diff options
| author | Mark Kettenis <kettenis@cvs.openbsd.org> | 2024-02-12 10:46:11 +0000 |
|---|---|---|
| committer | Mark Kettenis <kettenis@cvs.openbsd.org> | 2024-02-12 10:46:11 +0000 |
| commit | e91861f2a9b91c686e9c2988d948f914b508e477 (patch) | |
| tree | 81378e0bd10ee067be499109496dbf7f52645b26 /gnu | |
| parent | 4187e0b163a40ad03ea64165be7d22432adeeb5e (diff) | |
Revert the change that enables retpoline PLTs by default. While these
provide a mitigation against branch speculation attacks, they also make
IBT control flow integrity less effective. Our kernel now uses IBPB to
as a mitigation against branch speculation attacks, so we can disable
retpoline PLTs again.
ok deraadt@
Diffstat (limited to 'gnu')
| -rw-r--r-- | gnu/llvm/lld/ELF/Driver.cpp | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/gnu/llvm/lld/ELF/Driver.cpp b/gnu/llvm/lld/ELF/Driver.cpp index 32b47d82868..dcaea265afb 100644 --- a/gnu/llvm/lld/ELF/Driver.cpp +++ b/gnu/llvm/lld/ELF/Driver.cpp @@ -1301,11 +1301,7 @@ static void readConfigs(opt::InputArgList &args) { config->zOrigin = hasZOption(args, "origin"); config->zPacPlt = hasZOption(args, "pac-plt"); config->zRelro = getZFlag(args, "relro", "norelro", true); -#ifndef __OpenBSD__ - config->zRetpolineplt = getZFlag(args, "retpolineplt", "noretpolineplt", false); -#else - config->zRetpolineplt = getZFlag(args, "retpolineplt", "noretpolineplt", true); -#endif + config->zRetpolineplt = hasZOption(args, "retpolineplt"); config->zRodynamic = hasZOption(args, "rodynamic"); config->zSeparate = getZSeparate(args); config->zShstk = hasZOption(args, "shstk"); |