Skip to content

Commit

Permalink
On openbsd amd64, emit IBT endbr64 instructions by default (meaning,
Browse files Browse the repository at this point in the history 
-fcf-protection=branch is the default).  All binaries grow slightly, but
we can slowly move towards greater IBT enforcement in userland.
4th or 5th variation of this diff, with mortimer
ok kettenis
  • Loading branch information
deraadt committed Apr 26, 2023
1 parent 074353b commit bba006a
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions gnu/llvm/clang/lib/Driver/ToolChains/Clang.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6014,6 +6014,9 @@ void Clang::ConstructJob(Compilation &C, const JobAction &JA,
if (Arg *A = Args.getLastArg(options::OPT_fcf_protection_EQ)) {
CmdArgs.push_back(
Args.MakeArgString(Twine("-fcf-protection=") + A->getValue()));
} else if (Triple.isOSOpenBSD() && Triple.getArch() == llvm::Triple::x86_64) {
// Emit IBT endbr64 instructions by default
CmdArgs.push_back("-fcf-protection=branch");
}

// Forward -f options with positive and negative forms; we translate these by
Expand Down

0 comments on commit bba006a

Please sign in to comment.