From patchwork Tue Sep 15 17:20:33 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 7188871 Return-Path: X-Original-To: patchwork-kvm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 600FC9F336 for ; Tue, 15 Sep 2015 17:20:37 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 4D5DE2070F for ; Tue, 15 Sep 2015 17:20:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id F31C0206B5 for ; Tue, 15 Sep 2015 17:20:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751601AbbIORUb (ORCPT ); Tue, 15 Sep 2015 13:20:31 -0400 Received: from foss.arm.com ([217.140.101.70]:51996 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751070AbbIORUa (ORCPT ); Tue, 15 Sep 2015 13:20:30 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8C6C756C; Tue, 15 Sep 2015 10:20:45 -0700 (PDT) Received: from arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id A08943F5A0; Tue, 15 Sep 2015 10:20:29 -0700 (PDT) Date: Tue, 15 Sep 2015 18:20:33 +0100 From: Will Deacon To: Dimitri John Ledkov Cc: "kvm@vger.kernel.org" , Andre Przywara Subject: Re: [PATCH v2 kvmtool] Make static libc and guest-init functionality optional. Message-ID: <20150915172033.GI31157@arm.com> References: <1441368249-23800-1-git-send-email-dimitri.j.ledkov@intel.com> <1441982400-14781-1-git-send-email-dimitri.j.ledkov@intel.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1441982400-14781-1-git-send-email-dimitri.j.ledkov@intel.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Hi Dmitri, On Fri, Sep 11, 2015 at 03:40:00PM +0100, Dimitri John Ledkov wrote: > If one typically only boots full disk-images, one wouldn't necessaraly > want to statically link glibc, for the guest-init feature of the > kvmtool. As statically linked glibc triggers haevy security > maintainance. > > Signed-off-by: Dimitri John Ledkov > --- > Changes since v1: > - rename CONFIG_HAS_LIBC to CONFIG_GUEST_INIT for clarity > - use more ifdefs, instead of runtime check of _binary_guest_init_size==0 The idea looks good, but I think we can tidy some of this up at the same time by moving all the guest_init code in builtin_setup.c. How about the patch below? Will --->8 From cdce942c1a3a04635065a7972ca4e21386664756 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Fri, 11 Sep 2015 15:40:00 +0100 Subject: [PATCH] Make static libc and guest-init functionality optional. If one typically only boots full disk-images, one wouldn't necessaraly want to statically link glibc, for the guest-init feature of the kvmtool. As statically linked glibc triggers haevy security maintainance. Signed-off-by: Dimitri John Ledkov [will: moved all the guest_init handling into builtin_setup.c] Signed-off-by: Will Deacon --- Makefile | 12 +++++++----- builtin-run.c | 29 +---------------------------- builtin-setup.c | 19 ++++++++++++++----- include/kvm/builtin-setup.h | 1 + 4 files changed, 23 insertions(+), 38 deletions(-) diff --git a/Makefile b/Makefile index 7b17d529d13b..f1701aa7b8ec 100644 --- a/Makefile +++ b/Makefile @@ -34,8 +34,6 @@ bindir_SQ = $(subst ','\'',$(bindir)) PROGRAM := lkvm PROGRAM_ALIAS := vm -GUEST_INIT := guest/init - OBJS += builtin-balloon.o OBJS += builtin-debug.o OBJS += builtin-help.o @@ -279,8 +277,13 @@ ifeq ($(LTO),1) endif endif -ifneq ($(call try-build,$(SOURCE_STATIC),,-static),y) - $(error No static libc found. Please install glibc-static package.) +ifeq ($(call try-build,$(SOURCE_STATIC),,-static),y) + CFLAGS += -DCONFIG_GUEST_INIT + GUEST_INIT := guest/init + GUEST_OBJS = guest/guest_init.o +else + $(warning No static libc found. Skipping guest init) + NOTFOUND += static-libc endif ifeq (y,$(ARCH_WANT_LIBFDT)) @@ -356,7 +359,6 @@ c_flags = -Wp,-MD,$(depfile) $(CFLAGS) # $(OTHEROBJS) are things that do not get substituted like this. # STATIC_OBJS = $(patsubst %.o,%.static.o,$(OBJS) $(OBJS_STATOPT)) -GUEST_OBJS = guest/guest_init.o $(PROGRAM)-static: $(STATIC_OBJS) $(OTHEROBJS) $(GUEST_INIT) $(E) " LINK " $@ diff --git a/builtin-run.c b/builtin-run.c index 1ee75ad3f010..e0c87329e52b 100644 --- a/builtin-run.c +++ b/builtin-run.c @@ -59,9 +59,6 @@ static int kvm_run_wrapper; bool do_debug_print = false; -extern char _binary_guest_init_start; -extern char _binary_guest_init_size; - static const char * const run_usage[] = { "lkvm run [] []", NULL @@ -345,30 +342,6 @@ void kvm_run_help(void) usage_with_options(run_usage, options); } -static int kvm_setup_guest_init(struct kvm *kvm) -{ - const char *rootfs = kvm->cfg.custom_rootfs_name; - char tmp[PATH_MAX]; - size_t size; - int fd, ret; - char *data; - - /* Setup /virt/init */ - size = (size_t)&_binary_guest_init_size; - data = (char *)&_binary_guest_init_start; - snprintf(tmp, PATH_MAX, "%s%s/virt/init", kvm__get_dir(), rootfs); - remove(tmp); - fd = open(tmp, O_CREAT | O_WRONLY, 0755); - if (fd < 0) - die("Fail to setup %s", tmp); - ret = xwrite(fd, data, size); - if (ret < 0) - die("Fail to setup %s", tmp); - close(fd); - - return 0; -} - static int kvm_run_set_sandbox(struct kvm *kvm) { const char *guestfs_name = kvm->cfg.custom_rootfs_name; @@ -631,7 +604,7 @@ static struct kvm *kvm_cmd_run_init(int argc, const char **argv) if (!kvm->cfg.no_dhcp) strcat(real_cmdline, " ip=dhcp"); - if (kvm_setup_guest_init(kvm)) + if (kvm_setup_guest_init(kvm->cfg.custom_rootfs_name)) die("Failed to setup init for guest."); } } else if (!strstr(real_cmdline, "root=")) { diff --git a/builtin-setup.c b/builtin-setup.c index 8b45c5645ad4..40fef15dbbe4 100644 --- a/builtin-setup.c +++ b/builtin-setup.c @@ -16,9 +16,6 @@ #include #include -extern char _binary_guest_init_start; -extern char _binary_guest_init_size; - static const char *instance_name; static const char * const setup_usage[] = { @@ -124,7 +121,11 @@ static const char *guestfs_symlinks[] = { "/etc/ld.so.conf", }; -static int copy_init(const char *guestfs_name) +#ifdef CONFIG_GUEST_INIT +extern char _binary_guest_init_start; +extern char _binary_guest_init_size; + +int kvm_setup_guest_init(const char *guestfs_name) { char path[PATH_MAX]; size_t size; @@ -144,7 +145,15 @@ static int copy_init(const char *guestfs_name) close(fd); return 0; + +} +#else +int kvm_setup_guest_init(const char *guestfs_name) +{ + die("Guest init image not compiled in"); + return 0; } +#endif static int copy_passwd(const char *guestfs_name) { @@ -222,7 +231,7 @@ static int do_setup(const char *guestfs_name) make_guestfs_symlink(guestfs_name, guestfs_symlinks[i]); } - ret = copy_init(guestfs_name); + ret = kvm_setup_guest_init(guestfs_name); if (ret < 0) return ret; diff --git a/include/kvm/builtin-setup.h b/include/kvm/builtin-setup.h index 4a8d7ee39425..239bbbdce09e 100644 --- a/include/kvm/builtin-setup.h +++ b/include/kvm/builtin-setup.h @@ -7,5 +7,6 @@ int kvm_cmd_setup(int argc, const char **argv, const char *prefix); void kvm_setup_help(void) NORETURN; int kvm_setup_create_new(const char *guestfs_name); void kvm_setup_resolv(const char *guestfs_name); +int kvm_setup_guest_init(const char *guestfs_name); #endif