enable -fret-clean on amd64, for libc libcrypto ld.so kernel, and all the

ssh tools. The dynamic objects are entirely ret-clean, static binaries will contain a blend of cleaning and non-cleaning callers.
2024-12-21 23:18:00 -08:00 · 2024-06-04 15:14:44 +00:00 · 2024-06-04 15:14:44 +00:00 · 1457ca8725
commit 1457ca8725
parent cd9935864e
5 changed files with 14 additions and 5 deletions
--- a/lib/libc/arch/amd64/Makefile.inc
+++ b/lib/libc/arch/amd64/Makefile.inc
@ -1 +1,3 @@
-#	$OpenBSD: Makefile.inc,v 1.5 2014/06/09 20:47:10 miod Exp $
+#	$OpenBSD: Makefile.inc,v 1.6 2024/06/04 15:14:44 deraadt Exp $
+
+CFLAGS+=-fret-clean
--- a/lib/libcrypto/arch/amd64/Makefile.inc
+++ b/lib/libcrypto/arch/amd64/Makefile.inc
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.27 2024/03/29 11:00:57 jsing Exp $
+# $OpenBSD: Makefile.inc,v 1.28 2024/06/04 15:14:45 deraadt Exp $

 # amd64-specific libcrypto build rules

@ -83,3 +83,5 @@ GENERATED+=x86_64cpuid.S
 x86_64cpuid.S: ${LCRYPTO_SRC}/x86_64cpuid.pl ${EXTRA_PL}
 	(cd ${LCRYPTO_SRC}/${dir} ; \
 		/usr/bin/perl ./x86_64cpuid.pl) > ${.TARGET}
+
+CFLAGS+=-fret-clean
--- a/libexec/ld.so/amd64/Makefile.inc
+++ b/libexec/ld.so/amd64/Makefile.inc
@ -1,6 +1,7 @@
-#	$OpenBSD: Makefile.inc,v 1.7 2019/10/20 03:44:49 guenther Exp $
+#	$OpenBSD: Makefile.inc,v 1.8 2024/06/04 15:14:45 deraadt Exp $

 CFLAGS += -fPIC -mno-sse2 -mno-sse -mno-3dnow -mno-mmx
+CFLAGS +=-fret-clean
 AFLAGS += -fpic
 LD_SCRIPT = ${.CURDIR}/${MACHINE_CPU}/ld.script

--- a/sys/arch/amd64/conf/Makefile.amd64
+++ b/sys/arch/amd64/conf/Makefile.amd64
@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile.amd64,v 1.134 2023/09/06 01:47:36 jsg Exp $
+#	$OpenBSD: Makefile.amd64,v 1.135 2024/06/04 15:14:45 deraadt Exp $

 # For instructions on building kernels consult the config(8) and options(4)
 # manual pages.
@ -73,6 +73,7 @@ CMACHFLAGS+=	-mno-retpoline -fcf-protection=none
 .endif
 .else
 CMACHFLAGS+=	-mretpoline-external-thunk -fcf-protection=branch
+CMACHFLAGS+=	-fret-clean
 .endif
 .if ${COMPILER_VERSION:Mclang}
 NO_INTEGR_AS=	-no-integrated-as
--- a/usr.bin/ssh/Makefile.inc
+++ b/usr.bin/ssh/Makefile.inc
@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile.inc,v 1.92 2024/05/22 15:24:55 naddy Exp $
+#	$OpenBSD: Makefile.inc,v 1.93 2024/06/04 15:14:45 deraadt Exp $

 .include <bsd.own.mk>

@ -6,6 +6,9 @@ CFLAGS+=	-I${.CURDIR}/..
 .if ${MACHINE} != "hppa"
 CFLAGS+=	-fstack-protector-all
 .endif
+.if ${MACHINE} == "amd64"
+CFLAGS+=	-fret-clean
+.endif

 CDIAGFLAGS=	-Wall
 CDIAGFLAGS+=	-Wextra