From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Thomas Huth" <thuth@redhat.com>,
"Konstantin Kostiuk" <kkostiuk@redhat.com>,
"Michael Roth" <michael.roth@amd.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>
Subject: [PATCH 00/20] qga: clean up command source locations and conditionals
Date: Tue, 4 Jun 2024 14:49:13 +0100 [thread overview]
Message-ID: <20240604134933.220112-1-berrange@redhat.com> (raw)
This series is a side effect of other work I started, to attempt to
make the QGA safe to use in confidential VMs by automatically
restricting the permitted commands. Since this cleanup stands on
its own, I'm sending it now.
The QGA codebase has a very complicated maze of #ifdefs to create
stubs for the various commands that cannot be implemented on certain
platforms. It then has further logic to dynamically disable the stub
commands at runtime, except this is not consistently applied, so
some commands remain enabled despite being merely stubs.
The resulting code is hard to follow, when trying to understand exactly
what commands are available under what circumstances, and when changing
impls it is easy to get the #ifdefs wrong, resulting in stubs getting
missed on platforms without a real impl. In some cases, we have multiple
stubs for the same command, due to the maze of #ifdefs.
The QAPI schema language has support for many years for expressing
conditions against commands when declaring them. This results in the
QAPI code generator omitting their implementation entirely at build
time. This has mutliple benefits
* The unsupported commands are guaranteed to not exist at runtime
* No stubs need ever be defined in the code
* The generated QAPI reference manual documents the build conditions
This series is broadly split into three parts
* Moving tonnes of Linux only commands out of commands-posix.c
into commands-linux.c to remove many #ifdefs.
* Adding 'if' conditions in the QAPI schema to reflect the
build conditions, removing many more #ifdefs
* Sanitizing the logic for disabling/enabling commands at
runtime to guarantee consistency
Daniel P. Berrangé (20):
qga: drop blocking of guest-get-memory-block-size command
qga: move linux vcpu command impls to commands-linux.c
qga: move linux suspend command impls to commands-linux.c
qga: move linux fs/disk command impls to commands-linux.c
qga: move linux disk/cpu stats command impls to commands-linux.c
qga: move linux memory block command impls to commands-linux.c
qga: move CONFIG_FSFREEZE/TRIM to be meson defined options
qga: conditionalize schema for commands unsupported on Windows
qga: conditionalize schema for commands unsupported on non-Linux POSIX
qga: conditionalize schema for commands requiring getifaddrs
qga: conditionalize schema for commands requiring linux/win32
qga: conditionalize schema for commands only supported on Windows
qga: conditionalize schema for commands requiring fsfreeze
qga: conditionalize schema for commands requiring fstrim
qga: conditionalize schema for commands requiring libudev
qga: conditionalize schema for commands requiring utmpx
qga: conditionalize schema for commands not supported on other UNIX
qga: add note about where to disable commands for a platform
qga: move declare of QGAConfig struct to top of file
qga: centralize logic for disabling/enabling commands
meson.build | 19 +
qga/commands-bsd.c | 24 -
qga/commands-common.h | 9 -
qga/commands-linux.c | 1805 +++++++++++++++++++++++++++++++
qga/commands-posix.c | 2375 ++++-------------------------------------
qga/commands-win32.c | 64 +-
qga/main.c | 154 +--
qga/qapi-schema.json | 153 ++-
8 files changed, 2196 insertions(+), 2407 deletions(-)
--
2.45.1
next reply other threads:[~2024-06-04 13:50 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-04 13:49 Daniel P. Berrangé [this message]
2024-06-04 13:49 ` [PATCH 01/20] qga: drop blocking of guest-get-memory-block-size command Daniel P. Berrangé
2024-06-06 8:05 ` Manos Pitsidianakis
2024-06-04 13:49 ` [PATCH 02/20] qga: move linux vcpu command impls to commands-linux.c Daniel P. Berrangé
2024-06-06 8:08 ` Manos Pitsidianakis
2024-06-04 13:49 ` [PATCH 03/20] qga: move linux suspend " Daniel P. Berrangé
2024-06-06 8:17 ` Manos Pitsidianakis
2024-06-04 13:49 ` [PATCH 04/20] qga: move linux fs/disk " Daniel P. Berrangé
2024-06-06 8:19 ` Manos Pitsidianakis
2024-06-04 13:49 ` [PATCH 05/20] qga: move linux disk/cpu stats " Daniel P. Berrangé
2024-06-04 13:49 ` [PATCH 06/20] qga: move linux memory block " Daniel P. Berrangé
2024-06-04 13:49 ` [PATCH 07/20] qga: move CONFIG_FSFREEZE/TRIM to be meson defined options Daniel P. Berrangé
2024-06-05 8:47 ` Marc-André Lureau
2024-06-05 8:53 ` Daniel P. Berrangé
2024-06-04 13:49 ` [PATCH 08/20] qga: conditionalize schema for commands unsupported on Windows Daniel P. Berrangé
2024-06-11 9:13 ` Markus Armbruster
2024-06-13 11:26 ` Daniel P. Berrangé
2024-06-11 13:55 ` Markus Armbruster
2024-06-11 14:03 ` Daniel P. Berrangé
2024-06-13 11:43 ` Daniel P. Berrangé
2024-06-13 11:55 ` Konstantin Kostiuk
2024-06-04 13:49 ` [PATCH 09/20] qga: conditionalize schema for commands unsupported on non-Linux POSIX Daniel P. Berrangé
2024-06-04 13:49 ` [PATCH 10/20] qga: conditionalize schema for commands requiring getifaddrs Daniel P. Berrangé
2024-06-04 13:49 ` [PATCH 11/20] qga: conditionalize schema for commands requiring linux/win32 Daniel P. Berrangé
2024-06-04 13:49 ` [PATCH 12/20] qga: conditionalize schema for commands only supported on Windows Daniel P. Berrangé
2024-06-04 13:49 ` [PATCH 13/20] qga: conditionalize schema for commands requiring fsfreeze Daniel P. Berrangé
2024-06-04 13:49 ` [PATCH 14/20] qga: conditionalize schema for commands requiring fstrim Daniel P. Berrangé
2024-06-04 13:49 ` [PATCH 15/20] qga: conditionalize schema for commands requiring libudev Daniel P. Berrangé
2024-06-04 13:49 ` [PATCH 16/20] qga: conditionalize schema for commands requiring utmpx Daniel P. Berrangé
2024-06-04 13:49 ` [PATCH 17/20] qga: conditionalize schema for commands not supported on other UNIX Daniel P. Berrangé
2024-06-04 13:49 ` [PATCH 18/20] qga: add note about where to disable commands for a platform Daniel P. Berrangé
2024-06-11 8:08 ` Markus Armbruster
2024-06-11 8:49 ` Daniel P. Berrangé
2024-06-13 11:48 ` Daniel P. Berrangé
2024-06-04 13:49 ` [PATCH 19/20] qga: move declare of QGAConfig struct to top of file Daniel P. Berrangé
2024-06-05 9:58 ` Marc-André Lureau
2024-06-04 13:49 ` [PATCH 20/20] qga: centralize logic for disabling/enabling commands Daniel P. Berrangé
2024-06-05 10:37 ` Marc-André Lureau
2024-06-05 10:39 ` Marc-André Lureau
2024-06-05 10:41 ` Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240604134933.220112-1-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=kkostiuk@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=michael.roth@amd.com \
--cc=pbonzini@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).