[CodeGen][KCFI] Provide alternative KCFI hash

kees · kees · commit 7ee5e430e955 · 2025-11-13T17:29:11.000-08:00
In order to transition between KCFI hash, we need to be able to specify
them. Add the Clang option -fsanitize-kcfi-hash= and a IR module option
"kcfi-hash" that can choose between xxHash64 and FNV-1a. Default to
xxHash64 to stay backward compatible, as we'll need to also update rustc
to take a new option to change the hash to FNV-1a for interop with the
coming GCC KCFI.
diff --git a/clang/include/clang/Basic/CodeGenOptions.h b/clang/include/clang/Basic/CodeGenOptions.h
@@ -21,6 +21,7 @@
 #include "llvm/Frontend/Debug/Options.h"
 #include "llvm/Frontend/Driver/CodeGenOptions.h"
 #include "llvm/Support/CodeGen.h"
+#include "llvm/Support/Hash.h"
 #include "llvm/Support/Regex.h"
 #include "llvm/Target/TargetOptions.h"
 #include "llvm/Transforms/Instrumentation/AddressSanitizerOptions.h"
@@ -514,6 +515,9 @@ class CodeGenOptions : public CodeGenOptionsBase {
   /// binary metadata pass should not be instrumented.
   std::vector<std::string> SanitizeMetadataIgnorelistFiles;
 
+  /// Hash algorithm to use for KCFI type IDs.
+  llvm::KCFIHashAlgorithm SanitizeKcfiHash;
+
   /// Name of the stack usage file (i.e., .su file) if user passes
   /// -fstack-usage. If empty, it can be implied that -fstack-usage is not
   /// passed on the command line.
diff --git a/clang/include/clang/Options/Options.td b/clang/include/clang/Options/Options.td
@@ -2690,6 +2690,16 @@ def fsanitize_kcfi_arity : Flag<["-"], "fsanitize-kcfi-arity">,
                            Group<f_clang_Group>,
                            HelpText<"Embed function arity information into the KCFI patchable function prefix">,
                            MarshallingInfoFlag<CodeGenOpts<"SanitizeKcfiArity">>;
+def fsanitize_kcfi_hash_EQ
+    : Joined<["-"], "fsanitize-kcfi-hash=">,
+      HelpText<"Select hash algorithm for KCFI type IDs (xxHash64, FNV-1a)">,
+      Visibility<[ClangOption, CC1Option]>,
+      Values<"xxHash64,FNV-1a">,
+      NormalizedValuesScope<"llvm">,
+      NormalizedValues<["KCFIHashAlgorithm::xxHash64",
+                        "KCFIHashAlgorithm::FNV1a"]>,
+      MarshallingInfoEnum<CodeGenOpts<"SanitizeKcfiHash">,
+                          "KCFIHashAlgorithm::xxHash64">;
 defm sanitize_stats : BoolOption<"f", "sanitize-stats",
   CodeGenOpts<"SanitizeStats">, DefaultFalse,
   PosFlag<SetTrue, [], [ClangOption], "Enable">,
diff --git a/clang/lib/CodeGen/CodeGenModule.cpp b/clang/lib/CodeGen/CodeGenModule.cpp
@@ -66,6 +66,7 @@
 #include "llvm/Support/CommandLine.h"
 #include "llvm/Support/ConvertUTF.h"
 #include "llvm/Support/ErrorHandling.h"
+#include "llvm/Support/Hash.h"
 #include "llvm/Support/TimeProfiler.h"
 #include "llvm/TargetParser/RISCVISAInfo.h"
 #include "llvm/TargetParser/Triple.h"
@@ -1272,6 +1273,12 @@ void CodeGenModule::Release() {
                                 CodeGenOpts.PatchableFunctionEntryOffset);
     if (CodeGenOpts.SanitizeKcfiArity)
       getModule().addModuleFlag(llvm::Module::Override, "kcfi-arity", 1);
+    // Store the hash algorithm choice for use in LLVM passes
+    getModule().addModuleFlag(
+        llvm::Module::Override, "kcfi-hash",
+        llvm::MDString::get(
+            getLLVMContext(),
+            llvm::stringifyKCFIHashAlgorithm(CodeGenOpts.SanitizeKcfiHash)));
   }
 
   if (CodeGenOpts.CFProtectionReturn &&
@@ -2434,7 +2441,8 @@ llvm::ConstantInt *CodeGenModule::CreateKCFITypeId(QualType T, StringRef Salt) {
   if (getCodeGenOpts().SanitizeCfiICallGeneralizePointers)
     Out << ".generalized";
 
-  return llvm::ConstantInt::get(Int32Ty, llvm::getKCFITypeID(OutName));
+  return llvm::ConstantInt::get(
+      Int32Ty, llvm::getKCFITypeID(OutName, getCodeGenOpts().SanitizeKcfiHash));
 }
 
