2016-04-01 Jim Fehlig libxl: fix net device detach Chunyan sent a nice cleanup patch for libxlDomainDetachNetDevice https://www.redhat.com/archives/libvir-list/2016-March/msg00926.html which I incorrectly modified before pushing as commit b5534e53. My modification caused network devices of type hostdev to no longer be removed. This patch changes b5534e53 to resemble Chunyan's original, correct patch. 2016-04-01 Jim Fehlig libxl: fix attaching net device of type hostdev Chunyan sent a correct patch to fix a resource leak on error in libxlDomainAttachNetDevice https://www.redhat.com/archives/libvir-list/2016-March/msg00924.html I made what was thought to be an improvement and pushed the patch as commit e6336442. As it turns out, my change broke adding net devices that are actually hostdevs to the list of nets in virDomainDef. This patch changes e6336442 to resemble Chunyan's original, correct patch. 2016-03-31 Fabiano Fidêncio build: workaround broken SASL header (again) Compilation for xdg-app failed due to a buggy SASL headers present on the used runtime (org.gnome.Sdk 3.18). In file included from rpc/virnetsaslcontext.h:24:0, from rpc/virnetsaslcontext.c:25: /usr/include/sasl/sasl.h:230:38: error: unknown type name 'size_t' typedef void *sasl_realloc_t(void *, size_t); ^ /usr/include/sasl/sasl.h:235:5: error: unknown type name 'sasl_realloc_t' sasl_realloc_t *, Use the same workaround as commit 1be3dfd did. 2016-03-31 Michal Privoznik qemuProcessVerifyGuestCPU: Avoid coverity false positive We use _LAST items in enums to mark the last position in given enum. Now, if and enum is passed to switch(), compiler checks that all the values from enum occur in 'case' enumeration. Including _LAST. But coverity spots it's a dead code. And it really is. So to resolve this, we tend to put a comment just above 'case ..._LAST' notifying coverity that we know this is a dead code but we want to have it that way. virPerfReadEvent: Prefer saferead over read Do I really need to explain why? Well, if read() is interrupted int the middle of reading, we will never read the rest (even though it's highly unlikely as we are reading just 8 bytes). 2016-03-31 Andrea Bolognani docs: Make most headers a bit smaller Headers are bold already, so the font doesn't need to be that big to draw attention. docs: Use bold text for all headers All headers except for

were already bold: make it bold as well to increase visual consistency. docs: Don't use bold text for menu entries The menu should not take the focus away from the actual contents. docs: Make menu entries smaller The menu should not take the focus away from the actual contents. docs: Don't use in headers There's only one instance of that happening, and it looks kinda off. Get rid of it, along with the corresponding CSS rules. docs: Remove empty CSS rule docs: Adjust vertical whitespace in CSS Ensure all CSS rules are separated with a single blank line. 2016-03-31 Martin Kletzander remote: Add flags to remote_protocol-structs Caused by 3b6c8185328f. 2016-03-31 Michal Privoznik virDomain{Get,Set}PerfEvents: Grab job Even though we have the machine locked throughout whole APIs we are querying/modifying domain internal state. We should grab a job whilst doing that. virDomain{Get,Set}PerfEvents: support --config --live --current Now that we have @flags we can support changing perf events just in active or inactive configuration regardless of the other. Previously, calling virDomainSetPerfEvents set events in both active and inactive configuration at once. Even though we allow users to set perf events that are to be enabled once domain is started up. The virDomainGetPerfEvents API was flawed too. It returned just runtime info. virsh: Make perf accept event list separated by commas Everywhere else we use a comma separated list. There's no good reason to make 'perf' command an exception. Currently, it accepts string list separated by '|'. virsh: Prefer VIRSH_COMMON_OPT_DOMAIN_FULL over full enumeration We have a macro that does exactly what is done via full enumeration. virDomain{Get,Set}PerfEvents: Add @flags argument I've noticed that these APIs are missing @flags argument. Even though we don't have a use for them, it's our policy that every new API must have @flags. remoteDomainGetPerfEvents: Re-indent There are few lines off the indentation. 2016-03-30 Peter Krempa qemu: command: Split up formatting of -numa and memory devices They recently were extracted to a separate function. They don't belong together though. Since -numa formatting is pretty compact, move it to the main function and rename qemuBuildNumaCommandLine to qemuBuildMemoryDeviceCommandLine. 2016-03-30 Peter Krempa qemu: command: Pass numad nodeset when formatting memory devices at boot When starting up a VM libvirtd asks numad to place the VM in case of automatic nodeset. The nodeset would not be passed to the memory device formatter and the user would get an error. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1269715 2016-03-30 Pavel Hrdina qemu_process: add check for hyperv features Commit 7068b56c introduced several hyperv features. Not all hyperv features are supported by old enough kernels and we shouldn't allow to start a guest if kernel doesn't support any of the hyperv feature. There is one exception, for backward compatibility we cannot error out if one of the RELAXED, VAPIC or SPINLOCKS isn't supported, for the same reason we ignore invtsc, to not break restoring saved domains with older libvirt. 2016-03-30 Pavel Hrdina qemu_process: skip only cpu features This check is there to allow restore saved domain with older libvirt where we included invtsc by default for host-passthrough model. Don't skip the whole function, but only the part that checks for invtsc. docs: fix qemu version for hyperv features 2016-03-30 Andrea Bolognani host-validate: Fix suggestion for missing cpu cgroup If the cpu cgroup is not found when validating an host for LXC support, virt-host-validate will suggest to enable the CONFIG_CGROUP_SCHED kconfig option. The appropriate option is really CONFIG_CGROUP_CPU. The QEMU checks already get that right, so no changes needed. 2016-03-30 Roman Bogorodskiy nss: FreeBSD support * tools/nss/libvirt_nss.[ch]: add BSD-comptabile wrappers and register via the nss_module_register() interface * m4/virt-nss.m4: add checks if we're building NSS for FreeBSD * tools/Makefile.am: handle target library name differences, as Linux needs libnss_libvirt.so.2 and FreeBSD needs nss_libvirt.so.1. Also, different syms files have to be used as Linux needs to export all the methods while FreeBSD only needs to have nss_module_register() * tests/nsstest.c, tests/nssmock.c: s/__linux__/NSS/ * tests/nssmock.c: pass int instead of mode_t to va_arg() to please gcc 4.8 * libvirt_nss_bsd.syms: FreeBSD syms file 2016-03-30 Jim Fehlig libxl: only disable domain death events in libxlDomainCleanup Remove disabling domain death events from libxlDomainStart error path. The domain death event is already disabled in libxlDomainCleanup. 2016-03-30 Chunyan Liu libxl: fix resource leaks in libxlDomainStart error paths libxlDomainStart allocates and reserves resources that were not being released in error paths. libxlDomainCleanup already handles the job of releasing resources, and libxlDomainStart should call it when encountering a failure. Change the error handling logic to call libxlDomainCleanup on failure. This includes acquiring the lease sooner and allowing it to be released in libxlDomainCleanup on failure, similar to the way other resources are reclaimed. With the lease now released in libxlDomainCleanup, the release_dom label can be renamed to cleanup_dom to better reflect its changed semantics. 2016-03-30 Jim Fehlig libxl: rename cleanup_dom label Rename cleanup_dom label to destroy_dom, which better describes what it does. 2016-03-30 Peter Krempa conf: Remove now unused virDomainIOThreadIDMap 2016-03-30 Peter Krempa conf: decrease iterations complexity when formatting iothreads Create a bitmap of iothreads that have scheduler info set so that the transformation algorithm does not have to iterate the empty bitmap many times. By reusing self-expanding bitmaps the bitmap size does not need to be pre-calculated. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1264008 2016-03-30 Peter Krempa util: bitmap: Introduce self-expanding bitmap APIs In some cases it's impractical to use the regular APIs as the bitmap size needs to be pre-declared. These new APIs allow to use bitmaps that self expand. The new code adds a property to the bitmap to track the allocation of memory so that VIR_RESIZE_N can be used. 2016-03-30 Roman Bogorodskiy perf: fix build on non-Linux * Sync stubbed functions with prototypes * Add missing ATTRIBUTE_UNUSED where needed Pushing under the build breaker rule. 2016-03-29 Jiri Denemark qemu: Fix /proc/**/stat parsing Since commit v1.3.2-119-g1e34a8f which enabled debug-threads in QEMU qemuGetProcessInfo would fail to parse stats for any thread with a space in its name. https://bugzilla.redhat.com/show_bug.cgi?id=1316803 2016-03-29 Peter Krempa virsh: blockpull: Support --bytes and scaled integers Use vshBlockJobOptionBandwidth to parse the bandwidth value which will allow users to specify bandwidth in bytes or as a scaled integer. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1288000 2016-03-29 Peter Krempa virsh: blockcopy: Support --bytes and scaled integers Use vshBlockJobOptionBandwidth to parse the bandwidth value which will allow users to specify bandwidth in bytes or as a scaled integer. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1288000 2016-03-29 Peter Krempa virsh: blockcommit: Support --bytes and scaled integers Use vshBlockJobOptionBandwidth to parse the bandwidth value which will allow users to specify bandwidth in bytes or as a scaled integer. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1288000 2016-03-29 Peter Krempa virsh: blockjob: Support --bytes and scaled integers as bandwidth Use vshBlockJobOptionBandwidth to parse the bandwidth value which will allow users to specify bandwidth in bytes or as a scaled integer. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1288000 2016-03-29 Peter Krempa vsh: Introduce helper to parse --bandwidth Historically we've used 'unsigned long' and allowed wrapping of negative numbers for bandwidth values. Add a helper that will simplify adding support for scaled integers and support for byte granularity while keeping the compatibility with the older approach. vsh: Refactor vshCommandOptScaledInt Fix control flow and spacing issues. 2016-03-29 Peter Krempa vsh: Tweak error message for scaled integers It was too similar to the non-scaled alternative. before: error: Numeric value 'abc' for option is malformed or out of range after: error: Scaled numeric value 'abc' for option is malformed or out of range 2016-03-29 Peter Krempa qemu: domain: Move and export qemuDomainDiskChainElement(Prepare|Revoke) Move the function to qemu_domain.c and export them for further use. qemu: Refactor qemuDomainPrepareDiskChainElement Now that there are only two elements in the enum, let's change it to a bool and rename the function similarly to the one added in previous commit. qemu: Split image access revoking from qemuDomainPrepareDiskChainElement Introduce qemuDomainDiskChainElementRevoke that revokes the access rather than having a flag to do so. qemu: Kill qemuDiskPathToAlias The function has terrible semantics. Split it into two functions. 2016-03-29 Peter Krempa qemu: monitor: Remove JSON impls of drive_add and drive_del qemu won't ever add those functions directly to QMP. They will be replaced with 'blockdev-add' and 'blockdev-del' eventually. At this time there's no need to keep the stubs around. Additionally the drive_del stub in JSON contained dead code in the attempt to report errors. (VIR_ERR_OPERATION_UNSUPPORTED was never reported). Since the text impl does have the same message it is reported anyways. 2016-03-29 Peter Krempa qemu: monitor: Drop qemuMonitorAttachDrive and leaves in call tree Functions no longer required for attaching SCSI disks since QEMU_CAPS_DEVICE is expected. qemu: hotplug: Assume support for -device in qemuDomainAttachSCSIDisk We've started to assume support for QEMU_CAPS_DEVICE. Doing so in the SCSI disk hotplug code allows us to drop a lot of ugly legacy code. 2016-03-29 Maxim Nestratov bhyve: fix invalid hostsysinfo freeing bhyve: cleanup unnecessary variables 2016-03-29 Qiaowei Ren virsh: extend domstats command This patch extend domstats command to match extended virDomainListGetStats API in previous patch. Message-id: 1459171833-26416-9-git-send-email-qiaowei.ren@intel.com 2016-03-29 Qiaowei Ren virsh: implement new command to support perf This patch add new perf command to enable/disable perf event for a guest domain. Message-id: 1459171833-26416-8-git-send-email-qiaowei.ren@intel.com 2016-03-29 Qiaowei Ren perf: reenable perf events when libvirtd restart When libvirtd daemon restart, this patch will reenable those perf events previously enabled. Message-id: 1459171833-26416-7-git-send-email-qiaowei.ren@intel.com 2016-03-29 Qiaowei Ren perf: add new xml element This patch adds new xml element, and so we can have the option of also having perf events enabled immediately at startup. Message-id: 1459171833-26416-6-git-send-email-qiaowei.ren@intel.com 2016-03-29 Qiaowei Ren qemu_driver: add support to perf event This patch implement the internal driver API for perf event into qemu driver. Message-id: 1459171833-26416-5-git-send-email-qiaowei.ren@intel.com 2016-03-29 Qiaowei Ren perf: implement a set of util functions for perf event This patch implement a set of interfaces for perf event. Based on these interfaces, we can implement internal driver API for perf, and get the results of perf conuter you care about. Message-id: 1459171833-26416-4-git-send-email-qiaowei.ren@intel.com 2016-03-29 Qiaowei Ren perf: implement the remote protocol for perf event Add remote support for perf event. Message-id: 1459171833-26416-3-git-send-email-qiaowei.ren@intel.com 2016-03-29 Qiaowei Ren perf: add new public APIs for perf event API agreed on in https://www.redhat.com/archives/libvir-list/2015-October/msg00872.html * include/libvirt/libvirt-domain.h (virDomainGetPerfEvents, virDomainSetPerfEvents): New declarations. * src/libvirt_public.syms: Export new symbols. * src/driver-hypervisor.h (virDrvDomainGetPerfEvents, virDrvDomainSetPerfEvents): New typedefs. * src/libvirt-domain.c: Implement virDomainGetPerfEvents and virDomainSetPerfEvents. Message-id: 1459171833-26416-2-git-send-email-qiaowei.ren@intel.com 2016-03-29 Michal Privoznik docs: Document NSS module While we have a wiki page describing the feature [1] since the feature is distributed in our .tar.gz we ought to document it. So I went ahead, copied the wiki page and reformatted so it fits our docs coding style. 1: http://wiki.libvirt.org/page/NSS_module 2016-03-29 Nitesh Konkar storage: Initialize pool size parameters for refresh thread If the pool creation thread happens to detect the luns in the scsi target, the size parameters will be calculated as part of the refreshPool called from storagePoolCreate(). This means the virStoragePoolFCRefreshThread (commit id '512b874') waiting to run and "refresh" the pool will essentially double the allocation and capacity values. A separate refresh would correct the values. To avoid this, the FCRefreshThread needs to reinitialize the pool size values prior to calling virStorageBackendSCSIFindLUs which eventually calls virStorageBackendSCSINewLun and updates the size values for each volume found. 2016-03-29 Peter Krempa storage: rbd: Fix build After the recent commits the build didn't work for me. Fix it by using size_t as the callback argument is using and the correct formatter. The attempted fixup to use %llu as a formatter was wrong. 2016-03-29 Jim Fehlig libxl: remove reference to non-existent out label Commit e6336442 changed the 'out:' label to 'cleanup' in libxlDomainAttachNetDevice(), but missed a comment referencing the 'out:' label. Remove it from the comment since it is no longer accurate anyhow. 2016-03-29 Cole Robinson tests: virtnettlscontexttest: Use virGetLastErrorMessage() Use virGetLastErrorMessage() rather than open code it docs: website: more header spacing tweaks - remove top padding for h1. this means page titles sit flush with the top of the side bar (like 'The virtualization API' on the front page) - up the top padding for the remaining sections. makes it visually easier to tell adjacent header sections apart, especially in dense wiki pages - use two different spacing levels for h2-h4 and h5-h6, gives pages some more visual flexibility - use a slightly lower bottom padding... this makes top padding stick out more which makes it visually easier to differentiate between adjacent header sections 2016-03-29 John Ferlan docs: Update the hyperv feature qemu supported version In order to follow recent comments which indicate support for specific feature bits are supported by a specific QEMU version add the version from whence the relaxed, vapic, and spinlocks support was added. 2016-03-29 Maxim Nestratov conf: qemu: Add support for more HyperV Enlightenment features This patch adds support for "vpindex", "runtime", "synic", "stimer", and "vendor_id" features available in qemu 2.5+. - When Hyper-V "vpindex" is on, guest can use MSR HV_X64_MSR_VP_INDEX to get virtual processor ID. - Hyper-V "runtime" enlightement feature allows to use MSR HV_X64_MSR_VP_RUNTIME to get the time the virtual processor consumes running guest code, as well as the time the hypervisor spends running code on behalf of that guest. - Hyper-V "synic" stands for Synthetic Interrupt Controller, which is lapic extension controlled via MSRs. - Hyper-V "stimer" switches on Hyper-V SynIC timers MSR's support. Guest can setup and use fired by host events (SynIC interrupt and appropriate timer expiration message) as guest clock events - Hyper-V "reset" allows guest to reset VM. - Hyper-V "vendor_id" exposes hypervisor vendor id to guest. 2016-03-29 Nikolay Shirokovskiy conf: refactor hyperv features xml output 1. All hyperv features are tristate ones. So make tristate generating part common. 2. Reduce nesting on spinlocks. conf: refactor hyperv features parsing 1. All hyperv features are tristate ones. So make tristate parsing code common. 2. Reindent switch statement. 3. Reduce nesting in spinlocks parsing. 2016-03-29 Laine Stump util: avoid getting stuck on macvtapN name created outside libvirt After the patches that added tracking of in-use macvtap names (commit 370608, first appearing in libvirt-1.3.2), if the function to allocate a new macvtap device came to a device name created outside libvirt, it would retry the same device name MACVLAN_MAX_ID (8191) times before finally giving up in failure. The problem was that virBitmapNextClearBit was always being called with "0" rather than the value most recently checked (which would increment each time through the loop), so it would always return the same id (since we dutifully release that id after failing to create a new device using it). Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1321546 2016-03-29 Chunyan Liu libxl: fix hot add/remove VF from a pool For those VF allocated from a network pool, we need to set its backend to be VIR_DOMAIN_HOSTDEV_PCI_BACKEND_XEN so that later work can be correct. 2016-03-29 Anatole Denis tests: storagepoolxml2xmltest: Enable pool-rbd This test was commited 4 years ago, but was never enabled in storagepoolxml2xmltest.c. This patch reactivates it, conditionnaly on RBD storage support being enabled tests: storagepoolxml2xmltest: Fix pool-rbd test This test failed for two reasons: * The uuid was missing from the input file * The output file had the in a different place from the actual output 2016-03-27 Roman Bogorodskiy Revert "zfs: Only raw volumes are supported" This reverts commit bb5f2dc91f43f48ff726aa589bdac546738d2980. The "if (vol->target.format != VIR_STORAGE_FILE_RAW)" check in the createVol backend. This check is bogus because virStorageVolDefParseXML() in conf/storage_conf.c sets target.format only if volOptions in virStoragePoolTypeInfo has formatFromString set, and that's not the case the zfs backend. So the check always fails and breaks volume creation. 2016-03-27 Roman Bogorodskiy Revert "logical: Only raw volumes are supported" This reverts commit 6682d6219d4595b51f06867e0c30e7efd745f682. The "if (vol->target.format != VIR_STORAGE_FILE_RAW)" check in the createVol backend. This check is bogus because virStorageVolDefParseXML() in conf/storage_conf.c sets target.format only if volOptions in virStoragePoolTypeInfo has formatFromString set, and that's not the case the logical backend. So the check always fails and breaks volume creation. 2016-03-26 Chunyan Liu libxlDomainDetachDeviceLive: handle hostdev parent is network device When hostdev parent is network device, should call libxlDomainDetachNetDevice to detach the device from a higher level. libxlDomainDetachNetDevice: cleanup codes Adjust codes to make it cleaner. libxlDomainAttachNetDevice: release actual deivce and remove hostdev when fail When AttachNetDevice failed, should call networkReleaseActualDevice to release actual device, and if actual device is hostdev, should remove the hostdev from vm->def->hostdevs. 2016-03-26 Laine Stump network: call proper start/stop functions for macvtap bridge-mode networks networkStartNetwork() and networkShutdownNetwork() were calling the wrong type-specific function in the case of networks that were configured for macvtap ("direct") bridge mode - they were instead calling the functions for a tap+bridge network. Currently none of these functions does anything (they just return 0) so it hasn't created any problems, but that could change in the future. 2016-03-26 Laine Stump network: differentiate macvtap/bridge from host-bridge based networks Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1316465 An attempt to simplify the code for the VIR_NETWORK_FORWARD_BRIDGE case of networkUpdateState in commit b61db335 (first in release 1.2.14) resulted in networks based on macvtap bridge mode being erroneously marked as inactive any time libvirtd was restarted. The problem is that the original code had differentiated between a network using tap devices to connect to an existing host-bridge device (forward mode of VIR_NETWORK_FORWARD_BRIDGE and a non-NULL def->bridge), and one using macvtap bridge mode to connect to any ethernet device (still forward mode VIR_NETWORK_FORWARD_BRIDGE, but null def->bridge), but the changed code assumed that all networks with VIR_NETWORK_FORWARD_BRIDGE were tap + host-bridge networks, so a null def->bridge was interpreted as "inactive". This patch restores the original code in networkUpdateState 2016-03-25 Christophe Fergeau test: Fix typo in testutils.h header guard This changes __VIT_TEST_UTILS_H__ to __VIR_TEST_UTILS_H__ storage/rbd: Use correct printf-modifier for uint64 %zu is for size_t variables, not uint64 ones. This causes a warning when building on a 32 bit linux. 2016-03-25 Michal Privoznik virTestSetEnvPath: Avoid clearing out PATH If the abs_builddir path already is in PATH and it's in the first position, due to a bug in our code PATH would be cleared out. admin_server: Avoid accessing unallocated memory In 68b726b93c11cc90 we tried to fix a mem leak. However, it wasn't done quite well. Problem is, virNetDaemonGetServers() may fail in which case virObjectListFreeCount() would be called with -1 objects to free. But the number of elements is taken in unsigned rather than signed integer. 2016-03-25 Jovanka Gulicoska qemu: Replace some VIR_ERROR with vir*Error qemuStateInitialize uses a mix of VIR_ERROR and standard vir*Error calls. Prefer the standard vir*Error qemu: Don't duplicate virGetLastErrorMessage These uses of virGetLastError message are just duplicating virGetLastErrorMessage. 2016-03-25 Michal Privoznik testutils: Adapt to highly unlikely case Coverity pointed out that getenv("PATH") may return NULL. Well, we check for that in virFindFileInPath() too. If this happens, we will pass NULL into strstr(). Ouch. nsstest: Drop useless @data check The variable is dereferenced prior its check for NULL. The check itself does not make much sense anyway - it's our test, we know we are not passing NULL. 2016-03-24 Erik Skultety virlog: Refactor virLogParseFilters Patch 0b231195 refactored logging output parser to make it more readable. This patch does similar thing to logging filter parser. tests: Add new testcases to test parsing of log filters in virlogtest tests: virlogtest: Fix testLogParseOutputs return value The test can return positive value even though it should have failed. It just returns the value parser returned, which should be flipped back to -1 if something went wrong or the result was unexpected, but it isn't. 2016-03-24 Pavel Hrdina admin_server: fix memory leak If caller of adminConnectListServers() pass NULL instead of servers we need to free the list we've received from virNetDaemonGetServers(). 2016-03-24 Michal Privoznik gendispatch: Avoid comparing signed and unsigned vars The adminDispatchConnectListServers() function is generated by our great perl script. However, it has a tiny flaw: if adminConnectListServers() it calls fails, the control jumps onto cleanup label where we try to free any list of servers built so far. However, in the loop @i is unsigned (size_t) while @nresults is signed (int). Currently, it does no harm because of the check for @result being non-NULL. But if that ever changes in the future, this bug will be hard to chase. event-test: Check for virConnectRegisterCloseCallback return value In an unlikely event of virConnectRegisterCloseCallback failing, the error is ignored. This is an example file and we shouldn't get a bad example. event-test: Use goto cleanup instead of if else jungle Like in the rest of our code we tend to prefer 'goto' and 'cleanup' over 'if else' code structure. Do the same here. qemuxml2argvtest: Adapt to ethernet automatic tap creation After 9c17d665fdc5 the tap device for ethernet network type is automatically precreated before spawning qemu. Problem is, the qemuxml2argvtest wasn't updated and thus is failing. Because of all the APIs that new code is calling, I had to mock a lot. Also, since the tap FDs are labeled separately from the rest of the devices/files I had to enable NOP security driver for the test too. 2016-03-24 Cole Robinson remote: Fix error message We were printing the wrong MAX value 2016-03-23 Michal Privoznik qemuxml2argv: Mock virSCSIDeviceGetSgName When constructing SCSI hostdev command line for qemu, the /sys/bus/scsi/devices/... dir is scanned. Unfortunately, even in the tests. This is needed to determine the name of SCSI device to passthrough to qemu, because in the domain XML we were given its address instead. Anyway, we should not be touching live system data in our test suite as it produced unpredictable results. The test is regressing from 1e9a083742efe on. 2016-03-23 Vasiliy Tolstov autocreate tap device for ethernet network type If a user specify network type ethernet, then create it via libvirt and run script if it provided. After this commit user does not need to run external script to create tap device or add root permissions to qemu process. 2016-03-23 Andrea Bolognani tests: hostdev: Add more tests Ensure the code behaves properly even for situations that were not being considered before, such as simply detaching devices from the host without attaching them to a guest and attaching devices as managed even though they had already been manually detached from the host. 2016-03-23 Andrea Bolognani hostdev: Use actual device when reattaching Instead of forcing the values for the unbind_from_stub, remove_slot and reprobe properties, look up the actual device and use that when calling virPCIDeviceReattach(). This ensures the device is restored to its original state after reattach: for example, if it was not bound to any driver before detach, it will not be bound forcefully during reattach. 2016-03-23 Andrea Bolognani hostdev: Save netdev configuration of actual device We would be just fine looking up the information in pcidevs most of the time; however, some corner cases would not be handled properly, so look up the actual device instead. 2016-03-23 Andrea Bolognani hostdev: Streamline device ownership tracking After this patch, ownership of virPCIDevice instances is very easy to keep track of: for each host PCI device, the only instance that actually matters is the one inside one of the bookkeeping list. Whenever some operation needs to be performed on a PCI device, the actual device is looked up first; when this is not the case, a comment explains the reason. 2016-03-23 Andrea Bolognani hostdev: Stop early if unmanaged devices have not been detached Unmanaged devices, as the name suggests, are not detached automatically from the host by libvirt before being attached to a guest: it's the user's responsability to detach them manually beforehand. If that preliminary step has not been performed, the attach operation can't complete successfully. Instead of relying on the lower layers to error out with cryptic messages such as error: Failed to attach device from /tmp/hostdev.xml error: Path '/dev/vfio/12' is not accessible: No such file or directory prevent the situation altogether and provide the user with a more useful error message. 2016-03-23 Andrea Bolognani hostdev: Detect untracked inactive devices Unmanaged devices are attached to guests in two steps: first, the device is detached from the host and marked as inactive; subsequently, it is marked as active and attached to the guest. If the daemon is restarted between these two operations, we lose track of the inactive device. Steps 5 and 6 of virHostdevPreparePCIDevices() already subtly take care of this situation, but some planned changes will make it so that's no longer the case. Plus, explicit is always better than implicit. 2016-03-22 Pavel Hrdina qemuxml2argvtest: cleanup test Use qemuProcessCreatePretendCmd instead duplicating required steps from qemuProcessStart. qemuxml2argvtest: use driver.config and priv for qemuDomainSetPrivatePaths Update testutilsqemu to overwrite libDir and channelTargetDir and set private paths using domain's privateData. This changes is required for following patch. qemu_driver: cleanup qemuConnectDomainXMLToNative Use qemuProcessCreatePretendCmd instead duplicating required steps from qemuProcessStart. 2016-03-22 Pavel Hrdina qemu_process: introduce qemuProcessCreatePretendCmd This will skip few steps from qemuProcessStart in order to create only qemu CMD. Use a VIR_QEMU_PROCESS_START_PRETEND for all the qemuProcess* functions called by this one to not modify or check host. This new function will be used later on for XMLToNative API and also for qemuxml2argvtest to make sure that both API and test uses the same code as qemuProcessStart. We need also update qemuProcessInit to wrap few lines of code with check that VIR_QEMU_PROCESS_START_PRETEND that makes sense only for qemuProcessStart. 2016-03-22 Pavel Hrdina qemu_process: move qemuDomainSetPrivatePaths to qemuProcessInit qemu_process: move checks to qemuProcessStartValidate Move all code that checks host and domain. Do not check host if we use VIR_QEMU_PROCESS_START_PRETEND flag. qemu: update callers of qemuProcessStartValidate to use virDomainObjPtr This change is required by following patches. qemu_process: introduce qemuProcessPrepareHost Move all code that modifies host system to this function. qemu_process: introduce qemuProcessPrepareDomain Move all code that modifies only live XML to this function. The new VIR_QEMU_PROCESS_START_PRETEND flag will be used by qemuXMLToNative and qemuxml2argvtest later in order to reuse the same code as qemuProcessStart uses. tests: cleanup qemuxml2argvtest This removes the testFailed magic and makes the code more readable. nvram: generate it's path in qemuDomainDefPostParse The postParse callback is the correct place to generate default values that should be present in offline XML. qemu_process: check for correct return value while starting domain Function qemuProcessLaunch returns '-2' in case there was an error and we need to cleanup labels. 2016-03-22 Pavel Hrdina qemu-hotplug: fix eject media QEMU changed the error message to: "Tray of device 'drive-sata0-0-1' is not open" and they may change the error massage in the future. This updates the code to not depend on the text from the error message but only on error itself. 2016-03-22 Martin Kletzander nss: Make aligning look nicer Every aligning requires at least one cast and it's hard to read. Let's make a function that makes sure the pointer is moved according to the alignment and use that to move throughout the data buffer. 2016-03-22 Michal Privoznik tests: Produce predictable results in nsstest Problem is that in the test any status file matching tests/nssdata/*.status is loaded as it contains IP addresses that are parsed. However, there's no order specified in which the files are loaded. Therefore on different systems the order may be different. This is then producing an unexpected results. Instead of defining an order in which the files are loaded, make the code that checks for missing IP addresses (or redundant ones) cope with unordered list of addresses. The reasoning behind is that the code doing the parsing is used in real NSS module where we don't care for ordering. 2016-03-22 Bjoern Walk tests: nodedevxml2xml: add test for SCSI target Let's add a test for SCSI target nodedev devices. 2016-03-22 Bjoern Walk conf: node_device: fix up SCSI target When reading in an XML definition for a SCSI target device, the name property of struct scsi_target refers to the @target element. Let's fix this obvious typo and also extend the XML schema to provide validation. 2016-03-21 Jim Fehlig libxl: support enabling and disabling feature Until now, the libxl driver ignored any setting in domain XML and deferred to libxl, which enables hap if not specified. While this is a good default, it prevents disabling hap if desired. This change allows disabling hap with . hap is explicitly enabled with or xml converter to behave similarly. I.e. only produce 'hap = 0' when and vice versa. 2016-03-21 Jim Fehlig conf: add 'state' attribute to feature Most hypervisors use Hardware Assisted Paging by default and don't require specifying the feature in domain conf. But some hypervisors support disabling HAP on a per-domain basis. To enable HAP by default yet provide a knob to disable it, extend the feature with a 'state=on|off' attribute, similar to and features. In the absence of , the hypervisor default (on) is used. without the state attribute would be the same as for backwards compatibility. And of course disables hap. 2016-03-21 Jiri Denemark qemu: Add flags to qemuMigrationWaitForCompletion The function already takes two bool arguments, switching to flags makes it a lot easier to read. Especially in case we need to add another boolean in the future. qemu: Refuse to abort migration in post-copy mode In post-copy mode none of the hosts has a complete guest state and rolling back migration is impossible. Thus aborting it would be equivalent to destroying the domain. qemu: Handle post-copy migration failures When migration fails in the post-copy mode, it's impossible to just kill the destination domain and resume the source since the source no longer contains current guest state. Let's mark domains on both sides as VIR_DOMAIN_PAUSED_POSTCOPY_FAILED to let the upper layer decide what to do with them. qemu: Refactor qemuProcessRecoverMigration qemu: Don't kill running migrated domain on daemon restart When destination libvirtd is restarted during migration in Finish phase just after the point we started guest CPUs, we should not kill the domain. 2016-03-21 Cristian Klein virsh: Add --postcopy-after-precopy option to migrate 2016-03-21 Jiri Denemark virsh: Configurable migrate --timeout action 2016-03-21 Cristian Klein virsh: Add support for post-copy migration qemu: Implement virDomainMigrateStartPostCopy qemu: Add support for VIR_MIGRATE_POSTCOPY flag qemu: Add QMP functions for post-copy migration 2016-03-21 Jiri Denemark qemu: Handle postcopy-active migration state Migration enters "postcopy-active" state after QEMU switches to post-copy and pauses guest CPUs. From libvirt's point of view this state is similar to "completed" because we need to transfer guest execution to the destination host. 2016-03-21 Cristian Klein Add public APIs for post-copy migration To use post-copy one has to start the migration with VIR_MIGRATE_POSTCOPY flag and, while migration is in progress, call virDomainMigrateStartPostCopy() to switch from pre-copy to post-copy. 2016-03-21 Jiri Denemark Add event and state details for post-copy VIR_DOMAIN_EVENT_SUSPENDED_POSTCOPY and VIR_DOMAIN_PAUSED_POSTCOPY are used on the source host once migration enters post-copy mode (which means the domain gets paused on the source. After the destination host takes over the execution of the domain, its virtual CPUs are resumed and the domain enters VIR_DOMAIN_RUNNING_POSTCOPY state and VIR_DOMAIN_EVENT_RESUMED_POSTCOPY event is emitted. In case migration fails during post-copy mode and none of the hosts have complete state of the domain, both domains will remain paused with VIR_DOMAIN_PAUSED_POSTCOPY_FAILED reason and an upper layer may decide what to do. 2016-03-21 Martin Kletzander util: Add virSocketAddrSetIPv[46]AddrNetOrder and use it This allows setting the address in host and/or network order and makes the naming consistent. Now you don't need to call [hn]to[nh]l() functions as that is taken care of by these functions. Also, now the *NetOrder take the address in network order, the other functions in host order so the naming and usage is consistent. Some places were having the address in network order and calling ntohl() just so the original function can call htonl() again. This makes it nicer to read. 2016-03-21 Christophe Fergeau qemu: Don't add -spice port=0 when no port is specified If a has no port nor tlsPort set, the generated QEMU command line will contain -spice port=0. This is later going to be ignored by spice-server, but it's better not to add it at all in this situation. As an empty -spice is not allowed, we still need to append port=0 if we did not add any other argument. qemu: Omit SPICE address if no port is specified Currently -spice addr=127.0.0.1 is generated, but spice-server is going to ignore this as no port is specified. 2016-03-21 Christophe Fergeau qemu: Make all SPICE command-line args optional The end goal is to avoid adding -spice port=0,addr=127.0.0.1 to QEMU command line when no SPICE port is specified in libvirt XML. Currently, the code relies on port=xx to always be present, so subsequent args can be unconditionally appended with a leading ','. Since port=0 will no longer be added in a subsequent commit, we append a ',' to every arg instead of prepending, and remove the last one before adding it to the arg list. 2016-03-21 Richard Laager zfs: Only unencrypted volumes are supported zfs: Only raw volumes are supported logical: Only raw volumes are supported storage: Improve code consistency between backends This improves the code consistency around freeing vol->target.path in createVol implementations. sheepdog: Use a consistent error message This also reduces the number of strings to translate. rbd: Use proper error type 2016-03-21 Cole Robinson domain: Add virDomainDefAddImplicitDevices It's just a combination of AddImplicitControllers, and AddConsoleCompat. Every caller that wants ImplicitControllers also wants the ConsoleCompat AFAICT, so lump them together. We also need it for future patches. 2016-03-20 Roman Bogorodskiy nss: don't try to build nss plugin when disabled Even if nss is disabled, the build system tries to build some targets like libnss_libvirt_impl.la and nsstest. Hide those under the "if WITH_NSS" block like the rest of NSS plugin bits. 2016-03-19 Cole Robinson bhyve: caps: Log error message when CPU init fails virBhyveCapsInitCPU will raise a libvirt error; even though we treat it as non-fatal we should log the actual message. 2016-03-19 Cole Robinson domain: Remove controller/net address whitelists Judging by how the whitelist has skewed quite far from the original error message, I think it's better to just drop these. If someone wants to revive this check I suggest implementing it on a per-HV driver basis with PostParse callbacks. 2016-03-19 Martin Kletzander nodedev: Expose PCI header type If we expose this information, which is one byte in every PCI config file, we let all mgmt apps know whether the device itself is an endpoint or not so it's easier for them to decide whether such device can be passed through into a VM (endpoint) or not (*-bridge). Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1317531 2016-03-19 Martin Kletzander nodedev: Indent PCI express for future fix Best viewed with '-w' as this is just an adjustment for future patch to be readable without that. 2016-03-19 Michal Privoznik tests: Introduce nsslinktest The only purpose of this test is to catch possible linking problems with libnss_libvirt.so.2. One of the problems I faced was that the NSS plugin was unloaded immediately after it got loaded and the name resolution process continued with next configured option. Without any error. It was very hard to debug why until I created this simple test and found out immediately that there were some symbols missing. The reason why problem was not caught in nsstest is that in the test we want to use all the fancy stuff and therefore link it with libvirt.la. So even if there's a symbol missing in the NSS plugin it will be found in the libvirt.la. But even after I resolved the issue we still need this test because files the NSS plugin is built from are still live (mostly those under utils/ dir). So as they change new symbol might be required which would render the NSS plugin unusable. nss: Introduce a test A small test to see how is the nss module working. Implement _nss_libvirt_gethostbyname4_r This function is a different beast compared to previous ones. But yet again, nothing surprising is happening here. nss: Implement _nss_libvirt_gethostbyname3_r The implementation is pretty straightforward. Moreover, because of the nature of things, gethostbyname_r and gethostbyname2_r can be implemented at the same time too. libvirt.spec.in: Introduce libvirt-nss package Lets put the NSS module into its own package. Initial support for NSS plugin skeleton Name Service Switch is a glibc feature responsible for many things. Translating domain names into IP addresses and vice versa is just one of them. However, currently it's the only functionality that this commit is tickling. Well, in this commit the plugin skeleton is introduced. Implementation to come in next patches. Because of the future testing, where the implementation is to be linked with a test, this needs to go into static library. Linking a program with an .so statically is not portable. Therefore a dummy libnss_libvirt_impl library is being introduced too. virsocketaddr: Introduce virSocketAddrSetIPv6Addr This is a missing counterpart for virSocketAddrSetIPv4Addr() and is going to be needed later in the tests. virLeaseReadCustomLeaseFile: Allow server_duid to be NULL This function is going to be used later in such context where the argument makes no sense. Teach this function to cope with that instead of the caller having to deal with passing some dummy argument. Export virLease* functions for leases file handling These functions are going to be reused very shortly. So instead of duplicating the code, lets move them into utils module. 2016-03-18 Jim Fehlig tests: add schema test for default cache mode None of the existing domXML configs under tests/* specify a default cache mode since default generally means "use the hypervisor default" and is left unset by the various hypervisor drivers. Add a config to tests/domainschemadata that specifies cache='default'. tests: add xlconfigdata to domainschematests Include the XML files under tests/xlconfigdata in the domain schema tests 2016-03-18 John Ferlan conf: Format disk pool part_separator attribute for running pool Commit id '4f846170' added printing of a new field 'part_separator'; however, neglected to do so when there was an "freeExtent" defined for the device (as there would be when the disk pool was started). This patch adjusts the logic to appropriately format the device path and if there the part_separator attribute. 2016-03-18 John Ferlan qemu: Move last error save/restore to qemuBuildNetCommandLine Commit 'ef2ab8fd' moved just the virDomainConfNWFilterTeardown and left the logic to save/restore the current error essentially doing nothing in the error path for qemuBuildCommandLine. So move it to where it was meant to be. Although the original code would reset the filter on command creation errors after building the network command portion and commit 'ef2ab8fd' altered that logic, the teardown is called during qemuProcessStop from virDomainConfVMNWFilterTeardown and that code has the save/restore last error logic, so just allow that code to handle the teardown rather than running it twice. The qemuProcessStop would be called in the failure path of qemuBuildCommandLine. 2016-03-18 Michal Privoznik tests: Set PATH in each test Currently we spawn couple of binaries in our test suite. Moreover, we provide some spoofed versions of system binaries hoping that those will be executed instead of the system ones. For instance, for testing SSH socket we have written our own ssh binary for producing predictable results. We certainly don't want to execute the system ssh binary. However, in order to prefer our binaries over system ones, we need to set PATH environment variable. But this is done only at the Makefile level. So if anybody runs a test by hand that expects our spoofed binary, the test ends up executing real system binaries. This is not good. In fact, it's terribly wrong. The fix lies in a small trick - putting our build directory at the beginning of the PATH environment variable in each test. Hopefully, since every test has this VIRT_TEST_MAIN* wrapper, we can fix this at a single place. Moreover, while this removes setting PATH for our tests written in bash, it's safe as we are not calling anything ours that would require PATH change there. Drop paths.h include We include the file in plenty of places. This is mostly due to historical reasons. The only place that needs something from the header file is storage_backend_fs which opens _PATH_MOUNTED. But it gets the file included indirectly via mntent.h. At no other place in our code we need _PATH_.