Ján Tomko [Fri, 14 Jun 2019 07:16:14 +0000 (09:16 +0200)]
api: disallow virConnectGetDomainCapabilities on read-only connections
This API can be used to execute arbitrary emulators.
Forbid it on read-only connections.
Fixes: CVE-2019-10167 Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26) Signed-off-by: Ján Tomko <jtomko@redhat.com>
Ján Tomko [Fri, 14 Jun 2019 07:14:53 +0000 (09:14 +0200)]
api: disallow virDomainManagedSaveDefineXML on read-only connections
The virDomainManagedSaveDefineXML can be used to alter the domain's
config used for managedsave or even execute arbitrary emulator binaries.
Forbid it on read-only connections.
Fixes: CVE-2019-10166 Reported-by: Matthias Gerstner <mgerstner@suse.de> Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit db0b78457f183e4c7ac45bc94de86044a1e2056a) Signed-off-by: Ján Tomko <jtomko@redhat.com>
Ján Tomko [Fri, 14 Jun 2019 06:47:42 +0000 (08:47 +0200)]
api: disallow virDomainSaveImageGetXMLDesc on read-only connections
The virDomainSaveImageGetXMLDesc API is taking a path parameter,
which can point to any path on the system. This file will then be
read and parsed by libvirtd running with root privileges.
Forbid it on read-only connections.
Fixes: CVE-2019-10161 Reported-by: Matthias Gerstner <mgerstner@suse.de> Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit aed6a032cead4386472afb24b16196579e239580) Signed-off-by: Ján Tomko <jtomko@redhat.com>
Conflicts:
src/libvirt-domain.c
src/remote/remote_protocol.x
Upstream commit 12a51f372 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE
alias for VIR_DOMAIN_XML_SECURE is not backported.
Just skip the commit since we now disallow the whole API on read-only
connections, regardless of the flag.
The virtlogd daemon's only intended client is the libvirtd daemon. As
such it should never allow clients from other user accounts to connect.
The code already enforces this and drops clients from other UIDs, but
we can get earlier (and thus stronger) protection against DoS by setting
the socket permissions to 0600
Fixes CVE-2019-10132
Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit e37bd65f9948c1185456b2cdaa3bd6e875af680f)
The virtlockd daemon's only intended client is the libvirtd daemon. As
such it should never allow clients from other user accounts to connect.
The code already enforces this and drops clients from other UIDs, but
we can get earlier (and thus stronger) protection against DoS by setting
the socket permissions to 0600
Fixes CVE-2019-10132
Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit f111e09468693909b1f067aa575efdafd9a262a1)
admin: reject clients unless their UID matches the current UID
The admin protocol RPC messages are only intended for use by the user
running the daemon. As such they should not be allowed for any client
UID that does not match the server UID.
Fixes CVE-2019-10132
Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7)
Jim Fehlig [Wed, 14 Mar 2018 22:42:39 +0000 (16:42 -0600)]
lockd: fix typo in virtlockd-admin.socket
Commit ce7ae55ea1 introduced a typo in virtlockd-admin socket file
/usr/lib/systemd/system/virtlockd-admin.socket:7: Unknown lvalue
'Server' in section 'Socket'
Change 'Server' to 'Service'.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit fb327ac2c3d721b4002852c520d9f39a35183e0d)
The bit is set when microcode provides the mechanism to invoke a flush
of various exploitable CPU buffers by invoking the VERW instruction.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 538d873571d7a682852dc1d70e5f4478f4d64e85)
Conflicts:
src/cpu_map/x86_features.xml
- no CPU map split downstream
tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml
tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml
- test data missing downstream
tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
- intel-pt feature is missing downstream
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
My earlier commit be46f61326 was incomplete. It removed caching of
microcode version in the CPU driver, which means the capabilities XML
will see the correct microcode version. But it is also cached in the
QEMU capabilities cache where it is used to detect whether we need to
reprobe QEMU. By missing the second place, the original commit be46f61326 made the situation even worse since libvirt would report
correct microcode version while still using the old host CPU model
(visible in domain capabilities XML).
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 673c62a3b7855a0685d8f116e227c402720b9ee9)
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
Conflicts:
src/qemu/qemu_capabilities.c
- virQEMUCapsCacheLookupByArch refactoring (commits 7948ad4129a and 1a3de67001c) are missing
- commit a7424faff0f "Force QMP capability probing" is
missing downstream
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The microcode version checks are used to invalidate cached CPU data we
get from QEMU. To minimize /proc/cpuinfo parsing the microcode version
was only read when libvirtd started and cached for the daemon's
lifetime. However, the CPU microcode can change anytime (updating the
microcode package can automatically upload it to the CPU) and we need to
stop caching it to avoid using stale CPU model data.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit be46f613261d3b655a1f15afd635087e68a9c39b)
cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639)
Some AMD processors only support a non-architectural means of
enabling Speculative Store Bypass Disable. To allow simplified
handling in virtual environments, hypervisors will expose an
architectural definition through CPUID bit 0x80000008_EBX[25].
This needs to be exposed to guest OS running on AMD x86 hosts to
allow them to protect against CVE-2018-3639.
Note that since this CPUID bit won't be present in the host CPUID
results on physical hosts, it will not be enabled automatically
in guests configured with "host-model" CPU unless using QEMU
version >= 2.9.0. Thus for older versions of QEMU, this feature
must be manually enabled using policy=force. Guests using the
"host-passthrough" CPU mode do not need special handling.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 9267342206ce17f6933d57a3128cdc504d5945c9)
cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639)
New microcode introduces the "Speculative Store Bypass Disable"
CPUID feature bit. This needs to be exposed to guest OS to allow
them to protect against CVE-2018-3639.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 1dbca2eccad58d91a5fd33962854f1a653638182)
Laine Stump [Wed, 25 Apr 2018 21:12:03 +0000 (17:12 -0400)]
nwfilter: increase pcap buffer size to be compatible with TPACKET_V3
When an nwfilter rule sets the parameter CTRL_IP_LEARNING to "dhcp",
this turns on the "dhcpsnoop" thread, which uses libpcap to monitor
traffic on the domain's tap device and extract the IP address from the
DHCP response.
If libpcap on the host is built with HAVE_TPACKET3 defined (to enable
support for TPACKET_V3), the dhcpsnoop code's initialization of the
libpcap socket would fail with the following error:
It turns out that this was because TPACKET_V3 requires a larger buffer
size than libvirt was setting (we were setting it to 128k). Changing
the buffer size to 256k eliminates the error, and the dhcpsnoop thread
once again works properly.
A fuller explanation of why TPACKET_V3 requires such a large buffer,
for future git spelunkers:
libpcap calls setsockopt(... SOL_PACKET, PACKET_RX_RING...) to setup a
ring buffer for receiving packets; two of the attributes sent to this
API are called tp_frame_size, and tp_frame_nr. If libpcap was built
with HAVE_TPACKET3 defined, tp_trame_size is set to MAXIMUM_SNAPLEN
(defined in libpcap sources as 262144) and tp_frame_nr is set to:
[the buffer size we set, i.e. PCAP_BUFFERSIZE i.e. 262144] / tp_frame_size.
So if PCAP_BUFFERSIZE < MAXIMUM_SNAPLEN, then tp_frame_nr (the number
of frames in the ring buffer) is 0, which is nonsensical. This same
value is later used as a multiplier to determine the size for a call
to malloc() (which would also fail).
(NB: if HAVE_TPACKET3 is *not* defined, then tp_frame_size is set to
the snaplen set by the user (in our case 576) plus a small amount to
account for ethernet headers, so 256k is far more than adequate)
Since the TPACKET_V3 code in libpcap actually reads multiple packets
into each frame, it's not a problem to have only a single frame
(especially when we are monitoring such infrequent traffic), so it's
okay to set this relatively small buffer size (in comparison to the
default, which is 2MB), which is important since every guest using
dhcp snooping in a nwfilter rule will hold 2 of these buffers for the
entire life of the guest.
Thanks to Christian Ehrhardt for discovering that buffer size was the
problem (this was not at all obvious from the error that was logged!)