 void CodeGenModule::SetLLVMFunctionAttributes(GlobalDecl GD,
diff --git a/clang/test/CodeGen/kcfi-hash.c b/clang/test/CodeGen/kcfi-hash.c
@@ -0,0 +1,9 @@
+// RUN: %clang_cc1 -triple x86_64-unknown-linux-gnu -emit-llvm -fsanitize=kcfi -o - %s | FileCheck --check-prefix=DEFAULT %s
+// RUN: %clang_cc1 -triple x86_64-unknown-linux-gnu -emit-llvm -fsanitize=kcfi -fsanitize-kcfi-hash=xxHash64 -o - %s | FileCheck --check-prefix=XXHASH %s
+// RUN: %clang_cc1 -triple x86_64-unknown-linux-gnu -emit-llvm -fsanitize=kcfi -fsanitize-kcfi-hash=FNV-1a -o - %s | FileCheck --check-prefix=FNV %s
+
+void foo(void) {}
+
+// DEFAULT: ![[#]] = !{i32 4, !"kcfi-hash", !"xxHash64"}
+// XXHASH: ![[#]] = !{i32 4, !"kcfi-hash", !"xxHash64"}
+// FNV: ![[#]] = !{i32 4, !"kcfi-hash", !"FNV-1a"}
diff --git a/llvm/include/llvm/Support/Hash.h b/llvm/include/llvm/Support/Hash.h
@@ -18,8 +18,20 @@
 
 namespace llvm {
 
-/// Compute KCFI type ID from mangled type name using FNV-1a hash.
-uint32_t getKCFITypeID(StringRef MangledTypeName);
+enum class KCFIHashAlgorithm { xxHash64, FNV1a };
+
+/// Parse a KCFI hash algorithm name.
+/// Returns xxHash64 if the name is not recognized.
+KCFIHashAlgorithm parseKCFIHashAlgorithm(StringRef Name);
+
+/// Convert a KCFI hash algorithm enum to its string representation.
+StringRef stringifyKCFIHashAlgorithm(KCFIHashAlgorithm Algorithm);
+
+/// Compute KCFI type ID from mangled type name.
+/// The algorithm can be xxHash64 or FNV-1a.
+uint32_t
+getKCFITypeID(StringRef MangledTypeName,
+              KCFIHashAlgorithm Algorithm = KCFIHashAlgorithm::xxHash64);
 
 } // end namespace llvm
 
diff --git a/llvm/lib/Support/Hash.cpp b/llvm/lib/Support/Hash.cpp
@@ -15,6 +15,37 @@
 
 using namespace llvm;
 
-uint32_t llvm::getKCFITypeID(StringRef MangledTypeName) {
-  return static_cast<uint32_t>(xxHash64(MangledTypeName));
+KCFIHashAlgorithm llvm::parseKCFIHashAlgorithm(StringRef Name) {
+  if (Name == "FNV-1a")
+    return KCFIHashAlgorithm::FNV1a;
+  // Default to xxHash64 for backward compatibility
+  return KCFIHashAlgorithm::xxHash64;
+}
+
+StringRef llvm::stringifyKCFIHashAlgorithm(KCFIHashAlgorithm Algorithm) {
+  switch (Algorithm) {
+  case KCFIHashAlgorithm::xxHash64:
+    return "xxHash64";
+  case KCFIHashAlgorithm::FNV1a:
+    return "FNV-1a";
+  }
+  llvm_unreachable("Unknown KCFI hash algorithm");
+}
+
+uint32_t llvm::getKCFITypeID(StringRef MangledTypeName,
+                             KCFIHashAlgorithm Algorithm) {
+  switch (Algorithm) {
+  case KCFIHashAlgorithm::xxHash64:
+    // Use lower 32 bits of xxHash64
+    return static_cast<uint32_t>(xxHash64(MangledTypeName));
+  case KCFIHashAlgorithm::FNV1a:
+    // FNV-1a hash (32-bit)
+    uint32_t Hash = 2166136261u; // FNV offset basis
+    for (unsigned char C : MangledTypeName) {
+      Hash ^= C;
+      Hash *= 16777619u; // FNV prime
+    }
+    return Hash;
+  }
+  llvm_unreachable("Unknown KCFI hash algorithm");
 }
diff --git a/llvm/lib/Transforms/Utils/ModuleUtils.cpp b/llvm/lib/Transforms/Utils/ModuleUtils.cpp
@@ -19,6 +19,7 @@
 #include "llvm/IR/MDBuilder.h"
 #include "llvm/IR/Module.h"
 #include "llvm/Support/Casting.h"
+#include "llvm/Support/Hash.h"
 #include "llvm/Support/MD5.h"
 #include "llvm/Support/raw_ostream.h"
 #include "llvm/Transforms/Instrumentation/KCFI.h"
@@ -208,10 +209,16 @@ void llvm::setKCFIType(Module &M, Function &F, StringRef MangledType) {
   std::string Type = MangledType.str();
   if (M.getModuleFlag("cfi-normalize-integers"))
     Type += ".normalized";
-  F.setMetadata(
-      LLVMContext::MD_kcfi_type,
-      MDNode::get(Ctx, MDB.createConstant(ConstantInt::get(
-                           Type::getInt32Ty(Ctx), getKCFITypeID(Type)))));
+
+  // Determine which hash algorithm to use
+  auto *MD = dyn_cast_or_null<MDString>(M.getModuleFlag("kcfi-hash"));
+  KCFIHashAlgorithm Algorithm =
+      parseKCFIHashAlgorithm(MD ? MD->getString() : "");
+
+  F.setMetadata(LLVMContext::MD_kcfi_type,
+                MDNode::get(Ctx, MDB.createConstant(ConstantInt::get(
+                                     Type::getInt32Ty(Ctx),
+                                     getKCFITypeID(Type, Algorithm)))));
   // If the module was compiled with -fpatchable-function-entry, ensure
   // we use the same patchable-function-prefix.
   if (auto *MD = mdconst::extract_or_null<ConstantInt>(
