- Add ret protector options as no-ops.
- Add a clang pass that identifies potential ROP gadgets and replaces ROP
friendly instructions with safe alternatives. This initial commit fixes
this framework.
- Add RETGUARD to clang for amd64. This security mechanism uses per-function
random cookies to protect access to function return instructions, with the
effect that the integrity of the return address is protected, and function
return instructions are harder to use in ROP gadgets.
- Put the new retguard symbols in their own section,
'.openbsd.randomdata.retguard', to make them easier to work with in the
kernel hibernate code.
- Pass -nopie to the linker when -pg is specified to make the
profiler(gprof) work properly.
- Work around a bug where discarding the .ARM.exidx section in the armv7 kernel
linker script makes ld.lld(1) crash. This has been fixed in a different
(proper?) way upstream but backporting their fix is a bit too invasive.
- Merge '.openbsd.randomdata.*' sections into a single '.openbsd.randomdata'
section when linking, as we do when using ld from binutils.
from Brad (maintainer)
fcf5bd770b