Prior to clang 22.0.0 [1], ARM did not have an architecture specific
kCFI bundle lowering in the backend, which may cause issues. Select
CONFIG_ARCH_USES_CFI_GENERIC_LLVM_PASS to enable use of __nocfi_generic.
Link: https://github.com/llvm/llvm-project/commit/d130f402642fba3d065aacb506cb061c899558de [1]
Link: https://github.com/ClangBuiltLinux/linux/issues/2124
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
---
arch/arm/Kconfig | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 2e3f93b690f4..4fb985b76e97 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -44,6 +44,8 @@ config ARM
select ARCH_USE_BUILTIN_BSWAP
select ARCH_USE_CMPXCHG_LOCKREF
select ARCH_USE_MEMTEST
+ # https://github.com/llvm/llvm-project/commit/d130f402642fba3d065aacb506cb061c899558de
+ select ARCH_USES_CFI_GENERIC_LLVM_PASS if CLANG_VERSION < 220000
select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT if MMU
select ARCH_WANT_GENERAL_HUGETLB
select ARCH_WANT_IPC_PARSE_VERSION
--
2.51.1Hi Nathan, On Sat, Oct 25, 2025 at 1:53 PM Nathan Chancellor <nathan@kernel.org> wrote: > > Prior to clang 22.0.0 [1], ARM did not have an architecture specific > kCFI bundle lowering in the backend, which may cause issues. Select > CONFIG_ARCH_USES_CFI_GENERIC_LLVM_PASS to enable use of __nocfi_generic. > > Link: https://github.com/llvm/llvm-project/commit/d130f402642fba3d065aacb506cb061c899558de [1] > Link: https://github.com/ClangBuiltLinux/linux/issues/2124 > Signed-off-by: Nathan Chancellor <nathan@kernel.org> > --- > arch/arm/Kconfig | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig > index 2e3f93b690f4..4fb985b76e97 100644 > --- a/arch/arm/Kconfig > +++ b/arch/arm/Kconfig > @@ -44,6 +44,8 @@ config ARM > select ARCH_USE_BUILTIN_BSWAP > select ARCH_USE_CMPXCHG_LOCKREF > select ARCH_USE_MEMTEST > + # https://github.com/llvm/llvm-project/commit/d130f402642fba3d065aacb506cb061c899558de > + select ARCH_USES_CFI_GENERIC_LLVM_PASS if CLANG_VERSION < 220000 Instead of working around issues with the generic pass, would it make more sense to just disable arm32 CFI with older Clang versions entirely? Linus, any thoughts? Sami
On Mon, Oct 27, 2025 at 4:54 PM Sami Tolvanen <samitolvanen@google.com> wrote: > On Sat, Oct 25, 2025 at 1:53 PM Nathan Chancellor <nathan@kernel.org> wrote: > > > > Prior to clang 22.0.0 [1], ARM did not have an architecture specific > > kCFI bundle lowering in the backend, which may cause issues. Select > > CONFIG_ARCH_USES_CFI_GENERIC_LLVM_PASS to enable use of __nocfi_generic. > > > > Link: https://github.com/llvm/llvm-project/commit/d130f402642fba3d065aacb506cb061c899558de [1] > > Link: https://github.com/ClangBuiltLinux/linux/issues/2124 > > Signed-off-by: Nathan Chancellor <nathan@kernel.org> I didn't know Kees stepped in and fixed this, christmas comes early this year! I had it on my TODO to do this or get someone to do this, but now it turns out I don't have to. > > + # https://github.com/llvm/llvm-project/commit/d130f402642fba3d065aacb506cb061c899558de > > + select ARCH_USES_CFI_GENERIC_LLVM_PASS if CLANG_VERSION < 220000 > > Instead of working around issues with the generic pass, would it make > more sense to just disable arm32 CFI with older Clang versions > entirely? Linus, any thoughts? We have people using this with the default compilers that come with Debiand and Fedora. I would say as soon as the latest release of the major distributions supports this, we can drop support for older compilers. Yours, Linus Walleij
