From: Peter Zijlstra <peterz@infradead.org>
To: Kees Cook <kees@kernel.org>
Cc: Andrew Pinski <andrew.pinski@oss.qualcomm.com>,
Uros Bizjak <ubizjak@gmail.com>,
Joseph Myers <josmyers@redhat.com>,
Richard Biener <rguenther@suse.de>,
Jeff Law <jeffreyalaw@gmail.com>,
Andrew Pinski <pinskia@gmail.com>,
Jakub Jelinek <jakub@redhat.com>,
Martin Uecker <uecker@tugraz.at>,
Ard Biesheuvel <ardb@kernel.org>, Jan Hubicka <hubicka@ucw.cz>,
Richard Earnshaw <richard.earnshaw@arm.com>,
Richard Sandiford <richard.sandiford@arm.com>,
Marcus Shawcroft <marcus.shawcroft@arm.com>,
Kyrylo Tkachov <kyrylo.tkachov@arm.com>,
Kito Cheng <kito.cheng@gmail.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Andrew Waterman <andrew@sifive.com>,
Jim Wilson <jim.wilson.gcc@gmail.com>,
Dan Li <ashimida.1990@gmail.com>,
Sami Tolvanen <samitolvanen@google.com>,
Ramon de C Valle <rcvalle@google.com>,
Joao Moreira <joao@overdrivepizza.com>,
Nathan Chancellor <nathan@kernel.org>,
Bill Wendling <morbo@google.com>,
"Osterlund, Sebastian" <sebastian.osterlund@intel.com>,
"Constable, Scott D" <scott.d.constable@intel.com>,
gcc-patches@gcc.gnu.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH v11 0/7] Introduce Kernel Control Flow Integrity ABI [PR107048]
Date: Tue, 12 May 2026 09:50:11 +0200 [thread overview]
Message-ID: <20260512075011.GU3126523@noisy.programming.kicks-ass.net> (raw)
In-Reply-To: <20260511194847.faster.180-kees@kernel.org>
On Mon, May 11, 2026 at 12:48:44PM -0700, Kees Cook wrote:
> Hi,
>
> This series implements[1][2] the Linux Kernel Control Flow Integrity
> ABI, which provides a function prototype based forward edge control flow
> integrity protection by instrumenting every indirect call to check for
> a hash value before the target function address. If the hash at the call
> site and the hash at the target do not match, execution will trap.
>
> I was asked to wait to resend this series until gcc 16 released, which
> it has now. I'm hoping we can land the front-, middle-, and back-ends
> for aarch64 and x86_64. I'd really like to get this in a position where
> more people can test with GCC snapshots, etc. Since I don't have commit
> access, who is the right person to commit this?
>
> Thanks!
>
> -Kees
>
> Changes since v10[3]:
>
> - Rebase to latest.
> - Update tests to aarch64 brk instruction immediate printing in hex.
>
> [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107048
> [2] https://github.com/KSPP/linux/issues/369
> [3] https://lore.kernel.org/linux-hardening/20260107200301.better.465-kees@kernel.org/
>
> Kees Cook (7):
> typeinfo: Introduce KCFI typeinfo mangling API
> kcfi: Add core Kernel Control Flow Integrity infrastructure
> kcfi: Add regression test suite
> x86: Add x86_64 Kernel Control Flow Integrity implementation
> aarch64: Add AArch64 Kernel Control Flow Integrity implementation
> arm: Add ARM 32-bit Kernel Control Flow Integrity implementation
> riscv: Add RISC-V Kernel Control Flow Integrity implementation
Thanks for continuing to push this Kees!
prev parent reply other threads:[~2026-05-12 7:50 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-11 19:48 [PATCH v11 0/7] Introduce Kernel Control Flow Integrity ABI [PR107048] Kees Cook
2026-05-11 19:48 ` [PATCH v11 1/7] typeinfo: Introduce KCFI typeinfo mangling API Kees Cook
2026-05-11 20:08 ` Martin Uecker
2026-05-11 20:41 ` Kees Cook
2026-05-12 8:13 ` Martin Uecker
2026-05-12 8:35 ` Peter Zijlstra
2026-05-12 18:12 ` Martin Uecker
2026-05-12 18:25 ` Andrew Pinski
2026-05-11 19:48 ` [PATCH v11 2/7] kcfi: Add core Kernel Control Flow Integrity infrastructure Kees Cook
2026-05-11 19:48 ` [PATCH v11 3/7] kcfi: Add regression test suite Kees Cook
2026-05-11 19:48 ` [PATCH v11 4/7] x86: Add x86_64 Kernel Control Flow Integrity implementation Kees Cook
2026-05-11 19:48 ` [PATCH v11 5/7] aarch64: Add AArch64 " Kees Cook
2026-05-11 19:48 ` [PATCH v11 6/7] arm: Add ARM 32-bit " Kees Cook
2026-05-11 19:48 ` [PATCH v11 7/7] riscv: Add RISC-V " Kees Cook
2026-05-12 7:50 ` Peter Zijlstra [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260512075011.GU3126523@noisy.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=andrew.pinski@oss.qualcomm.com \
--cc=andrew@sifive.com \
--cc=ardb@kernel.org \
--cc=ashimida.1990@gmail.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=hubicka@ucw.cz \
--cc=jakub@redhat.com \
--cc=jeffreyalaw@gmail.com \
--cc=jim.wilson.gcc@gmail.com \
--cc=joao@overdrivepizza.com \
--cc=josmyers@redhat.com \
--cc=kees@kernel.org \
--cc=kito.cheng@gmail.com \
--cc=kyrylo.tkachov@arm.com \
--cc=linux-hardening@vger.kernel.org \
--cc=marcus.shawcroft@arm.com \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=palmer@dabbelt.com \
--cc=pinskia@gmail.com \
--cc=rcvalle@google.com \
--cc=rguenther@suse.de \
--cc=richard.earnshaw@arm.com \
--cc=richard.sandiford@arm.com \
--cc=samitolvanen@google.com \
--cc=scott.d.constable@intel.com \
--cc=sebastian.osterlund@intel.com \
--cc=ubizjak@gmail.com \
--cc=uecker@tugraz.at \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox