Description
| Bugzilla Link | 46293 |
| Version | trunk |
| OS | Linux |
| Blocks | #4440 |
| CC | @eugenis,@nickdesaulniers |
Extended Description
When building a Linux kernel module with no executable code using -fsanitize=cfi + -fsanitize-cfi-cross-dso, I noticed the compiler-generated __cfi_check function was not aligned to 4096 bytes as expected:
$ echo "int a;" > test.c
$ clang -flto=thin -fvisibility=default
-fsanitize=cfi -fsanitize-cfi-cross-dso -c test.c
$ ld.lld -r -o test.ko test.o
$ llvm-readelf -S --wide test.ko
...
Section Headers:
[Nr] Name Type Address Off Size ES Flg Lk Inf Al
[ 2] .text.__cfi_check_fail PROGBITS 0000000000000000 000040 000026 00 AX 0 0 16
...
Note Al = 16 in the section header. Adding a function to the file results in __cfi_check to be aligned to 4096 again:
$ echo "int a; void b() {}" > test.c
$ clang -flto=thin -fvisibility=default
-fsanitize=cfi -fsanitize-cfi-cross-dso -c test.c
$ ld.lld -r -o test.ko test.o
$ llvm-readelf -S --wide test.ko
...
Section Headers:
[Nr] Name Type Address Off Size ES Flg Lk Inf Al
[ 2] .text.__cfi_check PROGBITS 0000000000000000 001000 000032 00 AX 0 0 4096
...
I couldn't find documentation that says __cfi_check is guaranteed to be aligned to 4k, but it's implied in the CFI design document and compiler-rt's CFI shadow implementation also assumes it:
https://clang.llvm.org/docs/ControlFlowIntegrityDesign.html#cfi-shadow