On Thu, 21 Aug 2025, Peter Zijlstra wrote:
> On Thu, Aug 21, 2025 at 01:16:56AM -0700, Andrew Pinski wrote:
>
> > > +/* Compute KCFI type ID for a function declaration or function type
> > > (internal) */
> > > +static uint32_t
> > > +compute_kcfi_type_id (tree fntype_or_fndecl)
> > > +{
> > > + if (!fntype_or_fndecl)
> > > + return 0;
> > > +
> > > + const char *canonical_name = mangle_function_type (fntype_or_fndecl);
> > > + uint32_t base_type_id = kcfi_hash_string (canonical_name);
> > >
> >
> > Now I am curious why this needs to be a mangled function name? Since the
> > function in C the symbol is just its name.
> > Is there documentation that says the hash needs to be based on all of the
> > function arguments types?
>
> The whole point of kCFI is to limit the targets of indirect calls to
> functions of the same signature. The actual function name is immaterial.
What's the attack vector and how does kCFI achieve mitigating it?
Richard.
