From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:400c:c09::22a; helo=mail-wm0-x22a.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 000E121295B20 for ; Tue, 12 Jun 2018 08:23:26 -0700 (PDT) Received: by mail-wm0-x22a.google.com with SMTP id j15-v6so24217315wme.0 for ; Tue, 12 Jun 2018 08:23:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=p3FCmDNLSBjJUtFL2Go9nR5hb0mvi1IlErYDbv6/t9g=; b=jhwvZbbSjzHyDEGNMY4yp3cCkIP49qlnZLfRpfvjd/zAkNewBjY4o06/RdUJ2/HLGy vclZ+CL9XvHkzDnuL1hKNbT5n3Q7V0w3NX7SQClxAZLcEEx94Sah2em950Rj65jbEiCX ziC73+8y+j16UJ51N7MNGGVB6ccGtrOXZxuOA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=p3FCmDNLSBjJUtFL2Go9nR5hb0mvi1IlErYDbv6/t9g=; b=oDjUy9qIEZuh4EFTBCbu/N9BabZV3Pqb/SEyGDDKkEAGVtArfCA1IQUXTbrpeu1Roi UEMn104uQk2FJcEtH2ltV9pNkP/l17xthcDPhaF69p8mksgbMgG8plnSnpiC5ZFjuCnN 6tBAx4qGFs1F4nexYO1JZImyy0gA8FGP+MjU7ObVM0WrCViPo/WUTrkX5CbqYlKMXNy0 ph+zKY4CUhWrJ/jRJk3dTvaBHo7XmrCd4+0PJHQA0L+l0VvEzKxfmPp2VW9IkB3bH0v2 0upFiN0ZsBWuL9YYx24B2GCaYC+RUyWtbR2cm2+kzbG7RFWBBZRijGLd6fK2u0qkIPrD Bgtg== X-Gm-Message-State: APt69E3I7BmsYnHHi7Euhi/pl9b1TPjwA8FuEqBFtQWv3HAYGDpLK5I3 qcoFQVjf9ySJ4qeNwu4rME8EDg2A4iY= X-Google-Smtp-Source: ADUXVKIJ9N1RTDW25iFfl8OnbWN3g4LERNwXdNtIYeo0hHncHii9dkO1NJuUkXHi5VnYN2ATiYhAVg== X-Received: by 2002:a1c:d509:: with SMTP id m9-v6mr580074wmg.69.1528817004925; Tue, 12 Jun 2018 08:23:24 -0700 (PDT) Received: from dogfood.home ([2a01:cb1d:112:6f00:3c84:18ae:27f2:d03]) by smtp.gmail.com with ESMTPSA id e2-v6sm500983wro.97.2018.06.12.08.23.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 Jun 2018 08:23:24 -0700 (PDT) From: Ard Biesheuvel To: edk2-devel@lists.01.org Cc: Ard Biesheuvel , Michael D Kinney , Liming Gao , Ruiyu Ni , Hao Wu , Leif Lindholm , Jordan Justen , Andrew Fish , Star Zeng , Eric Dong , Laszlo Ersek , Zenith432 , "Shi, Steven" Date: Tue, 12 Jun 2018 17:22:55 +0200 Message-Id: <20180612152306.25998-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 Subject: [RFC PATCH 00/11] GCC/X64: use hidden visibility for LTO PIE code X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jun 2018 15:23:27 -0000 The GCC toolchain uses PIE mode when building code for X64, because it is the most efficient in size: it uses relative references where possible, but still uses 64-bit quantities for absolute symbol references, which is optimal for executables that need to be converted to PE/COFF using GenFw. Enabling PIE mode has a couple of side effects though, primarily caused by the fact that the primary application area of GCC is to build programs for userland. GCC will assume that ELF symbols should be preemptible (which makes sense for PIC but not for PIE, but this simply seems to be the result of code being shared between the two modes), and it will attempt to keep absolute references close to each other so that dynamic relocations that trigger CoW for text pages have the smallest possible footprint. These side effects can be mititgated by overriding the visibility of all symbol definitions *and* symbol references, using a special #pragma. This will inform the compiler that symbol