qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v4] buildsys: Move crypto cflags/libs to per obj

From: Fam Zheng
Subject: Re: [Qemu-devel] [PATCH v4] buildsys: Move crypto cflags/libs to per object variables
Date: Fri, 8 Sep 2017 19:23:52 +0800
User-agent: Mutt/1.8.3 (2017-05-23) 
On Fri, 09/08 12:00, Daniel P. Berrange wrote:
> On Fri, Sep 08, 2017 at 06:58:53PM +0800, Fam Zheng wrote:
> > On Fri, 09/08 11:36, Daniel P. Berrange wrote:
> > > On Fri, Sep 08, 2017 at 06:27:01PM +0800, Fam Zheng wrote:
> > > > On Fri, 09/08 11:05, Daniel P. Berrange wrote:
> > > > > On Wed, Sep 06, 2017 at 08:49:00PM +0800, Fam Zheng wrote:
> > > > > > This patch groups the crypto objects into a few .mo objects based on
> > > > > > functional submodules, and moves inclusion conditions to *-objs
> > > > > > variables, then moves the global cflags/libs to the *-cflags and 
> > > > > > *-libs
> > > > > > variables.
> > > > > > 
> > > > > > For init.o and cipher.o, which may or may not need the library flags
> > > > > > depending on config, adding flags and libs unconditionally doesn't 
> > > > > > hurt,
> > > > > > because if the library is not available, the variables are empty.  
> > > > > > This
> > > > > > makes less code.
> > > > > > 
> > > > > > Signed-off-by: Fam Zheng <address@hidden>
> > > > > > 
> > > > > > ---
> > > > > > 
> > > > > > v4: Merge into one patch which is supposedly easier to manage and
> > > > > > review, and use .mo appraoch to avoid $(foreach) and $(eval) magics.
> > > > > 
> > > > > I don't think using  .mo is suitable here. You've used it as a generic
> > > > > mechanism for grouping .o files, but that is not what it does. There
> > > > > are special semantics around .mo rules that affect how the final
> > > > > binaries are linked.
> > > > 
> > > > Using .mo is okay here, but after a hindsight I think grouping by 
> > > > library
> > > > (nettle.mo, gcrypt.mo, etc.) is better than grouping by functionality, 
> > > > for
> > > > modularization in the future. But that also means assigning the 
> > > > cflags/libs
> > > > variable cannot be simplified like this.
> > > > 
> > > > > 
> > > > > eg looking back at the description of .mo files 
> > > > > 
> > > > > [quote]
> > > > > commit c261d774fb9093d00e0938a19f502fb220f62718
> > > > > Author: Fam Zheng <address@hidden>
> > > > > Date:   Mon Sep 1 18:35:10 2014 +0800
> > > > > 
> > > > > [...snip...]
> > > > > 
> > > > >     3) When linking an executable, those .mo files in its "-y" 
> > > > > variables are
> > > > >        filtered out, and replaced by one or more -Wl,-u,$symbol 
> > > > > flags. This
> > > > >        is done in the added macro "process-archive-undefs".
> > > > >     
> > > > >        These "-Wl,-u,$symbol" flags will force ld to pull in the 
> > > > > function
> > > > >        definition from the archives when linking.
> > > > >     
> > > > >        Note that the .mo objects, that are actually meant to be 
> > > > > linked in
> > > > >        the executables, are already expanded in unnest-vars, before 
> > > > > the
> > > > >        linking command. So we are safe to simply filter out .mo for 
> > > > > the
> > > > >        purpose of pulling undefined symbols.
> > > > >     
> > > > >        process-archive-undefs works as this: For each ".mo", find all 
> > > > > the
> > > > >        undefined symbols in it, filter ones that are defined in the
> > > > >        archives. For each of these symbols, generate a 
> > > > > "-Wl,-u,$symbol" in
> > > > >        the link command, and put them before archive names in the 
> > > > > command
> > > > >        line.
> > > > > [/quote]
> > > > > 
> > > > > Based on this, I don't think I can ack this patch, because it can
> > > > > have unexpected consequences.
> > > > 
> > > > This described the process-archive-undefs semantics of .mo, but not the 
> > > > essence
> > > > of it.  Basically .mo is just partial linking with the additional 
> > > > services of
> > > > -cflags, -libs and the above -Wl,-u thing. I cannot think of any 
> > > > unexpected
> > > > consequences with this change. We've had sdl.mo in ui/Makefile.objs for 
> > > > long,
> > > > just for the same purpose of this patch, with no problem.
> > > 
> > > While I'm in favour of moving the linker/compiler flags out of the global
> > > vars, I'm not convinced this impl is a step forward.
> > > 
> > > We already have a mechanism for grouping object files - the 'NNNN-obj-y'
> > > variables we use throughout our Makefiles.
> > > 
> > > This patch is adding a second level of grouping purely to work around the
> > > fact that we can't set linker/compiler flags on the NNN-obj-y variables
> > > we use. I think this second level of grouping makes the makefiles more
> > > complex than they ought to be.
> > 
> > Not quite, it is actually a required step to modularization, which I'm 
> > inclined
> > to get my hands on next. That is also why .mo was introduced.
> > 
> > > 
> > > IOW, I'd rather see the rules fixed so that we can set variables against
> > > the existing grouping we have. eg
> > > 
> > >    crypto-obj-y-cflags := ...
> > >    crypto-obj-y-libs := ...
> > > 
> > > so we avoid having to introduce second level groups every time we want
> > > to set these cflags/libs.
> > 
> > This is certainly true, but taking the modularization work into account, .mo
> > based -cflags and -libs are more natural and consistent. IMO we already 
> > have the
> > latter, so other mechanisms are not really necessary. Remember how complex 
> > the
> > general unnest-vars code is?  I believe adding support to 
> > crypto-obj-y-cflags is
> > more complex than (ab)using .mo objects, even if just for flags/libs
> > localization.
> > 
> > If you don't like introducing {nettle,gcrypt,gnutls}.mo for now, we can 
> > probably
> > defer it to the time when crypto subsystem is modularized.
> 
> I don't anticipate the crypot subsystem ever being modularized - it is
> really core functionality used across all other subsystems (block layer,
> chardev, ui, migration, and more)

I get your point that crypto is a fundamental thing, "optionally secure" is not
what I meant.  But moduarization still has the advantage of offering more
flexibility to end users, potentially. Crypto backends could be shipped as
qemu-crypto-{nettle,gcrypt,gnutls} packages, and depending on which are
installed and which are not, the core crypto code in QEMU can pick the suitable
implementation at runtime, based on a hardcoded priority or even an option.

To be "secure by default", qemu-crypto-nettle could be a hard requirement of
qemu core package.

Is it worth the effort?

Fam
reply via email to
[Prev in Thread] Current Thread [Next in Thread]