.gitignore | 1 + CHANGELOG.md | 3 +++ docs/misc/efi.pandoc | 8 +------- xen/Kconfig.debug | 9 ++------- xen/Makefile | 25 +++---------------------- xen/arch/x86/Makefile | 11 ++++++++--- 6 files changed, 18 insertions(+), 39 deletions(-)
From: Frediano Ziglio <frediano.ziglio@cloud.com>
For xen.gz file we strip all symbols and have an additional
xen-syms.efi file version with all symbols.
Make xen.efi more coherent stripping all symbols too.
xen-syms.efi can be used for debugging.
Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com>
---
Changes since v1:
- avoid leaving target if some command fails.
Changes since v2:
- do not convert type but retain PE format;
- use xen-syms.efi for new file name, more consistent with ELF.
Changes since v3:
- update documentation;
- do not remove xen.efi.elf;
- check endbr instruction before generating final target.
Changes since v4:
- simplify condition check;
- avoid reuse of $@.tmp file.
Changes since v5:
- avoid creation of temporary file.
Changes since v6:
- install xen-syms.efi;
- always strip xen.efi;
- restore EFI_LDFLAGS check during rule execution;
- update CHANGELOG.md;
- added xen-syms.efi to .gitignore.
---
.gitignore | 1 +
CHANGELOG.md | 3 +++
docs/misc/efi.pandoc | 8 +-------
xen/Kconfig.debug | 9 ++-------
xen/Makefile | 25 +++----------------------
xen/arch/x86/Makefile | 11 ++++++++---
6 files changed, 18 insertions(+), 39 deletions(-)
diff --git a/.gitignore b/.gitignore
index d83427aba8..213972b65c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -222,6 +222,7 @@ tools/flask/policy/xenpolicy-*
xen/xen
xen/suppression-list.txt
xen/xen-syms
+xen/xen-syms.efi
xen/xen-syms.map
xen/xen.*
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c9932a2af0..3bdcc3b47a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -65,6 +65,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
for hypervisor mode.
### Removed
+ - The install-time environment variable INSTALL_EFI_STRIP is no longer
+ supported, xen.efi will is now always being stripped.
+
- On x86:
- GNTTABOP_cache_flush: it's unused on x86 and the implementation is
broken.
diff --git a/docs/misc/efi.pandoc b/docs/misc/efi.pandoc
index 11c1ac3346..c66b18a66b 100644
--- a/docs/misc/efi.pandoc
+++ b/docs/misc/efi.pandoc
@@ -20,13 +20,7 @@ Xen to load the configuration file even if multiboot modules are found.
Once built, `make install-xen` will place the resulting binary directly into
the EFI boot partition, provided `EFI_VENDOR` is set in the environment (and
`EFI_MOUNTPOINT` is overridden as needed, should the default of `/boot/efi` not
-match your system). When built with debug info, the binary can be quite large.
-Setting `INSTALL_EFI_STRIP=1` in the environment will cause it to be stripped
-of debug info in the process of installing. `INSTALL_EFI_STRIP` can also be set
-to any combination of options suitable to pass to `strip`, in case the default
-ones don't do. The xen.efi binary will also be installed in `/usr/lib64/efi/`,
-unless `EFI_DIR` is set in the environment to override this default. This
-binary will not be stripped in the process.
+match your system).
The binary itself will require a configuration file (names with the `.efi`
extension of the binary's name replaced by `.cfg`, and - until an existing
diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug
index d900d926c5..1a8e0c6ec3 100644
--- a/xen/Kconfig.debug
+++ b/xen/Kconfig.debug
@@ -147,12 +147,7 @@ config DEBUG_INFO
Say Y here if you want to build Xen with debug information. This
information is needed e.g. for doing crash dump analysis of the
hypervisor via the "crash" tool.
- Saying Y will increase the size of the xen-syms and xen.efi
- binaries. In case the space on the EFI boot partition is rather
- limited, you may want to install a stripped variant of xen.efi in
- the EFI boot partition (look for "INSTALL_EFI_STRIP" in
- docs/misc/efi.pandoc for more information - when not using
- "make install-xen" for installing xen.efi, stripping needs to be
- done outside the Xen build environment).
+ Saying Y will increase the size of the xen-syms, xen-syms.efi and
+ xen.efi.elf binaries.
endmenu
diff --git a/xen/Makefile b/xen/Makefile
index fc9244420e..5ed029fed1 100644
--- a/xen/Makefile
+++ b/xen/Makefile
@@ -493,22 +493,6 @@ endif
.PHONY: _build
_build: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX)
-# Strip
-#
-# INSTALL_EFI_STRIP, if defined, will cause xen.efi to be stripped before it
-# is installed. If INSTALL_EFI_STRIP is '1', then the default option(s) below
-# will be used. Otherwise, INSTALL_EFI_STRIP value will be used as the
-# option(s) to the strip command.
-ifdef INSTALL_EFI_STRIP
-
-ifeq ($(INSTALL_EFI_STRIP),1)
-efi-strip-opt := --strip-debug --keep-file-symbols
-else
-efi-strip-opt := $(INSTALL_EFI_STRIP)
-endif
-
-endif
-
.PHONY: _install
_install: D=$(DESTDIR)
_install: T=$(notdir $(TARGET))
@@ -526,18 +510,15 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX)
if [ -r $(TARGET).efi -a -n '$(EFI_DIR)' ]; then \
[ -d $(D)$(EFI_DIR) ] || $(INSTALL_DIR) $(D)$(EFI_DIR); \
$(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_DIR)/$(T)-$(XEN_FULLVERSION).efi; \
- for x in map elf; do \
- if [ -e $(TARGET).efi.$$x ]; then \
- $(INSTALL_DATA) $(TARGET).efi.$$x $(D)$(DEBUG_DIR)/$(T)-$(XEN_FULLVERSION).efi.$$x; \
+ for x in .efi.map .efi.elf -syms.efi; do \
+ if [ -e $(TARGET)$$x ]; then \
+ $(INSTALL_DATA) $(TARGET)$$x $(D)$(DEBUG_DIR)/$(T)-$(XEN_FULLVERSION)$$x; \
fi; \
done; \
ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).$(XEN_SUBVERSION).efi; \
ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \
ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \
if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \
- $(if $(efi-strip-opt), \
- $(STRIP) $(efi-strip-opt) -p -o $(TARGET).efi.stripped $(TARGET).efi && \
- $(INSTALL_DATA) $(TARGET).efi.stripped $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ||) \
$(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \
elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \
echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \
diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
index 407571c510..a154ffe6b2 100644
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -228,12 +228,17 @@ endif
$(MAKE) $(build)=$(@D) .$(@F).1r.o .$(@F).1s.o
$(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds $< \
$(dot-target).1r.o $(dot-target).1s.o $(orphan-handling-y) \
- $(note_file_option) -o $@
- $(NM) -pa --format=sysv $@ \
+ $(note_file_option) -o $(TARGET)-syms.efi
+ $(NM) -pa --format=sysv $(TARGET)-syms.efi \
| $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \
> $@.map
ifeq ($(CONFIG_DEBUG_INFO),y)
- $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@ $@.elf
+ $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) \
+ -O elf64-x86-64 $(TARGET)-syms.efi $@.elf
+endif
+ $(STRIP) $(TARGET)-syms.efi -o $@
+ifneq ($(CONFIG_DEBUG_INFO),y)
+ rm -f $(TARGET)-syms.efi
endif
rm -f $(dot-target).[0-9]* $(@D)/..$(@F).[0-9]*
ifeq ($(CONFIG_XEN_IBT),y)
--
2.43.0On 13/11/2025 12:49 pm, Frediano Ziglio wrote: > From: Frediano Ziglio <frediano.ziglio@cloud.com> > > For xen.gz file we strip all symbols and have an additional > xen-syms.efi file version with all symbols. > Make xen.efi more coherent stripping all symbols too. > xen-syms.efi can be used for debugging. > > Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> > --- > Changes since v1: > - avoid leaving target if some command fails. > > Changes since v2: > - do not convert type but retain PE format; > - use xen-syms.efi for new file name, more consistent with ELF. > > Changes since v3: > - update documentation; > - do not remove xen.efi.elf; > - check endbr instruction before generating final target. > > Changes since v4: > - simplify condition check; > - avoid reuse of $@.tmp file. > > Changes since v5: > - avoid creation of temporary file. > > Changes since v6: > - install xen-syms.efi; > - always strip xen.efi; > - restore EFI_LDFLAGS check during rule execution; > - update CHANGELOG.md; > - added xen-syms.efi to .gitignore. > --- > .gitignore | 1 + > CHANGELOG.md | 3 +++ > docs/misc/efi.pandoc | 8 +------- > xen/Kconfig.debug | 9 ++------- > xen/Makefile | 25 +++---------------------- > xen/arch/x86/Makefile | 11 ++++++++--- > 6 files changed, 18 insertions(+), 39 deletions(-) > > diff --git a/.gitignore b/.gitignore > index d83427aba8..213972b65c 100644 > --- a/.gitignore > +++ b/.gitignore > @@ -222,6 +222,7 @@ tools/flask/policy/xenpolicy-* > xen/xen > xen/suppression-list.txt > xen/xen-syms > +xen/xen-syms.efi > xen/xen-syms.map > xen/xen.* > > diff --git a/CHANGELOG.md b/CHANGELOG.md > index c9932a2af0..3bdcc3b47a 100644 > --- a/CHANGELOG.md > +++ b/CHANGELOG.md > @@ -65,6 +65,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) > for hypervisor mode. > > ### Removed > + - The install-time environment variable INSTALL_EFI_STRIP is no longer > + supported, xen.efi will is now always being stripped. I'd rephrase this a little. "... INSTALL_EFI_STRIP no longer exists. xen.efi is always stripped, while the symbols remain available in xen-syms.efi." Personally, I'd have put this in the Changed section rather than Removed, but both can be adjusted together. This bug is on the 4.21 tracking list. CC'ing Oleksii. ~Andrew
