diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2024-06-02 15:40:44 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2024-06-02 15:40:44 +0000 |
| commit | f7a83c2a5f643ae914fbb3e474894959d8a38e1e (patch) | |
| tree | 669c23977fea403bd217a838396a68986e878372 /gnu/usr.bin/clang | |
| parent | b2305354573bcf7b13bc8ab77573165dcf3a7faf (diff) | |
add -fret-clean option (amd64 and i386 only at first), defaulting to off.
This causes the caller to cleans the return address off the stack after
a callq completes. The option is best used in low-level libraries (such as
libc), because libc contains low-level system call stubs. The option
reduces hints (found on the stale parts of the stack) about libc.so's mapping
location, and together with random-relinking, relro got/pic, and xonly
makes some exploit methods more difficult.
ok mortimer, mlarkin, much discussion with kettenis, in snaps for 2 weeks.
Diffstat (limited to 'gnu/usr.bin/clang')
| -rw-r--r-- | gnu/usr.bin/clang/libLLVMX86CodeGen/Makefile | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/gnu/usr.bin/clang/libLLVMX86CodeGen/Makefile b/gnu/usr.bin/clang/libLLVMX86CodeGen/Makefile index 0dd32c5c2cd..143e37b4346 100644 --- a/gnu/usr.bin/clang/libLLVMX86CodeGen/Makefile +++ b/gnu/usr.bin/clang/libLLVMX86CodeGen/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.18 2023/11/11 18:35:38 robert Exp $ +# $OpenBSD: Makefile,v 1.19 2024/06/02 15:40:42 deraadt Exp $ LIB= LLVMX86CodeGen NOPROFILE= @@ -25,6 +25,7 @@ SRCS+= X86AsmPrinter.cpp \ X86FastISel.cpp \ X86FixupBWInsts.cpp \ X86FixupGadgets.cpp \ + X86RetClean.cpp \ X86FixupLEAs.cpp \ X86AvoidStoreForwardingBlocks.cpp \ X86DynAllocaExpander.cpp \ |