I am not happy with the way we embed the runtime services. While we make use of NOCROSSREFS_TO() to catch stray references, we need to list all sections that may not be referenced and things can slip through.
Also, Clang does not support the directive. I anticipate this be solved properly when barebox proper is packaged as proper ELF: Then PBL would be responsible for applying relocations, setting up MMU protections and can at the same time relocate a distinct EFI runtime services DSO. Until then, let's a hacky check to verify that we don't access efi_runtime_data global variables through the GOT as we only have a single GOT and it's not marked as runtime data. Signed-off-by: Ahmad Fatoum <[email protected]> --- efi/runtime/Makefile | 9 +++++++++ scripts/check-efi-runtime.sh | 13 +++++++++++++ 2 files changed, 22 insertions(+) create mode 100755 scripts/check-efi-runtime.sh diff --git a/efi/runtime/Makefile b/efi/runtime/Makefile index a9af06de60ab..0aca6aeedc38 100644 --- a/efi/runtime/Makefile +++ b/efi/runtime/Makefile @@ -42,3 +42,12 @@ $(obj)/%.efirt.o: $(obj)/%.o FORCE $(call if_changed,efirtcopy) obj-y := $(patsubst %.o,%.efirt.o,$(lib-y)) +BAREBOX_EFIRT_OBJS := $(patsubst %.o,$(obj)/%.o,$(obj-y)) + +quiet_cmd_chkrel__ ?= CHKREL $@ + cmd_chkrel__ ?= $(srctree)/scripts/check-efi-runtime.sh $@ $(2) + +$(obj)/efirt.so: $(BAREBOX_EFIRT_OBJS) FORCE + $(call if_changed,chkrel__,$(BAREBOX_EFIRT_OBJS)) + +always-y += efirt.so diff --git a/scripts/check-efi-runtime.sh b/scripts/check-efi-runtime.sh new file mode 100755 index 000000000000..46688b724d8e --- /dev/null +++ b/scripts/check-efi-runtime.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0 + +if [ "$#" -lt 2 ]; then + 2>&1 echo "USAGE: $0 OUTPUT INPUT..." + exit 2 +fi + +${LD} -shared --gc-sections --whole-archive -o "$@" || { + 2>&1 echo + 2>&1 echo "Link check failed. Relocations to outside EFI runtime code?" + exit 1; +} -- 2.47.3
