From: "Daniel P. Berrange" <berrange@redhat.com>
To: Fam Zheng <famz@redhat.com>
Cc: peter.maydell@linaro.org, mjt@tls.msk.ru, qemu-devel@nongnu.org,
alex@alex.org.uk, pbonzini@redhat.com, vilanova@ac.upc.edu,
rth@twiddle.net
Subject: Re: [Qemu-devel] [PATCH v8 6/9] module: add configurable module whitelist
Date: Fri, 13 Sep 2013 10:03:58 +0100 [thread overview]
Message-ID: <20130913090358.GA19404@redhat.com> (raw)
In-Reply-To: <1379061534-19171-7-git-send-email-famz@redhat.com>
On Fri, Sep 13, 2013 at 04:38:51PM +0800, Fam Zheng wrote:
> Accept configure option "--enable-modules=L", to restrict qemu to only
> load whitelisted modules.
>
> Signed-off-by: Fam Zheng <famz@redhat.com>
> ---
> configure | 12 +++++++++++-
> rules.mak | 7 ++++++-
> scripts/create_config | 7 +++++++
> util/module.c | 16 ++++++++++++++++
> 4 files changed, 40 insertions(+), 2 deletions(-)
>
> diff --git a/configure b/configure
> index 3043059..01e3665 100755
> --- a/configure
> +++ b/configure
> @@ -652,7 +652,9 @@ for opt do
> ;;
> --disable-debug-info)
> ;;
> - --enable-modules) modules="yes"
> + --enable-modules|--enable-modules=*)
> + modules="yes"
> + module_list=`echo "$optarg" | sed -e 's/,/ /g'`
> ;;
> --cpu=*)
> ;;
> @@ -1060,6 +1062,8 @@ echo " --sysconfdir=PATH install config in PATH$confsuffix"
> echo " --localstatedir=PATH install local state in PATH (set at runtime on win32)"
> echo " --with-confsuffix=SUFFIX suffix for QEMU data inside datadir and sysconfdir [$confsuffix]"
> echo " --enable-modules enable modules support"
> +echo " --enable-modules=L enable modules and provide a whitelist"
> +echo " Available modules: curl iscsi gluster ssh rbd"
> echo " --enable-debug-tcg enable TCG debugging"
> echo " --disable-debug-tcg disable TCG debugging (default)"
> echo " --enable-debug-info enable debugging information (default)"
> @@ -3590,6 +3594,9 @@ if test "$slirp" = "yes" ; then
> echo "smbd $smbd"
> fi
> echo "module support $modules"
> +if test -n "$module_list"; then
> + echo "module whitelist $module_list"
> +fi
> echo "host CPU $cpu"
> echo "host big endian $bigendian"
> echo "target list $target_list"
> @@ -3711,6 +3718,9 @@ echo "ARCH=$ARCH" >> $config_host_mak
> echo "CONFIG_FINGERPRINT=$(date +%s$$$RANDOM)" >> $config_host_mak
> if test "$modules" = "yes"; then
> echo "CONFIG_MODULES=y" >> $config_host_mak
> + if test -n "$module_list"; then
> + echo "CONFIG_MODULE_WHITELIST=$module_list" >> $config_host_mak
> + fi
> fi
> case "$cpu" in
> arm|i386|x86_64|x32|ppc|aarch64)
> diff --git a/rules.mak b/rules.mak
> index 0670366..e5529da 100644
> --- a/rules.mak
> +++ b/rules.mak
> @@ -165,13 +165,18 @@ $(if $(nested-dirs),
> $(call unnest-vars-1))
> endef
>
> +is-whitelisted = $(if $(CONFIG_MODULE_WHITELIST),$(strip \
> + $(filter $(CONFIG_MODULE_WHITELIST),$(basename $(notdir $1)))),\
> + yes)
> define add-modules
> $(foreach o,$(filter %.o,$($1)),
> $(eval $(patsubst %.o,%.mo,$o): $o) \
> $(eval $(patsubst %.o,%.mo,$o)-objs := $o))
> $(foreach o,$(filter %.mo,$($1)),$(eval \
> $o: $($o-objs)))
> -$(eval modules-m += $(patsubst %.o,%.mo,$($1)))
> +$(eval t := $(patsubst %.o,%.mo,$($1)))
> +$(foreach o,$t,$(if $(call is-whitelisted,$o),$(eval \
> + modules-m += $o)))
> endef
>
> define unnest-vars
> diff --git a/scripts/create_config b/scripts/create_config
> index ecc5d4d..ab430c7 100755
> --- a/scripts/create_config
> +++ b/scripts/create_config
> @@ -37,6 +37,13 @@ case $line in
> CONFIG_MODULES=*)
> echo "#define CONFIG_MODULES \"${line#*=}\""
> ;;
> + CONFIG_MODULE_WHITELIST=*)
> + echo "#define CONFIG_MODULE_WHITELIST\\"
> + for mod in ${line#*=}; do
> + echo " \"${mod}\",\\"
> + done
> + echo " NULL"
> + ;;
> CONFIG_AUDIO_DRIVERS=*)
> drivers=${line#*=}
> echo "#define CONFIG_AUDIO_DRIVERS \\"
> diff --git a/util/module.c b/util/module.c
> index 9135c14..cb882f0 100644
> --- a/util/module.c
> +++ b/util/module.c
> @@ -124,7 +124,14 @@ void module_load(module_load_type type)
> const char *path;
> char *fname = NULL;
> DIR *dp;
> +#ifdef CONFIG_MODULE_WHITELIST
> + const char **mp;
> + const char *module_whitelist[] = {
> + CONFIG_MODULE_WHITELIST
> + };
> +#else
> struct dirent *ep = NULL;
> +#endif
>
> if (!g_module_supported()) {
> return;
> @@ -149,10 +156,19 @@ void module_load(module_load_type type)
> fprintf(stderr, "Failed to open dir %s\n", path);
> return;
> }
> +#ifdef CONFIG_MODULE_WHITELIST
> + for (mp = &module_whitelist[0]; *mp; mp++) {
> + fname = g_strdup_printf("%s%s" HOST_DSOSUF, path, *mp);
> + module_load_file(fname);
> + g_free(fname);
> + }
> +#else
> for (ep = readdir(dp); ep; ep = readdir(dp)) {
> fname = g_strdup_printf("%s%s", path, ep->d_name);
> module_load_file(fname);
> g_free(fname);
> }
> #endif
Having two code paths here is silly. Even if the user does not specify
a whitelist to configure, we know exactly what modules the QEMU source
tree contains. We *never* have any need to use readdir here.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
next prev parent reply other threads:[~2013-09-13 9:04 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-13 8:38 [Qemu-devel] [PATCH v8 0/9] Shared Library Module Support Fam Zheng
2013-09-13 8:38 ` [Qemu-devel] [PATCH v8 1/9] ui/Makefile.objs: delete unnecessary cocoa.o dependency Fam Zheng
2013-09-13 8:38 ` [Qemu-devel] [PATCH v8 2/9] make.rule: fix $(obj) to a real relative path Fam Zheng
2013-09-13 8:38 ` [Qemu-devel] [PATCH v8 3/9] rule.mak: allow per object cflags and libs Fam Zheng
2013-09-13 8:38 ` [Qemu-devel] [PATCH v8 4/9] build-sys: introduce common-obj-m and block-obj-m for DSO Fam Zheng
2013-09-13 8:38 ` [Qemu-devel] [PATCH v8 5/9] module: implement module loading function Fam Zheng
2013-09-13 9:56 ` Alex Bligh
2013-09-13 10:02 ` Paolo Bonzini
2013-09-13 10:38 ` Alex Bligh
2013-09-13 10:05 ` Fam Zheng
2013-09-13 8:38 ` [Qemu-devel] [PATCH v8 6/9] module: add configurable module whitelist Fam Zheng
2013-09-13 9:03 ` Daniel P. Berrange [this message]
2013-09-13 9:57 ` Fam Zheng
2013-09-13 8:38 ` [Qemu-devel] [PATCH v8 7/9] Makefile: install modules with "make install" Fam Zheng
2013-09-13 8:38 ` [Qemu-devel] [PATCH v8 8/9] .gitignore: ignore module related files (dll, so, mo) Fam Zheng
2013-09-13 8:38 ` [Qemu-devel] [PATCH v8 9/9] block: convert block drivers linked with libs to modules Fam Zheng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130913090358.GA19404@redhat.com \
--to=berrange@redhat.com \
--cc=alex@alex.org.uk \
--cc=famz@redhat.com \
--cc=mjt@tls.msk.ru \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
--cc=vilanova@ac.upc.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).