Improved Control Flow Integrity (KCFI) Implementation Submitted For Linux 6.1

Along with the Rust infrastructure for Linux 6.1 pull request, another early pull submitted by kernel maintainer Kees Cook for Linux 6.1 is the introduction of a new Control Flow Integrity "CFI" implementation for the Linux kernel to replace the former, less-than-ideal code.

The Linux kernel has supported Clang's CFI implementation that has been dependent upon Clang LTO (Link Time Optimization) support being enabled among other caveats in the support. This Clang CFI implementation is now being replaced by Clang's newer "KCFI" implementation that is designed for kernel-use in mind and addresses prior headaches around the existing Clang CFI implementation. GCC support for KCFI is also expected in the future.

Of this new Clang KCFI support for Linux 6.1, Kees Cook summed it up as:

This replaces the prior support for Clang's standard Control Flow Integrity (CFI) instrumentation, which has required a lot of special conditions (e.g. LTO) and work-arounds. The current implementation ("Kernel CFI") is specific to C, directly designed for the Linux kernel, and takes advantage of architectural features like x86's IBT. This series retains arm64 support and adds x86 support. Additional "generic" architectural support is expected soon.

More details via the KCFI pull request submitted in preparation for the imminent Linux 6.1 merge window.

Clang's KCFI (-fsanitize=kcf) is a forward-edge control-flow integrity scheme for indirect calls. KCFI is engineered for low-level code and this sanitizer has been mainlined in LLVM since earlier in the year. This KCFI support has been led by Google over the past number of months.