From 08007d0b25a8175bf6f663fd12b25e4e4eea4d17 Mon Sep 17 00:00:00 2001
From: David Gibson <david@gibson.dropbear.id.au>
Date: Tue, 14 Jun 2022 15:12:21 +1000
Subject: Makefile: Avoid using wildcard sources

The passt/pasta Makefile makes fairly heavy use of GNU make's $(wildcard)
function to locate the sources and headers to build.  Using wildcards for
the things to compile is usually a bad idea though: if somehow you end up
with a .c or .h file in your tree you didn't expect it can misbuild in an
exceedingly confusing way.  In particular this can sometimes happen if
switching between releases / branches where files have been added or
removed without 100% cleaning the tree.

It also makes life a bit complicated if building multiple different
binaries in the same tree: we already have some rather awkward
$(filter-out) constructions to avoid including qrap.c in the passt build.

Replace use of $(wildcard) with the more idiomatic approach of defining
variables listing all the relevant source files then using that throughout.
In the rule for seccomp.h there was also a bare "*.c" which caused make to
always rebuild that target.  Fix that as well.

Similarly, seccomp.sh uses a wildcard to locate the sources, which is
unwise for the same reasons.  Make it take the sources to examine on the
command line instead, and have the Makefile pass them in from the same
variables.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 Makefile   | 37 ++++++++++++++++++++++---------------
 seccomp.sh |  5 +++--
 2 files changed, 25 insertions(+), 17 deletions(-)

diff --git a/Makefile b/Makefile
index b0de1ec..e8ed7a9 100644
--- a/Makefile
+++ b/Makefile
@@ -31,6 +31,17 @@ CFLAGS += -DPASST_AUDIT_ARCH=AUDIT_ARCH_$(AUDIT_ARCH)
 CFLAGS += -DRLIMIT_STACK_VAL=$(RLIMIT_STACK_VAL)
 CFLAGS += -DARCH=\"$(TARGET_ARCH)\"
 
+PASST_SRCS = arch.c arp.c checksum.c conf.c dhcp.c dhcpv6.c icmp.c igmp.c \
+	mld.c ndp.c netlink.c packet.c passt.c pasta.c pcap.c siphash.c \
+	tap.c tcp.c tcp_splice.c udp.c util.c
+QRAP_SRCS = qrap.c
+SRCS = $(PASST_SRCS) $(QRAP_SRCS)
+
+PASST_HEADERS = arch.h arp.h checksum.h conf.h dhcp.h dhcpv6.h icmp.h \
+	ndp.h netlink.h packet.h passt.h pasta.h pcap.h siphash.h \
+	tap.h tcp.h tcp_splice.h udp.h util.h
+HEADERS = $(PASST_HEADERS)
+
 # On gcc 11.2, with -O2 and -flto, tcp_hash() and siphash_20b(), if inlined,
 # seem to be hitting something similar to:
 #	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78993
@@ -82,18 +93,15 @@ endif
 static: CFLAGS += -static -DGLIBC_NO_STATIC_NSS
 static: clean all
 
-seccomp.h: *.c $(filter-out seccomp.h,$(wildcard *.h))
-	@ EXTRA_SYSCALLS=$(EXTRA_SYSCALLS) ./seccomp.sh
+seccomp.h: $(PASST_SRCS) $(PASST_HEADERS)
+	@ EXTRA_SYSCALLS=$(EXTRA_SYSCALLS) ./seccomp.sh $^
 
-passt: $(filter-out qrap.c,$(wildcard *.c)) \
-	$(filter-out qrap.h,$(wildcard *.h)) seccomp.h
-	$(CC) $(CFLAGS) $(filter-out qrap.c,$(wildcard *.c)) -o passt
+passt: $(PASST_SRCS) $(PASST_HEADERS) seccomp.h
+	$(CC) $(CFLAGS) $(PASST_SRCS) -o passt
 
 passt.avx2: CFLAGS += -Ofast -mavx2 -ftree-vectorize -funroll-loops
-passt.avx2: $(filter-out qrap.c,$(wildcard *.c)) \
-	$(filter-out qrap.h,$(wildcard *.h)) seccomp.h
-	$(CC) $(filter-out -O2,$(CFLAGS)) $(filter-out qrap.c,$(wildcard *.c)) \
-		-o passt.avx2
+passt.avx2: $(PASST_SRCS) $(PASST_HEADERS) seccomp.h
+	$(CC) $(filter-out -O2,$(CFLAGS)) $(PASST_SRCS) -o passt.avx2
 
