Merge pull request #11825 from ifreund/std-build-relro

Enable full RELRO by default, expose in std.build

4 files changed, 35 insertions, 11 deletions

diff --git a/lib/std/build.zig b/lib/std/build.zig
index a738a39a1b..ce527ff021 100644
--- a/lib/std/build.zig
+++ b/lib/std/build.zig
@@ -1570,6 +1570,12 @@ pub const LibExeObjStep = struct {
     /// Permit read-only relocations in read-only segments. Disallowed by default.
     link_z_notext: bool = false,
 
+    /// Force all relocations to be read-only after processing.
+    link_z_relro: bool = true,
+
+    /// Allow relocations to be lazily processed after load.
+    link_z_lazy: bool = false,
+
     /// (Darwin) Install name for the dylib
     install_name: ?[]const u8 = null,
 
@@ -2577,6 +2583,14 @@ pub const LibExeObjStep = struct {
             try zig_args.append("-z");
             try zig_args.append("notext");
         }
+        if (!self.link_z_relro) {
+            try zig_args.append("-z");
+            try zig_args.append("norelro");
+        }
+        if (self.link_z_lazy) {
+            try zig_args.append("-z");
+            try zig_args.append("lazy");
+        }
 
         if (self.libc_file) |libc_file| {
             try zig_args.append("--libc");
diff --git a/src/Compilation.zig b/src/Compilation.zig
index 04e9d97719..7d686b2f40 100644
--- a/src/Compilation.zig
+++ b/src/Compilation.zig
@@ -763,8 +763,8 @@ pub const InitOptions = struct {
     linker_z_defs: bool = false,
     linker_z_origin: bool = false,
     linker_z_noexecstack: bool = false,
-    linker_z_now: bool = false,
-    linker_z_relro: bool = false,
+    linker_z_now: bool = true,
+    linker_z_relro: bool = true,
     linker_z_nocopyreloc: bool = false,
     linker_tsaware: bool = false,
     linker_nxcompat: bool = false,
diff --git a/src/link/Elf.zig b/src/link/Elf.zig
index efe14b4276..30504c7a1a 100644
--- a/src/link/Elf.zig
+++ b/src/link/Elf.zig
@@ -1517,12 +1517,12 @@ fn linkWithLLD(self: *Elf, comp: *Compilation, prog_node: *std.Progress.Node) !v
             try argv.append("noexecstack");
         }
         if (self.base.options.z_now) {
-            try argv.append("-z");
-            try argv.append("now");
+            // LLD defaults to -zlazy
+            try argv.append("-znow");
         }
-        if (self.base.options.z_relro) {
-            try argv.append("-z");
-            try argv.append("relro");
+        if (!self.base.options.z_relro) {
+            // LLD defaults to -zrelro
+            try argv.append("-znorelro");
         }
 
         if (getLDMOption(target)) |ldm| {
diff --git a/src/main.zig b/src/main.zig
index 37c584ba57..eaff34ee9e 100644
--- a/src/main.zig
+++ b/src/main.zig
@@ -434,8 +434,10 @@ const usage_build_generic =
     \\    origin                       Indicate that the object must have its origin processed
     \\    nocopyreloc                  Disable the creation of copy relocations
     \\    noexecstack                  Indicate that the object requires an executable stack
-    \\    now                          Force all relocations to be processed on load
-    \\    relro                        Force all relocations to be resolved and be read-only on load
+    \\    now                          (default) Force all relocations to be processed on load
+    \\    lazy                         Don't force all relocations to be processed on load
+    \\    relro                        (default) Force all relocations to be read-only after processing
+    \\    norelro                      Don't force all relocations to be read-only after processing
     \\  -dynamic                       Force output to be dynamically linked
     \\  -static                        Force output to be statically linked
     \\  -Bsymbolic                     Bind global references locally
@@ -655,8 +657,8 @@ fn buildOutputType(
     var linker_z_defs = false;
     var linker_z_origin = false;
     var linker_z_noexecstack = false;
-    var linker_z_now = false;
-    var linker_z_relro = false;
+    var linker_z_now = true;
+    var linker_z_relro = true;
     var linker_tsaware = false;
     var linker_nxcompat = false;
     var linker_dynamicbase = false;
@@ -1209,8 +1211,12 @@ fn buildOutputType(
                             linker_z_noexecstack = true;
                         } else if (mem.eql(u8, z_arg, "now")) {
                             linker_z_now = true;
+                        } else if (mem.eql(u8, z_arg, "lazy")) {
+                            linker_z_now = false;
                         } else if (mem.eql(u8, z_arg, "relro")) {
                             linker_z_relro = true;
+                        } else if (mem.eql(u8, z_arg, "norelro")) {
+                            linker_z_relro = false;
                         } else {
                             warn("unsupported linker extension flag: -z {s}", .{z_arg});
                         }
@@ -1691,8 +1697,12 @@ fn buildOutputType(
                         linker_z_noexecstack = true;
                     } else if (mem.eql(u8, z_arg, "now")) {
                         linker_z_now = true;
+                    } else if (mem.eql(u8, z_arg, "lazy")) {
+                        linker_z_now = false;
                     } else if (mem.eql(u8, z_arg, "relro")) {
                         linker_z_relro = true;
+                    } else if (mem.eql(u8, z_arg, "norelro")) {
+                        linker_z_relro = false;
                     } else {
                         warn("unsupported linker extension flag: -z {s}", .{z_arg});
                     }