Revert the change that enables retpoline PLTs by default. While these

provide a mitigation against branch speculation attacks, they also make
IBT control flow integrity less effective.  Our kernel now uses IBPB to
as a mitigation against branch speculation attacks, so we can disable
retpoline PLTs again.

ok deraadt@

diff --git a/gnu/llvm/lld/ELF/Driver.cpp b/gnu/llvm/lld/ELF/Driver.cpp
index 32b47d8..dcaea26 100644 (file)
--- a/gnu/llvm/lld/ELF/Driver.cpp
+++ b/gnu/llvm/lld/ELF/Driver.cpp
@@ -1301,11 +1301,7 @@ static void readConfigs(opt::InputArgList &args) {
   config->zOrigin = hasZOption(args, "origin");
   config->zPacPlt = hasZOption(args, "pac-plt");
   config->zRelro = getZFlag(args, "relro", "norelro", true);
-#ifndef __OpenBSD__
-  config->zRetpolineplt = getZFlag(args, "retpolineplt", "noretpolineplt", false);
-#else
-  config->zRetpolineplt = getZFlag(args, "retpolineplt", "noretpolineplt", true);
-#endif
+  config->zRetpolineplt = hasZOption(args, "retpolineplt");
   config->zRodynamic = hasZOption(args, "rodynamic");
   config->zSeparate = getZSeparate(args);
   config->zShstk = hasZOption(args, "shstk");