Clang CFI Support Upstreamed For Linux 5.13 - But Only On ARM64 For Now

Written by Michael Larabel in LLVM on 30 April 2021 at 05:26 AM EDT. Add A Comment
Now that Clang LTO support landed in Linux 5.12 and cleared the blocker on CFI support, that LLVM Clang control-flow integrity (CFI) capability is now upstream for Linux 5.13.

Clang's Control-Flow Integrity provides run-time checks before every indirect function call to ensure the target is a valid function with a valid static type. Clang CFI is implemented as a sanitizer and requires link-time optimizations (LTO) be enabled and thus was blocked until that support first landed in the kernel. Clang CFI can be benficial at ensuring the intended control flow of the software doesn't change and generally at a cost of ~1% or less to the run-time performance.

Google has already been using Clang CFI when building their Android kernels the past few years. Now given the Clang LTO support upstream and the overall improving state of LLVM/Clang compiler support for the Linux kernel, CFI support has landed upstream in Linux 5.13.

One important note though is that for Linux 5.13 only 64-bit ARM is supported. The Clang CFI support for Linux x86/x86_64 is still being worked on but almost complete.

More details on Clang CFI for Linux 5.13 via this pull request that was already merged to mainline.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week