Resolves: https://bugzilla.redhat.com/1547237 Fixes: https://bugs.launchpad.net/libvirt/+bug/1758037 Signed-off-by: Laine Stump <laine@laine.org> Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> (V1) Reviewed-by: John Ferlan <jferlan@redhat.com> Tested-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
(cherry picked from commit ce5aebeacd10a1c15cb3ee46a59c8b5ff235589e)
Pavel Hrdina [Thu, 1 Mar 2018 14:25:05 +0000 (15:25 +0100)]
tests: introduce qemucapsfixreplies helper
Sometimes we don't regenerate QEMU capabilities replies using QEMU
binary but we simply add a new entry manually. In that case you need
to manually fix all the replies ids. This helper will do that for you.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
The check was trying to use the shell variable $CC instead of
the make variable $(CC); it also interpreted grep's return code
wrong: 1 means the provided pattern was *not* matched. As a
result, pdwtags was never run, not even when building with gcc.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
John Ferlan [Thu, 1 Mar 2018 12:08:32 +0000 (07:08 -0500)]
conf: Fix crash in virDomainDefCompatibleDevice
Commit id 'edae027c' blindly assumed that the passed @oldDev
parameter would not be NULL when calling virDomainDeviceGetInfo;
however, commit id 'b6a264e8' passed NULL for AttachDevice
callers under the premise that there wouldn't be a device
to check/update against.
Enable testing of both the upstart and systemd init script handling.
We test a different one in each scenario. Even though trusty only
cares about upstart, it is fine for us to test rules that install
systemd, since we're not actually running these scripts for real.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
travis: test "make install" and "make dist" on macOS
We can't use "make distcheck" on macOS because many unit tests fail. We
can still get coverage of some of the things "distcheck" validates, by
running the "install" and "dist" targets. This is particularly useful
because many conditional features are disabled on macOS, and this helps
make sure we can still successfully install & dist when these bits are
disabled.
The default script is getting unreadable since it is all on one long
line. Rather than adding further conditional clauses to it, we make
use of the travis matrix config override for the script.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
travis: run "make distcheck" instead of just "make check"
Running "make distcheck" includes the "make check", and "make dist"
targets. It ensures that we have CLEANFILES and uninstall rules setup
correctly, as well as validating VPATH builds succeed.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
When building with CLang the structs that are emitted by pdwtags appear
in a completely different order than with GCC, which causes the
comparison against expected data to fail.
Ideally the test would not be sensitive to the ordering, because even
future GCC could cause changes, but that's not easy to fix. So for now
just skip the test when using clang.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Wed, 28 Feb 2018 09:09:56 +0000 (10:09 +0100)]
vshCommandOpt: Do more checking if skipChecks is set
Currently if cmd->skipChecks is set (done only from completers)
some basic checks are skipped because we're working over
partially parsed command. See a26ff63ae4 for more detailed
explanation. Anyway, the referenced commit was too aggressive in
disabling checks and effectively returned success even in clear
case of failure. For instance:
# domif-getlink --interface <TAB><TAB>
causes virshDomainInterfaceCompleter() to be called, which calls
virshDomainGetXML() which eventually calls
vshCommandOptStringReq(.., name = "domain"); The --domain
argument is required for the command and if not present -1 should
be returned to tell the caller the argument was not found. Well,
zero is returned meaning the argument was not found but it's not
required either.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Julio Faracco [Wed, 28 Feb 2018 01:17:54 +0000 (22:17 -0300)]
virsh: fixing segfault by pool autocompleter function.
The commands which requires a pool to perform any action for a volume is
throwing a segfault when you pass the volume name before a pool name or
without the argument '--pool'.
An example that works:
virsh # vol-list loops-pool
Name Path
-------------------------------------------------------------------
loop0 /mnt/loop0
virsh # vol-info --pool loops-pool lo<TAB>
An example that does not work:
virsh # vol-list loops-pool
Name Path
-------------------------------------------------------------------
loop0 /mnt/loop0
virsh # vol-info lo<TAB>
Segmentation Fault
The example 'vol-info' can be executed as 'vol-info loop0 --pool
loops-pool'. So, this commit fixes this problem when the arguments are
inverted and avoids the segfault.
Signed-off-by: Julio Faracco <jcfaracco@gmail.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Zhangzijian [Wed, 28 Feb 2018 01:18:23 +0000 (01:18 +0000)]
qemu: fix memory leak of @vporttype during migration.
