lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250821091220.GM4067720@noisy.programming.kicks-ass.net>
Date: Thu, 21 Aug 2025 11:12:20 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: Andrew Pinski <andrew.pinski@....qualcomm.com>
Cc: Kees Cook <kees@...nel.org>, Qing Zhao <qing.zhao@...cle.com>,
	gcc-patches@....gnu.org, Joseph Myers <josmyers@...hat.com>,
	Richard Biener <rguenther@...e.de>, Jan Hubicka <hubicka@....cz>,
	Richard Earnshaw <richard.earnshaw@....com>,
	Richard Sandiford <richard.sandiford@....com>,
	Marcus Shawcroft <marcus.shawcroft@....com>,
	Kyrylo Tkachov <kyrylo.tkachov@....com>,
	Kito Cheng <kito.cheng@...il.com>,
	Palmer Dabbelt <palmer@...belt.com>,
	Andrew Waterman <andrew@...ive.com>,
	Jim Wilson <jim.wilson.gcc@...il.com>,
	Dan Li <ashimida.1990@...il.com>, linux-hardening@...r.kernel.org
Subject: Re: [RFC PATCH 3/7] kcfi: Add core Kernel Control Flow Integrity
 infrastructure

On Thu, Aug 21, 2025 at 01:16:56AM -0700, Andrew Pinski wrote:

> > +/* Compute KCFI type ID for a function declaration or function type
> > (internal) */
> > +static uint32_t
> > +compute_kcfi_type_id (tree fntype_or_fndecl)
> > +{
> > +  if (!fntype_or_fndecl)
> > +    return 0;
> > +
> > +  const char *canonical_name = mangle_function_type (fntype_or_fndecl);
> > +  uint32_t base_type_id = kcfi_hash_string (canonical_name);
> >
> 
> Now I am curious why this needs to be a mangled function name? Since the
> function in C the symbol is just its name.
> Is there documentation that says the hash needs to be based on all of the
> function arguments types?

The whole point of kCFI is to limit the targets of indirect calls to
functions of the same signature. The actual function name is immaterial.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