[PATCH] D119296: KCFI sanitizer
Peter Collingbourne via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Apr 7 16:32:58 PDT 2022
pcc added a comment.
> Note that if additional data has been injected between the KCFI
> type identifier and the start of the function, e.g. by using
> -fpatchable-function-entry, the offset in bytes must be specified
> using -fsanitize-kcfi-offset=<value> to avoid errors. The offset
> must be the same for all indirectly called functions in every
> translation unit.
On x86 the specific constant 6 is necessary to ensure that the constant embedded in the cmpl operand can't be used as a gadget. So any value other than 6 will potentially impact the security of KCFI.
I would prefer not to design an interaction between -fpatchable-function-entry and KCFI until the specific use case is known.
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
More information about the cfe-commits