From 2e1a1ea9d7cb961ac7559076a37c41ff955fc0dc Mon Sep 17 00:00:00 2001 From: kettenis Date: Mon, 12 Feb 2024 10:46:10 +0000 Subject: [PATCH] Revert the change that enables retpoline PLTs by default. While these provide a mitigation against branch speculation attacks, they also make IBT control flow integrity less effective. Our kernel now uses IBPB to as a mitigation against branch speculation attacks, so we can disable retpoline PLTs again. ok deraadt@ --- gnu/llvm/lld/ELF/Driver.cpp | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/gnu/llvm/lld/ELF/Driver.cpp b/gnu/llvm/lld/ELF/Driver.cpp index 32b47d82868..dcaea265afb 100644 --- a/gnu/llvm/lld/ELF/Driver.cpp +++ b/gnu/llvm/lld/ELF/Driver.cpp @@ -1301,11 +1301,7 @@ static void readConfigs(opt::InputArgList &args) { config->zOrigin = hasZOption(args, "origin"); config->zPacPlt = hasZOption(args, "pac-plt"); config->zRelro = getZFlag(args, "relro", "norelro", true); -#ifndef __OpenBSD__ - config->zRetpolineplt = getZFlag(args, "retpolineplt", "noretpolineplt", false); -#else - config->zRetpolineplt = getZFlag(args, "retpolineplt", "noretpolineplt", true); -#endif + config->zRetpolineplt = hasZOption(args, "retpolineplt"); config->zRodynamic = hasZOption(args, "rodynamic"); config->zSeparate = getZSeparate(args); config->zShstk = hasZOption(args, "shstk"); -- 2.20.1