summaryrefslogtreecommitdiff
path: root/MdePkg
diff options
context:
space:
mode:
authorArd Biesheuvel <ard.biesheuvel@linaro.org>2016-07-16 00:16:10 +0200
committerArd Biesheuvel <ard.biesheuvel@linaro.org>2016-07-21 13:32:09 +0200
commit1252a681a67da81bf1304c7ac836f90eab8bb7cb (patch)
treea63b7d729895d3f79f6be800f8e39c013922138e /MdePkg
parent17ab1ec5accc866b77446f4e336e982bb5e1cc9f (diff)
downloadedk2-platforms-1252a681a67da81bf1304c7ac836f90eab8bb7cb.tar.xz
MdePkg X64: force 'protected' visibility when building with -fpic
When building position independent (PIC) ELF objects, the GCC compiler assumes that each symbol with external linkage may potentially end up being exported from a shared library, which means that each of those symbols may be subject to symbol preemption, i.e., the executable linking to the shared library at runtime may override symbols exported by the shared library, and every internal reference held by the shared library itself *must* be made to point to the overridden version instead. For this reason, PIC code symbol references always go via the Global Offset Table (GOT), even if the code in question references symbols that are defined in the same compilation unit. The GOT refers to each symbol by absolute address, and so each entry is subject to runtime relocation. Since not every symbol with external linkage is ultimately exported from a shared library, the GCC compiler allows control over symbol visibility using attributes, command line arguments and pragmas, where 'protected' means that the symbol is only referenced by the shared library itself. Due to the poor hygiene in EDK2 regarding the use of the 'static' modifier, many symbols that are local to their compilation unit end up being referenced indirectly via the GOT when building PIC code. In UEFI, there are no shared libraries and so there is no need to deal with symbol preemption, and we can mark every symbol reference protected. The only method that applies to all symbol definitions as well as declarations is the #pragma. So set the visibility 'protected' pragma when building PIC code for X64 using GCC. Note that this affects code generated with the -fpie compiler switch as well as the -fpic compiler switch. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Tested-By: Liming Gao <liming.gao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
Diffstat (limited to 'MdePkg')
-rw-r--r--MdePkg/Include/X64/ProcessorBind.h9
1 files changed, 9 insertions, 0 deletions
diff --git a/MdePkg/Include/X64/ProcessorBind.h b/MdePkg/Include/X64/ProcessorBind.h
index 705104af06..a4aad3e524 100644
--- a/MdePkg/Include/X64/ProcessorBind.h
+++ b/MdePkg/Include/X64/ProcessorBind.h
@@ -27,6 +27,15 @@
#pragma pack()
#endif
+#if defined(__GNUC__) && defined(__pic__)
+//
+// Mark all symbol declarations and references as protected, meaning they will
+// not be subject to symbol preemption. This allows the compiler to refer to
+// symbols directly using relative references rather than via the GOT, which
+// contains absolute symbol addresses that are subject to runtime relocation.
+//
+#pragma GCC visibility push (protected)
+#endif
#if defined(__INTEL_COMPILER)
//