 passt.avx2: passt
 
@@ -104,9 +112,8 @@ pasta: passt
 	ln -s passt pasta
 	ln -s passt.1 pasta.1
 
-qrap: qrap.c passt.h
-	$(CC) $(CFLAGS) \
-		qrap.c -o qrap
+qrap: $(QRAP_SRCS) passt.h
+	$(CC) $(CFLAGS) $(QRAP_SRCS) -o qrap
 
 valgrind: EXTRA_SYSCALLS="rt_sigprocmask rt_sigtimedwait rt_sigaction \
 			  getpid gettid kill clock_gettime mmap munmap open \
@@ -203,7 +210,7 @@ pkgs: static
 # - concurrency-mt-unsafe
 #	TODO: check again if multithreading is implemented
 
-clang-tidy: $(wildcard *.c) $(wildcard *.h)
+clang-tidy: $(SRCS) $(HEADERS)
 	clang-tidy -checks=*,-modernize-*,\
 	-clang-analyzer-valist.Uninitialized,\
 	-cppcoreguidelines-init-variables,\
@@ -227,7 +234,7 @@ clang-tidy: $(wildcard *.c) $(wildcard *.h)
 	-altera-struct-pack-align,\
 	-concurrency-mt-unsafe \
 	-config='{CheckOptions: [{key: bugprone-suspicious-string-compare.WarnOnImplicitComparison, value: "false"}]}' \
-	--warnings-as-errors=* $(wildcard *.c) -- $(filter-out -pie,$(CFLAGS))
+	--warnings-as-errors=* $(SRCS) -- $(filter-out -pie,$(CFLAGS))
 
 ifeq ($(shell $(CC) -v 2>&1 | grep -c "gcc version"),1)
 TARGET := $(shell ${CC} -v 2>&1 | sed -n 's/Target: \(.*\)/\1/p')
@@ -237,7 +244,7 @@ EXTRA_INCLUDES_OPT := -I$(EXTRA_INCLUDES)
 else
 EXTRA_INCLUDES_OPT :=
 endif
-cppcheck: $(wildcard *.c) $(wildcard *.h)
+cppcheck: $(SRCS) $(HEADERS)
 	cppcheck --std=c99 --error-exitcode=1 --enable=all --force	\
 	--inconclusive --library=posix					\
 	-I/usr/include $(EXTRA_INCLUDES_OPT)				\
diff --git a/seccomp.sh b/seccomp.sh
index 74eeb4b..17def4d 100755
--- a/seccomp.sh
+++ b/seccomp.sh
@@ -14,6 +14,7 @@
 # Author: Stefano Brivio <sbrivio@redhat.com>
 
 TMP="$(mktemp)"
+IN="$@"
 OUT="seccomp.h"
 
 HEADER="/* This file was automatically generated by $(basename ${0}) */
@@ -231,9 +232,9 @@ gen_profile() {
 }
 
 printf '%s\n' "${HEADER}" > "${OUT}"
-__profiles="$(sed -n 's/[\t ]*\*[\t ]*#syscalls:\([^ ]*\).*/\1/p' *.[ch] | sort -u)"
+__profiles="$(sed -n 's/[\t ]*\*[\t ]*#syscalls:\([^ ]*\).*/\1/p' ${IN} | sort -u)"
 for __p in ${__profiles}; do
-	__calls="$(sed -n 's/[\t ]*\*[\t ]*#syscalls\(:'"${__p}"'\|\)[\t ]\{1,\}\(.*\)/\2/p' *.[ch])"
+	__calls="$(sed -n 's/[\t ]*\*[\t ]*#syscalls\(:'"${__p}"'\|\)[\t ]\{1,\}\(.*\)/\2/p' ${IN})"
 	__calls="${__calls} ${EXTRA_SYSCALLS:-}"
 	__calls="$(filter ${__calls})"
 	echo "seccomp profile ${__p} allows: ${__calls}" | tr '\n' ' ' | fmt -t
-- 
cgit v1.2.3