[PATCH] D119296: KCFI sanitizer

Peter Collingbourne via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Thu Apr 7 16:32:58 PDT 2022

pcc added a comment.

> Note that if additional data has been injected between the KCFI
> type identifier and the start of the function, e.g. by using
> -fpatchable-function-entry, the offset in bytes must be specified
> using -fsanitize-kcfi-offset=<value> to avoid errors. The offset
> must be the same for all indirectly called functions in every
> translation unit.

On x86 the specific constant 6 is necessary to ensure that the constant embedded in the cmpl operand can't be used as a gadget. So any value other than 6 will potentially impact the security of KCFI.

I would prefer not to design an interaction between -fpatchable-function-entry and KCFI until the specific use case is known.

  rG LLVM Github Monorepo



More information about the cfe-commits mailing list