On Thu, 13 Nov 2025 at 13:17, Andrew Cooper <andrew.cooper3@citrix.com> wrote: > > On 13/11/2025 12:49 pm, Frediano Ziglio wrote: > > From: Frediano Ziglio <frediano.ziglio@cloud.com> > > > > For xen.gz file we strip all symbols and have an additional > > xen-syms.efi file version with all symbols. > > Make xen.efi more coherent stripping all symbols too. > > xen-syms.efi can be used for debugging. > > > > Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> > > --- > > Changes since v1: > > - avoid leaving target if some command fails. > > > > Changes since v2: > > - do not convert type but retain PE format; > > - use xen-syms.efi for new file name, more consistent with ELF. > > > > Changes since v3: > > - update documentation; > > - do not remove xen.efi.elf; > > - check endbr instruction before generating final target. > > > > Changes since v4: > > - simplify condition check; > > - avoid reuse of $@.tmp file. > > > > Changes since v5: > > - avoid creation of temporary file. > > > > Changes since v6: > > - install xen-syms.efi; > > - always strip xen.efi; > > - restore EFI_LDFLAGS check during rule execution; > > - update CHANGELOG.md; > > - added xen-syms.efi to .gitignore. > > --- > > .gitignore | 1 + > > CHANGELOG.md | 3 +++ > > docs/misc/efi.pandoc | 8 +------- > > xen/Kconfig.debug | 9 ++------- > > xen/Makefile | 25 +++---------------------- > > xen/arch/x86/Makefile | 11 ++++++++--- > > 6 files changed, 18 insertions(+), 39 deletions(-) > > > > diff --git a/.gitignore b/.gitignore > > index d83427aba8..213972b65c 100644 > > --- a/.gitignore > > +++ b/.gitignore > > @@ -222,6 +222,7 @@ tools/flask/policy/xenpolicy-* > > xen/xen > > xen/suppression-list.txt > > xen/xen-syms > > +xen/xen-syms.efi > > xen/xen-syms.map > > xen/xen.* > > > > diff --git a/CHANGELOG.md b/CHANGELOG.md > > index c9932a2af0..3bdcc3b47a 100644 > > --- a/CHANGELOG.md > > +++ b/CHANGELOG.md > > @@ -65,6 +65,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) > > for hypervisor mode. > > > > ### Removed > > + - The install-time environment variable INSTALL_EFI_STRIP is no longer > > + supported, xen.efi will is now always being stripped. > > I'd rephrase this a little. "... INSTALL_EFI_STRIP no longer exists. > xen.efi is always stripped, while the symbols remain available in > xen-syms.efi." > Done > Personally, I'd have put this in the Changed section rather than > Removed, but both can be adjusted together. > Done > This bug is on the 4.21 tracking list. CC'ing Oleksii. > So.. should I leave the CHANGELOG.md change in 4.21 or should I move it to 4.22 ?? > ~Andrew Frediano
On 11/13/25 2:43 PM, Frediano Ziglio wrote: > On Thu, 13 Nov 2025 at 13:17, Andrew Cooper<andrew.cooper3@citrix.com> wrote: >> On 13/11/2025 12:49 pm, Frediano Ziglio wrote: >>> From: Frediano Ziglio<frediano.ziglio@cloud.com> >>> >>> For xen.gz file we strip all symbols and have an additional >>> xen-syms.efi file version with all symbols. >>> Make xen.efi more coherent stripping all symbols too. >>> xen-syms.efi can be used for debugging. >>> >>> Signed-off-by: Frediano Ziglio<frediano.ziglio@cloud.com> >>> --- >>> Changes since v1: >>> - avoid leaving target if some command fails. >>> >>> Changes since v2: >>> - do not convert type but retain PE format; >>> - use xen-syms.efi for new file name, more consistent with ELF. >>> >>> Changes since v3: >>> - update documentation; >>> - do not remove xen.efi.elf; >>> - check endbr instruction before generating final target. >>> >>> Changes since v4: >>> - simplify condition check; >>> - avoid reuse of $@.tmp file. >>> >>> Changes since v5: >>> - avoid creation of temporary file. >>> >>> Changes since v6: >>> - install xen-syms.efi; >>> - always strip xen.efi; >>> - restore EFI_LDFLAGS check during rule execution; >>> - update CHANGELOG.md; >>> - added xen-syms.efi to .gitignore. >>> --- >>> .gitignore | 1 + >>> CHANGELOG.md | 3 +++ >>> docs/misc/efi.pandoc | 8 +------- >>> xen/Kconfig.debug | 9 ++------- >>> xen/Makefile | 25 +++---------------------- >>> xen/arch/x86/Makefile | 11 ++++++++--- >>> 6 files changed, 18 insertions(+), 39 deletions(-) >>> >>> diff --git a/.gitignore b/.gitignore >>> index d83427aba8..213972b65c 100644 >>> --- a/.gitignore >>> +++ b/.gitignore >>> @@ -222,6 +222,7 @@ tools/flask/policy/xenpolicy-* >>> xen/xen >>> xen/suppression-list.txt >>> xen/xen-syms >>> +xen/xen-syms.efi >>> xen/xen-syms.map >>> xen/xen.* >>> >>> diff --git a/CHANGELOG.md b/CHANGELOG.md >>> index c9932a2af0..3bdcc3b47a 100644 >>> --- a/CHANGELOG.md >>> +++ b/CHANGELOG.md >>> @@ -65,6 +65,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) >>> for hypervisor mode. >>> >>> ### Removed >>> + - The install-time environment variable INSTALL_EFI_STRIP is no longer >>> + supported, xen.efi will is now always being stripped. >> I'd rephrase this a little. "... INSTALL_EFI_STRIP no longer exists. >> xen.efi is always stripped, while the symbols remain available in >> xen-syms.efi." >> > Done > >> Personally, I'd have put this in the Changed section rather than >> Removed, but both can be adjusted together. >> > Done > >> This bug is on the 4.21 tracking list. CC'ing Oleksii. >> > So.. should I leave the CHANGELOG.md change in 4.21 or should I move > it to 4.22 ?? It should be in 4.21 as it is bug from 4.21 tracking list. Thanks. ~ Oleksii
On 13.11.2025 13:49, Frediano Ziglio wrote: > --- a/CHANGELOG.md > +++ b/CHANGELOG.md > @@ -65,6 +65,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) > for hypervisor mode. > > ### Removed > + - The install-time environment variable INSTALL_EFI_STRIP is no longer > + supported, xen.efi will is now always being stripped. > + > - On x86: > - GNTTABOP_cache_flush: it's unused on x86 and the implementation is > broken. That's the wrong "Removed" section, though. Moving it where you put it would be part of backporting (to 4.21) effort. Plus it should go under "On x86". Jan
On Thu, 13 Nov 2025 at 13:02, Jan Beulich <jbeulich@suse.com> wrote: > > On 13.11.2025 13:49, Frediano Ziglio wrote: > > --- a/CHANGELOG.md > > +++ b/CHANGELOG.md > > @@ -65,6 +65,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) > > for hypervisor mode. > > > > ### Removed > > + - The install-time environment variable INSTALL_EFI_STRIP is no longer > > + supported, xen.efi will is now always being stripped. > > + > > - On x86: > > - GNTTABOP_cache_flush: it's unused on x86 and the implementation is > > broken. > > That's the wrong "Removed" section, though. Moving it where you put it would > be part of backporting (to 4.21) effort. > I think there was discussion that should go to 4.21 as not stripping cause issues with some firmware. Should I move to 4.22 then ? > Plus it should go under "On x86". > > Jan Frediano
On 13.11.2025 14:10, Frediano Ziglio wrote: > On Thu, 13 Nov 2025 at 13:02, Jan Beulich <jbeulich@suse.com> wrote: >> >> On 13.11.2025 13:49, Frediano Ziglio wrote: >>> --- a/CHANGELOG.md >>> +++ b/CHANGELOG.md >>> @@ -65,6 +65,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) >>> for hypervisor mode. >>> >>> ### Removed >>> + - The install-time environment variable INSTALL_EFI_STRIP is no longer >>> + supported, xen.efi will is now always being stripped. >>> + >>> - On x86: >>> - GNTTABOP_cache_flush: it's unused on x86 and the implementation is >>> broken. >> >> That's the wrong "Removed" section, though. Moving it where you put it would >> be part of backporting (to 4.21) effort. >> > > I think there was discussion that should go to 4.21 as not stripping > cause issues with some firmware. > Should I move to 4.22 then ? All patches should be against staging, which is 4.22 now. Anything against older branches either needs explicitly tagging as such (e.g. when no staging equivalent exists), or otherwise would need backporting from what went into staging. (The more that at this time of the release cycle I'm not sure this kind of change is still eligible for going onto the release branch. It may well need to wait for 4.21.1 now. But that's [mainly] Oleksii's call, whom you didn't even Cc.) Jan
© 2016 - 2025 Red Hat, Inc.