On Mon, May 11, 2026 at 12:48:44PM -0700, Kees Cook wrote: > Hi, > > This series implements[1][2] the Linux Kernel Control Flow Integrity > ABI, which provides a function prototype based forward edge control flow > integrity protection by instrumenting every indirect call to check for > a hash value before the target function address. If the hash at the call > site and the hash at the target do not match, execution will trap. > > I was asked to wait to resend this series until gcc 16 released, which > it has now. I'm hoping we can land the front-, middle-, and back-ends > for aarch64 and x86_64. I'd really like to get this in a position where > more people can test with GCC snapshots, etc. Since I don't have commit > access, who is the right person to commit this? > > Thanks! > > -Kees > > Changes since v10[3]: > > - Rebase to latest. > - Update tests to aarch64 brk instruction immediate printing in hex. > > [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107048 > [2] https://github.com/KSPP/linux/issues/369 > [3] > https://lore.kernel.org/linux-hardening/[email protected]/ > > Kees Cook (7): > typeinfo: Introduce KCFI typeinfo mangling API > kcfi: Add core Kernel Control Flow Integrity infrastructure > kcfi: Add regression test suite > x86: Add x86_64 Kernel Control Flow Integrity implementation > aarch64: Add AArch64 Kernel Control Flow Integrity implementation > arm: Add ARM 32-bit Kernel Control Flow Integrity implementation > riscv: Add RISC-V Kernel Control Flow Integrity implementation
Thanks for continuing to push this Kees!