On Mon, Oct 27, 2025 at 11:56:21PM +0100, Linus Walleij wrote: > On Mon, Oct 27, 2025 at 4:54 PM Sami Tolvanen <samitolvanen@google.com> wrote: > > On Sat, Oct 25, 2025 at 1:53 PM Nathan Chancellor <nathan@kernel.org> wrote: > > > > > > Prior to clang 22.0.0 [1], ARM did not have an architecture specific > > > kCFI bundle lowering in the backend, which may cause issues. Select > > > CONFIG_ARCH_USES_CFI_GENERIC_LLVM_PASS to enable use of __nocfi_generic. > > > > > > Link: https://github.com/llvm/llvm-project/commit/d130f402642fba3d065aacb506cb061c899558de [1] > > > Link: https://github.com/ClangBuiltLinux/linux/issues/2124 > > > Signed-off-by: Nathan Chancellor <nathan@kernel.org> > > I didn't know Kees stepped in and fixed this, christmas comes > early this year! I had it on my TODO to do this or get someone to > do this, but now it turns out I don't have to. > > > > + # https://github.com/llvm/llvm-project/commit/d130f402642fba3d065aacb506cb061c899558de > > > + select ARCH_USES_CFI_GENERIC_LLVM_PASS if CLANG_VERSION < 220000 > > > > Instead of working around issues with the generic pass, would it make > > more sense to just disable arm32 CFI with older Clang versions > > entirely? Linus, any thoughts? > > We have people using this with the default compilers that come with > Debiand and Fedora. I would say as soon as the latest release of > the major distributions supports this, we can drop support for older > compilers. Okay, it seems like the consensus is to take this series so we don't break existing users, even if they are rare. Unless someone screams, I'll take this via the hardening tree... -- Kees Cook
On Mon, Oct 27, 2025 at 11:56:21PM +0100, Linus Walleij wrote: > On Mon, Oct 27, 2025 at 4:54 PM Sami Tolvanen <samitolvanen@google.com> wrote: > > Instead of working around issues with the generic pass, would it make > > more sense to just disable arm32 CFI with older Clang versions > > entirely? Linus, any thoughts? > > We have people using this with the default compilers that come with > Debiand and Fedora. I would say as soon as the latest release of > the major distributions supports this, we can drop support for older > compilers. Okay, I think that is reasonable enough. This is not a very large workaround and I do not expect these type of workarounds to be necessary frequently so I think it is worth keeping this working if people are actually using it. That means we could mandate the backend version of kCFI for ARM with Debian Forky in 2027. Cheers, Nathan
On Tue, Oct 28, 2025 at 10:52 AM Nathan Chancellor <nathan@kernel.org> wrote: > > On Mon, Oct 27, 2025 at 11:56:21PM +0100, Linus Walleij wrote: > > On Mon, Oct 27, 2025 at 4:54 PM Sami Tolvanen <samitolvanen@google.com> wrote: > > > Instead of working around issues with the generic pass, would it make > > > more sense to just disable arm32 CFI with older Clang versions > > > entirely? Linus, any thoughts? > > > > We have people using this with the default compilers that come with > > Debiand and Fedora. I would say as soon as the latest release of > > the major distributions supports this, we can drop support for older > > compilers. > > Okay, I think that is reasonable enough. This is not a very large > workaround and I do not expect these type of workarounds to be necessary > frequently so I think it is worth keeping this working if people are > actually using it. That means we could mandate the backend version of > kCFI for ARM with Debian Forky in 2027. Yeah, it's a bit unfortunate, but I agree that we shouldn't break existing users until newer Clang is actually available in distros. Sami
Hi Sami, On Mon, Oct 27, 2025 at 08:53:49AM -0700, Sami Tolvanen wrote: > Instead of working around issues with the generic pass, would it make > more sense to just disable arm32 CFI with older Clang versions > entirely? Linus, any thoughts? That would certainly get to the heart of the problem. I have no real strong opinion about keeping these older versions working, especially since we have no idea how many people are actively using CONFIG_CFI on ARM. I will say that this particular issue is rather exceptional (i.e., I don't know how often this would really come up in the future) because this code is relying on the fact that these indirect calls will be made direct by the compiler and checking for it, which does not seem like it would be really common in the kernel otherwise. We would likely have to forbid future use of the generic pass as well. Cheers, Nathan
© 2016 - 2026 Red Hat, Inc.