8:53 a.m.
I am not proud of the first patch.
I wrote the temporary bump for -Wframe-larger-than thinking
splitting it out would be too intrusive for the freeze, but
it did not turn out so bad.
Patch 7/8 does not fix anything.
Ján Tomko (8):
virFirewallAddRule: exchange first two parameters
virTypedParamsValidate: do not use STREQ_NULLABLE
build: disable -Wdouble-promotion
build: ignore some clang-specific warnings
Introudce VIR_WARNINGS_NO_UNUSED_VALUE
Temporarily bump maximum stack size
test/Makefile.am: drop WARN_CFLAGS from LDFLAGS
Split out -Wframe-larger-than warning from WARN_CLFAGS
daemon/Makefile.am | 3 +
m4/virt-compile-warnings.m4 | 15 ++++-
src/Makefile.am | 1 +
src/internal.h | 5 ++
src/nwfilter/nwfilter_ebiptables_driver.c | 84 +++++++++++++--------------
src/util/viratomic.h | 7 +++
src/util/virebtables.c | 8 +--
src/util/virfirewall.c | 8 +--
src/util/virfirewall.h | 4 +-
src/util/viriptables.c | 38 ++++++-------
src/util/virtypedparam.c | 2 +-
tests/Makefile.am | 3 +-
tests/virfirewalltest.c | 94 +++++++++++++++----------------
13 files changed, 150 insertions(+), 122 deletions(-)
--
2.7.3
8:53 a.m.
New subject: [libvirt] [PATCH 1/8] virFirewallAddRule: exchange first two parameters
clang 3.8 complains:
util/virfirewall.c:425:30: error: passing an object that undergoes
default argument promotion to 'va_start' has undefined behavior
[-Werror,-Wvarargs]
__builtin_va_start(args, layer);
Exchange the parameters to have a pointer as the last argument.
---
Alternatives:
* make a macro wrapper around virFirewallAddRule which
has a non-enum parameter after layer
* just silence the warning
* ???
src/nwfilter/nwfilter_ebiptables_driver.c | 84 +++++++++++++--------------
src/util/virebtables.c | 8 +--
src/util/virfirewall.c | 8 +--
src/util/virfirewall.h | 4 +-
src/util/viriptables.c | 38 ++++++-------
tests/virfirewalltest.c | 94 +++++++++++++++----------------
6 files changed, 118 insertions(+), 118 deletions(-)
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c
b/src/nwfilter/nwfilter_ebiptables_driver.c
index 0ab7c08..c6d448c 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -454,13 +454,13 @@ iptablesCreateBaseChainsFW(virFirewallPtr fw,
virFirewallAddRuleFull(fw, layer,
true, NULL, NULL,
"-D", "INPUT", "-j",
HOST_IN_CHAIN, NULL);
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-I", "FORWARD", "1",
"-j", VIRT_IN_CHAIN, NULL);
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-I", "FORWARD", "2",
"-j", VIRT_OUT_CHAIN, NULL);
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-I", "FORWARD", "3",
"-j", VIRT_IN_POST_CHAIN, NULL);
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-I", "INPUT", "1", "-j",
HOST_IN_CHAIN, NULL);
}
@@ -480,7 +480,7 @@ iptablesCreateTmpRootChainFW(virFirewallPtr fw,
PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname);
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-N", chain, NULL);
}
@@ -588,13 +588,13 @@ iptablesLinkTmpRootChainFW(virFirewallPtr fw,
PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname);
if (incoming)
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-A", basechain,
MATCH_PHYSDEV_IN_FW,
ifname,
"-g", chain, NULL);
else
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-A", basechain,
MATCH_PHYSDEV_OUT_FW,
ifname,
@@ -623,7 +623,7 @@ iptablesSetupVirtInPostFW(virFirewallPtr fw ATTRIBUTE_UNUSED,
"-D", VIRT_IN_POST_CHAIN,
MATCH_PHYSDEV_IN_FW,
ifname, "-j", "ACCEPT", NULL);
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-A", VIRT_IN_POST_CHAIN,
MATCH_PHYSDEV_IN_FW,
ifname, "-j", "ACCEPT", NULL);
@@ -762,7 +762,7 @@ iptablesRenameTmpRootChainFW(virFirewallPtr fw,
PRINT_IPT_ROOT_CHAIN(tmpchain, tmpChainPrefix, ifname);
PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname);
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-E", tmpchain, chain, NULL);
}
@@ -1186,7 +1186,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
switch (rule->prtclType) {
case VIR_NWFILTER_RULE_PROTOCOL_TCP:
case VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
"-p", "tcp",
NULL);
@@ -1245,7 +1245,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
case VIR_NWFILTER_RULE_PROTOCOL_UDP:
case VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
"-p", "udp",
NULL);
@@ -1275,7 +1275,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
case VIR_NWFILTER_RULE_PROTOCOL_UDPLITE:
case VIR_NWFILTER_RULE_PROTOCOL_UDPLITEoIPV6:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
"-p", "udplite",
NULL);
@@ -1300,7 +1300,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
case VIR_NWFILTER_RULE_PROTOCOL_ESP:
case VIR_NWFILTER_RULE_PROTOCOL_ESPoIPV6:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
"-p", "esp",
NULL);
@@ -1325,7 +1325,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
case VIR_NWFILTER_RULE_PROTOCOL_AH:
case VIR_NWFILTER_RULE_PROTOCOL_AHoIPV6:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
"-p", "ah",
NULL);
@@ -1350,7 +1350,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
case VIR_NWFILTER_RULE_PROTOCOL_SCTP:
case VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
"-p", "sctp",
NULL);
@@ -1380,7 +1380,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
case VIR_NWFILTER_RULE_PROTOCOL_ICMP:
case VIR_NWFILTER_RULE_PROTOCOL_ICMPV6:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
NULL);
@@ -1447,7 +1447,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
break;
case VIR_NWFILTER_RULE_PROTOCOL_IGMP:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
"-p", "igmp",
NULL);
@@ -1472,7 +1472,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
case VIR_NWFILTER_RULE_PROTOCOL_ALL:
case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
"-p", "all",
NULL);
@@ -1875,7 +1875,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
switch (rule->prtclType) {
case VIR_NWFILTER_RULE_PROTOCOL_MAC:
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat",
"-A", chain, NULL);
@@ -1898,7 +1898,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
break;
case VIR_NWFILTER_RULE_PROTOCOL_VLAN:
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A",
chain, NULL);
if (ebtablesHandleEthHdr(fw, fwrule,
@@ -1927,7 +1927,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
return -1;
}
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A",
chain, NULL);
if (ebtablesHandleEthHdr(fw, fwrule,
@@ -1963,7 +1963,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
case VIR_NWFILTER_RULE_PROTOCOL_ARP:
case VIR_NWFILTER_RULE_PROTOCOL_RARP:
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A",
chain, NULL);
if (ebtablesHandleEthHdr(fw, fwrule,
@@ -2090,7 +2090,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
break;
case VIR_NWFILTER_RULE_PROTOCOL_IP:
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A",
chain, NULL);
if (ebtablesHandleEthHdr(fw, fwrule,
@@ -2223,7 +2223,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
break;
case VIR_NWFILTER_RULE_PROTOCOL_IPV6:
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A",
chain, NULL);
if (ebtablesHandleEthHdr(fw, fwrule,
@@ -2423,7 +2423,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
break;
case VIR_NWFILTER_RULE_PROTOCOL_NONE:
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A",
chain, NULL);
break;
@@ -2543,7 +2543,7 @@ ebtablesCreateTmpRootChainFW(virFirewallPtr fw,
PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-N", chain, NULL);
}
@@ -2558,7 +2558,7 @@ ebtablesLinkTmpRootChainFW(virFirewallPtr fw,
PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A",
incoming ? EBTABLES_CHAIN_INCOMING : EBTABLES_CHAIN_OUTGOING,
incoming ? "-i" : "-o",
@@ -2671,10 +2671,10 @@ ebtablesCreateTmpSubChainFW(virFirewallPtr fw,
virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_ETHERNET,
true, NULL, NULL,
"-t", "nat", "-X", chain,
NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-N", chain, NULL);
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A",
rootchain, NULL);
switch (protoidx) {
@@ -2785,7 +2785,7 @@ ebtablesRenameTmpSubChainFW(virFirewallPtr fw,
PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
}
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-E", tmpchain, chain,
NULL);
}
@@ -2834,7 +2834,7 @@ ebtablesRenameTmpSubAndRootChainsQuery(virFirewallPtr fw,
virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_ETHERNET,
true, NULL, NULL,
"-t", "nat", "-X", newchain,
NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-E", tmp,
newchain, NULL);
}
@@ -2911,19 +2911,19 @@ ebtablesApplyBasicRules(const char *ifname,
ebtablesCreateTmpRootChainFW(fw, true, ifname);
PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain,
"-s", "!", macaddr_str,
"-j", "DROP", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain,
"-p", "IPv4",
"-j", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain,
"-p", "ARP",
"-j", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain,
"-j", "DROP", NULL);
@@ -2987,14 +2987,14 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
PRINT_ROOT_CHAIN(chain_in, CHAINPREFIX_HOST_IN_TEMP, ifname);
PRINT_ROOT_CHAIN(chain_out, CHAINPREFIX_HOST_OUT_TEMP, ifname);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain_in,
"-s", macaddr_str,
"-p", "ipv4", "--ip-protocol",
"udp",
"--ip-sport", "68", "--ip-dport",
"67",
"-j", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain_in,
"-j", "DROP", NULL);
@@ -3015,7 +3015,7 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
*/
for (ctr = 0; ctr < 2; ctr++) {
if (dhcpserver)
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A",
chain_out,
"-d", (ctr == 0) ? macaddr_str :
"ff:ff:ff:ff:ff:ff",
"-p", "ipv4",
"--ip-protocol", "udp",
@@ -3023,7 +3023,7 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
"--ip-sport", "67",
"--ip-dport", "68",
"-j", "ACCEPT", NULL);
else
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A",
chain_out,
"-d", (ctr == 0) ? macaddr_str :
"ff:ff:ff:ff:ff:ff",
"-p", "ipv4",
"--ip-protocol", "udp",
@@ -3037,7 +3037,7 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
break;
}
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain_out,
"-j", "DROP", NULL);
@@ -3091,11 +3091,11 @@ ebtablesApplyDropAllRules(const char *ifname)
PRINT_ROOT_CHAIN(chain_in, CHAINPREFIX_HOST_IN_TEMP, ifname);
PRINT_ROOT_CHAIN(chain_out, CHAINPREFIX_HOST_OUT_TEMP, ifname);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain_in,
"-j", "DROP", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain_out,
"-j", "DROP", NULL);
diff --git a/src/util/virebtables.c b/src/util/virebtables.c
index 2ffff08..e608ebb 100644
--- a/src/util/virebtables.c
+++ b/src/util/virebtables.c
@@ -94,15 +94,15 @@ ebtablesAddForwardPolicyReject(ebtablesContext *ctx)
fw = virFirewallNew();
virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"--new-chain", ctx->chain,
NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"--insert", "FORWARD",
"--jump", ctx->chain, NULL);
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-P", ctx->chain, "DROP",
NULL);
@@ -130,7 +130,7 @@ ebtablesForwardAllowIn(ebtablesContext *ctx,
fw = virFirewallNew();
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
action == ADD ? "--insert" : "--delete",
ctx->chain,
"--in-interface", iface,
diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index f26fd86..025df5b 100644
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@@ -407,8 +407,8 @@ virFirewallAddRuleFullV(virFirewallPtr firewall,
/**
* virFirewallAddRule:
- * @firewall: firewall ruleset to add to
* @layer: the firewall layer to change
+ * @firewall: firewall ruleset to add to
* @...: NULL terminated list of strings for the rule
*
* Add any type of rule to the firewall ruleset.
@@ -416,13 +416,13 @@ virFirewallAddRuleFullV(virFirewallPtr firewall,
* Returns the new rule
*/
virFirewallRulePtr
-virFirewallAddRule(virFirewallPtr firewall,
- virFirewallLayer layer,
+virFirewallAddRule(virFirewallLayer layer,
+ virFirewallPtr firewall,
...)
{
virFirewallRulePtr rule;
va_list args;
- va_start(args, layer);
+ va_start(args, firewall);
rule = virFirewallAddRuleFullV(firewall, layer, false, NULL, NULL, args);
va_end(args);
return rule;
diff --git a/src/util/virfirewall.h b/src/util/virfirewall.h
index dbf3975..371956c 100644
--- a/src/util/virfirewall.h
+++ b/src/util/virfirewall.h
@@ -44,8 +44,8 @@ virFirewallPtr virFirewallNew(void);
void virFirewallFree(virFirewallPtr firewall);
-virFirewallRulePtr virFirewallAddRule(virFirewallPtr firewall,
- virFirewallLayer layer,
+virFirewallRulePtr virFirewallAddRule(virFirewallLayer layer,
+ virFirewallPtr firewall,
...)
ATTRIBUTE_SENTINEL;
diff --git a/src/util/viriptables.c b/src/util/viriptables.c
index e921954..91b2a40 100644
--- a/src/util/viriptables.c
+++ b/src/util/viriptables.c
@@ -69,7 +69,7 @@ iptablesInput(virFirewallPtr fw,
snprintf(portstr, sizeof(portstr), "%d", port);
portstr[sizeof(portstr) - 1] = '\0';
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
action == ADD ? "--insert" : "--delete",
"INPUT",
"--in-interface", iface,
@@ -92,7 +92,7 @@ iptablesOutput(virFirewallPtr fw,
snprintf(portstr, sizeof(portstr), "%d", port);
portstr[sizeof(portstr) - 1] = '\0';
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
action == ADD ? "--insert" : "--delete",
"OUTPUT",
"--out-interface", iface,
@@ -262,7 +262,7 @@ iptablesForwardAllowOut(virFirewallPtr fw,
return -1;
if (physdev && physdev[0])
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
action == ADD ? "--insert" : "--delete",
"FORWARD",
"--source", networkstr,
@@ -271,7 +271,7 @@ iptablesForwardAllowOut(virFirewallPtr fw,
"--jump", "ACCEPT",
NULL);
else
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
action == ADD ? "--insert" : "--delete",
"FORWARD",
"--source", networkstr,
@@ -349,7 +349,7 @@ iptablesForwardAllowRelatedIn(virFirewallPtr fw,
return -1;
if (physdev && physdev[0])
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
action == ADD ? "--insert" : "--delete",
"FORWARD",
"--destination", networkstr,
@@ -360,7 +360,7 @@ iptablesForwardAllowRelatedIn(virFirewallPtr fw,
"--jump", "ACCEPT",
NULL);
else
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
action == ADD ? "--insert" : "--delete",
"FORWARD",
"--destination", networkstr,
@@ -438,7 +438,7 @@ iptablesForwardAllowIn(virFirewallPtr fw,
return -1;
if (physdev && physdev[0])
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
action == ADD ? "--insert" : "--delete",
"FORWARD",
"--destination", networkstr,
@@ -447,7 +447,7 @@ iptablesForwardAllowIn(virFirewallPtr fw,
"--jump", "ACCEPT",
NULL);
else
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
action == ADD ? "--insert" : "--delete",
"FORWARD",
"--destination", networkstr,
@@ -520,7 +520,7 @@ iptablesAddForwardAllowCross(virFirewallPtr fw,
virFirewallLayer layer,
const char *iface)
{
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
"--insert", "FORWARD",
"--in-interface", iface,
@@ -545,7 +545,7 @@ iptablesRemoveForwardAllowCross(virFirewallPtr fw,
virFirewallLayer layer,
const char *iface)
{
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
"--delete", "FORWARD",
"--in-interface", iface,
@@ -569,7 +569,7 @@ iptablesAddForwardRejectOut(virFirewallPtr fw,
virFirewallLayer layer,
const char *iface)
{
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
"--insert", "FORWARD",
"--in-interface", iface,
@@ -592,7 +592,7 @@ iptablesRemoveForwardRejectOut(virFirewallPtr fw,
virFirewallLayer layer,
const char *iface)
{
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
"--delete", "FORWARD",
"--in-interface", iface,
@@ -616,7 +616,7 @@ iptablesAddForwardRejectIn(virFirewallPtr fw,
virFirewallLayer layer,
const char *iface)
{
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
"--insert", "FORWARD",
"--out-interface", iface,
@@ -639,7 +639,7 @@ iptablesRemoveForwardRejectIn(virFirewallPtr fw,
virFirewallLayer layer,
const char *iface)
{
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
"--delete", "FORWARD",
"--out-interface", iface,
@@ -690,7 +690,7 @@ iptablesForwardMasquerade(virFirewallPtr fw,
}
if (protocol && protocol[0]) {
- rule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ rule = virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"--table", "nat",
action == ADD ? "--insert" :
"--delete", "POSTROUTING",
"--source", networkstr,
@@ -698,7 +698,7 @@ iptablesForwardMasquerade(virFirewallPtr fw,
"!", "--destination", networkstr,
NULL);
} else {
- rule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ rule = virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"--table", "nat",
action == ADD ? "--insert" :
"--delete", "POSTROUTING",
"--source", networkstr,
@@ -842,7 +842,7 @@ iptablesForwardDontMasquerade(virFirewallPtr fw,
}
if (physdev && physdev[0])
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"--table", "nat",
action == ADD ? "--insert" : "--delete",
"POSTROUTING",
"--out-interface", physdev,
@@ -851,7 +851,7 @@ iptablesForwardDontMasquerade(virFirewallPtr fw,
"--jump", "RETURN",
NULL);
else
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"--table", "nat",
action == ADD ? "--insert" : "--delete",
"POSTROUTING",
"--source", networkstr,
@@ -927,7 +927,7 @@ iptablesOutputFixUdpChecksum(virFirewallPtr fw,
snprintf(portstr, sizeof(portstr), "%d", port);
portstr[sizeof(portstr) - 1] = '\0';
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"--table", "mangle",
action == ADD ? "--insert" : "--delete",
"POSTROUTING",
"--out-interface", iface,
diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c
index 6f4fed5..49bfaa5 100644
--- a/tests/virfirewalltest.c
+++ b/tests/virfirewalltest.c
@@ -221,12 +221,12 @@ testFirewallSingleGroup(const void *opaque)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
@@ -281,17 +281,17 @@ testFirewallRemoveRule(const void *opaque)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT", NULL);
