From a8dce6eb45437bb0c8df60ceb2d6ae2177013ae3 Mon Sep 17 00:00:00 2001
From: Pawel Wieczorkiewicz <wipawel@amazon.de>
Date: Tue, 26 Nov 2019 12:25:10 +0000
Subject: [PATCH] livepatch-build: Strip transient or unneeded symbols

In the process of creating a final hotpatch module file make sure to
strip all transient symbols that have not been caught and removed by
create-diff-object processing. For now these are only the hooks
kpatch load/unload symbols.

For all new object files that are carried along for the final linking
the transient hooks symbols are not stripped and neither are any
unneeded symbols. Strip the transient hooks symbols explicitly from
resulting object file.
Add a new option '--strip' to additionally strip all unneeded symbols
from new object files.

Signed-off-by: Pawel Wieczorkiewicz <wipawel@amazon.de>
Reviewed-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---
 livepatch-build | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/livepatch-build b/livepatch-build
index b8a1728..9e5bad3 100755
--- a/livepatch-build
+++ b/livepatch-build
@@ -32,6 +32,7 @@ SKIP=
 DEPENDS=
 XEN_DEPENDS=
 PRELINK=
+STRIP=0
 XENSYMS=xen-syms
 
 warn() {
@@ -111,6 +112,28 @@ function build_special()
     unset LIVEPATCH_CAPTURE_DIR
 }
 
+strip_extra_symbols ()
+{
+    local -r FILE="$1"
+    local -a STRIP_CMD_OPTS=()
+    local -a SYM_PREFIX=("livepatch_load_data_"
+                         "livepatch_unload_data_"
+                         "livepatch_preapply_data_"
+                         "livepatch_apply_data_"
+                         "livepatch_postapply_data_"
+                         "livepatch_prerevert_data_"
+                         "livepatch_revert_data_"
+                         "livepatch_postrevert_data_")
+
+    STRIP_CMD_OPTS+=("-w")
+    for sym in "${SYM_PREFIX[@]}"; do
+        STRIP_CMD_OPTS+=("-N")
+        STRIP_CMD_OPTS+=("\"${sym}*\"")
+    done
+
+    strip "${STRIP_CMD_OPTS[@]}" "$FILE"
+}
+
 function create_patch()
 {
     echo "Extracting new and modified ELF sections..."
@@ -150,6 +173,7 @@ function create_patch()
     NEW_FILES=$(comm -23 <(cd patched/xen && find . -type f -name '*.o' | sort) <(cd original/xen && find . -type f -name '*.o' | sort))
     for i in $NEW_FILES; do
         cp "patched/$i" "output/$i"
+        [[ $STRIP -eq 1 ]] && strip --strip-unneeded "output/$i"
         CHANGED=1
     done
 
@@ -176,6 +200,8 @@ function create_patch()
         "${TOOLSDIR}"/prelink $debugopt output.o "${PATCHNAME}.livepatch" "$XENSYMS" &>> "${OUTPUT}/prelink.log" || die
     fi
 
+    strip_extra_symbols "${PATCHNAME}.livepatch"
+
     objcopy --add-section .livepatch.depends=depends.bin "${PATCHNAME}.livepatch"
     objcopy --set-section-flags .livepatch.depends=alloc,readonly "${PATCHNAME}.livepatch"
 
@@ -198,11 +224,12 @@ usage() {
     echo "        --depends          Required build-id" >&2
     echo "        --xen-depends      Required Xen build-id" >&2
     echo "        --prelink          Prelink" >&2
+    echo "        --strip            Remove all symbols that are not needed for relocation processing." >&2
 }
 
 find_tools || die "can't find supporting tools"
 
-options=$(getopt -o hs:p:c:o:j:k:d -l "help,srcdir:,patch:,config:,output:,cpus:,skip:,debug,xen-debug,xen-syms:,depends:,xen-depends:,prelink" -- "$@") || die "getopt failed"
+options=$(getopt -o hs:p:c:o:j:k:d -l "help,srcdir:,patch:,config:,output:,cpus:,skip:,debug,xen-debug,xen-syms:,depends:,xen-depends:,prelink,strip" -- "$@") || die "getopt failed"
 
 eval set -- "$options"
 
@@ -270,6 +297,10 @@ while [[ $# -gt 0 ]]; do
             PRELINK=--resolve
             shift
             ;;
+        --strip)
+            STRIP=1
+            shift
+            ;;
         --)
             shift
             break
-- 
2.39.5