On Wed, Dec 10, 2025 at 06:55:31PM +0000, Sam James wrote: > Kees Cook <[email protected]> writes: > > > Hi, > > > > This series implements[1][2] the Linux Kernel Control Flow Integrity > > ABI, which provides a function prototype based forward edge control flow > > integrity protection by instrumenting every indirect call to check for > > a hash value before the target function address. If the hash at the call > > site and the hash at the target do not match, execution will trap. > > > > I'm hoping we can land front- and middle-end and do architectures as > > they also pass review. What do folks think? I'd really like to get this > > in a position where more people can test with GCC snapshots, etc. > > What's the status of this on the kernel side? Could you link me to > patches so I can have a play?
This works already with all standard config Linux versions that support KCFI, though prior to v6.18, you'll get a confusing "CONFIG_CFI_CLANG" config option for it, which still works since the feature gets detected as present in the compiler. Regardless, here's the CONFIG_CFI_CLANG -> CONFIG_CFI renaming patch that landed in v6.18: https://lore.kernel.org/all/[email protected]/ And a clean-ups series that also landed in v6.18 I did just to help with my own debugging while developing GCC KCFI, which contained 2 corner case fixes: https://lore.kernel.org/all/[email protected]/ So, I guess, tl;dr: if you don't want to think about it at all, use v6.18. Prior to that, it should work as long as you aren't building without retpolines. > Thank you for working on this. We get a lot of requests for it and > pressure to build the kernel with Clang for this feature. It's been a hoot. :) Thanks for any testing you can do! -Kees -- Kees Cook
