1990@gmail.com \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=hubicka@ucw.cz \
    --cc=jakub@redhat.com \
    --cc=jeffreyalaw@gmail.com \
    --cc=jim.wilson.gcc@gmail.com \
    --cc=joao@overdrivepizza.com \
    --cc=josmyers@redhat.com \
    --cc=kito.cheng@gmail.com \
    --cc=kyrylo.tkachov@arm.com \
    --cc=linux-hardening@vger.kernel.org \
    --cc=marcus.shawcroft@arm.com \
    --cc=morbo@google.com \
    --cc=nathan@kernel.org \
    --cc=palmer@dabbelt.com \
    --cc=peterz@infradead.org \
    --cc=pinskia@gmail.com \
    --cc=qing.zhao@oracle.com \
    --cc=rcvalle@google.com \
    --cc=rguenther@suse.de \
    --cc=richard.earnshaw@arm.com \
    --cc=richard.sandiford@arm.com \
    --cc=samitolvanen@google.com \
    --cc=scott.d.constable@intel.com \
    --cc=sebastian.osterlund@intel.com \
    --cc=ubizjak@gmail.com \
    --cc=uecker@tugraz.at \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox