1. Patchew
  2. QEMU
  3. View series

[Qemu-devel] [PATCH] authz: optimize linking of objects for authorization services

Daniel P. Berrangé posted 1 patch 4 years, 11 months ago
Test docker-clang@ubuntu failed
Test asan failed
Test checkpatch passed
Test docker-mingw@fedora passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20190521093227.4661-1-berrange@redhat.com
Maintainers: "Daniel P. Berrangé" <berrange@redhat.com>
There is a newer version of this series
Makefile            | 5 +++--
Makefile.objs       | 1 +
Makefile.target     | 3 ++-
authz/Makefile.objs | 9 +++++----
4 files changed, 11 insertions(+), 7 deletions(-)
[Qemu-devel] [PATCH] authz: optimize linking of objects for authorization services
Posted by Daniel P. Berrangé 4 years, 11 months ago 
The core authorization API is a dependancy of the crypto code for the
TLS servers. The TLS server code is pulled into anything which links
to the crypto objects, which is every QEMU tool. This in turns means
that every tool ended up linking to the authz code, which in turn
pulls in the PAM library dep.

This splits the authz code so that everything links to the base object
which defines the API. Only the system emulators and qemu-nbd link to
the object classes providing the implementations of the authz object
API. This has the effect of removing the PAM library dep from qemu-img,
qemu-io and other helper tools.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 Makefile            | 5 +++--
 Makefile.objs       | 1 +
 Makefile.target     | 3 ++-
 authz/Makefile.objs | 9 +++++----
 4 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/Makefile b/Makefile
index 66d5c65156..508a3e014b 100644
--- a/Makefile
+++ b/Makefile
@@ -396,6 +396,7 @@ endif
 dummy := $(call unnest-vars,, \
                 stub-obj-y \
                 authz-obj-y \
+                authz-impl-obj-y \
                 chardev-obj-y \
                 util-obj-y \
                 qga-obj-y \
@@ -444,7 +445,7 @@ qemu-options.def: $(SRC_PATH)/qemu-options.hx $(SRC_PATH)/scripts/hxtool
 SUBDIR_RULES=$(patsubst %,subdir-%, $(TARGET_DIRS))
 SOFTMMU_SUBDIR_RULES=$(filter %-softmmu,$(SUBDIR_RULES))
 
-$(SOFTMMU_SUBDIR_RULES): $(authz-obj-y)
+$(SOFTMMU_SUBDIR_RULES): $(authz-obj-y) $(authz-impl-obj-y)
 $(SOFTMMU_SUBDIR_RULES): $(block-obj-y)
 $(SOFTMMU_SUBDIR_RULES): $(crypto-obj-y)
 $(SOFTMMU_SUBDIR_RULES): $(io-obj-y)
@@ -512,7 +513,7 @@ COMMON_LDADDS = libqemuutil.a
 qemu-img.o: qemu-img-cmds.h
 
 qemu-img$(EXESUF): qemu-img.o $(authz-obj-y) $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
-qemu-nbd$(EXESUF): qemu-nbd.o $(authz-obj-y) $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
+qemu-nbd$(EXESUF): qemu-nbd.o $(authz-obj-y) $(authz-impl-obj-y) $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
 qemu-io$(EXESUF): qemu-io.o $(authz-obj-y) $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
 
 qemu-bridge-helper$(EXESUF): qemu-bridge-helper.o $(COMMON_LDADDS)
diff --git a/Makefile.objs b/Makefile.objs
index cf065de5ed..929c3ea045 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -9,6 +9,7 @@ chardev-obj-y = chardev/
 # authz-obj-y is code used by both qemu system emulation and qemu-img
 
 authz-obj-y = authz/
+authz-impl-obj-y = authz/
 
 #######################################################################
 # block-obj-y is code used by both qemu system emulation and qemu-img
diff --git a/Makefile.target b/Makefile.target
index ae02495951..da32dac316 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -176,6 +176,7 @@ all-obj-y := $(obj-y)
 include $(SRC_PATH)/Makefile.objs
 dummy := $(call unnest-vars,.., \
                authz-obj-y \
+               authz-impl-obj-y \
                block-obj-y \
                block-obj-m \
                chardev-obj-y \
@@ -187,7 +188,7 @@ dummy := $(call unnest-vars,.., \
                common-obj-m)
 all-obj-y += $(common-obj-y)
 all-obj-y += $(qom-obj-y)
-all-obj-$(CONFIG_SOFTMMU) += $(authz-obj-y)
+all-obj-$(CONFIG_SOFTMMU) += $(authz-obj-y) $(authz-impl-obj-y)
 all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y) $(chardev-obj-y)
 all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y)
 all-obj-$(CONFIG_SOFTMMU) += $(crypto-obj-y)
diff --git a/authz/Makefile.objs b/authz/Makefile.objs
index ed7b273596..e4c22447db 100644
--- a/authz/Makefile.objs
+++ b/authz/Makefile.objs
@@ -1,7 +1,8 @@
 authz-obj-y += base.o
-authz-obj-y += simple.o
-authz-obj-y += list.o
-authz-obj-y += listfile.o
-authz-obj-$(CONFIG_AUTH_PAM) += pamacct.o
+
+authz-impl-obj-y += simple.o
+authz-impl-obj-y += list.o
+authz-impl-obj-y += listfile.o
+authz-impl-obj-$(CONFIG_AUTH_PAM) += pamacct.o
 
 pamacct.o-libs = -lpam
-- 
2.21.0
Re: [Qemu-devel] [PATCH] authz: optimize linking of objects for authorization services
Posted by Richard Henderson 4 years, 11 months ago 
On 5/21/19 5:32 AM, Daniel P. Berrangé wrote:
> The core authorization API is a dependancy of the crypto code for the
> TLS servers. The TLS server code is pulled into anything which links
> to the crypto objects, which is every QEMU tool. This in turns means
> that every tool ended up linking to the authz code, which in turn
> pulls in the PAM library dep.
> 
> This splits the authz code so that everything links to the base object
> which defines the API. Only the system emulators and qemu-nbd link to
> the object classes providing the implementations of the authz object
> API. This has the effect of removing the PAM library dep from qemu-img,
> qemu-io and other helper tools.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  Makefile            | 5 +++--
>  Makefile.objs       | 1 +
>  Makefile.target     | 3 ++-
>  authz/Makefile.objs | 9 +++++----
>  4 files changed, 11 insertions(+), 7 deletions(-)

No changes to tests/?  Surely that means some tests no longer link?


r~
Re: [Qemu-devel] [PATCH] authz: optimize linking of objects for authorization services
Posted by Richard Henderson 4 years, 11 months ago 
On 5/21/19 10:39 AM, Richard Henderson wrote:
> On 5/21/19 5:32 AM, Daniel P. Berrangé wrote:
>> The core authorization API is a dependancy of the crypto code for the
>> TLS servers. The TLS server code is pulled into anything which links
>> to the crypto objects, which is every QEMU tool. This in turns means
>> that every tool ended up linking to the authz code, which in turn
>> pulls in the PAM library dep.
>>
>> This splits the authz code so that everything links to the base object
>> which defines the API. Only the system emulators and qemu-nbd link to
>> the object classes providing the implementations of the authz object
>> API. This has the effect of removing the PAM library dep from qemu-img,
>> qemu-io and other helper tools.
>>
>> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
>> ---
>>  Makefile            | 5 +++--
>>  Makefile.objs       | 1 +
>>  Makefile.target     | 3 ++-
>>  authz/Makefile.objs | 9 +++++----
>>  4 files changed, 11 insertions(+), 7 deletions(-)
> 
> No changes to tests/?  Surely that means some tests no longer link?

Or I could notice your v2, farther down in my mailbox...  ;-)


r~
Re: [Qemu-devel] [PATCH] authz: optimize linking of objects for authorization services
Posted by no-reply@patchew.org 4 years, 11 months ago 
Patchew URL: https://patchew.org/QEMU/20190521093227.4661-1-berrange@redhat.com/



Hi,

This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===

/tmp/qemu-test/src/tests/test-crypto-tlssession.c:288: undefined reference to `qauthz_list_new'
/usr/bin/ld: /tmp/qemu-test/src/tests/test-crypto-tlssession.c:293: undefined reference to `qauthz_list_append_rule'
clang++ -L/tmp/qemu-test/build/dtc/libfdt  -I/usr/include/pixman-1  -I/tmp/qemu-test/src/dtc/libfdt -Werror -DHAS_LIBSSH2_SFTP_FSYNC  -pthread -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include  -fPIE -DPIE -m64 -mcx16 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99  -Wno-string-plus-int -Wno-typedef-redefinition -Wno-initializer-overrides -Wexpansion-to-defined -Wendif-labels -Wno-shift-negative-value -Wno-missing-include-dirs -Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-definition -Wtype-limits -fstack-protector-strong  -I/usr/include/p11-kit-1    -I/usr/include/libpng16  -I/usr/include/spice-1 -I/usr/include/spice-server -I/usr/include/cacard -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/nss3 -I/usr/include/nspr4 -pthread -I/usr/include/libmount -I/usr/include/blkid -I/usr/include/uuid -I/usr/include/pixman-1  -I/tmp/qemu-test/src/tests -fsanitize=undefined -fsanitize=address -g  -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g  -o tests/test-io-channel-socket tests/test-io-channel-socket.o tests/io-channel-helpers.o tests/socket-helpers.o io/channel.o io/channel-buffer.o io/channel-command.o io/channel-file.o io/channel-socket.o io/channel-tls.o io/channel-watch.o io/channel-websock.o io/channel-util.o io/dns-resolver.o io/net-listener.o io/task.o authz/base.o crypto/init.o crypto/hash.o crypto/hash-nettle.o crypto/hmac.o crypto/hmac-nettle.o crypto/aes.o crypto/desrfb.o crypto/cipher.o crypto/tlscreds.o crypto/tlscredsanon.o crypto/tlscredspsk.o crypto/tlscredsx509.o crypto/tlssession.o crypto/secret.o crypto/random-gnutls.o crypto/pbkdf.o crypto/pbkdf-nettle.o crypto/ivgen.o crypto/ivgen-essiv.o crypto/ivgen-plain.o crypto/ivgen-plain64.o crypto/afsplit.o crypto/xts.o crypto/block.o crypto/block-qcow.o crypto/block-luks.o qom/object.o qom/container.o qom/qom-qobject.o qom/object_interfaces.o  libqemuutil.a   -lm -lz  -lgthread-2.0 -pthread -lglib-2.0   -lrt -lz -lutil -lcap-ng -lnettle  -lgnutls  
clang-7: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [/tmp/qemu-test/src/rules.mak:124: tests/test-crypto-tlssession] Error 1
make: *** Waiting for unfinished jobs....
/usr/bin/ld: tests/test-authz-simple.o: in function `test_authz_simple':
/tmp/qemu-test/src/tests/test-authz-simple.c:29: undefined reference to `qauthz_simple_new'
clang-7: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [/tmp/qemu-test/src/rules.mak:124: tests/test-authz-simple] Error 1
/usr/bin/ld: tests/test-authz-list.o: in function `test_authz_default_deny':
/tmp/qemu-test/src/tests/test-authz-list.c:27: undefined reference to `qauthz_list_new'
---
/usr/bin/ld: /tmp/qemu-test/src/tests/test-authz-list.c:120: undefined reference to `qauthz_list_append_rule'
/usr/bin/ld: /tmp/qemu-test/src/tests/test-authz-list.c:128: undefined reference to `qauthz_list_delete_rule'
/usr/bin/ld: /tmp/qemu-test/src/tests/test-authz-list.c:133: undefined reference to `qauthz_list_insert_rule'
clang-7: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [/tmp/qemu-test/src/rules.mak:124: tests/test-authz-list] Error 1
/usr/bin/ld: tests/test-authz-listfile.o: in function `test_authz_default_deny':
/tmp/qemu-test/src/tests/test-authz-listfile.c:52: undefined reference to `qauthz_list_file_new'
---
/tmp/qemu-test/src/tests/test-authz-listfile.c:115: undefined reference to `qauthz_list_file_new'
/usr/bin/ld: tests/test-authz-listfile.o: in function `test_authz_complex':
/tmp/qemu-test/src/tests/test-authz-listfile.c:149: undefined reference to `qauthz_list_file_new'
clang-7: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [/tmp/qemu-test/src/rules.mak:124: tests/test-authz-listfile] Error 1
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 615, in <module>


The full log is available at
http://patchew.org/logs/20190521093227.4661-1-berrange@redhat.com/testing.asan/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.