virFirewallRuleAddArg(fw, fwrule, "--source-host");
virFirewallRemoveRule(fw, fwrule);
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT", NULL);
virFirewallRuleAddArg(fw, fwrule, "--source-host");
virFirewallRuleAddArgFormat(fw, fwrule, "%s", "!192.168.122.1");
@@ -348,24 +348,24 @@ testFirewallManyGroups(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "OUTPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "OUTPUT",
"--jump", "DROP", NULL);
@@ -444,24 +444,24 @@ testFirewallIgnoreFailGroup(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "OUTPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "OUTPUT",
"--jump", "DROP", NULL);
@@ -519,7 +519,7 @@ testFirewallIgnoreFailRule(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
@@ -530,12 +530,12 @@ testFirewallIgnoreFailRule(const void *opaque ATTRIBUTE_UNUSED)
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "OUTPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "OUTPUT",
"--jump", "DROP", NULL);
@@ -591,17 +591,17 @@ testFirewallNoRollback(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
@@ -664,34 +664,34 @@ testFirewallSingleRollback(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
virFirewallStartRollback(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
@@ -753,38 +753,38 @@ testFirewallManyRollback(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
virFirewallStartRollback(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
virFirewallStartRollback(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
@@ -850,14 +850,14 @@ testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
virFirewallStartRollback(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
@@ -865,24 +865,24 @@ testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.127",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
virFirewallStartRollback(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "192.168.122.127",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
@@ -890,24 +890,24 @@ testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
virFirewallStartRollback(fw, VIR_FIREWALL_ROLLBACK_INHERIT_PREVIOUS);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
@@ -996,7 +996,7 @@ testFirewallQueryCallback(virFirewallPtr fw,
void *opaque ATTRIBUTE_UNUSED)
{
size_t i;
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.129",
"--jump", "REJECT", NULL);
@@ -1054,14 +1054,14 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.127",
"--jump", "REJECT", NULL);
@@ -1077,7 +1077,7 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED)
NULL,
"-t", "nat", "-L", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.130",
"--jump", "REJECT", NULL);
@@ -1085,12 +1085,12 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.128",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
--
2.7.3
8:53 a.m.
New subject: [libvirt] [PATCH 2/8] virTypedParamsValidate: do not use STREQ_NULLABLE
The field cannot be non-NULL. Only check last_name for NULL to make
clang happy:
util/virtypedparam.c:109:104: error: address of array 'sorted[i].field'
will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]
if (((last_name) ? (sorted[i].field) && (strcmp((last_name)
?
(last_name)
: "",
(sorted[i].field)
?
(sorted[i].field)
: "") == 0)
: !(sorted[i].field)) &&
---
src/util/virtypedparam.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/virtypedparam.c b/src/util/virtypedparam.c
index 23109e1..6013688 100644
--- a/src/util/virtypedparam.c
+++ b/src/util/virtypedparam.c
@@ -106,7 +106,7 @@ virTypedParamsValidate(virTypedParameterPtr params, int nparams, ...)
if (STRNEQ(sorted[i].field, keys[j].field)) {
j++;
} else {
- if (STREQ_NULLABLE(last_name, sorted[i].field) &&
+ if (last_name && STREQ(last_name, sorted[i].field) &&
!(keys[j].value.i & VIR_TYPED_PARAM_MULTIPLE)) {
virReportError(VIR_ERR_INVALID_ARG,
_("parameter '%s' occurs multiple
times"),
--
2.7.3
8:53 a.m.
New subject: [libvirt] [PATCH 3/8] build: disable -Wdouble-promotion
This causes problem with clang 3.8 and the isnan macro:
util/virxml.c:153:166: error: implicit conversion increases
floating-point precision: 'double' to 'long double'
[-Werror,-Wdouble-promotion]
((sizeof (obj->floatval) == sizeof (float) ? __isnanf
(obj->floatval) : sizeof (obj->floatval) == sizeof (double) ?
__isnan (obj->floatval) : __isnanl (obj->floatval)))) {
Disable it since we don't really care about performance
on single-precision FPUs.
---
m4/virt-compile-warnings.m4 | 2 ++
1 file changed, 2 insertions(+)
diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4
index eb689e2..b622e22 100644
--- a/m4/virt-compile-warnings.m4
+++ b/m4/virt-compile-warnings.m4
@@ -61,6 +61,8 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
dontwarn="$dontwarn -Wenum-compare"
# gcc 5.1 -Wformat-signedness mishandles enums, not ready for prime time
dontwarn="$dontwarn -Wformat-signedness"
+ # clang 3.8 has problem understanding the isnan macro
+ dontwarn="$dontwarn -Wdouble-promotion"
# gcc 4.2 treats attribute(format) as an implicit attribute(nonnull),
# which triggers spurious warnings for our usage
--
2.7.3
8:53 a.m.
New subject: [libvirt] [PATCH 4/8] build: ignore some clang-specific warnings
These cause build errors with clang 3.8.
Disable:
-Wunevaluated-expression,
* problems with VIR_TYPEMATCH
-Wparentheses-equality,
* we don't want to delete parentheses from macros
-Waddress-of-packed-member
* virNWFilterSnoopDHCP violates
-Wtautological-pointer-compare
* macros in cputest violate
---
m4/virt-compile-warnings.m4 | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4
index b622e22..661d60b 100644
--- a/m4/virt-compile-warnings.m4
+++ b/m4/virt-compile-warnings.m4
@@ -215,6 +215,15 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
wantwarn="$wantwarn -Werror"
fi
+ # clang 3.8 chokes on VIR_TYPEMATCH
+ wantwarn="$wantwarn -Wno-unevaluated-expression"
+ # we want extra parentheses around equality comparisons in macros
+ wantwarn="$wantwarn -Wno-parentheses-equality"
+ # virNWFilterSnoopDHCP
+ wantwarn="$wantwarn -Wno-address-of-packed-member"
+ # macros in cputest
+ wantwarn="$wantwarn -Wno-tautological-pointer-compare"
+
# Check for $CC support of each warning
for w in $wantwarn; do
gl_WARN_ADD([$w])
--
2.7.3
8:53 a.m.
New subject: [libvirt] [PATCH 5/8] Introudce VIR_WARNINGS_NO_UNUSED_VALUE
Use it around virAtomicIntDecAndTest and virAtomicIntAdd which
give a warning when building with clang 3.8.
---
src/internal.h | 5 +++++
src/util/viratomic.h | 7 +++++++
2 files changed, 12 insertions(+)
diff --git a/src/internal.h b/src/internal.h
index 0dc34c7..e4c20de 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -236,6 +236,10 @@
_Pragma ("GCC diagnostic push") \
_Pragma ("GCC diagnostic ignored \"-Wcast-align\"")
+# define VIR_WARNINGS_NO_UNUSED_VALUE \
+ _Pragma ("GCC diagnostic push") \
+ _Pragma ("GCC diagnostic ignored \"-Wunused-value\"")
+
# if HAVE_SUGGEST_ATTRIBUTE_FORMAT
# define VIR_WARNINGS_NO_PRINTF \
_Pragma ("GCC diagnostic push") \
@@ -259,6 +263,7 @@
# define VIR_WARNINGS_RESET \
_Pragma ("GCC diagnostic pop")
# else
+# define VIR_WARNINGS_NO_UNUSED_VALUE
# define VIR_WARNINGS_NO_CAST_ALIGN
# define VIR_WARNINGS_NO_PRINTF
# define VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR
diff --git a/src/util/viratomic.h b/src/util/viratomic.h
index 4d7f7e5..a6f56ff 100644
--- a/src/util/viratomic.h
+++ b/src/util/viratomic.h
@@ -176,12 +176,17 @@ VIR_STATIC unsigned int virAtomicIntXor(volatile unsigned int
*atomic,
(void)(0 ? *(atomic) ^ *(atomic) : 0); \
__sync_add_and_fetch((atomic), 1); \
}))
+
+/* clang 3.8 complains about unused value here */
# define virAtomicIntDecAndTest(atomic) \
(__extension__ ({ \
(void)verify_true(sizeof(*(atomic)) == sizeof(int)); \
(void)(0 ? *(atomic) ^ *(atomic) : 0); \
+ VIR_WARNINGS_NO_UNUSED_VALUE \
__sync_fetch_and_sub((atomic), 1) == 1; \
+ VIR_WARNINGS_RESET \
}))
+
# define virAtomicIntCompareExchange(atomic, oldval, newval) \
(__extension__ ({ \
(void)verify_true(sizeof(*(atomic)) == sizeof(int)); \
@@ -193,7 +198,9 @@ VIR_STATIC unsigned int virAtomicIntXor(volatile unsigned int
*atomic,
(__extension__ ({ \
(void)verify_true(sizeof(*(atomic)) == sizeof(int)); \
(void)(0 ? *(atomic) ^ (val) : 0); \
+ VIR_WARNINGS_NO_UNUSED_VALUE \
(int) __sync_fetch_and_add((atomic), (val)); \
+ VIR_WARNINGS_RESET \
}))
# define virAtomicIntAnd(atomic, val) \
(__extension__ ({ \
--
2.7.3
8:53 a.m.
New subject: [libvirt] [PATCH 6/8] Temporarily bump maximum stack size
It seems clang computes this differently because over 23000 is needed
to build cputest.
---
m4/virt-compile-warnings.m4 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4
index 661d60b..b72dfb3 100644
--- a/m4/virt-compile-warnings.m4
+++ b/m4/virt-compile-warnings.m4
@@ -171,7 +171,7 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
# This should be < 256 really. Currently we're down to 4096,
# but using 1024 bytes sized buffers (mostly for virStrerror)
# stops us from going down further
- wantwarn="$wantwarn -Wframe-larger-than=4096"
+ wantwarn="$wantwarn -Wframe-larger-than=25600"
dnl wantwarn="$wantwarn -Wframe-larger-than=256"
# Extra special flags
--
2.7.3
8:54 a.m.
New subject: [libvirt] [PATCH 7/8] test/Makefile.am: drop WARN_CFLAGS from LDFLAGS
Introduced by commit 0832c58, with the intention to link with
the stack protector library.
Not needed because per commit 71b54636, automake should pass
all the CFLAGS to the linker.
---
tests/Makefile.am | 1 -
1 file changed, 1 deletion(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 444e0fd..b3ee6e6 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -74,7 +74,6 @@ GNULIB_LIBS = \
../gnulib/lib/libgnu.la
LDADDS = \
- $(WARN_CFLAGS) \
$(NO_INDIRECT_LDFLAGS) \
$(PROBES_O) \
$(GNULIB_LIBS) \
--
2.7.3
8:54 a.m.
New subject: [libvirt] [PATCH 8/8] Split out -Wframe-larger-than warning from WARN_CLFAGS
Introduce STRICT_FRAME_LIMIT_CFLAGS that will be used for
the library code and RELAXED_FRAME_LIMIT_CFLAGS for daemon code
and the test code.
---
daemon/Makefile.am | 3 +++
m4/virt-compile-warnings.m4 | 4 ++--
src/Makefile.am | 1 +
tests/Makefile.am | 2 ++
4 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index 927d16f..7d45320 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -123,6 +123,7 @@ libvirtd_conf_la_CFLAGS = \
$(LIBXML_CFLAGS) \
$(XDR_CFLAGS) \
$(WARN_CFLAGS) $(PIE_CFLAGS) \
+ $(RELAXED_FRAME_LIMIT_CFLAGS) \
$(COVERAGE_CFLAGS) \
$(NULL)
libvirtd_conf_la_LDFLAGS = \
@@ -142,6 +143,7 @@ libvirtd_admin_la_CFLAGS = \
$(XDR_CFLAGS) \
$(PIE_CFLAGS) \
$(WARN_CFLAGS) \
+ $(RELAXED_FRAME_LIMIT_CFLAGS) \
$(LIBXML_CFLAGS) \
$(COVERAGE_CFLAGS) \
$(NULL)
@@ -176,6 +178,7 @@ libvirtd_CFLAGS = \
$(LIBXML_CFLAGS) $(GNUTLS_CFLAGS) $(SASL_CFLAGS) \
$(XDR_CFLAGS) $(DBUS_CFLAGS) $(LIBNL_CFLAGS) \
$(WARN_CFLAGS) $(PIE_CFLAGS) \
+ $(RELAXED_FRAME_LIMIT_CFLAGS) \
$(COVERAGE_CFLAGS) \
-DQEMUD_PID_FILE="\"$(QEMUD_PID_FILE)\""
diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4
index b72dfb3..3e64e1d 100644
--- a/m4/virt-compile-warnings.m4
+++ b/m4/virt-compile-warnings.m4
@@ -171,8 +171,8 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
# This should be < 256 really. Currently we're down to 4096,
# but using 1024 bytes sized buffers (mostly for virStrerror)
# stops us from going down further
- wantwarn="$wantwarn -Wframe-larger-than=25600"
- dnl wantwarn="$wantwarn -Wframe-larger-than=256"
+ gl_WARN_ADD(["-Wframe-larger-than=4096"], [STRICT_FRAME_LIMIT_CFLAGS])
+ gl_WARN_ADD(["-Wframe-larger-than=25600"], [RELAXED_FRAME_LIMIT_CFLAGS])
# Extra special flags
dnl -fstack-protector stuff passes gl_WARN_ADD with gcc
diff --git a/src/Makefile.am b/src/Makefile.am
index 275bfc7..cb75553 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -39,6 +39,7 @@ INCLUDES = -I../gnulib/lib \
AM_CFLAGS = $(LIBXML_CFLAGS) \
$(WARN_CFLAGS) \
+ $(STRICT_FRAME_LIMIT_CFLAGS) \
$(LOCK_CHECKING_CFLAGS) \
$(WIN32_EXTRA_CFLAGS) \
$(COVERAGE_CFLAGS)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index b3ee6e6..ba08ca5 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -46,6 +46,7 @@ AM_CFLAGS = \
$(APPARMOR_CFLAGS) \
$(YAJL_CFLAGS) \
$(COVERAGE_CFLAGS) \
+ $(RELAXED_FRAME_LIMIT_CFLAGS) \
$(WARN_CFLAGS)
AM_LDFLAGS = \
@@ -889,6 +890,7 @@ commandhelper_SOURCES = \
commandhelper.c
commandhelper_LDADD = \
$(WARN_CFLAGS) \
+ $(RELAXED_FRAME_LIMIT_CFLAGS) \
$(NO_INDIRECT_LDFLAGS) \
$(PROBES_O) \
../src/libvirt_util.la \
--
2.7.3
12:37 p.m.
