[CodeGen][KCFI] Replace xxHash64 with FNV-1a

kees · kees · commit 757926a3cf62 · 2025-11-09T14:22:49.000-08:00
The KCFI type hash does not need to be cryptographically secure. To keep
Clang KCFI hash-identical to GCC KCFI, switch to FNV-1a for hashing.
This also removes the last user of xxHash64.

Signed-off-by: Kees Cook &lt;kees@kernel.org&gt;
diff --git a/clang/test/CodeGen/kcfi-generalize.c b/clang/test/CodeGen/kcfi-generalize.c
@@ -21,8 +21,8 @@ int** f3(char *a, char **b) {
 }
 
 void g(int** (*fp)(const char *, const char **)) {
-  // UNGENERALIZED: call {{.*}} [ "kcfi"(i32 1296635908) ]
-  // GENERALIZED: call {{.*}} [ "kcfi"(i32 -49168686) ]
+  // UNGENERALIZED: call {{.*}} [ "kcfi"(i32 -1900814401) ]
+  // GENERALIZED: call {{.*}} [ "kcfi"(i32 355875385) ]
   fp(0, 0);
 }
 
@@ -33,16 +33,16 @@ union Union {
 
 // CHECK: define{{.*}} void @uni({{.*}} !kcfi_type [[TYPE4:![0-9]+]]
 void uni(void (*fn)(union Union), union Union arg1) {
-  // UNGENERALIZED: call {{.*}} [ "kcfi"(i32 -587217045) ]
-  // GENERALIZED: call {{.*}} [ "kcfi"(i32 2139530422) ]
+  // UNGENERALIZED: call {{.*}} [ "kcfi"(i32 514817671) ]
+  // GENERALIZED: call {{.*}} [ "kcfi"(i32 1629153266) ]
     fn(arg1);
 }
 
-// UNGENERALIZED: [[TYPE]] = !{i32 1296635908}
-// GENERALIZED: [[TYPE]] = !{i32 -49168686}
+// UNGENERALIZED: [[TYPE]] = !{i32 -1900814401}
+// GENERALIZED: [[TYPE]] = !{i32 355875385}
 
-// UNGENERALIZED: [[TYPE3]] = !{i32 874141567}
-// GENERALIZED: [[TYPE3]] = !{i32 954385378}
+// UNGENERALIZED: [[TYPE3]] = !{i32 1089235487}
+// GENERALIZED: [[TYPE3]] = !{i32 1460151842}
 
-// UNGENERALIZED: [[TYPE4]] = !{i32 -1619636625}
-// GENERALIZED: [[TYPE4]] = !{i32 -125078496}
+// UNGENERALIZED: [[TYPE4]] = !{i32 1937639136}
+// GENERALIZED: [[TYPE4]] = !{i32 734921772}
diff --git a/clang/test/CodeGen/kcfi-normalize.c b/clang/test/CodeGen/kcfi-normalize.c
@@ -10,21 +10,21 @@
 void foo(void (*fn)(int), int arg) {
     // CHECK-LABEL: define{{.*}}foo
     // CHECK-SAME: {{.*}}!kcfi_type ![[TYPE1:[0-9]+]]
-    // CHECK: call void %0(i32 noundef %1){{.*}}[ "kcfi"(i32 1162514891) ]
+    // CHECK: call void %0(i32 noundef %1){{.*}}[ "kcfi"(i32 -402462225) ]
     fn(arg);
 }
 
 void bar(void (*fn)(int, int), int arg1, int arg2) {
     // CHECK-LABEL: define{{.*}}bar
     // CHECK-SAME: {{.*}}!kcfi_type ![[TYPE2:[0-9]+]]
-    // CHECK: call void %0(i32 noundef %1, i32 noundef %2){{.*}}[ "kcfi"(i32 448046469) ]
+    // CHECK: call void %0(i32 noundef %1, i32 noundef %2){{.*}}[ "kcfi"(i32 -972192795) ]
     fn(arg1, arg2);
 }
 
 void baz(void (*fn)(int, int, int), int arg1, int arg2, int arg3) {
     // CHECK-LABEL: define{{.*}}baz
     // CHECK-SAME: {{.*}}!kcfi_type ![[TYPE3:[0-9]+]]
-    // CHECK: call void %0(i32 noundef %1, i32 noundef %2, i32 noundef %3){{.*}}[ "kcfi"(i32 -2049681433) ]
+    // CHECK: call void %0(i32 noundef %1, i32 noundef %2, i32 noundef %3){{.*}}[ "kcfi"(i32 -1376104717) ]
     fn(arg1, arg2, arg3);
 }
 
@@ -36,14 +36,14 @@ union Union {
 void uni(void (*fn)(union Union), union Union arg1) {
     // CHECK-LABEL: define{{.*}}uni
     // CHECK-SAME: {{.*}}!kcfi_type ![[TYPE4:[0-9]+]]
-    // C: call void %0(ptr %1) [ "kcfi"(i32 1819770848) ]
-    // CPP: call void %0(ptr %1) [ "kcfi"(i32 -1430221633) ]
+    // C: call void %0(ptr %1) [ "kcfi"(i32 641309179) ]
+    // CPP: call void %0(ptr %1) [ "kcfi"(i32 15039153) ]
     fn(arg1);
 }
 
 // CHECK: ![[#]] = !{i32 4, !"cfi-normalize-integers", i32 1}
-// CHECK: ![[TYPE1]] = !{i32 -1143117868}
-// CHECK: ![[TYPE2]] = !{i32 -460921415}
-// CHECK: ![[TYPE3]] = !{i32 -333839615}
-// C: ![[TYPE4]] = !{i32 -650530463}
-// CPP: ![[TYPE4]] = !{i32 1766237188}
+// CHECK: ![[TYPE1]] = !{i32 -1113907258}
+// CHECK: ![[TYPE2]] = !{i32 994987278}
+// CHECK: ![[TYPE3]] = !{i32 -886425042}
+// C: ![[TYPE4]] = !{i32 -1919128908}
+// CPP: ![[TYPE4]] = !{i32 1834954376}
diff --git a/llvm/lib/Transforms/Instrumentation/KCFI.cpp b/llvm/lib/Transforms/Instrumentation/KCFI.cpp
@@ -23,7 +23,6 @@
 #include "llvm/IR/Intrinsics.h"
 #include "llvm/IR/MDBuilder.h"
 #include "llvm/IR/Module.h"
-#include "llvm/Support/xxhash.h"
 #include "llvm/Target/TargetMachine.h"
 #include "llvm/Transforms/Utils/BasicBlockUtils.h"
 
@@ -34,7 +33,13 @@ using namespace llvm;
 STATISTIC(NumKCFIChecks, "Number of kcfi operands transformed into checks");
 
 uint32_t llvm::getKCFITypeID(StringRef MangledTypeName) {
-  return static_cast<uint32_t>(xxHash64(MangledTypeName));
+  // FNV-1a hash (32-bit)
+  uint32_t Hash = 2166136261u; // FNV offset basis
+  for (unsigned char C : MangledTypeName) {
+    Hash ^= C;
+    Hash *= 16777619u; // FNV prime
+  }
+  return Hash;
 }
 
 namespace {
