You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The option -fsanitize=kcfi causes clang to emit code that (in 32-bit Arm) loads a 32-bit word from offset -4 relative to a function pointer it's about to call through. But in 32-bit Arm, function pointers may have the low bit set to indicate that they should be entered in Thumb state (and calling through the pointer via the BX or BLX instruction will automatically do that). So loading from (pointer-4) will cause an alignment fault if the pointer is Thumb.
mov r1, r0 ldr r0,[r0, #-4] # load from just before the function ldr r2, .LCPI0_0 # load a constant containing expected valuecmp r0, r2 # check if they're equal bne .LBB0_2 # and go and take a trap if they're notmov r0, #42bx r1 # otherwise, tailcall the function
and if r0 on entry to the function had had an address with bit 0 set, then the first LDR instruction would cause an alignment fault (or, if unaligned access is enabled in the CPU, load incorrect data).
The text was updated successfully, but these errors were encountered:
Note: there is currently no AArch32 KCFI_CHECK support for -fsanitize=kcfi, so there is no .kcfi_traps section and the check sequence is likely not suitable for the Linux kernel.
The option
-fsanitize=kcfi
causes clang to emit code that (in 32-bit Arm) loads a 32-bit word from offset -4 relative to a function pointer it's about to call through. But in 32-bit Arm, function pointers may have the low bit set to indicate that they should be entered in Thumb state (and calling through the pointer via theBX
orBLX
instruction will automatically do that). So loading from (pointer-4) will cause an alignment fault if the pointer is Thumb.For example:
Compiled with this command (as of commit 1264849):
the generated code looks like this:
and if
r0
on entry to the function had had an address with bit 0 set, then the firstLDR
instruction would cause an alignment fault (or, if unaligned access is enabled in the CPU, load incorrect data).The text was updated successfully, but these errors were encountered: