[libvirt] [PATCH 0/8] Fix build with clang
I am not proud of the first patch. I wrote the temporary bump for -Wframe-larger-than thinking splitting it out would be too intrusive for the freeze, but it did not turn out so bad. Patch 7/8 does not fix anything. Ján Tomko (8): virFirewallAddRule: exchange first two parameters virTypedParamsValidate: do not use STREQ_NULLABLE build: disable -Wdouble-promotion build: ignore some clang-specific warnings Introudce VIR_WARNINGS_NO_UNUSED_VALUE Temporarily bump maximum stack size test/Makefile.am: drop WARN_CFLAGS from LDFLAGS Split out -Wframe-larger-than warning from WARN_CLFAGS daemon/Makefile.am | 3 + m4/virt-compile-warnings.m4 | 15 ++++- src/Makefile.am | 1 + src/internal.h | 5 ++ src/nwfilter/nwfilter_ebiptables_driver.c | 84 +++++++++++++-------------- src/util/viratomic.h | 7 +++ src/util/virebtables.c | 8 +-- src/util/virfirewall.c | 8 +-- src/util/virfirewall.h | 4 +- src/util/viriptables.c | 38 ++++++------- src/util/virtypedparam.c | 2 +- tests/Makefile.am | 3 +- tests/virfirewalltest.c | 94 +++++++++++++++---------------- 13 files changed, 150 insertions(+), 122 deletions(-) -- 2.7.3
clang 3.8 complains: util/virfirewall.c:425:30: error: passing an object that undergoes default argument promotion to 'va_start' has undefined behavior [-Werror,-Wvarargs] __builtin_va_start(args, layer); Exchange the parameters to have a pointer as the last argument. --- Alternatives: * make a macro wrapper around virFirewallAddRule which has a non-enum parameter after layer * just silence the warning * ??? src/nwfilter/nwfilter_ebiptables_driver.c | 84 +++++++++++++-------------- src/util/virebtables.c | 8 +-- src/util/virfirewall.c | 8 +-- src/util/virfirewall.h | 4 +- src/util/viriptables.c | 38 ++++++------- tests/virfirewalltest.c | 94 +++++++++++++++---------------- 6 files changed, 118 insertions(+), 118 deletions(-) diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c index 0ab7c08..c6d448c 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -454,13 +454,13 @@ iptablesCreateBaseChainsFW(virFirewallPtr fw, virFirewallAddRuleFull(fw, layer, true, NULL, NULL, "-D", "INPUT", "-j", HOST_IN_CHAIN, NULL); - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "-I", "FORWARD", "1", "-j", VIRT_IN_CHAIN, NULL); - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "-I", "FORWARD", "2", "-j", VIRT_OUT_CHAIN, NULL); - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "-I", "FORWARD", "3", "-j", VIRT_IN_POST_CHAIN, NULL); - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "-I", "INPUT", "1", "-j", HOST_IN_CHAIN, NULL); } @@ -480,7 +480,7 @@ iptablesCreateTmpRootChainFW(virFirewallPtr fw, PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname); - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "-N", chain, NULL); } @@ -588,13 +588,13 @@ iptablesLinkTmpRootChainFW(virFirewallPtr fw, PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname); if (incoming) - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "-A", basechain, MATCH_PHYSDEV_IN_FW, ifname, "-g", chain, NULL); else - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "-A", basechain, MATCH_PHYSDEV_OUT_FW, ifname, @@ -623,7 +623,7 @@ iptablesSetupVirtInPostFW(virFirewallPtr fw ATTRIBUTE_UNUSED, "-D", VIRT_IN_POST_CHAIN, MATCH_PHYSDEV_IN_FW, ifname, "-j", "ACCEPT", NULL); - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "-A", VIRT_IN_POST_CHAIN, MATCH_PHYSDEV_IN_FW, ifname, "-j", "ACCEPT", NULL); @@ -762,7 +762,7 @@ iptablesRenameTmpRootChainFW(virFirewallPtr fw, PRINT_IPT_ROOT_CHAIN(tmpchain, tmpChainPrefix, ifname); PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname); - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "-E", tmpchain, chain, NULL); } @@ -1186,7 +1186,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw, switch (rule->prtclType) { case VIR_NWFILTER_RULE_PROTOCOL_TCP: case VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6: - fwrule = virFirewallAddRule(fw, layer, + fwrule = virFirewallAddRule(layer, fw, "-A", chain, "-p", "tcp", NULL); @@ -1245,7 +1245,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw, case VIR_NWFILTER_RULE_PROTOCOL_UDP: case VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6: - fwrule = virFirewallAddRule(fw, layer, + fwrule = virFirewallAddRule(layer, fw, "-A", chain, "-p", "udp", NULL); @@ -1275,7 +1275,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw, case VIR_NWFILTER_RULE_PROTOCOL_UDPLITE: case VIR_NWFILTER_RULE_PROTOCOL_UDPLITEoIPV6: - fwrule = virFirewallAddRule(fw, layer, + fwrule = virFirewallAddRule(layer, fw, "-A", chain, "-p", "udplite", NULL); @@ -1300,7 +1300,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw, case VIR_NWFILTER_RULE_PROTOCOL_ESP: case VIR_NWFILTER_RULE_PROTOCOL_ESPoIPV6: - fwrule = virFirewallAddRule(fw, layer, + fwrule = virFirewallAddRule(layer, fw, "-A", chain, "-p", "esp", NULL); @@ -1325,7 +1325,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw, case VIR_NWFILTER_RULE_PROTOCOL_AH: case VIR_NWFILTER_RULE_PROTOCOL_AHoIPV6: - fwrule = virFirewallAddRule(fw, layer, + fwrule = virFirewallAddRule(layer, fw, "-A", chain, "-p", "ah", NULL); @@ -1350,7 +1350,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw, case VIR_NWFILTER_RULE_PROTOCOL_SCTP: case VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6: - fwrule = virFirewallAddRule(fw, layer, + fwrule = virFirewallAddRule(layer, fw, "-A", chain, "-p", "sctp", NULL); @@ -1380,7 +1380,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw, case VIR_NWFILTER_RULE_PROTOCOL_ICMP: case VIR_NWFILTER_RULE_PROTOCOL_ICMPV6: - fwrule = virFirewallAddRule(fw, layer, + fwrule = virFirewallAddRule(layer, fw, "-A", chain, NULL); @@ -1447,7 +1447,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw, break; case VIR_NWFILTER_RULE_PROTOCOL_IGMP: - fwrule = virFirewallAddRule(fw, layer, + fwrule = virFirewallAddRule(layer, fw, "-A", chain, "-p", "igmp", NULL); @@ -1472,7 +1472,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw, case VIR_NWFILTER_RULE_PROTOCOL_ALL: case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6: - fwrule = virFirewallAddRule(fw, layer, + fwrule = virFirewallAddRule(layer, fw, "-A", chain, "-p", "all", NULL); @@ -1875,7 +1875,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, switch (rule->prtclType) { case VIR_NWFILTER_RULE_PROTOCOL_MAC: - fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain, NULL); @@ -1898,7 +1898,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, break; case VIR_NWFILTER_RULE_PROTOCOL_VLAN: - fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain, NULL); if (ebtablesHandleEthHdr(fw, fwrule, @@ -1927,7 +1927,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, return -1; } - fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain, NULL); if (ebtablesHandleEthHdr(fw, fwrule, @@ -1963,7 +1963,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, case VIR_NWFILTER_RULE_PROTOCOL_ARP: case VIR_NWFILTER_RULE_PROTOCOL_RARP: - fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain, NULL); if (ebtablesHandleEthHdr(fw, fwrule, @@ -2090,7 +2090,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, break; case VIR_NWFILTER_RULE_PROTOCOL_IP: - fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain, NULL); if (ebtablesHandleEthHdr(fw, fwrule, @@ -2223,7 +2223,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, break; case VIR_NWFILTER_RULE_PROTOCOL_IPV6: - fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain, NULL); if (ebtablesHandleEthHdr(fw, fwrule, @@ -2423,7 +2423,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, break; case VIR_NWFILTER_RULE_PROTOCOL_NONE: - fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain, NULL); break; @@ -2543,7 +2543,7 @@ ebtablesCreateTmpRootChainFW(virFirewallPtr fw, PRINT_ROOT_CHAIN(chain, chainPrefix, ifname); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-N", chain, NULL); } @@ -2558,7 +2558,7 @@ ebtablesLinkTmpRootChainFW(virFirewallPtr fw, PRINT_ROOT_CHAIN(chain, chainPrefix, ifname); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", incoming ? EBTABLES_CHAIN_INCOMING : EBTABLES_CHAIN_OUTGOING, incoming ? "-i" : "-o", @@ -2671,10 +2671,10 @@ ebtablesCreateTmpSubChainFW(virFirewallPtr fw, virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_ETHERNET, true, NULL, NULL, "-t", "nat", "-X", chain, NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-N", chain, NULL); - fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", rootchain, NULL); switch (protoidx) { @@ -2785,7 +2785,7 @@ ebtablesRenameTmpSubChainFW(virFirewallPtr fw, PRINT_ROOT_CHAIN(chain, chainPrefix, ifname); } - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-E", tmpchain, chain, NULL); } @@ -2834,7 +2834,7 @@ ebtablesRenameTmpSubAndRootChainsQuery(virFirewallPtr fw, virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_ETHERNET, true, NULL, NULL, "-t", "nat", "-X", newchain, NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-E", tmp, newchain, NULL); } @@ -2911,19 +2911,19 @@ ebtablesApplyBasicRules(const char *ifname, ebtablesCreateTmpRootChainFW(fw, true, ifname); PRINT_ROOT_CHAIN(chain, chainPrefix, ifname); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain, "-s", "!", macaddr_str, "-j", "DROP", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain, "-p", "IPv4", "-j", "ACCEPT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain, "-p", "ARP", "-j", "ACCEPT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain, "-j", "DROP", NULL); @@ -2987,14 +2987,14 @@ ebtablesApplyDHCPOnlyRules(const char *ifname, PRINT_ROOT_CHAIN(chain_in, CHAINPREFIX_HOST_IN_TEMP, ifname); PRINT_ROOT_CHAIN(chain_out, CHAINPREFIX_HOST_OUT_TEMP, ifname); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain_in, "-s", macaddr_str, "-p", "ipv4", "--ip-protocol", "udp", "--ip-sport", "68", "--ip-dport", "67", "-j", "ACCEPT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain_in, "-j", "DROP", NULL); @@ -3015,7 +3015,7 @@ ebtablesApplyDHCPOnlyRules(const char *ifname, */ for (ctr = 0; ctr < 2; ctr++) { if (dhcpserver) - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain_out, "-d", (ctr == 0) ? macaddr_str : "ff:ff:ff:ff:ff:ff", "-p", "ipv4", "--ip-protocol", "udp", @@ -3023,7 +3023,7 @@ ebtablesApplyDHCPOnlyRules(const char *ifname, "--ip-sport", "67", "--ip-dport", "68", "-j", "ACCEPT", NULL); else - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain_out, "-d", (ctr == 0) ? macaddr_str : "ff:ff:ff:ff:ff:ff", "-p", "ipv4", "--ip-protocol", "udp", @@ -3037,7 +3037,7 @@ ebtablesApplyDHCPOnlyRules(const char *ifname, break; } - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain_out, "-j", "DROP", NULL); @@ -3091,11 +3091,11 @@ ebtablesApplyDropAllRules(const char *ifname) PRINT_ROOT_CHAIN(chain_in, CHAINPREFIX_HOST_IN_TEMP, ifname); PRINT_ROOT_CHAIN(chain_out, CHAINPREFIX_HOST_OUT_TEMP, ifname); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain_in, "-j", "DROP", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-t", "nat", "-A", chain_out, "-j", "DROP", NULL); diff --git a/src/util/virebtables.c b/src/util/virebtables.c index 2ffff08..e608ebb 100644 --- a/src/util/virebtables.c +++ b/src/util/virebtables.c @@ -94,15 +94,15 @@ ebtablesAddForwardPolicyReject(ebtablesContext *ctx) fw = virFirewallNew(); virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "--new-chain", ctx->chain, NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "--insert", "FORWARD", "--jump", ctx->chain, NULL); virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, "-P", ctx->chain, "DROP", NULL); @@ -130,7 +130,7 @@ ebtablesForwardAllowIn(ebtablesContext *ctx, fw = virFirewallNew(); virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, + virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw, action == ADD ? "--insert" : "--delete", ctx->chain, "--in-interface", iface, diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c index f26fd86..025df5b 100644 --- a/src/util/virfirewall.c +++ b/src/util/virfirewall.c @@ -407,8 +407,8 @@ virFirewallAddRuleFullV(virFirewallPtr firewall, /** * virFirewallAddRule: - * @firewall: firewall ruleset to add to * @layer: the firewall layer to change + * @firewall: firewall ruleset to add to * @...: NULL terminated list of strings for the rule * * Add any type of rule to the firewall ruleset. @@ -416,13 +416,13 @@ virFirewallAddRuleFullV(virFirewallPtr firewall, * Returns the new rule */ virFirewallRulePtr -virFirewallAddRule(virFirewallPtr firewall, - virFirewallLayer layer, +virFirewallAddRule(virFirewallLayer layer, + virFirewallPtr firewall, ...) { virFirewallRulePtr rule; va_list args; - va_start(args, layer); + va_start(args, firewall); rule = virFirewallAddRuleFullV(firewall, layer, false, NULL, NULL, args); va_end(args); return rule; diff --git a/src/util/virfirewall.h b/src/util/virfirewall.h index dbf3975..371956c 100644 --- a/src/util/virfirewall.h +++ b/src/util/virfirewall.h @@ -44,8 +44,8 @@ virFirewallPtr virFirewallNew(void); void virFirewallFree(virFirewallPtr firewall); -virFirewallRulePtr virFirewallAddRule(virFirewallPtr firewall, - virFirewallLayer layer, +virFirewallRulePtr virFirewallAddRule(virFirewallLayer layer, + virFirewallPtr firewall, ...) ATTRIBUTE_SENTINEL; diff --git a/src/util/viriptables.c b/src/util/viriptables.c index e921954..91b2a40 100644 --- a/src/util/viriptables.c +++ b/src/util/viriptables.c @@ -69,7 +69,7 @@ iptablesInput(virFirewallPtr fw, snprintf(portstr, sizeof(portstr), "%d", port); portstr[sizeof(portstr) - 1] = '\0'; - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "--table", "filter", action == ADD ? "--insert" : "--delete", "INPUT", "--in-interface", iface, @@ -92,7 +92,7 @@ iptablesOutput(virFirewallPtr fw, snprintf(portstr, sizeof(portstr), "%d", port); portstr[sizeof(portstr) - 1] = '\0'; - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "--table", "filter", action == ADD ? "--insert" : "--delete", "OUTPUT", "--out-interface", iface, @@ -262,7 +262,7 @@ iptablesForwardAllowOut(virFirewallPtr fw, return -1; if (physdev && physdev[0]) - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "--table", "filter", action == ADD ? "--insert" : "--delete", "FORWARD", "--source", networkstr, @@ -271,7 +271,7 @@ iptablesForwardAllowOut(virFirewallPtr fw, "--jump", "ACCEPT", NULL); else - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "--table", "filter", action == ADD ? "--insert" : "--delete", "FORWARD", "--source", networkstr, @@ -349,7 +349,7 @@ iptablesForwardAllowRelatedIn(virFirewallPtr fw, return -1; if (physdev && physdev[0]) - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "--table", "filter", action == ADD ? "--insert" : "--delete", "FORWARD", "--destination", networkstr, @@ -360,7 +360,7 @@ iptablesForwardAllowRelatedIn(virFirewallPtr fw, "--jump", "ACCEPT", NULL); else - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "--table", "filter", action == ADD ? "--insert" : "--delete", "FORWARD", "--destination", networkstr, @@ -438,7 +438,7 @@ iptablesForwardAllowIn(virFirewallPtr fw, return -1; if (physdev && physdev[0]) - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "--table", "filter", action == ADD ? "--insert" : "--delete", "FORWARD", "--destination", networkstr, @@ -447,7 +447,7 @@ iptablesForwardAllowIn(virFirewallPtr fw, "--jump", "ACCEPT", NULL); else - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "--table", "filter", action == ADD ? "--insert" : "--delete", "FORWARD", "--destination", networkstr, @@ -520,7 +520,7 @@ iptablesAddForwardAllowCross(virFirewallPtr fw, virFirewallLayer layer, const char *iface) { - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "--table", "filter", "--insert", "FORWARD", "--in-interface", iface, @@ -545,7 +545,7 @@ iptablesRemoveForwardAllowCross(virFirewallPtr fw, virFirewallLayer layer, const char *iface) { - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "--table", "filter", "--delete", "FORWARD", "--in-interface", iface, @@ -569,7 +569,7 @@ iptablesAddForwardRejectOut(virFirewallPtr fw, virFirewallLayer layer, const char *iface) { - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "--table", "filter", "--insert", "FORWARD", "--in-interface", iface, @@ -592,7 +592,7 @@ iptablesRemoveForwardRejectOut(virFirewallPtr fw, virFirewallLayer layer, const char *iface) { - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "--table", "filter", "--delete", "FORWARD", "--in-interface", iface, @@ -616,7 +616,7 @@ iptablesAddForwardRejectIn(virFirewallPtr fw, virFirewallLayer layer, const char *iface) { - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "--table", "filter", "--insert", "FORWARD", "--out-interface", iface, @@ -639,7 +639,7 @@ iptablesRemoveForwardRejectIn(virFirewallPtr fw, virFirewallLayer layer, const char *iface) { - virFirewallAddRule(fw, layer, + virFirewallAddRule(layer, fw, "--table", "filter", "--delete", "FORWARD", "--out-interface", iface, @@ -690,7 +690,7 @@ iptablesForwardMasquerade(virFirewallPtr fw, } if (protocol && protocol[0]) { - rule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + rule = virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "--table", "nat", action == ADD ? "--insert" : "--delete", "POSTROUTING", "--source", networkstr, @@ -698,7 +698,7 @@ iptablesForwardMasquerade(virFirewallPtr fw, "!", "--destination", networkstr, NULL); } else { - rule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + rule = virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "--table", "nat", action == ADD ? "--insert" : "--delete", "POSTROUTING", "--source", networkstr, @@ -842,7 +842,7 @@ iptablesForwardDontMasquerade(virFirewallPtr fw, } if (physdev && physdev[0]) - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "--table", "nat", action == ADD ? "--insert" : "--delete", "POSTROUTING", "--out-interface", physdev, @@ -851,7 +851,7 @@ iptablesForwardDontMasquerade(virFirewallPtr fw, "--jump", "RETURN", NULL); else - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "--table", "nat", action == ADD ? "--insert" : "--delete", "POSTROUTING", "--source", networkstr, @@ -927,7 +927,7 @@ iptablesOutputFixUdpChecksum(virFirewallPtr fw, snprintf(portstr, sizeof(portstr), "%d", port); portstr[sizeof(portstr) - 1] = '\0'; - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "--table", "mangle", action == ADD ? "--insert" : "--delete", "POSTROUTING", "--out-interface", iface, diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c index 6f4fed5..49bfaa5 100644 --- a/tests/virfirewalltest.c +++ b/tests/virfirewalltest.c @@ -221,12 +221,12 @@ testFirewallSingleGroup(const void *opaque) virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.1", "--jump", "ACCEPT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "!192.168.122.1", "--jump", "REJECT", NULL); @@ -281,17 +281,17 @@ testFirewallRemoveRule(const void *opaque) virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.1", "--jump", "ACCEPT", NULL); - fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", NULL); virFirewallRuleAddArg(fw, fwrule, "--source-host"); virFirewallRemoveRule(fw, fwrule); - fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", NULL); virFirewallRuleAddArg(fw, fwrule, "--source-host"); virFirewallRuleAddArgFormat(fw, fwrule, "%s", "!192.168.122.1"); @@ -348,24 +348,24 @@ testFirewallManyGroups(const void *opaque ATTRIBUTE_UNUSED) virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.1", "--jump", "ACCEPT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "!192.168.122.1", "--jump", "REJECT", NULL); virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "OUTPUT", "--source-host", "192.168.122.1", "--jump", "ACCEPT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "OUTPUT", "--jump", "DROP", NULL); @@ -444,24 +444,24 @@ testFirewallIgnoreFailGroup(const void *opaque ATTRIBUTE_UNUSED) virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.1", "--jump", "ACCEPT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.255", "--jump", "REJECT", NULL); virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "OUTPUT", "--source-host", "192.168.122.1", "--jump", "ACCEPT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "OUTPUT", "--jump", "DROP", NULL); @@ -519,7 +519,7 @@ testFirewallIgnoreFailRule(const void *opaque ATTRIBUTE_UNUSED) virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.1", "--jump", "ACCEPT", NULL); @@ -530,12 +530,12 @@ testFirewallIgnoreFailRule(const void *opaque ATTRIBUTE_UNUSED) "--source-host", "192.168.122.255", "--jump", "REJECT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "OUTPUT", "--source-host", "192.168.122.1", "--jump", "ACCEPT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "OUTPUT", "--jump", "DROP", NULL); @@ -591,17 +591,17 @@ testFirewallNoRollback(const void *opaque ATTRIBUTE_UNUSED) virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.1", "--jump", "ACCEPT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.255", "--jump", "REJECT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "!192.168.122.1", "--jump", "REJECT", NULL); @@ -664,34 +664,34 @@ testFirewallSingleRollback(const void *opaque ATTRIBUTE_UNUSED) virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.1", "--jump", "ACCEPT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.255", "--jump", "REJECT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "!192.168.122.1", "--jump", "REJECT", NULL); virFirewallStartRollback(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-D", "INPUT", "--source-host", "192.168.122.1", "--jump", "ACCEPT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-D", "INPUT", "--source-host", "192.168.122.255", "--jump", "REJECT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-D", "INPUT", "--source-host", "!192.168.122.1", "--jump", "REJECT", NULL); @@ -753,38 +753,38 @@ testFirewallManyRollback(const void *opaque ATTRIBUTE_UNUSED) virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallStartRollback(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-D", "INPUT", "--source-host", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.255", "--jump", "REJECT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "!192.168.122.1", "--jump", "REJECT", NULL); virFirewallStartRollback(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-D", "INPUT", "--source-host", "192.168.122.255", "--jump", "REJECT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-D", "INPUT", "--source-host", "!192.168.122.1", "--jump", "REJECT", NULL); @@ -850,14 +850,14 @@ testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED) virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallStartRollback(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-D", "INPUT", "--source-host", "192.168.122.1", "--jump", "ACCEPT", NULL); @@ -865,24 +865,24 @@ testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED) virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.127", "--jump", "REJECT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "!192.168.122.1", "--jump", "REJECT", NULL); virFirewallStartRollback(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-D", "INPUT", "--source-host", "192.168.122.127", "--jump", "REJECT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-D", "INPUT", "--source-host", "!192.168.122.1", "--jump", "REJECT", NULL); @@ -890,24 +890,24 @@ testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED) virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.255", "--jump", "REJECT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "!192.168.122.1", "--jump", "REJECT", NULL); virFirewallStartRollback(fw, VIR_FIREWALL_ROLLBACK_INHERIT_PREVIOUS); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-D", "INPUT", "--source-host", "192.168.122.255", "--jump", "REJECT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-D", "INPUT", "--source-host", "!192.168.122.1", "--jump", "REJECT", NULL); @@ -996,7 +996,7 @@ testFirewallQueryCallback(virFirewallPtr fw, void *opaque ATTRIBUTE_UNUSED) { size_t i; - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "!192.168.122.129", "--jump", "REJECT", NULL); @@ -1054,14 +1054,14 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED) virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.127", "--jump", "REJECT", NULL); @@ -1077,7 +1077,7 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED) NULL, "-t", "nat", "-L", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.130", "--jump", "REJECT", NULL); @@ -1085,12 +1085,12 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED) virFirewallStartTransaction(fw, 0); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "192.168.122.128", "--jump", "REJECT", NULL); - virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw, "-A", "INPUT", "--source-host", "!192.168.122.1", "--jump", "REJECT", NULL); -- 2.7.3
The field cannot be non-NULL. Only check last_name for NULL to make clang happy: util/virtypedparam.c:109:104: error: address of array 'sorted[i].field' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] if (((last_name) ? (sorted[i].field) && (strcmp((last_name) ? (last_name) : "", (sorted[i].field) ? (sorted[i].field) : "") == 0) : !(sorted[i].field)) && --- src/util/virtypedparam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/virtypedparam.c b/src/util/virtypedparam.c index 23109e1..6013688 100644 --- a/src/util/virtypedparam.c +++ b/src/util/virtypedparam.c @@ -106,7 +106,7 @@ virTypedParamsValidate(virTypedParameterPtr params, int nparams, ...) if (STRNEQ(sorted[i].field, keys[j].field)) { j++; } else { - if (STREQ_NULLABLE(last_name, sorted[i].field) && + if (last_name && STREQ(last_name, sorted[i].field) && !(keys[j].value.i & VIR_TYPED_PARAM_MULTIPLE)) { virReportError(VIR_ERR_INVALID_ARG, _("parameter '%s' occurs multiple times"), -- 2.7.3
This causes problem with clang 3.8 and the isnan macro: util/virxml.c:153:166: error: implicit conversion increases floating-point precision: 'double' to 'long double' [-Werror,-Wdouble-promotion] ((sizeof (obj->floatval) == sizeof (float) ? __isnanf (obj->floatval) : sizeof (obj->floatval) == sizeof (double) ? __isnan (obj->floatval) : __isnanl (obj->floatval)))) { Disable it since we don't really care about performance on single-precision FPUs. --- m4/virt-compile-warnings.m4 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4 index eb689e2..b622e22 100644 --- a/m4/virt-compile-warnings.m4 +++ b/m4/virt-compile-warnings.m4 @@ -61,6 +61,8 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[ dontwarn="$dontwarn -Wenum-compare" # gcc 5.1 -Wformat-signedness mishandles enums, not ready for prime time dontwarn="$dontwarn -Wformat-signedness" + # clang 3.8 has problem understanding the isnan macro + dontwarn="$dontwarn -Wdouble-promotion" # gcc 4.2 treats attribute(format) as an implicit attribute(nonnull), # which triggers spurious warnings for our usage -- 2.7.3
These cause build errors with clang 3.8. Disable: -Wunevaluated-expression, * problems with VIR_TYPEMATCH -Wparentheses-equality, * we don't want to delete parentheses from macros -Waddress-of-packed-member * virNWFilterSnoopDHCP violates -Wtautological-pointer-compare * macros in cputest violate --- m4/virt-compile-warnings.m4 | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4 index b622e22..661d60b 100644 --- a/m4/virt-compile-warnings.m4 +++ b/m4/virt-compile-warnings.m4 @@ -215,6 +215,15 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[ wantwarn="$wantwarn -Werror" fi + # clang 3.8 chokes on VIR_TYPEMATCH + wantwarn="$wantwarn -Wno-unevaluated-expression" + # we want extra parentheses around equality comparisons in macros + wantwarn="$wantwarn -Wno-parentheses-equality" + # virNWFilterSnoopDHCP + wantwarn="$wantwarn -Wno-address-of-packed-member" + # macros in cputest + wantwarn="$wantwarn -Wno-tautological-pointer-compare" + # Check for $CC support of each warning for w in $wantwarn; do gl_WARN_ADD([$w]) -- 2.7.3
Use it around virAtomicIntDecAndTest and virAtomicIntAdd which give a warning when building with clang 3.8. --- src/internal.h | 5 +++++ src/util/viratomic.h | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/src/internal.h b/src/internal.h index 0dc34c7..e4c20de 100644 --- a/src/internal.h +++ b/src/internal.h @@ -236,6 +236,10 @@ _Pragma ("GCC diagnostic push") \ _Pragma ("GCC diagnostic ignored \"-Wcast-align\"") +# define VIR_WARNINGS_NO_UNUSED_VALUE \ + _Pragma ("GCC diagnostic push") \ + _Pragma ("GCC diagnostic ignored \"-Wunused-value\"") + # if HAVE_SUGGEST_ATTRIBUTE_FORMAT # define VIR_WARNINGS_NO_PRINTF \ _Pragma ("GCC diagnostic push") \ @@ -259,6 +263,7 @@ # define VIR_WARNINGS_RESET \ _Pragma ("GCC diagnostic pop") # else +# define VIR_WARNINGS_NO_UNUSED_VALUE # define VIR_WARNINGS_NO_CAST_ALIGN # define VIR_WARNINGS_NO_PRINTF # define VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR diff --git a/src/util/viratomic.h b/src/util/viratomic.h index 4d7f7e5..a6f56ff 100644 --- a/src/util/viratomic.h +++ b/src/util/viratomic.h @@ -176,12 +176,17 @@ VIR_STATIC unsigned int virAtomicIntXor(volatile unsigned int *atomic, (void)(0 ? *(atomic) ^ *(atomic) : 0); \ __sync_add_and_fetch((atomic), 1); \ })) + +/* clang 3.8 complains about unused value here */ # define virAtomicIntDecAndTest(atomic) \ (__extension__ ({ \ (void)verify_true(sizeof(*(atomic)) == sizeof(int)); \ (void)(0 ? *(atomic) ^ *(atomic) : 0); \ + VIR_WARNINGS_NO_UNUSED_VALUE \ __sync_fetch_and_sub((atomic), 1) == 1; \ + VIR_WARNINGS_RESET \ })) + # define virAtomicIntCompareExchange(atomic, oldval, newval) \ (__extension__ ({ \ (void)verify_true(sizeof(*(atomic)) == sizeof(int)); \ @@ -193,7 +198,9 @@ VIR_STATIC unsigned int virAtomicIntXor(volatile unsigned int *atomic, (__extension__ ({ \ (void)verify_true(sizeof(*(atomic)) == sizeof(int)); \ (void)(0 ? *(atomic) ^ (val) : 0); \ + VIR_WARNINGS_NO_UNUSED_VALUE \ (int) __sync_fetch_and_add((atomic), (val)); \ + VIR_WARNINGS_RESET \ })) # define virAtomicIntAnd(atomic, val) \ (__extension__ ({ \ -- 2.7.3
It seems clang computes this differently because over 23000 is needed to build cputest. --- m4/virt-compile-warnings.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4 index 661d60b..b72dfb3 100644 --- a/m4/virt-compile-warnings.m4 +++ b/m4/virt-compile-warnings.m4 @@ -171,7 +171,7 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[ # This should be < 256 really. Currently we're down to 4096, # but using 1024 bytes sized buffers (mostly for virStrerror) # stops us from going down further - wantwarn="$wantwarn -Wframe-larger-than=4096" + wantwarn="$wantwarn -Wframe-larger-than=25600" dnl wantwarn="$wantwarn -Wframe-larger-than=256" # Extra special flags -- 2.7.3
Introduced by commit 0832c58, with the intention to link with the stack protector library. Not needed because per commit 71b54636, automake should pass all the CFLAGS to the linker. --- tests/Makefile.am | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index 444e0fd..b3ee6e6 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -74,7 +74,6 @@ GNULIB_LIBS = \ ../gnulib/lib/libgnu.la LDADDS = \ - $(WARN_CFLAGS) \ $(NO_INDIRECT_LDFLAGS) \ $(PROBES_O) \ $(GNULIB_LIBS) \ -- 2.7.3
Introduce STRICT_FRAME_LIMIT_CFLAGS that will be used for the library code and RELAXED_FRAME_LIMIT_CFLAGS for daemon code and the test code. --- daemon/Makefile.am | 3 +++ m4/virt-compile-warnings.m4 | 4 ++-- src/Makefile.am | 1 + tests/Makefile.am | 2 ++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 927d16f..7d45320 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -123,6 +123,7 @@ libvirtd_conf_la_CFLAGS = \ $(LIBXML_CFLAGS) \ $(XDR_CFLAGS) \ $(WARN_CFLAGS) $(PIE_CFLAGS) \ + $(RELAXED_FRAME_LIMIT_CFLAGS) \ $(COVERAGE_CFLAGS) \ $(NULL) libvirtd_conf_la_LDFLAGS = \ @@ -142,6 +143,7 @@ libvirtd_admin_la_CFLAGS = \ $(XDR_CFLAGS) \ $(PIE_CFLAGS) \ $(WARN_CFLAGS) \ + $(RELAXED_FRAME_LIMIT_CFLAGS) \ $(LIBXML_CFLAGS) \ $(COVERAGE_CFLAGS) \ $(NULL) @@ -176,6 +178,7 @@ libvirtd_CFLAGS = \ $(LIBXML_CFLAGS) $(GNUTLS_CFLAGS) $(SASL_CFLAGS) \ $(XDR_CFLAGS) $(DBUS_CFLAGS) $(LIBNL_CFLAGS) \ $(WARN_CFLAGS) $(PIE_CFLAGS) \ + $(RELAXED_FRAME_LIMIT_CFLAGS) \ $(COVERAGE_CFLAGS) \ -DQEMUD_PID_FILE="\"$(QEMUD_PID_FILE)\"" diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4 index b72dfb3..3e64e1d 100644 --- a/m4/virt-compile-warnings.m4 +++ b/m4/virt-compile-warnings.m4 @@ -171,8 +171,8 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[ # This should be < 256 really. Currently we're down to 4096, # but using 1024 bytes sized buffers (mostly for virStrerror) # stops us from going down further - wantwarn="$wantwarn -Wframe-larger-than=25600" - dnl wantwarn="$wantwarn -Wframe-larger-than=256" + gl_WARN_ADD(["-Wframe-larger-than=4096"], [STRICT_FRAME_LIMIT_CFLAGS]) + gl_WARN_ADD(["-Wframe-larger-than=25600"], [RELAXED_FRAME_LIMIT_CFLAGS]) # Extra special flags dnl -fstack-protector stuff passes gl_WARN_ADD with gcc diff --git a/src/Makefile.am b/src/Makefile.am index 275bfc7..cb75553 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -39,6 +39,7 @@ INCLUDES = -I../gnulib/lib \ AM_CFLAGS = $(LIBXML_CFLAGS) \ $(WARN_CFLAGS) \ + $(STRICT_FRAME_LIMIT_CFLAGS) \ $(LOCK_CHECKING_CFLAGS) \ $(WIN32_EXTRA_CFLAGS) \ $(COVERAGE_CFLAGS) diff --git a/tests/Makefile.am b/tests/Makefile.am index b3ee6e6..ba08ca5 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -46,6 +46,7 @@ AM_CFLAGS = \ $(APPARMOR_CFLAGS) \ $(YAJL_CFLAGS) \ $(COVERAGE_CFLAGS) \ + $(RELAXED_FRAME_LIMIT_CFLAGS) \ $(WARN_CFLAGS) AM_LDFLAGS = \ @@ -889,6 +890,7 @@ commandhelper_SOURCES = \ commandhelper.c commandhelper_LDADD = \ $(WARN_CFLAGS) \ + $(RELAXED_FRAME_LIMIT_CFLAGS) \ $(NO_INDIRECT_LDFLAGS) \ $(PROBES_O) \ ../src/libvirt_util.la \ -- 2.7.3
On Wed, 2016-06-29 at 15:53 +0200, Ján Tomko wrote:
I am not proud of the first patch. I wrote the temporary bump for -Wframe-larger-than thinking splitting it out would be too intrusive for the freeze, but it did not turn out so bad. Patch 7/8 does not fix anything. Ján Tomko (8): virFirewallAddRule: exchange first two parameters virTypedParamsValidate: do not use STREQ_NULLABLE build: disable -Wdouble-promotion build: ignore some clang-specific warnings Introudce VIR_WARNINGS_NO_UNUSED_VALUE Temporarily bump maximum stack size test/Makefile.am: drop WARN_CFLAGS from LDFLAGS Split out -Wframe-larger-than warning from WARN_CLFAGS daemon/Makefile.am | 3 + m4/virt-compile-warnings.m4 | 15 ++++- src/Makefile.am | 1 + src/internal.h | 5 ++ src/nwfilter/nwfilter_ebiptables_driver.c | 84 +++++++++++++-------------- src/util/viratomic.h | 7 +++ src/util/virebtables.c | 8 +-- src/util/virfirewall.c | 8 +-- src/util/virfirewall.h | 4 +- src/util/viriptables.c | 38 ++++++------- src/util/virtypedparam.c | 2 +- tests/Makefile.am | 3 +- tests/virfirewalltest.c | 94 +++++++++++++++---------------- 13 files changed, 150 insertions(+), 122 deletions(-)
I have clang 3.8.0 on Fedora rawhide clang 3.8.1 on Debian sid and libvirt already builds fine in both cases. The only failures I have are with virnetdevtest and qemuxml2argvtest, and both are when *running* the test cases, not when building them. Applying your series doesn't change that. I wonder what's different with your setup... -- Andrea Bolognani / Red Hat / Virtualization
On Wed, Jun 29, 2016 at 07:37:03PM +0200, Andrea Bolognani wrote:
On Wed, 2016-06-29 at 15:53 +0200, Ján Tomko wrote:
I am not proud of the first patch. I wrote the temporary bump for -Wframe-larger-than thinking splitting it out would be too intrusive for the freeze, but it did not turn out so bad. Patch 7/8 does not fix anything. Ján Tomko (8): virFirewallAddRule: exchange first two parameters virTypedParamsValidate: do not use STREQ_NULLABLE build: disable -Wdouble-promotion build: ignore some clang-specific warnings Introudce VIR_WARNINGS_NO_UNUSED_VALUE Temporarily bump maximum stack size test/Makefile.am: drop WARN_CFLAGS from LDFLAGS Split out -Wframe-larger-than warning from WARN_CLFAGS daemon/Makefile.am | 3 + m4/virt-compile-warnings.m4 | 15 ++++- src/Makefile.am | 1 + src/internal.h | 5 ++ src/nwfilter/nwfilter_ebiptables_driver.c | 84 +++++++++++++-------------- src/util/viratomic.h | 7 +++ src/util/virebtables.c | 8 +-- src/util/virfirewall.c | 8 +-- src/util/virfirewall.h | 4 +- src/util/viriptables.c | 38 ++++++------- src/util/virtypedparam.c | 2 +- tests/Makefile.am | 3 +- tests/virfirewalltest.c | 94 +++++++++++++++---------------- 13 files changed, 150 insertions(+), 122 deletions(-)
I have
clang 3.8.0 on Fedora rawhide clang 3.8.1 on Debian sid
and libvirt already builds fine in both cases.
The warnings were on a Gentoo system wtih sys-devel/clang-3.8.0-r100. After rebuilding without the 'python' USE flag, it behaves the same as 3.8.0 in F24 for me (and I wish I knew why): USE="static-analyzer -debug -multitarget -python" At least the VIR_TYPEMATCH error seems to be present on Erik's F23 with clang 3.7.1.
The only failures I have are with virnetdevtest and qemuxml2argvtest, and both are when *running* the test cases, not when building them. Applying your series doesn't change that.
Yes, with "-g -O2" we use by default. Without -O2, I get frame size errors in the test suite. Jan
participants (2)
-
Andrea Bolognani -
Ján Tomko