A new mechanism to help thwart return-oriented
programming (ROP) and similar attacks has recently been added to the
OpenBSD kernel. It will block system calls that are not made via the C
library (libc) system-call wrappers. Instead of being able to string
together some “gadgets” that make a system call directly, an attacker would
need to be able to call the wrapper, which is normally at a randomized location.

Source: LWN.net – [$] OpenBSD system-call-origin verification