CVS: cvs.openbsd.org: ports

Thu, 05 Jul 2018 23:55:26 -0700 

CVSROOT:        /cvs
Module name:    ports
Changes by:     [email protected]       2018/07/06 00:55:10

Modified files:
        devel/llvm     : Makefile 
        devel/llvm/patches: patch-lib_CodeGen_AsmPrinter_AsmPrinter_cpp 
                            patch-lib_Target_X86_X86MCInstLower_cpp 
                            patch-tools_clang_include_clang_Driver_Options_td 
                            patch-tools_clang_lib_Driver_ToolChains_Clang_cpp 
                            patch-tools_clang_lib_Driver_ToolChains_OpenBSD_cpp 
                            patch-tools_lld_ELF_Writer_cpp 
Added files:
        devel/llvm/patches: 
                            patch-include_llvm_CodeGen_MachineFrameInfo_h 
                            patch-include_llvm_CodeGen_Passes_h 
                            patch-include_llvm_CodeGen_TargetFrameLowering_h 
                            patch-include_llvm_InitializePasses_h 
                            patch-lib_CodeGen_CMakeLists_txt 
                            patch-lib_CodeGen_PrologEpilogInserter_cpp 
                            patch-lib_CodeGen_ReturnProtectorPass_cpp 
                            patch-lib_CodeGen_TargetPassConfig_cpp 
                            patch-lib_Target_X86_CMakeLists_txt 
                            patch-lib_Target_X86_X86FixupGadgets_cpp 
                            patch-lib_Target_X86_X86FrameLowering_cpp 
                            patch-lib_Target_X86_X86FrameLowering_h 
                            patch-lib_Target_X86_X86InstrCompiler_td 
                            patch-lib_Target_X86_X86TargetMachine_cpp 
                            patch-lib_Target_X86_X86_h 
                            
patch-tools_clang_include_clang_Driver_CC1Options_td 
                            
patch-tools_clang_include_clang_Frontend_CodeGenOptions_def 
                            patch-tools_clang_lib_CodeGen_CGCall_cpp 
                            
patch-tools_clang_lib_Frontend_CompilerInvocation_cpp 
                            patch-tools_lld_ELF_SyntheticSections_cpp 

Log message:
Merge in diffs from base:

- Add ret protector options as no-ops.
- Add a clang pass that identifies potential ROP gadgets and replaces ROP
friendly instructions with safe alternatives. This initial commit fixes
this framework.
- Add RETGUARD to clang for amd64. This security mechanism uses per-function
random cookies to protect access to function return instructions, with the
effect that the integrity of the return address is protected, and function
return instructions are harder to use in ROP gadgets.
- Put the new retguard symbols in their own section,
'.openbsd.randomdata.retguard', to make them easier to work with in the
kernel hibernate code.
- Pass -nopie to the linker when -pg is specified to make the
profiler(gprof) work properly.
- Work around a bug where discarding the .ARM.exidx section in the armv7 kernel
linker script makes ld.lld(1) crash.  This has been fixed in a different
(proper?) way upstream but backporting their fix is a bit too invasive.
- Merge '.openbsd.randomdata.*' sections into a single '.openbsd.randomdata'
section when linking, as we do when using ld from binutils.

from Brad (maintainer)

Reply via email to