Re: [PATCH v11 1/7] typeinfo: Introduce KCFI typeinfo mangling API

Linux Hardening
 help / color / mirror / Atom feed

From: Kees Cook <kees@kernel.org>
To: Martin Uecker <uecker@tugraz.at>
Cc: Andrew Pinski <andrew.pinski@oss.qualcomm.com>,
	Uros Bizjak <ubizjak@gmail.com>,
	Joseph Myers <josmyers@redhat.com>,
	Richard Biener <rguenther@suse.de>,
	Jeff Law <jeffreyalaw@gmail.com>,
	Andrew Pinski <pinskia@gmail.com>,
	Jakub Jelinek <jakub@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Ard Biesheuvel <ardb@kernel.org>, Jan Hubicka <hubicka@ucw.cz>,
	Richard Earnshaw <richard.earnshaw@arm.com>,
	Richard Sandiford <richard.sandiford@arm.com>,
	Marcus Shawcroft <marcus.shawcroft@arm.com>,
	Kyrylo Tkachov <kyrylo.tkachov@arm.com>,
	Kito Cheng <kito.cheng@gmail.com>,
	Palmer Dabbelt <palmer@dabbelt.com>,
	Andrew Waterman <andrew@sifive.com>,
	Jim Wilson <jim.wilson.gcc@gmail.com>,
	Dan Li <ashimida.1990@gmail.com>,
	Sami Tolvanen <samitolvanen@google.com>,
	Ramon de C Valle <rcvalle@google.com>,
	Joao Moreira <joao@overdrivepizza.com>,
	Nathan Chancellor <nathan@kernel.org>,
	Bill Wendling <morbo@google.com>,
	"Osterlund, Sebastian" <sebastian.osterlund@intel.com>,
	"Constable, Scott D" <scott.d.constable@intel.com>,
	gcc-patches@gcc.gnu.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH v11 1/7] typeinfo: Introduce KCFI typeinfo mangling API
Date: Mon, 11 May 2026 13:41:04 -0700	[thread overview]
Message-ID: <202605111337.62C81472F5@keescook> (raw)
In-Reply-To: <62bf9b04fa4eaac6912a0ffd1c4a5114afb5df7d.camel@tugraz.at>

On Mon, May 11, 2026 at 10:08:06PM +0200, Martin Uecker wrote:
> Am Montag, dem 11.05.2026 um 12:48 -0700 schrieb Kees Cook:
> > To support the KCFI typeid and future type-based allocators, which need
> > to convert unique types into unique 32-bit values, add a mangling system
> > based on the Itanium C++ mangling ABI, adapted for C types. Introduce
> > __builtin_typeinfo_hash for the hash, and __builtin_typeinfo_name for
> > testing and debugging (to see the human-readable mangling form). Add
> > tests for typeinfo validation and error handling.
> > 
> > This ABI needs to match what is used by LLVM Rust (which matches the Clang
> > ABI) so that KCFI can work on mixed GCC with LLVM-Rust kernel builds.
> > Instead of inventing a new ABI, all use the existing Itanium C++ mangling
> > which matches KCFI's needs.
> > 
> > An important aspect of the C++ typeinfo behavior that is retained here
> > is that typedefs are treated as pass-through except when the underlying
> > type lacks a tag (i.e. anonymous struct, union, or enum). This provides a
> > distinction between those typedefs and typedefs used to provide _aliases_
> > (u8, uint16_t).
> > 
> > In the future, an additional "strict mode" builtin helper pair could
> > also be added to follow strict ISO C type equivalency instead of the
> > existing typeinfo used here, but that is out of scope for this patch.
> 
> Note that ISO C would require *less* strict rules, so the current
> mangling would reject compliant code.
> 
> These ABI issues were recently discussed also on the rust side.
> 
> I now worry that it might actually be a mistake to enshrine
> the wrong rules into the ABI, creating language interoperability
> issues which might then plague us for years.

Well, this matches what we've already created (and have been using for
years) on the Clang side. I'm happy to rename this to whatever you want
to avoid confusion, but I don't really want to change the rules of this
ABI. I'd rather get it working as-is, and then if we want to make
mangling changes, do that simultaneously between GCC and Clang.

And this is totally do-able, e.g. I've already created the transition
path on the Clang side for changing the hashing algo. For KCFI, we don't
need to worry about cross-ABI-version compatibility: the kernel is built
as one binary, effectively. We just need to worry about GCC/Clang
compatibilities given the Rust side of things.

-Kees

-- 
Kees Cook

next prev parent reply	other threads:[~2026-05-11 20:41 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-11 19:48 [PATCH v11 0/7] Introduce Kernel Control Flow Integrity ABI [PR107048] Kees Cook
2026-05-11 19:48 ` [PATCH v11 1/7] typeinfo: Introduce KCFI typeinfo mangling API Kees Cook
2026-05-11 20:08   ` Martin Uecker
2026-05-11 20:41     ` Kees Cook [this message]
2026-05-12  8:13       ` Martin Uecker
2026-05-12  8:35         ` Peter Zijlstra
2026-05-12 18:12           ` Martin Uecker
2026-05-12 18:25           ` Andrew Pinski
2026-05-11 19:48 ` [PATCH v11 2/7] kcfi: Add core Kernel Control Flow Integrity infrastructure Kees Cook
2026-05-11 19:48 ` [PATCH v11 3/7] kcfi: Add regression test suite Kees Cook
2026-05-11 19:48 ` [PATCH v11 4/7] x86: Add x86_64 Kernel Control Flow Integrity implementation Kees Cook
2026-05-11 19:48 ` [PATCH v11 5/7] aarch64: Add AArch64 " Kees Cook
2026-05-11 19:48 ` [PATCH v11 6/7] arm: Add ARM 32-bit " Kees Cook
2026-05-11 19:48 ` [PATCH v11 7/7] riscv: Add RISC-V " Kees Cook
2026-05-12  7:50 ` [PATCH v11 0/7] Introduce Kernel Control Flow Integrity ABI [PR107048] Peter Zijlstra

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202605111337.62C81472F5@keescook \
    --to=kees@kernel.org \
    --cc=andrew.pinski@oss.qualcomm.com \
    --cc=andrew@sifive.com \
    --cc=ardb@kernel.org \
    --cc=ashimida.1990@gmail.com \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=hubicka@ucw.cz \
    --cc=jakub@redhat.com \
    --cc=jeffreyalaw@gmail.com \
    --cc=jim.wilson.gcc@gmail.com \
    --cc=joao@overdrivepizza.com \
    --cc=josmyers@redhat.com \
    --cc=kito.cheng@gmail.com \
    --cc=kyrylo.tkachov@arm.com \
    --cc=linux-hardening@vger.kernel.org \
    --cc=marcus.shawcroft@arm.com \
    --cc=morbo@google.com \
    --cc=nathan@kernel.org \
    --cc=palmer@dabbelt.com \
    --cc=peterz@infradead.org \
    --cc=pinskia@gmail.com \
    --cc=rcvalle@google.com \
    --cc=rguenther@suse.de \
    --cc=richard.earnshaw@arm.com \
    --cc=richard.sandiford@arm.com \
    --cc=samitolvanen@google.com \
    --cc=scott.d.constable@intel.com \
    --cc=sebastian.osterlund@intel.com \
    --cc=ubizjak@gmail.com \
    --cc=uecker@tugraz.at \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox