From: Frediano Ziglio <frediano.ziglio@cloud.com>
For xen.gz file we strip all symbols and have an additional
xen-syms.efi file version with all symbols.
Make xen.efi more coherent stripping all symbols too.
xen-syms.efi can be used for debugging.
Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com>
---
Changes since v1:
- avoid leaving target if some command fails.
Changes since v2:
- do not convert type but retain PE format;
- use xen-syms.efi for new file name, more consistent with ELF.
Changes since v3:
- update documentation;
- do not remove xen.efi.elf;
- check endbr instruction before generating final target.
Changes since v4:
- simplify condition check;
- avoid reuse of $@.tmp file.
Changes since v5:
- avoid creation of temporary file.
Changes since v6:
- install xen-syms.efi;
- always strip xen.efi;
- restore EFI_LDFLAGS check during rule execution;
- update CHANGELOG.md;
- added xen-syms.efi to .gitignore.
Changes since v7:
- move and improve CHANGELOG.md changes.
Changes since v8:
- rebase on master;
- clean xen-syms.efi file.
---
.gitignore | 1 +
CHANGELOG.md | 3 +++
docs/misc/efi.pandoc | 8 +-------
xen/Kconfig.debug | 9 ++-------
xen/Makefile | 25 +++----------------------
xen/arch/x86/Makefile | 12 +++++++++---
6 files changed, 19 insertions(+), 39 deletions(-)
diff --git a/.gitignore b/.gitignore
index 57d54f676f..f282192b3e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -223,6 +223,7 @@ tools/flask/policy/xenpolicy-*
xen/xen
xen/suppression-list.txt
xen/xen-syms
+xen/xen-syms.efi
xen/xen-syms.map
xen/xen.*
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3aaf598623..f26ec5b538 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -38,6 +38,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
BAR for HVM guests, to improve performance of guests using it to map the
grant table or foreign memory.
- Allow configuring the number of altp2m tables per domain via vm.cfg.
+ - The install-time environment variable INSTALL_EFI_STRIP no longer exists.
+ xen.efi is always stripped, while the symbols remain available in
+ xen-syms.efi.
### Added
- Introduce new PDX compression algorithm to cope with Intel Sierra Forest and
diff --git a/docs/misc/efi.pandoc b/docs/misc/efi.pandoc
index 11c1ac3346..c66b18a66b 100644
--- a/docs/misc/efi.pandoc
+++ b/docs/misc/efi.pandoc
@@ -20,13 +20,7 @@ Xen to load the configuration file even if multiboot modules are found.
Once built, `make install-xen` will place the resulting binary directly into
the EFI boot partition, provided `EFI_VENDOR` is set in the environment (and
`EFI_MOUNTPOINT` is overridden as needed, should the default of `/boot/efi` not
-match your system). When built with debug info, the binary can be quite large.
-Setting `INSTALL_EFI_STRIP=1` in the environment will cause it to be stripped
-of debug info in the process of installing. `INSTALL_EFI_STRIP` can also be set
-to any combination of options suitable to pass to `strip`, in case the default
-ones don't do. The xen.efi binary will also be installed in `/usr/lib64/efi/`,
-unless `EFI_DIR` is set in the environment to override this default. This
-binary will not be stripped in the process.
+match your system).
The binary itself will require a configuration file (names with the `.efi`
extension of the binary's name replaced by `.cfg`, and - until an existing
diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug
index d900d926c5..1a8e0c6ec3 100644
--- a/xen/Kconfig.debug
+++ b/xen/Kconfig.debug
@@ -147,12 +147,7 @@ config DEBUG_INFO
Say Y here if you want to build Xen with debug information. This
information is needed e.g. for doing crash dump analysis of the
hypervisor via the "crash" tool.
- Saying Y will increase the size of the xen-syms and xen.efi
- binaries. In case the space on the EFI boot partition is rather
- limited, you may want to install a stripped variant of xen.efi in
- the EFI boot partition (look for "INSTALL_EFI_STRIP" in
- docs/misc/efi.pandoc for more information - when not using
- "make install-xen" for installing xen.efi, stripping needs to be
- done outside the Xen build environment).
+ Saying Y will increase the size of the xen-syms, xen-syms.efi and
+ xen.efi.elf binaries.
endmenu
diff --git a/xen/Makefile b/xen/Makefile
index fc9244420e..5ed029fed1 100644
--- a/xen/Makefile
+++ b/xen/Makefile
@@ -493,22 +493,6 @@ endif
.PHONY: _build
_build: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX)
-# Strip
-#
-# INSTALL_EFI_STRIP, if defined, will cause xen.efi to be stripped before it
-# is installed. If INSTALL_EFI_STRIP is '1', then the default option(s) below
-# will be used. Otherwise, INSTALL_EFI_STRIP value will be used as the
-# option(s) to the strip command.
-ifdef INSTALL_EFI_STRIP
-
-ifeq ($(INSTALL_EFI_STRIP),1)
-efi-strip-opt := --strip-debug --keep-file-symbols
-else
-efi-strip-opt := $(INSTALL_EFI_STRIP)
-endif
-
-endif
-
.PHONY: _install
_install: D=$(DESTDIR)
_install: T=$(notdir $(TARGET))
@@ -526,18 +510,15 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX)
if [ -r $(TARGET).efi -a -n '$(EFI_DIR)' ]; then \
[ -d $(D)$(EFI_DIR) ] || $(INSTALL_DIR) $(D)$(EFI_DIR); \
$(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_DIR)/$(T)-$(XEN_FULLVERSION).efi; \
- for x in map elf; do \
- if [ -e $(TARGET).efi.$$x ]; then \
- $(INSTALL_DATA) $(TARGET).efi.$$x $(D)$(DEBUG_DIR)/$(T)-$(XEN_FULLVERSION).efi.$$x; \
+ for x in .efi.map .efi.elf -syms.efi; do \
+ if [ -e $(TARGET)$$x ]; then \
+ $(INSTALL_DATA) $(TARGET)$$x $(D)$(DEBUG_DIR)/$(T)-$(XEN_FULLVERSION)$$x; \
fi; \
done; \
ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).$(XEN_SUBVERSION).efi; \
ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \
ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \
if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \
- $(if $(efi-strip-opt), \
- $(STRIP) $(efi-strip-opt) -p -o $(TARGET).efi.stripped $(TARGET).efi && \
- $(INSTALL_DATA) $(TARGET).efi.stripped $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ||) \
$(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \
elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \
echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \
diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
index 300cc67407..ee787068f8 100644
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -232,12 +232,17 @@ endif
$(MAKE) $(build)=$(@D) .$(@F).2r.o .$(@F).2s.o
$(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds $< \
$(dot-target).2r.o $(dot-target).2s.o $(orphan-handling-y) \
- $(note_file_option) -o $@
- $(NM) -pa --format=sysv $@ \
+ $(note_file_option) -o $(TARGET)-syms.efi
+ $(NM) -pa --format=sysv $(TARGET)-syms.efi \
| $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \
> $@.map
ifeq ($(CONFIG_DEBUG_INFO),y)
- $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@ $@.elf
+ $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) \
+ -O elf64-x86-64 $(TARGET)-syms.efi $@.elf
+endif
+ $(STRIP) $(TARGET)-syms.efi -o $@
+ifneq ($(CONFIG_DEBUG_INFO),y)
+ rm -f $(TARGET)-syms.efi
endif
rm -f $(dot-target).[0-9]* $(@D)/..$(@F).[0-9]*
ifeq ($(CONFIG_XEN_IBT),y)
@@ -281,6 +286,7 @@ $(obj)/xen.lds $(obj)/efi.lds: $(src)/xen.lds.S FORCE
clean-files := \
include/asm/asm-macros.* \
$(objtree)/.xen-syms.[0-9]* \
+ $(objtree)/xen-syms.efi \
$(objtree)/.xen.elf32 \
$(objtree)/.xen.efi.[0-9]* \
efi/*.efi
--
2.43.0On 12/5/25 5:09 PM, Frediano Ziglio wrote: > diff --git a/CHANGELOG.md b/CHANGELOG.md > index 3aaf598623..f26ec5b538 100644 > --- a/CHANGELOG.md > +++ b/CHANGELOG.md > @@ -38,6 +38,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) > BAR for HVM guests, to improve performance of guests using it to map the > grant table or foreign memory. > - Allow configuring the number of altp2m tables per domain via vm.cfg. > + - The install-time environment variable INSTALL_EFI_STRIP no longer exists. > + xen.efi is always stripped, while the symbols remain available in > + xen-syms.efi. It seems like it should be moved to the 4.22 section. After doing that: Acked-by: Oleksii Kurochko <oleksii.kurochko@gmail.com> Thanks. ~ Oleksii
On 05.12.2025 17:09, Frediano Ziglio wrote: > From: Frediano Ziglio <frediano.ziglio@cloud.com> > > For xen.gz file we strip all symbols and have an additional > xen-syms.efi file version with all symbols. > Make xen.efi more coherent stripping all symbols too. > xen-syms.efi can be used for debugging. > > Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> > --- > Changes since v1: > - avoid leaving target if some command fails. > > Changes since v2: > - do not convert type but retain PE format; > - use xen-syms.efi for new file name, more consistent with ELF. > > Changes since v3: > - update documentation; > - do not remove xen.efi.elf; > - check endbr instruction before generating final target. > > Changes since v4: > - simplify condition check; > - avoid reuse of $@.tmp file. > > Changes since v5: > - avoid creation of temporary file. > > Changes since v6: > - install xen-syms.efi; > - always strip xen.efi; > - restore EFI_LDFLAGS check during rule execution; > - update CHANGELOG.md; > - added xen-syms.efi to .gitignore. > > Changes since v7: > - move and improve CHANGELOG.md changes. > > Changes since v8: > - rebase on master; > - clean xen-syms.efi file. I.e. not addressing my prior, more fundamental comments. Jan
On Mon, 8 Dec 2025 at 08:25, Jan Beulich <jbeulich@suse.com> wrote: > > On 05.12.2025 17:09, Frediano Ziglio wrote: > > From: Frediano Ziglio <frediano.ziglio@cloud.com> > > > > For xen.gz file we strip all symbols and have an additional > > xen-syms.efi file version with all symbols. > > Make xen.efi more coherent stripping all symbols too. > > xen-syms.efi can be used for debugging. > > > > Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> > > --- > > Changes since v1: > > - avoid leaving target if some command fails. > > > > Changes since v2: > > - do not convert type but retain PE format; > > - use xen-syms.efi for new file name, more consistent with ELF. > > > > Changes since v3: > > - update documentation; > > - do not remove xen.efi.elf; > > - check endbr instruction before generating final target. > > > > Changes since v4: > > - simplify condition check; > > - avoid reuse of $@.tmp file. > > > > Changes since v5: > > - avoid creation of temporary file. > > > > Changes since v6: > > - install xen-syms.efi; > > - always strip xen.efi; > > - restore EFI_LDFLAGS check during rule execution; > > - update CHANGELOG.md; > > - added xen-syms.efi to .gitignore. > > > > Changes since v7: > > - move and improve CHANGELOG.md changes. > > > > Changes since v8: > > - rebase on master; > > - clean xen-syms.efi file. > > I.e. not addressing my prior, more fundamental comments. > > Jan Hi, In version 8 you commented that code should not double linking, and the current version does not double link. In version 7 you commented that changelog is in the wrong section, which was addressed. In version 5 you commented the changelog entry was missing, which was addressed. What are you referring to? Regards, Frediano
On 08.12.2025 14:31, Frediano Ziglio wrote: > On Mon, 8 Dec 2025 at 08:25, Jan Beulich <jbeulich@suse.com> wrote: >> >> On 05.12.2025 17:09, Frediano Ziglio wrote: >>> From: Frediano Ziglio <frediano.ziglio@cloud.com> >>> >>> For xen.gz file we strip all symbols and have an additional >>> xen-syms.efi file version with all symbols. >>> Make xen.efi more coherent stripping all symbols too. >>> xen-syms.efi can be used for debugging. >>> >>> Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> >>> --- >>> Changes since v1: >>> - avoid leaving target if some command fails. >>> >>> Changes since v2: >>> - do not convert type but retain PE format; >>> - use xen-syms.efi for new file name, more consistent with ELF. >>> >>> Changes since v3: >>> - update documentation; >>> - do not remove xen.efi.elf; >>> - check endbr instruction before generating final target. >>> >>> Changes since v4: >>> - simplify condition check; >>> - avoid reuse of $@.tmp file. >>> >>> Changes since v5: >>> - avoid creation of temporary file. >>> >>> Changes since v6: >>> - install xen-syms.efi; >>> - always strip xen.efi; >>> - restore EFI_LDFLAGS check during rule execution; >>> - update CHANGELOG.md; >>> - added xen-syms.efi to .gitignore. >>> >>> Changes since v7: >>> - move and improve CHANGELOG.md changes. >>> >>> Changes since v8: >>> - rebase on master; >>> - clean xen-syms.efi file. >> >> I.e. not addressing my prior, more fundamental comments. > > In version 8 you commented that code should not double linking, and > the current version does not double link. That was the reply directly to you. There was also a reply to Marek's comments, as to extending the probing of the toolchain that we do to figure out how well the PE/COFF linking actually works. Jan
On Mon, 8 Dec 2025 at 13:38, Jan Beulich <jbeulich@suse.com> wrote: > > On 08.12.2025 14:31, Frediano Ziglio wrote: > > On Mon, 8 Dec 2025 at 08:25, Jan Beulich <jbeulich@suse.com> wrote: > >> > >> On 05.12.2025 17:09, Frediano Ziglio wrote: > >>> From: Frediano Ziglio <frediano.ziglio@cloud.com> > >>> > >>> For xen.gz file we strip all symbols and have an additional > >>> xen-syms.efi file version with all symbols. > >>> Make xen.efi more coherent stripping all symbols too. > >>> xen-syms.efi can be used for debugging. > >>> > >>> Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> > >>> --- > >>> Changes since v1: > >>> - avoid leaving target if some command fails. > >>> > >>> Changes since v2: > >>> - do not convert type but retain PE format; > >>> - use xen-syms.efi for new file name, more consistent with ELF. > >>> > >>> Changes since v3: > >>> - update documentation; > >>> - do not remove xen.efi.elf; > >>> - check endbr instruction before generating final target. > >>> > >>> Changes since v4: > >>> - simplify condition check; > >>> - avoid reuse of $@.tmp file. > >>> > >>> Changes since v5: > >>> - avoid creation of temporary file. > >>> > >>> Changes since v6: > >>> - install xen-syms.efi; > >>> - always strip xen.efi; > >>> - restore EFI_LDFLAGS check during rule execution; > >>> - update CHANGELOG.md; > >>> - added xen-syms.efi to .gitignore. > >>> > >>> Changes since v7: > >>> - move and improve CHANGELOG.md changes. > >>> > >>> Changes since v8: > >>> - rebase on master; > >>> - clean xen-syms.efi file. > >> > >> I.e. not addressing my prior, more fundamental comments. > > > > In version 8 you commented that code should not double linking, and > > the current version does not double link. > > That was the reply directly to you. There was also a reply to Marek's comments, > as to extending the probing of the toolchain that we do to figure out how well > the PE/COFF linking actually works. > > Jan Surely it would be good to have, but it looks out of scope here, we already agreed that the current build produces artifacts with issues and we already agree that this change should be integrated to solve such issues. On checking linking one simple thing would be to check that objdump has no complaints (like a line like "objdump -x xen.efi > /dev/null" in the Makefile). I have a patch that does not tweak and checks on the xen.efi file and there was a similar code posted a while ago but that's surely out of scope. Frediano
On 05/12/2025 4:09 pm, Frediano Ziglio wrote: > From: Frediano Ziglio <frediano.ziglio@cloud.com> > > For xen.gz file we strip all symbols and have an additional > xen-syms.efi file version with all symbols. > Make xen.efi more coherent stripping all symbols too. > xen-syms.efi can be used for debugging. > > Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
© 2016 - 2025 Red Hat, Inc.