On Wed, 2016-06-29 at 15:53 +0200, Ján Tomko wrote:
I am not proud of the first patch.
I wrote the temporary bump for -Wframe-larger-than thinking
splitting it out would be too intrusive for the freeze, but
it did not turn out so bad.
Patch 7/8 does not fix anything.
Ján Tomko (8):
virFirewallAddRule: exchange first two parameters
virTypedParamsValidate: do not use STREQ_NULLABLE
build: disable -Wdouble-promotion
build: ignore some clang-specific warnings
Introudce VIR_WARNINGS_NO_UNUSED_VALUE
Temporarily bump maximum stack size
test/Makefile.am: drop WARN_CFLAGS from LDFLAGS
Split out -Wframe-larger-than warning from WARN_CLFAGS
daemon/Makefile.am | 3 +
m4/virt-compile-warnings.m4 | 15 ++++-
src/Makefile.am | 1 +
src/internal.h | 5 ++
src/nwfilter/nwfilter_ebiptables_driver.c | 84 +++++++++++++--------------
src/util/viratomic.h | 7 +++
src/util/virebtables.c | 8 +--
src/util/virfirewall.c | 8 +--
src/util/virfirewall.h | 4 +-
src/util/viriptables.c | 38 ++++++-------
src/util/virtypedparam.c | 2 +-
tests/Makefile.am | 3 +-
tests/virfirewalltest.c | 94 +++++++++++++++----------------
13 files changed, 150 insertions(+), 122 deletions(-)
I have
clang 3.8.0 on Fedora rawhide
clang 3.8.1 on Debian sid
and libvirt already builds fine in both cases.
The only failures I have are with virnetdevtest and
qemuxml2argvtest, and both are when *running* the test cases,
not when building them. Applying your series doesn't change
that.
I wonder what's different with your setup...
--
Andrea Bolognani / Red Hat / Virtualization
4:04 a.m.
On Wed, Jun 29, 2016 at 07:37:03PM +0200, Andrea Bolognani wrote:
On Wed, 2016-06-29 at 15:53 +0200, Ján Tomko wrote:
> I am not proud of the first patch.
>
> I wrote the temporary bump for -Wframe-larger-than thinking
> splitting it out would be too intrusive for the freeze, but
> it did not turn out so bad.
>
> Patch 7/8 does not fix anything.
>
> Ján Tomko (8):
> virFirewallAddRule: exchange first two parameters
> virTypedParamsValidate: do not use STREQ_NULLABLE
> build: disable -Wdouble-promotion
> build: ignore some clang-specific warnings
> Introudce VIR_WARNINGS_NO_UNUSED_VALUE
> Temporarily bump maximum stack size
> test/Makefile.am: drop WARN_CFLAGS from LDFLAGS
> Split out -Wframe-larger-than warning from WARN_CLFAGS
>
> daemon/Makefile.am | 3 +
> m4/virt-compile-warnings.m4 | 15 ++++-
> src/Makefile.am | 1 +
> src/internal.h | 5 ++
> src/nwfilter/nwfilter_ebiptables_driver.c | 84 +++++++++++++--------------
> src/util/viratomic.h | 7 +++
> src/util/virebtables.c | 8 +--
> src/util/virfirewall.c | 8 +--
> src/util/virfirewall.h | 4 +-
> src/util/viriptables.c | 38 ++++++-------
> src/util/virtypedparam.c | 2 +-
> tests/Makefile.am | 3 +-
> tests/virfirewalltest.c | 94 +++++++++++++++----------------
> 13 files changed, 150 insertions(+), 122 deletions(-)
I have
clang 3.8.0 on Fedora rawhide
clang 3.8.1 on Debian sid
and libvirt already builds fine in both cases.
The warnings were on a Gentoo system wtih sys-devel/clang-3.8.0-r100.
After rebuilding without the 'python' USE flag, it behaves the same as
3.8.0 in F24 for me (and I wish I knew why):
USE="static-analyzer -debug -multitarget -python"
At least the VIR_TYPEMATCH error seems to be present on Erik's F23 with
clang 3.7.1.
The only failures I have are with virnetdevtest and
qemuxml2argvtest, and both are when *running* the test cases,
not when building them. Applying your series doesn't change
that.
Yes, with "-g -O2" we use by default.
Without -O2, I get frame size errors in the test suite.
Jan
3067
days inactive
3068
days old
10 comments
2 participants
participants (2)
-
Andrea Bolognani -
Ján Tomko