[PATCH 0/5] kcfi: Prepare for GCC support

From: Kees Cook <kees@kernel.org>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Kees Cook <kees@kernel.org>,
	Sami Tolvanen <samitolvanen@google.com>,
	David Woodhouse <dwmw2@infradead.org>,
	Linus Walleij <linus.walleij@linaro.org>,
	Mark Rutland <mark.rutland@arm.com>,
	Puranjay Mohan <puranjay@kernel.org>,
	Jonathan Corbet <corbet@lwn.net>,
	Nathan Chancellor <nathan@kernel.org>,
	x86@kernel.org, linux-doc@vger.kernel.org,
	linux-kbuild@vger.kernel.org,
	linux-arm-kernel@lists.infradead.org,
	linux-riscv@lists.infradead.org, llvm@lists.linux.dev,
	linux-hardening@vger.kernel.org
Subject: [PATCH 0/5] kcfi: Prepare for GCC support
Date: Mon, 25 Aug 2025 07:25:47 -0700	[thread overview]
Message-ID: <20250825141316.work.967-kees@kernel.org> (raw)

Hi,

With KCFI support in GCC coming[1], we need to make some (relatively
small) changes in the kernel to deal with it:

- move __nocfi out of compilers-clang.h (so GCC can see it too)
- add cfi=debug so future Kees can find breakage easier
- remove problematic __noinitretpoline usage
- rename CONFIG_CFI_CLANG to CONFIG_CFI (otherwise is it quite confusing)

Thanks!

-Kees

[1] https://lore.kernel.org/linux-hardening/20250821064202.work.893-kees@kernel.org/

Kees Cook (5):
  compiler_types.h: Move __nocfi out of compiler-specific header
  x86/traps: Clarify KCFI instruction layout
  x86/cfi: Add option for cfi=debug bootparam
  x86/cfi: Remove __noinitretpoline and __noretpoline
  kcfi: Rename CONFIG_CFI_CLANG to CONFIG_CFI

 arch/Kconfig                                  | 22 +++++-----
 arch/arm/Kconfig                              |  2 +-
 arch/arm64/Kconfig                            |  4 +-
 arch/riscv/Kconfig                            |  6 +--
 arch/x86/Kconfig                              | 12 +++---
 init/Kconfig                                  |  4 +-
 kernel/module/Kconfig                         |  2 +-
 lib/Kconfig.debug                             |  2 +-
 Makefile                                      |  2 +-
 arch/arm/mm/Makefile                          |  2 +-
 arch/riscv/kernel/Makefile                    |  2 +-
 arch/riscv/purgatory/Makefile                 |  2 +-
 arch/x86/kernel/Makefile                      |  2 +-
 arch/x86/purgatory/Makefile                   |  2 +-
 kernel/Makefile                               |  2 +-
 .../admin-guide/kernel-parameters.txt         | 18 ++++++++
 arch/riscv/include/asm/cfi.h                  |  4 +-
 arch/x86/include/asm/cfi.h                    |  4 +-
 include/asm-generic/vmlinux.lds.h             |  2 +-
 include/linux/cfi.h                           |  6 +--
 include/linux/cfi_types.h                     |  8 ++--
 include/linux/compiler-clang.h                |  5 ---
 include/linux/compiler-gcc.h                  |  4 --
 include/linux/compiler.h                      |  2 +-
 include/linux/compiler_types.h                |  4 +-
 include/linux/init.h                          |  8 ----
 tools/include/linux/cfi_types.h               |  6 +--
 tools/perf/util/include/linux/linkage.h       |  2 +-
 arch/arm/mm/cache-fa.S                        |  2 +-
 arch/arm/mm/cache-v4.S                        |  2 +-
 arch/arm/mm/cache-v4wb.S                      |  4 +-
 arch/arm/mm/cache-v4wt.S                      |  2 +-
 arch/arm/mm/cache-v6.S                        |  2 +-
 arch/arm/mm/cache-v7.S                        |  2 +-
 arch/arm/mm/cache-v7m.S                       |  2 +-
 arch/arm/mm/proc-arm1020.S                    |  2 +-
 arch/arm/mm/proc-arm1020e.S                   |  2 +-
 arch/arm/mm/proc-arm1022.S                    |  2 +-
 arch/arm/mm/proc-arm1026.S                    |  2 +-
 arch/arm/mm/proc-arm920.S                     |  2 +-
 arch/arm/mm/proc-arm922.S                     |  2 +-
 arch/arm/mm/proc-arm925.S                     |  2 +-
 arch/arm/mm/proc-arm926.S                     |  2 +-
 arch/arm/mm/proc-arm940.S                     |  2 +-
 arch/arm/mm/proc-arm946.S                     |  2 +-
 arch/arm/mm/proc-feroceon.S                   |  2 +-
 arch/arm/mm/proc-mohawk.S                     |  2 +-
 arch/arm/mm/proc-xsc3.S                       |  2 +-
 arch/arm/mm/tlb-v4.S                          |  2 +-
 arch/arm/kernel/hw_breakpoint.c               |  2 +-
 arch/arm64/kernel/debug-monitors.c            |  2 +-
 arch/arm64/kernel/traps.c                     |  4 +-
 arch/arm64/kvm/handle_exit.c                  |  2 +-
 arch/arm64/net/bpf_jit_comp.c                 |  2 +-
 arch/riscv/net/bpf_jit_comp64.c               |  4 +-
 arch/x86/kernel/alternative.c                 | 43 +++++++++++++++----
 arch/x86/kernel/cfi.c                         |  2 +-
 arch/x86/kernel/kprobes/core.c                |  2 +-
 drivers/misc/lkdtm/cfi.c                      |  2 +-
 kernel/module/tree_lookup.c                   |  2 +-
 kernel/configs/hardening.config               |  2 +-
 61 files changed, 141 insertions(+), 113 deletions(-)

-- 
2.34.1

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv