[PATCH v3 1/2] drivers: fix symbol exports when map is omitted

[Bruce Richardson]

On Thu, Dec 01, 2022 at 11:08:46AM +0100, David Marchand wrote:
> ld exports any global symbol by default if no version script is passed.
> As a consequence, the incriminated change let any public symbol leak
> out of the driver shared libraries.
> 
> Hide again those symbols by providing a default map file which
> unexports any global symbol using a local: * catch-all statement.
> 
> The checks are skipped for this default map file as it is intentionnally
> an empty map (see commit b67bdda86cd4 ("devtools: catch empty symbol
> maps")) and there is nothing else to check in this map.
> 
> Fixes: 7dde9c844a37 ("drivers: omit symbol map when unneeded")
> Cc: stable at dpdk.org
> 
> Reported-by: Luca Boccassi <luca.boccassi at microsoft.com>
> Signed-off-by: David Marchand <david.marchand at redhat.com>
> Tested-by: Ferruh Yigit <ferruh.yigit at amd.com>
> ---
> Changes since v2:
> - separated the Windows cleanup in next patch,
> 
> Changes since v1:
> - excluded drivers/version.map from maps checked by default in
>   check-symbol-maps.sh,
> 
> ---
>  devtools/check-symbol-maps.sh |  2 +-
>  drivers/meson.build           | 68 +++++++++++++++++++----------------
>  drivers/version.map           |  3 ++
>  3 files changed, 41 insertions(+), 32 deletions(-)
>  create mode 100644 drivers/version.map
> 
> diff --git a/devtools/check-symbol-maps.sh b/devtools/check-symbol-maps.sh
> index 0a6062de26..8c116bfa9c 100755
> --- a/devtools/check-symbol-maps.sh
> +++ b/devtools/check-symbol-maps.sh
> @@ -8,7 +8,7 @@ cd $(dirname $0)/..
>  export LC_ALL=C
>  
>  if [ $# = 0 ] ; then
> -    set -- $(find lib drivers -name '*.map')
> +    set -- $(find lib drivers -name '*.map' -a ! -path drivers/version.map)
>  fi
>  
>  ret=0
> diff --git a/drivers/meson.build b/drivers/meson.build
> index c4ff3ff1ba..5188302057 100644
> --- a/drivers/meson.build
> +++ b/drivers/meson.build
> @@ -210,40 +210,46 @@ foreach subpath:subdirs
>  
>          lk_deps = []
>          lk_args = []
> -        if fs.is_file(version_map)
> -            def_file = custom_target(lib_name + '_def',
> -                    command: [map_to_win_cmd, '@INPUT@', '@OUTPUT@'],
> -                    input: version_map,
> -                    output: '@0 at _exports.def'.format(lib_name))
> -
> -            mingw_map = custom_target(lib_name + '_mingw',
> -                    command: [map_to_win_cmd, '@INPUT@', '@OUTPUT@'],
> -                    input: version_map,
> -                    output: '@0 at _mingw.map'.format(lib_name))
> -
> -            lk_deps = [version_map, def_file, mingw_map]
> -            if is_windows
> -                if is_ms_linker
> -                    lk_args = ['-Wl,/def:' + def_file.full_path()]
> -                    if meson.version().version_compare('<0.54.0')
> -                        lk_args += ['-Wl,/implib:drivers\\' + implib]
> -                    endif
> -                else
> -                    lk_args = ['-Wl,--version-script=' + mingw_map.full_path()]
> +        if not fs.is_file(version_map)
> +            version_map = '@0@/version.map'.format(meson.current_source_dir())
> +            lk_deps += [version_map]

Technically, for this patch the lk_deps assignment does not need to be
split into two, but it does make the second patch smaller, so I'm ok to
keep this as you have in this version.

> +        else
> +            lk_deps += [version_map]
> +            if not is_windows and developer_mode
> +                # on unix systems check the output of the
> +                # check-symbols.sh script, using it as a
> +                # dependency of the .so build
> +                lk_deps += custom_target(lib_name + '.sym_chk',
> +                        command: [check_symbols, version_map, '@INPUT@'],
> +                        capture: true,
> +                        input: static_lib,
> +                        output: lib_name + '.sym_chk')
> +            endif
> +        endif
> +
> +        def_file = custom_target(lib_name + '_def',
> +                command: [map_to_win_cmd, '@INPUT@', '@OUTPUT@'],
> +                input: version_map,
> +                output: '@0 at _exports.def'.format(lib_name))
> +
> +        mingw_map = custom_target(lib_name + '_mingw',
> +                command: [map_to_win_cmd, '@INPUT@', '@OUTPUT@'],
> +                input: version_map,
> +                output: '@0 at _mingw.map'.format(lib_name))
> +
> +        lk_deps += [def_file, mingw_map]
> +
> +        if is_windows
> +            if is_ms_linker
> +                lk_args = ['-Wl,/def:' + def_file.full_path()]
> +                if meson.version().version_compare('<0.54.0')
> +                    lk_args += ['-Wl,/implib:drivers\\' + implib]
>                  endif
>              else
> -                lk_args = ['-Wl,--version-script=' + version_map]
> -                if developer_mode
> -                    # on unix systems check the output of the
> -                    # check-symbols.sh script, using it as a
> -                    # dependency of the .so build
> -                    lk_deps += custom_target(lib_name + '.sym_chk',
> -                            command: [check_symbols, version_map, '@INPUT@'],
> -                            capture: true,
> -                            input: static_lib,
> -                            output: lib_name + '.sym_chk')
> -                endif
> +                lk_args = ['-Wl,--version-script=' + mingw_map.full_path()]
>              endif
> +        else
> +            lk_args = ['-Wl,--version-script=' + version_map]
>          endif
>  
>          shared_lib = shared_library(lib_name, sources,
> diff --git a/drivers/version.map b/drivers/version.map
> new file mode 100644
> index 0000000000..78c3585d7c
> --- /dev/null
> +++ b/drivers/version.map
> @@ -0,0 +1,3 @@
> +DPDK_23 {
> +	local: *;
> +};
> -- 

Reviewed-by: Bruce Richardson <bruce.richardson at intel.com>