samitolvanen added a comment. In D119296#3437604 <https://reviews.llvm.org/D119296#3437604>, @pcc wrote:
>> Note that if additional data has been injected between the KCFI >> type identifier and the start of the function, e.g. by using >> -fpatchable-function-entry, the offset in bytes must be specified >> using -fsanitize-kcfi-offset=<value> to avoid errors. The offset >> must be the same for all indirectly called functions in every >> translation unit. > > On x86 the specific constant 6 is necessary to ensure that the constant > embedded in the cmpl operand can't be used as a gadget. So any value other > than 6 will potentially impact the security of KCFI. > > I would prefer not to design an interaction between > -fpatchable-function-entry and KCFI until the specific use case is known. Sure, that's a valid point. In the Linux kernel, only PA-RISC currently injects nops before function entry, so this isn't an issue for any of the architectures we currently plan to support. I'll drop the flag from the next version and we can revisit this when we have an actual use case. Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D119296/new/ https://reviews.llvm.org/D119296 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
