From: kettenis <kettenis@openbsd.org>
Date: Mon, 12 Feb 2024 10:46:10 +0000 (+0000)
Subject: Revert the change that enables retpoline PLTs by default.  While these
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=2e1a1ea9d7cb961ac7559076a37c41ff955fc0dc;p=openbsd

Revert the change that enables retpoline PLTs by default.  While these
provide a mitigation against branch speculation attacks, they also make
IBT control flow integrity less effective.  Our kernel now uses IBPB to
as a mitigation against branch speculation attacks, so we can disable
retpoline PLTs again.

ok deraadt@
---

diff --git a/gnu/llvm/lld/ELF/Driver.cpp b/gnu/llvm/lld/ELF/Driver.cpp
index 32b47d82868..dcaea265afb 100644
--- a/gnu/llvm/lld/ELF/Driver.cpp
+++ b/gnu/llvm/lld/ELF/Driver.cpp
@@ -1301,11 +1301,7 @@ static void readConfigs(opt::InputArgList &args) {
   config->zOrigin = hasZOption(args, "origin");
   config->zPacPlt = hasZOption(args, "pac-plt");
   config->zRelro = getZFlag(args, "relro", "norelro", true);
-#ifndef __OpenBSD__
-  config->zRetpolineplt = getZFlag(args, "retpolineplt", "noretpolineplt", false);
-#else
-  config->zRetpolineplt = getZFlag(args, "retpolineplt", "noretpolineplt", true);
-#endif
+  config->zRetpolineplt = hasZOption(args, "retpolineplt");
   config->zRodynamic = hasZOption(args, "rodynamic");
   config->zSeparate = getZSeparate(args);
   config->zShstk = hasZOption(args, "shstk");