Full RELRO is a hardening feature that makes it impossible to perform
certian attacks involving overwriting parts of the Global Offset Table
to invoke arbitrary code.
It requires all symbols to be resolved before execution of the program
starts which may have an impact on startup time. However most if
not all popular Linux distributions enable full RELRO by default for
all binaries and this does not seem to make a noticeable difference
in practice.
"Partial RELRO" is equivalent to `-z relro -z lazy`.
"Full RELRO" is equivalent to `-z relro -z now`.
LLD defaults to `-z relro -z lazy`, which means Zig's current `-z relro`
option has no effect on LLD's behavior.
The changes made by this commit are as follows:
- Document that `-z relro` is the default and add `-z norelro`.
- Pass `-z now` to LLD by default to enable full RELRO by default.
- Add `-z lazy` to disable passing `-z now`.
Since Zig provides @clz and not @ffs (find-first-set), log2 for comptime
integers needs to be computed algorithmically. To avoid hitting the
backward branch quota, this updates log2(x) to use a simple O(log N)
algorithm.
alongside the typical msghdr struct, Zig has added a msghdr_const
type that can be used with sendmsg which allows const data to
be provided. I believe that data pointed to by the iov and control
fields in msghdr are also left unmodified, in which case they can
be marked const as well.
Zig allows multiple extern functions with the same name, and the
backends have to handle this possibility.
For LLVM, we keep a sparse map of collisions, and then resolve them in
flushModule(). This introduces some technical debt that will have to be
resolved when adding incremental compilation support to the LLVM
backend.
* move global into function scope
* clarify comments
* avoid unnecessary usage of std.atomic API
* switch on error instead of `catch unreachable`
* call linux.gettid() instead of going through higher level API and
doing unnecessary casting
* Document deviation from Linux man page, which is identical to musl.
Man page wants always enabled user-provided abort handlers.
Worst case logic bug, which this can introduce:
+ user disables SIGABRT handler to prevent tear down to last safe
state
+ abort() gets called and enables user-provided SIGABRT handler
+ SIGABRT tears down to supposed last safe state instead of crash
+ Application, instead of crashing, continues
* Pid 1 within containers needs special handling.
- fatal signals are not transmitted without privileges,
so use exit as fallback
* Fix some signaling bits
* Add checks in Debug and ReleaseSafe for wrong sigprocmask
This reverts commit 135b91aecd9be1f6f5806b667e07e383dd481198.
"endsWithBreak()" is not a meaningful question to ask and should not be
used this way. A simple example that defeats this logic is:
```zig
export fn entry() void {
outer: {
{
break :outer;
}
return;
}
}
```
Split type relocs into two kinds: local and global. Global relocs
use a global type resolver and calculate offset to the existing
definition of a type abbreviation.
Local relocs use offset in the abbrev section of the containing
atom plus addend to generate a local relocation.