12 bytes in 1 blocks are definitely lost in loss record 188 of 1,145
at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5D2CD77: xmlStrndup (in /lib/x86_64-linux-gnu/libxml2.so.2.7.8)
by 0x514E137: virXMLPropString (virxml.c:506)
by 0x234F51: qemuMigrationCookieNetworkXMLParse qemu_migration.c:1001)
by 0x235FF8: qemuMigrationCookieXMLParse (qemu_migration.c:1333)
by 0x236214: qemuMigrationCookieXMLParseStr (qemu_migration.c:1372)
by 0x2365D2: qemuMigrationEatCookie (qemu_migration.c:1456)
by 0x243DBA: qemuMigrationFinish (qemu_migration.c:6381)
by 0x204032: qemuDomainMigrateFinish3 (qemu_driver.c:13228)
by 0x521CCBB: virDomainMigrateFinish3 (libvirt-domain.c:4788)
by 0x1936DE: remoteDispatchDomainMigrateFinish3 (remote.c:4580)
by 0x16DBB1: remoteDispatchDomainMigrateFinish3Helper(remote_dispatch.h:7582)
Laine Stump [Fri, 23 Feb 2018 01:29:20 +0000 (20:29 -0500)]
nwfilter: save error from DHCP snoop thread to report in main thread
A problem encountered due to a bug in libpcap was reported to the
caller as:
An error occurred, but the cause is unknown
This was because the error had been logged in the DHCPSnoop
thread. The worker thread handling the API call to start a domain
spins up the DHCPSnoop thread which watches for dhcp packets with
libpcap, then uses virCondSignal() to notify the worker thread (which
has been waiting with virCondWait()). The worker thread knows that
there was an error (because threadStatus != THREAD_STATUS_OK), but the
error info had been stored in thread-specific storage for the other
thread, so the worker thread can only report that there was a failure,
but it doesn't know why.
The solution is to save the error that was logged (with
virErrorPreserveLast() into the object the is used to share info
between the threads, then we can set the error in the worker thread
using virErrorRestore().
In the case of the error I was looking at, this changed the "unknown"
message into:
internal error: pcap_setfilter: can't remove kernel filter:
Bad file descriptor
storage: fix sheepdog driver / test linking to avoid duplicating source
The libvirt_storage_backend_sheepdog_priv.la library depends on symbols
provided in the libvirt_driver_storage_impl.la library. As such the
latter must be listed 2nd when passed to the linker to avoid symbol
resolution problems. This mistake is being masked by the sheepdog
driver linking in a second copy of the storage driver code. Remove
this duplicate linkage of backend source and fix the test link order.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
A typo in the uninstall-data-extra rule expansion meant we just called
the install rule again, instead of the uninstall rule. While fixing
this, just inline the dependancy, since the intermediate
install-data-extra rule adds no value.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
When migrating a domain, qemuMigrationDstPrepareAny() is called
which eventually calls qemuProcessLaunch(conn = NULL, flags =
VIR_QEMU_PROCESS_START_AUTODESTROY); But the very first thing
that qemuProcessLaunch does is check if AUTODESTROY flag is set
and @conn is not NULL. Well, it is.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
If a domain disk is stored on local filesystem (e.g. ext4) but is
not being migrated it is very likely that domain is not able to
run on destination. Regardless of share/cache mode.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Jim Fehlig [Thu, 22 Feb 2018 01:48:38 +0000 (18:48 -0700)]
libxl: round memory values to next 1MiB increment
libxl requires the memory sizes to be rounded to 1MiB increments.
Attempting to start a domain that violates this requirement will
fail with the marginally helpful error
2018-02-22 01:55:32.921+0000: xc: panic: xc_dom_boot.c:141: xc_dom_boot_mem_init: can't allocate low memory for domain: Out of memory
2018-02-22 01:55:32.921+0000: libxl: libxl_dom.c:671:libxl__build_dom: xc_dom_boot_mem_init failed: No such file or directory
Round the maximum and current memory values to the next 1MiB
increment when generating the libxl_domain_config object.
While libvirt-guests.sh is running cases can let guest_is_on fail which
causes check_guests_shutdown to print output.
That output shall not spill into the users of function
check_guests_shutdown which is therefore now returning values in a
variable like guest_is_on already did.
Original-Author: Christian Ehrhardt <christian.ehrhardt@canonical.com> Modified-By: Jorge Niedbalski <niedbalski@ubuntu.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Jiri Denemark [Thu, 22 Feb 2018 12:51:36 +0000 (13:51 +0100)]
qemu: Fix updating device with boot order
Commit v3.7.0-14-gc57f3fd2f8 prevented adding a <boot order='x'/>
element to an inactive domain with global <boot dev='...'/> element.
However, as a result of that change updating any device with boot order
would fail with 'boot order X is already used by another device', where
"another device" is in fact the device which is being updated.
To fix this we have to ignore the device which we're about to update
when checking for boot order conflicts.
Jiri Denemark [Thu, 22 Feb 2018 12:30:27 +0000 (13:30 +0100)]
Pass oldDev to virDomainDefCompatibleDevice on device update
When calling virDomainDefCompatibleDevice to check a new device during
device update, we need to pass the original device which is going to be
updated in addition to the new device. Otherwise, the function can
report false conflicts.
The new argument is currently ignored by virDomainDefCompatibleDevice,
but this will change in the following patch.
Firstly, for rpm we are building libvirt with
--init-script=systemd or --init-script=redhat. So upstart is
never enabled. And only due to a bug we installed
libvirtd.upstart file.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
John Ferlan [Fri, 20 Oct 2017 11:28:21 +0000 (07:28 -0400)]
conf,qemu: Check for NULL addrs in virDomainUSBAddressEnsure
Rather than having the caller check, if the input @addrs is NULL
(e.g. priv->usbaddrs), then just return 0. This also removes the
need for ATTRIBUTE_NONNULL which only really helped if someone
passed a NULL as a parameter not if the passed parameter is NULL.
John Ferlan [Fri, 20 Oct 2017 11:24:49 +0000 (07:24 -0400)]
conf,qemu: Check for NULL addrs in virDomainUSBAddressRelease
Rather than having the caller check, if the input @addrs is NULL
(e.g. priv->usbaddrs), then just return 0. This also removes the
need for ATTRIBUTE_NONNULL which only really helped if someone
passed a NULL as a parameter not if the passed parameter is NULL.
Host tcp4/tcp6 ports is a global resource thus we need to make
port accounting also global or we have issues described in [1] when
port allocator ranges of different instances are overlapped (which
is by default for qemu for example).
Let's have only one global port allocator object that take care
of the entire ports range (0 - 65535) and introduce port range object
for clients to specify desired auto allocation band.
daemon: move libvirtd code into src/remote/ directory
Having a daemon/ directory makes little sense from a code structure
point of view, as 90% of the code that is built into libvirtd already
lives in the src/ directory. The virtlockd and virlogd daemons also live
entirely in src/{locking,logging} directories. This moves the source
code for libvirtd into src/remote/, alongside the client code.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The THREADS.txt describes the way threading worked in libvirtd many many
years ago, long before even the RPC code was modularized. Things have
evolved significantly since then, so delete this potentially misleading doc.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Jim Fehlig [Tue, 20 Feb 2018 23:51:27 +0000 (16:51 -0700)]
libxl: add support for specifying clock offset and adjustment
libxl supports setting the domain real time clock to local time or
UTC via the localtime field of libxl_domain_build_info. Adjustment
of the clock is also supported via the rtc_timeoffset field. The
libvirt libxl driver has never supported these settings, instead
relying on libxl's default of a UTC real time clock with adjustment
set to 0.
There is at least one user that would like the ability to change
the defaults
Add support for specifying a local time clock and for specifying an
adjustment for both local time and UTC clocks. Add a test case to
verify the XML to libxl_domain_config conversion.
Local time clock and clock adjustment is already supported by the
XML <-> xl.cfg converter. What is missing is an explicit test for
the conversion. There are plenty of existing tests that all use UTC
with 0 adjustment. Hijack test-fullvirt-tsc-timer to test a local
time clock with 1 hour adjustment.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
m4: enforce that all enum cases are listed in switch statements
As a general rule any time we switch() on something that is an enum, we
want to have a case for every enum constant. The -Wswitch warning will
report any switch where we've violated this rule, except if that switch
has a default case.
Unfortunately it is reasonable to want to list all enum constants *and*
also have a default case. To get a warning in that scenario requires
that we turn on -Wswitch-enum.
In a few cases where we explicitly don't want to list all enum cases, we
can discard the enum type checking by casting the value to a plain int.
Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
projects / thirdparty / libvirt.git / log
