Merge pull request #6790 from A1029384756/linux_pie

[linux] change default settings to enable pie and full relro
2026-06-13 13:53:43 +00:00 · 2026-06-12 11:21:51 +02:00
parent d3f8b25a0d 286674a862
commit 47cf0d3f42
5 changed files with 49 additions and 11 deletions
--- a/src/build_settings.cpp
+++ b/src/build_settings.cpp
@@ -602,6 +602,7 @@ struct BuildContext {
 	RelocMode reloc_mode;
 	bool   disable_red_zone;
 	bool   disable_unwind;
+	bool   no_plt;

 	isize max_error_count;

@@ -1898,6 +1899,26 @@ gb_internal void init_build_context(TargetMetrics *cross_target, Subtarget subta
 				}
 				break;
 		}
+	} else if (metrics->os == TargetOs_linux) {
+		if (bc->reloc_mode == RelocMode_Default) {
+			bc->reloc_mode = RelocMode_PIC;
+		}
+		switch (metrics->arch) {
+		case TargetArch_arm64:
+		case TargetArch_amd64:
+			bc->no_plt = LLVM_VERSION_MAJOR >= 19;
+			break;
+		}
+	} else if (metrics->os == TargetOs_openbsd) {
+		// Always use PIC for OpenBSD: it defaults to PIE
+		if (bc->reloc_mode == RelocMode_Default) {
+			bc->reloc_mode = RelocMode_PIC;
+		}
+	} else if (metrics->arch == TargetArch_riscv64) {
+		// NOTE(laytan): didn't seem to work without this.
+		if (bc->reloc_mode == RelocMode_Default) {
+			bc->reloc_mode = RelocMode_PIC;
+		}
 	} else if (metrics->os == TargetOs_linux && subtarget == Subtarget_Android) {
 		switch (metrics->arch) {
 		case TargetArch_arm64:
--- a/src/linker.cpp
+++ b/src/linker.cpp
@@ -801,7 +801,12 @@ try_cross_linking:;
 			}

 			if (build_context.build_mode == BuildMode_Executable && build_context.reloc_mode == RelocMode_PIC) {
-				// Do not disable PIE, let the linker choose. (most likely you want it enabled)
+				if (build_context.metrics.os == TargetOs_linux) {
+					// Linux does not enable PIE by default but required for ASLR
+					link_settings = gb_string_appendc(link_settings, "-pie ");
+				} else {
+					// Do not disable PIE, let the linker choose. (most likely you want it enabled)
+				}
 			} else if (build_context.build_mode != BuildMode_DynamicLibrary) {
 				if (build_context.metrics.os != TargetOs_openbsd
 					&& build_context.metrics.arch != TargetArch_riscv64
@@ -919,6 +924,9 @@ try_cross_linking:;
 				// need to pass -z nobtcfi in order to allow the resulting program to run under
 				// OpenBSD 7.4 and newer. Once support is added at compile time, this can be dropped.
 				platform_lib_str = gb_string_appendc(platform_lib_str, "-Wl,-z,nobtcfi ");
+			} else if (build_context.metrics.os == TargetOs_linux) {
+				// required for RELRO
+				platform_lib_str = gb_string_appendc(platform_lib_str, "-Wl,-z,now -Wl,-z,relro ");
 			}

 			if (is_android) {
--- a/src/llvm_backend.cpp
+++ b/src/llvm_backend.cpp
@@ -2142,6 +2142,9 @@ gb_internal lbProcedure *lb_create_startup_runtime(lbModule *main_module, lbProc

 	lbProcedure *p = lb_create_dummy_procedure(main_module, str_lit(LB_STARTUP_RUNTIME_PROC_NAME), proc_type);
 	p->is_startup = true;
+	if (build_context.no_plt) {
+		lb_add_attribute_to_proc(p->module, p->value, "nonlazybind");
+	}
 	lb_add_attribute_to_proc(p->module, p->value, "optnone");
 	lb_add_attribute_to_proc(p->module, p->value, "noinline");

@@ -2162,6 +2165,9 @@ gb_internal lbProcedure *lb_create_cleanup_runtime(lbModule *main_module) { // C

 	lbProcedure *p = lb_create_dummy_procedure(main_module, str_lit(LB_CLEANUP_RUNTIME_PROC_NAME), proc_type);
 	p->is_startup = true;
+	if (build_context.no_plt) {
+		lb_add_attribute_to_proc(p->module, p->value, "nonlazybind");
+	}
 	lb_add_attribute_to_proc(p->module, p->value, "optnone");
 	lb_add_attribute_to_proc(p->module, p->value, "noinline");

@@ -3156,16 +3162,6 @@ gb_internal bool lb_generate_code(lbGenerator *gen) {

 	switch (build_context.reloc_mode) {
 	case RelocMode_Default:
-		if (build_context.metrics.os == TargetOs_openbsd) {
-			// Always use PIC for OpenBSD: it defaults to PIE
-			reloc_mode = LLVMRelocPIC;
-		}
-
-		if (build_context.metrics.arch == TargetArch_riscv64) {
-			// NOTE(laytan): didn't seem to work without this.
-			reloc_mode = LLVMRelocPIC;
-		}
-
 		break;
 	case RelocMode_Static:
 		reloc_mode = LLVMRelocStatic;
--- a/src/llvm_backend_general.cpp
+++ b/src/llvm_backend_general.cpp
@@ -59,6 +59,12 @@ gb_internal WORKER_TASK_PROC(lb_init_module_worker_proc) {
 	m->ctx = LLVMContextCreate();
 	m->mod = LLVMModuleCreateWithNameInContext(m->module_name, m->ctx);
 	// m->debug_builder = nullptr;
+	if (build_context.no_plt) {
+		LLVMAddModuleFlag(m->mod,
+			LLVMModuleFlagBehaviorWarning,
+			"RtLibUseGOT", 11, 
+			LLVMValueAsMetadata(LLVMConstInt(LLVMInt32TypeInContext(m->ctx), 1, true)));
+	}
 	if (build_context.ODIN_DEBUG) {
 		enum {DEBUG_METADATA_VERSION = 3};

--- a/src/llvm_backend_proc.cpp
+++ b/src/llvm_backend_proc.cpp
@@ -2,6 +2,9 @@ gb_internal LLVMValueRef lb_call_intrinsic(lbProcedure *p, const char *name, LLV
 	unsigned id = LLVMLookupIntrinsicID(name, gb_strlen(name));
 	GB_ASSERT_MSG(id != 0, "Unable to find %s", name);
 	LLVMValueRef ip = LLVMGetIntrinsicDeclaration(p->module->mod, id, types, type_count);
+	if (build_context.no_plt) {
+		lb_add_attribute_to_proc(p->module, ip, "nonlazybind");
+	}
 	LLVMTypeRef call_type = LLVMIntrinsicGetType(p->module->ctx, id, types, type_count);
 	return LLVMBuildCall2(p->builder, call_type, ip, args, arg_count, "");
 }
@@ -153,6 +156,10 @@ gb_internal lbProcedure *lb_create_procedure(lbModule *m, Entity *entity, bool i
 	lb_ensure_abi_function_type(m, p);
 	lb_add_function_type_attributes(p->value, p->abi_function_type, p->abi_function_type->calling_convention);

+	if (build_context.no_plt) {
+		lb_add_attribute_to_proc(m, p->value, "nonlazybind");
+	}
+
 	if (build_context.disable_unwind) {
 		lb_add_attribute_to_proc(m, p->value, "nounwind");
 	}