All of lore.kernel.org
 help / color / mirror / Atom feed
* [Qemu-devel] [PATCH] authz: optimize linking of objects for authorization services
@ 2019-05-21  9:32 Daniel P. Berrangé
  2019-05-21  9:40 ` no-reply
  2019-05-21 14:39 ` Richard Henderson
  0 siblings, 2 replies; 4+ messages in thread
From: Daniel P. Berrangé @ 2019-05-21  9:32 UTC (permalink / raw)
  To: qemu-devel; +Cc: Daniel P. Berrangé

The core authorization API is a dependancy of the crypto code for the
TLS servers. The TLS server code is pulled into anything which links
to the crypto objects, which is every QEMU tool. This in turns means
that every tool ended up linking to the authz code, which in turn
pulls in the PAM library dep.

This splits the authz code so that everything links to the base object
which defines the API. Only the system emulators and qemu-nbd link to
the object classes providing the implementations of the authz object
API. This has the effect of removing the PAM library dep from qemu-img,
qemu-io and other helper tools.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 Makefile            | 5 +++--
 Makefile.objs       | 1 +
 Makefile.target     | 3 ++-
 authz/Makefile.objs | 9 +++++----
 4 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/Makefile b/Makefile
index 66d5c65156..508a3e014b 100644
--- a/Makefile
+++ b/Makefile
@@ -396,6 +396,7 @@ endif
 dummy := $(call unnest-vars,, \
                 stub-obj-y \
                 authz-obj-y \
+                authz-impl-obj-y \
                 chardev-obj-y \
                 util-obj-y \
                 qga-obj-y \
@@ -444,7 +445,7 @@ qemu-options.def: $(SRC_PATH)/qemu-options.hx $(SRC_PATH)/scripts/hxtool
 SUBDIR_RULES=$(patsubst %,subdir-%, $(TARGET_DIRS))
 SOFTMMU_SUBDIR_RULES=$(filter %-softmmu,$(SUBDIR_RULES))
 
-$(SOFTMMU_SUBDIR_RULES): $(authz-obj-y)
+$(SOFTMMU_SUBDIR_RULES): $(authz-obj-y) $(authz-impl-obj-y)
 $(SOFTMMU_SUBDIR_RULES): $(block-obj-y)
 $(SOFTMMU_SUBDIR_RULES): $(crypto-obj-y)
 $(SOFTMMU_SUBDIR_RULES): $(io-obj-y)
@@ -512,7 +513,7 @@ COMMON_LDADDS = libqemuutil.a
 qemu-img.o: qemu-img-cmds.h
 
 qemu-img$(EXESUF): qemu-img.o $(authz-obj-y) $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
-qemu-nbd$(EXESUF): qemu-nbd.o $(authz-obj-y) $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
+qemu-nbd$(EXESUF): qemu-nbd.o $(authz-obj-y) $(authz-impl-obj-y) $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
 qemu-io$(EXESUF): qemu-io.o $(authz-obj-y) $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
 
 qemu-bridge-helper$(EXESUF): qemu-bridge-helper.o $(COMMON_LDADDS)
diff --git a/Makefile.objs b/Makefile.objs
index cf065de5ed..929c3ea045 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -9,6 +9,7 @@ chardev-obj-y = chardev/
 # authz-obj-y is code used by both qemu system emulation and qemu-img
 
 authz-obj-y = authz/
+authz-impl-obj-y = authz/
 
 #######################################################################
 # block-obj-y is code used by both qemu system emulation and qemu-img
diff --git a/Makefile.target b/Makefile.target
index ae02495951..da32dac316 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -176,6 +176,7 @@ all-obj-y := $(obj-y)
 include $(SRC_PATH)/Makefile.objs
 dummy := $(call unnest-vars,.., \
                authz-obj-y \
+               authz-impl-obj-y \
                block-obj-y \
                block-obj-m \
                chardev-obj-y \
@@ -187,7 +188,7 @@ dummy := $(call unnest-vars,.., \
                common-obj-m)
 all-obj-y += $(common-obj-y)
 all-obj-y += $(qom-obj-y)
-all-obj-$(CONFIG_SOFTMMU) += $(authz-obj-y)
+all-obj-$(CONFIG_SOFTMMU) += $(authz-obj-y) $(authz-impl-obj-y)
 all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y) $(chardev-obj-y)
 all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y)
 all-obj-$(CONFIG_SOFTMMU) += $(crypto-obj-y)
diff --git a/authz/Makefile.objs b/authz/Makefile.objs
index ed7b273596..e4c22447db 100644
--- a/authz/Makefile.objs
+++ b/authz/Makefile.objs
@@ -1,7 +1,8 @@
 authz-obj-y += base.o
-authz-obj-y += simple.o
-authz-obj-y += list.o
-authz-obj-y += listfile.o
-authz-obj-$(CONFIG_AUTH_PAM) += pamacct.o
+
+authz-impl-obj-y += simple.o
+authz-impl-obj-y += list.o
+authz-impl-obj-y += listfile.o
+authz-impl-obj-$(CONFIG_AUTH_PAM) += pamacct.o
 
 pamacct.o-libs = -lpam
-- 
2.21.0



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH] authz: optimize linking of objects for authorization services
  2019-05-21  9:32 [Qemu-devel] [PATCH] authz: optimize linking of objects for authorization services Daniel P. Berrangé
@ 2019-05-21  9:40 ` no-reply
  2019-05-21 14:39 ` Richard Henderson
  1 sibling, 0 replies; 4+ messages in thread
From: no-reply @ 2019-05-21  9:40 UTC (permalink / raw)
  To: berrange; +Cc: fam, berrange, qemu-devel

Patchew URL: https://patchew.org/QEMU/20190521093227.4661-1-berrange@redhat.com/



Hi,

This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===

/tmp/qemu-test/src/tests/test-crypto-tlssession.c:288: undefined reference to `qauthz_list_new'
/usr/bin/ld: /tmp/qemu-test/src/tests/test-crypto-tlssession.c:293: undefined reference to `qauthz_list_append_rule'
clang++ -L/tmp/qemu-test/build/dtc/libfdt  -I/usr/include/pixman-1  -I/tmp/qemu-test/src/dtc/libfdt -Werror -DHAS_LIBSSH2_SFTP_FSYNC  -pthread -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include  -fPIE -DPIE -m64 -mcx16 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99  -Wno-string-plus-int -Wno-typedef-redefinition -Wno-initializer-overrides -Wexpansion-to-defined -Wendif-labels -Wno-shift-negative-value -Wno-missing-include-dirs -Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-definition -Wtype-limits -fstack-protector-strong  -I/usr/include/p11-kit-1    -I/usr/include/libpng16  -I/usr/include/spice-1 -I/usr/include/spice-server -I/usr/include/cacard -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/nss3 -I/usr/include/nspr4 -pthread -I/usr/include/libmount -I/usr/include/blkid -I/usr/include/uuid -I/usr/include/pixman-1  -I/tmp/qemu-test/src/tests -fsanitize=undefined -fsanitize=address -g  -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g  -o tests/test-io-channel-socket tests/test-io-channel-socket.o tests/io-channel-helpers.o tests/socket-helpers.o io/channel.o io/channel-buffer.o io/channel-command.o io/channel-file.o io/channel-socket.o io/channel-tls.o io/channel-watch.o io/channel-websock.o io/channel-util.o io/dns-resolver.o io/net-listener.o io/task.o authz/base.o crypto/init.o crypto/hash.o crypto/hash-nettle.o crypto/hmac.o crypto/hmac-nettle.o crypto/aes.o crypto/desrfb.o crypto/cipher.o crypto/tlscreds.o crypto/tlscredsanon.o crypto/tlscredspsk.o crypto/tlscredsx509.o crypto/tlssession.o crypto/secret.o crypto/random-gnutls.o crypto/pbkdf.o crypto/pbkdf-nettle.o crypto/ivgen.o crypto/ivgen-essiv.o crypto/ivgen-plain.o crypto/ivgen-plain64.o crypto/afsplit.o crypto/xts.o crypto/block.o crypto/block-qcow.o crypto/block-luks.o qom/object.o qom/container.o qom/qom-qobject.o qom/object_interfaces.o  libqemuutil.a   -lm -lz  -lgthread-2.0 -pthread -lglib-2.0   -lrt -lz -lutil -lcap-ng -lnettle  -lgnutls  
clang-7: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [/tmp/qemu-test/src/rules.mak:124: tests/test-crypto-tlssession] Error 1
make: *** Waiting for unfinished jobs....
/usr/bin/ld: tests/test-authz-simple.o: in function `test_authz_simple':
/tmp/qemu-test/src/tests/test-authz-simple.c:29: undefined reference to `qauthz_simple_new'
clang-7: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [/tmp/qemu-test/src/rules.mak:124: tests/test-authz-simple] Error 1
/usr/bin/ld: tests/test-authz-list.o: in function `test_authz_default_deny':
/tmp/qemu-test/src/tests/test-authz-list.c:27: undefined reference to `qauthz_list_new'
---
/usr/bin/ld: /tmp/qemu-test/src/tests/test-authz-list.c:120: undefined reference to `qauthz_list_append_rule'
/usr/bin/ld: /tmp/qemu-test/src/tests/test-authz-list.c:128: undefined reference to `qauthz_list_delete_rule'
/usr/bin/ld: /tmp/qemu-test/src/tests/test-authz-list.c:133: undefined reference to `qauthz_list_insert_rule'
clang-7: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [/tmp/qemu-test/src/rules.mak:124: tests/test-authz-list] Error 1
/usr/bin/ld: tests/test-authz-listfile.o: in function `test_authz_default_deny':
/tmp/qemu-test/src/tests/test-authz-listfile.c:52: undefined reference to `qauthz_list_file_new'
---
/tmp/qemu-test/src/tests/test-authz-listfile.c:115: undefined reference to `qauthz_list_file_new'
/usr/bin/ld: tests/test-authz-listfile.o: in function `test_authz_complex':
/tmp/qemu-test/src/tests/test-authz-listfile.c:149: undefined reference to `qauthz_list_file_new'
clang-7: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [/tmp/qemu-test/src/rules.mak:124: tests/test-authz-listfile] Error 1
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 615, in <module>