preemption and dynamic relocations are not a concern, and that all symbol references can be emitted as direct relative references rather than relative references to a GOT entry containing the absolute address. Unsurprisingly, this leads to better and smaller code. Unfortunately, we have not been able to set this override when LTO is in effect, because the LTO code generator infers from the hidden visibility of all symbols that none of the code is reachable, and discards it all, leading to corrupt, empty binaries. We can work around this by overriding the visibility for symbols that are module entry points. So implement this for all occcurrences of the symbol '_ModuleEntryPoint', and enable 'hidden' visibility in LTO builds as well. Note that all the changes in this series resolve to no-ops if USING_LTO is not #defined. Code can be found here: https://github.com/ardbiesheuvel/edk2/tree/x64-lto-visibility Cc: Michael D Kinney Cc: Liming Gao Cc: Ruiyu Ni Cc: Hao Wu Cc: Leif Lindholm Cc: Jordan Justen Cc: Andrew Fish Cc: Star Zeng Cc: Eric Dong Cc: Laszlo Ersek Cc: Zenith432 Cc: "Shi, Steven" Ard Biesheuvel (11): MdePkg/ProcessorBind.h: define macro to decorate module entry points DuetPkg: annotate module entry points with EFI_ENTRYPOINT EdkCompatibilityPkg: annotate module entry points with EFI_ENTRYPOINT EmbeddedPkg: annotate module entry points with EFI_ENTRYPOINT EmulatorPkg: annotate module entry points with EFI_ENTRYPOINT IntelFrameWorkPkg: annotate module entry points with EFI_ENTRYPOINT MdeModulePkg: annotate module entry points with EFI_ENTRYPOINT MdePkg: annotate module entry points with EFI_ENTRYPOINT Nt32Pkg: annotate module entry points with EFI_ENTRYPOINT UefiCpuPkg: annotate module entry points with EFI_ENTRYPOINT MdePkg/ProcessorBind.h X64: drop non-LTO limitation on visiblity override DuetPkg/DxeIpl/DxeInit.c | 1 + DuetPkg/EfiLdr/EfiLoader.c | 1 + .../EntryPoints/EdkIIGlueDxeDriverEntryPoint.c | 1 + .../EntryPoints/EdkIIGluePeimEntryPoint.c | 1 + .../EntryPoints/EdkIIGlueSmmDriverEntryPoint.c | 1 + .../Library/EdkIIGlueDxeSmmDriverEntryPoint.h | 1 + .../Include/Library/EdkIIGluePeimEntryPoint.h | 1 + .../Library/EdkIIGlueUefiDriverEntryPoint.h | 1 + EmbeddedPkg/TemplateSec/TemplateSec.c | 1 + EmulatorPkg/Sec/Sec.c | 1 + .../DxeSmmDriverEntryPoint/DriverEntryPoint.c | 1 + MdeModulePkg/Universal/CapsulePei/X64/X64Entry.c | 1 + MdePkg/Include/Base.h | 7 +++++++ MdePkg/Include/Library/DxeCoreEntryPoint.h | 1 + MdePkg/Include/Library/PeiCoreEntryPoint.h | 1 + MdePkg/Include/Library/PeimEntryPoint.h | 1 + .../Include/Library/UefiApplicationEntryPoint.h | 1 + MdePkg/Include/Library/UefiDriverEntryPoint.h | 1 + MdePkg/Include/X64/ProcessorBind.h | 16 +++++++++++----- .../DxeCoreEntryPoint/DxeCoreEntryPoint.c | 1 + .../PeiCoreEntryPoint/PeiCoreEntryPoint.c | 1 + MdePkg/Library/PeimEntryPoint/PeimEntryPoint.c | 1 + .../ApplicationEntryPoint.c | 1 + .../UefiDriverEntryPoint/DriverEntryPoint.c | 1 + Nt32Pkg/Sec/SecMain.c | 1 + .../PlatformSecLibNull/PlatformSecLibNull.c | 1 + 26 files changed, 42 insertions(+), 5 deletions(-) -- 2.17.1