Skip to content

Commit

Permalink
sess: stabilize relro-level
Browse files Browse the repository at this point in the history
Signed-off-by: David Wood <david@davidtw.co>
  • Loading branch information
davidtwco committed Feb 27, 2024
1 parent 9afdb8d commit 8642db2
Show file tree
Hide file tree
Showing 6 changed files with 24 additions and 9 deletions.
2 changes: 1 addition & 1 deletion compiler/rustc_codegen_ssa/src/back/link.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2013,7 +2013,7 @@ fn add_library_search_dirs(cmd: &mut dyn Linker, sess: &Session, self_contained:
/// Add options making relocation sections in the produced ELF files read-only
/// and suppressing lazy binding.
fn add_relro_args(cmd: &mut dyn Linker, sess: &Session) {
match sess.opts.unstable_opts.relro_level.unwrap_or(sess.target.relro_level) {
match sess.opts.cg.relro_level.unwrap_or(sess.target.relro_level) {
RelroLevel::Full => cmd.full_relro(),
RelroLevel::Partial => cmd.partial_relro(),
RelroLevel::Off => cmd.no_relro(),
Expand Down
2 changes: 1 addition & 1 deletion compiler/rustc_interface/src/tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -608,6 +608,7 @@ fn test_codegen_options_tracking_hash() {
tracked!(profile_generate, SwitchWithOptPath::Enabled(None));
tracked!(profile_use, Some(PathBuf::from("abc")));
tracked!(relocation_model, Some(RelocModel::Pic));
tracked!(relro_level, Some(RelroLevel::Full));
tracked!(soft_float, true);
tracked!(split_debuginfo, Some(SplitDebuginfo::Packed));
tracked!(symbol_mangling_version, Some(SymbolManglingVersion::V0));
Expand Down Expand Up @@ -805,7 +806,6 @@ fn test_unstable_options_tracking_hash() {
tracked!(profile_sample_use, Some(PathBuf::from("abc")));
tracked!(profiler_runtime, "abc".to_string());
tracked!(relax_elf_relocations, Some(true));
tracked!(relro_level, Some(RelroLevel::Full));
tracked!(remap_cwd_prefix, Some(PathBuf::from("abc")));
tracked!(sanitizer, SanitizerSet::ADDRESS);
tracked!(sanitizer_cfi_canonical_jump_tables, None);
Expand Down
4 changes: 2 additions & 2 deletions compiler/rustc_session/src/options.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1494,6 +1494,8 @@ options! {
relocation_model: Option<RelocModel> = (None, parse_relocation_model, [TRACKED],
"control generation of position-independent code (PIC) \
(`rustc --print relocation-models` for details)"),
relro_level: Option<RelroLevel> = (None, parse_relro_level, [TRACKED],
"choose which RELRO level to use"),
remark: Passes = (Passes::Some(Vec::new()), parse_passes, [UNTRACKED],
"output remarks for these optimization passes (space separated, or \"all\")"),
rpath: bool = (false, parse_bool, [UNTRACKED],
Expand Down Expand Up @@ -1829,8 +1831,6 @@ options! {
"randomize the layout of types (default: no)"),
relax_elf_relocations: Option<bool> = (None, parse_opt_bool, [TRACKED],
"whether ELF relocations can be relaxed"),
relro_level: Option<RelroLevel> = (None, parse_relro_level, [TRACKED],
"choose which RELRO level to use"),
remap_cwd_prefix: Option<PathBuf> = (None, parse_opt_pathbuf, [TRACKED],
"remap paths under the current working directory to this path prefix"),
remap_path_scope: RemapPathScopeComponents = (RemapPathScopeComponents::all(), parse_remap_path_scope, [TRACKED],
Expand Down
2 changes: 1 addition & 1 deletion compiler/rustc_session/src/session.rs
Original file line number Diff line number Diff line change
Expand Up @@ -587,7 +587,7 @@ impl Session {

let dbg_opts = &self.opts.unstable_opts;

let relro_level = dbg_opts.relro_level.unwrap_or(self.target.relro_level);
let relro_level = self.opts.cg.relro_level.unwrap_or(self.target.relro_level);

// Only enable this optimization by default if full relro is also enabled.
// In this case, lazy binding was already unavailable, so nothing is lost.
Expand Down
15 changes: 15 additions & 0 deletions src/doc/rustc/src/codegen-options/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -479,6 +479,21 @@ then `-C target-feature=+crt-static` "wins" over `-C relocation-model=pic`,
and the linker is instructed (`-static`) to produce a statically linked
but not position-independent executable.

## relro-level

This flag controls what level of RELRO (Relocation Read-Only) is enabled. RELRO is a exploit
mitigation which makes the Global Offset Table (GOT) read-only.

Supported values for this option are:

- `off`: Dynamically linked functions are resolved lazily and the GOT is writable.
- `partial`: Dynamically linked functions are resolved lazily and written into the Procedure
Linking Table (PLT) part of the GOT (`.got.plt`). The non-PLT part of the GOT (`.got`) is made
read-only and both are moved to prevent writing from buffer overflows.
- `full`: Dynamically linked functions are resolved at the start of program execution and the
Global Offset Table (`.got`/`.got.plt`) is populated eagerly and then made read-only. The GOT is
also moved to prevent writing from buffer overflows.

## remark

This flag lets you print remarks for optimization passes.
Expand Down
8 changes: 4 additions & 4 deletions tests/run-make/relro-levels/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -3,20 +3,20 @@ include ../tools.mk

# only-linux
#
# This tests the different -Zrelro-level values, and makes sure that they work properly.
# This tests the different -Crelro-level values, and makes sure that they work properly.

all:
# Ensure that binaries built with the full relro level links them with both
# RELRO and BIND_NOW for doing eager symbol resolving.
$(RUSTC) -Zrelro-level=full hello.rs
$(RUSTC) -Crelro-level=full hello.rs
readelf -l $(TMPDIR)/hello | grep -q GNU_RELRO
readelf -d $(TMPDIR)/hello | grep -q BIND_NOW

$(RUSTC) -Zrelro-level=partial hello.rs
$(RUSTC) -Crelro-level=partial hello.rs
readelf -l $(TMPDIR)/hello | grep -q GNU_RELRO

# Ensure that we're *not* built with RELRO when setting it to off. We do
# not want to check for BIND_NOW however, as the linker might have that
# enabled by default.
$(RUSTC) -Zrelro-level=off hello.rs
$(RUSTC) -Crelro-level=off hello.rs
! readelf -l $(TMPDIR)/hello | grep -q GNU_RELRO

0 comments on commit 8642db2

Please sign in to comment.