The full log is available at
http://patchew.org/logs/20190521093227.4661-1-berrange@redhat.com/testing.asan/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH] authz: optimize linking of objects for authorization services
  2019-05-21  9:32 [Qemu-devel] [PATCH] authz: optimize linking of objects for authorization services Daniel P. Berrangé
  2019-05-21  9:40 ` no-reply
@ 2019-05-21 14:39 ` Richard Henderson
  2019-05-21 14:40   ` Richard Henderson
  1 sibling, 1 reply; 4+ messages in thread
From: Richard Henderson @ 2019-05-21 14:39 UTC (permalink / raw)
  To: Daniel P. Berrangé, qemu-devel

On 5/21/19 5:32 AM, Daniel P. Berrangé wrote:
> The core authorization API is a dependancy of the crypto code for the
> TLS servers. The TLS server code is pulled into anything which links
> to the crypto objects, which is every QEMU tool. This in turns means
> that every tool ended up linking to the authz code, which in turn
> pulls in the PAM library dep.
> 
> This splits the authz code so that everything links to the base object
> which defines the API. Only the system emulators and qemu-nbd link to
> the object classes providing the implementations of the authz object
> API. This has the effect of removing the PAM library dep from qemu-img,
> qemu-io and other helper tools.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  Makefile            | 5 +++--
>  Makefile.objs       | 1 +
>  Makefile.target     | 3 ++-
>  authz/Makefile.objs | 9 +++++----
>  4 files changed, 11 insertions(+), 7 deletions(-)

No changes to tests/?  Surely that means some tests no longer link?


r~


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH] authz: optimize linking of objects for authorization services
  2019-05-21 14:39 ` Richard Henderson
@ 2019-05-21 14:40   ` Richard Henderson
  0 siblings, 0 replies; 4+ messages in thread
From: Richard Henderson @ 2019-05-21 14:40 UTC (permalink / raw)
  To: Daniel P. Berrangé, qemu-devel

On 5/21/19 10:39 AM, Richard Henderson wrote:
> On 5/21/19 5:32 AM, Daniel P. Berrangé wrote:
>> The core authorization API is a dependancy of the crypto code for the
>> TLS servers. The TLS server code is pulled into anything which links
>> to the crypto objects, which is every QEMU tool. This in turns means
>> that every tool ended up linking to the authz code, which in turn
>> pulls in the PAM library dep.
>>
>> This splits the authz code so that everything links to the base object
>> which defines the API. Only the system emulators and qemu-nbd link to
>> the object classes providing the implementations of the authz object
>> API. This has the effect of removing the PAM library dep from qemu-img,
>> qemu-io and other helper tools.
>>
>> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
>> ---
>>  Makefile            | 5 +++--
>>  Makefile.objs       | 1 +
>>  Makefile.target     | 3 ++-
>>  authz/Makefile.objs | 9 +++++----
>>  4 files changed, 11 insertions(+), 7 deletions(-)
> 
> No changes to tests/?  Surely that means some tests no longer link?

Or I could notice your v2, farther down in my mailbox...  ;-)


r~


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-05-24 13:34 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-21  9:32 [Qemu-devel] [PATCH] authz: optimize linking of objects for authorization services Daniel P. Berrangé
2019-05-21  9:40 ` no-reply
2019-05-21 14:39 ` Richard Henderson
2019-05-21 14:40   ` Richard Henderson

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.