*. Drop the include and configure check then. 2016-03-18 Jovanka Gulicoska driver: log missing modules as INFO, not WARN Missing modules is a common expected scenario for most libvirt usage on RPM distributions like Fedora, so it doesn't really warrant logging at WARN level. Use INFO instead https://bugzilla.redhat.com/show_bug.cgi?id=1274849 2016-03-18 Martin Kletzander admin: Add virAdmConnectLookupServer It does not have a suffix ByName because there are no other means of looking up the server and since the name is known, this should be the preferred one. 2016-03-17 Nikolay Shirokovskiy qemu: implement setting target disks migration port Mostly it is just passing new parameter here and there. In case of zero value we fallback to auto selecting port and thus keep backward compatibility. Also we need to fix places of auto selected port managment. We should bother only when auto selected was done that is when externally specified port is not 0. 2016-03-17 Nikolay Shirokovskiy migration: add target peer disks port Some hypervisors (namely qemu) can have a separate connecton for non-shared disks migration of active domains. Currently we have no means to control the port of such a connection. At the same time we have options to control port of memory migration traffic (thru migration uri) as well as interfaces that target server is bound to for incoming migration (thru VIR_MIGRATE_PARAM_LISTEN_ADDRESS). Let's add the option for setting disks port too. 2016-03-17 Pavel Hrdina docs: fix libvirt version for vram64 in formatdomain.html.in 2016-03-17 Mikhail Feoktistov vz: code refactoring In prlsdkAddNet() Attach/DetachNet() functions privconn should be the first argument 2016-03-17 Cole Robinson rpc: wait longer for session daemon to start up https://bugzilla.redhat.com/show_bug.cgi?id=1271183 We only wait 0.5 seconds for the session daemon to start up and present its socket, which isn't sufficient for many users. Bump up the sleep interval and retry amount so we wait for a total of 5.0 seconds. 2016-03-17 Erik Skultety virlog: Fix build breaker with "comparison between signed and unsigned" Refactor series 0b231195 worked with virLogDestination type which, depending on the compiler, might be (and probably will be) an unsigned data type. However, virEnumFromString may return -1 in case of an error. So, when enum happens to be unsigned, some compilers will naturally complain about foo: 'if (foo < 0)' 2016-03-17 Mikhail Feoktistov vz: set default SCSI model Each version of virtuozzo supports only one type of SCSI controller So if we add disk on SCSI bus, we should set SCSI controller model. We can take it from vzCapabilities structure. vz: check supported controllers Because Vz6 supports SCSI(BUSLOGIC), IDE and SATA controllers only and Vz7 supports SCSI(VIRTIO_SCSI) and IDE only we add list of supported controllers and scsi models to vzCapabilities structure. When a new connection opens, we select proper capabilities values according to Virtuozzo version and check them in XMLPostParse. vz: report correct disk format in domainGetXMLDesc We should report correct disk format depending on vz version and domain type. Since we support only one disk format for each domain type, we can take it from vzCapabilities structure. 2016-03-17 Maxim Nestratov vz: move prlsdkCheckDiskUnsupportedParams to vz_utils.c As long as we have another function checking disk parameters correctness, let's have them in one place. Here we change prefix of the moved function and start to call it from vzCheckUnsupportedDisks rather than add disk. 2016-03-17 Mikhail Feoktistov vz: check supported disk format and bus Now we check disk parameters correctness in DomainPostParse. 2016-03-17 Mikhail Feoktistov vz: add vzCapabilities to connection structure As far as Virtuozzo6 and Virtuozzo7 support different disk types for virtual machines (ploop and qcow2 respectively) and different buses (vz6: IDE, SCSI, SATA; vz7: IDE SCSI) we add vzCapabilities structure to help undestand which disk formats and buses are supported in the context of a current connection. When a new connection opens, we select proper capabilities in accordance to current Virtuozzo version. 2016-03-17 Mikhail Feoktistov vz: save vz version in connection structure Move code from connectGetVersion callback to vzInitVersion function 2016-03-16 Erik Skultety virlog: Refactor virLogParseOutputs The problem with the original virLogParseOutputs method was that the way it parsed the input, walking the string char by char and using absolute jumps depending on the virLogDestination type, was rather complicated to read. This patch utilizes virStringSplit method twice, first time to filter out any spaces and split the input to individual log outputs and then for each individual output to tokenize it by to the parts according to our PRIORITY:DESTINATION?(:DATA) format. Also, to STREQLEN for matching destination was replaced with virDestinationTypeFromString call. virlog: Introduce Type{To,From}String for virLogDestination In order to refactor the ugly virLogParseOutputs method, this is a neat way of finding out whether the destination type (in the form of a string) user provided is a valid one. As a bonus, if it turns out it is valid, we get the actual enum which will later be passed to any of virLogAddOutput methods right away. tests: Add a new test for logging outputs parser Test for parser's functionality. tests: Slightly tweak virlogtest Patch adds a generic DO_TEST_FULL macro, some PASS/FAIL macros to better visually distinguish tests that should fail and tests that should pass. Also, some cosmetic changes like renames and direct call to fprintf is replaced with our VIR_TEST_DEBUG macro, as using testutils should be our preferred way of reporting errors in tests. 2016-03-16 Martin Kletzander nodedev: Shorten match condition Just a cleanup I stumbled upon in one of my older branches I did when browsing through some code and forgot to send it. qemu: Don't access uninitialized memory In qemuConnectDomainXMLToNative() we set up the monitor, but we never memset() it to zeros. Thanks to the introduction of the logfile parameter of chardevs (and the logfile member of the struct), we started checking whether that's non-NULL and that exposed this old error. 2016-03-16 Cole Robinson qemu: Don't overwrite DomainSave errors These functions already report fine grained errors, there's no benefit to overwriting the error here. 2016-03-16 Dmitry Andreev qemuDomainRevertToSnapshot: save domain configuration Reverting to a snapshot may change domain configuration. New configuration should be saved if domain has persistent flag. VIR_DOMAIN_EVENT_DEFINED_FROM_SNAPSHOT is emitted in case of configuration update. 2016-03-16 Dmitry Andreev Introduce new VIR_DOMAIN_EVENT_DEFINED_FROM_SNAPSHOT sub-event VIR_DOMAIN_EVENT_DEFINED_FROM_SNAPSHOT event should be emitted when domain configuration was changed on revert to snapshot. 2016-03-15 John Ferlan qemu: Introduce qemuBuildPanicCommandLine Add new function to manage adding the panic device options to the command line removing that task from the mainline qemuBuildCommandLine. qemu: Introduce qemuBuildNVRAMCommandLine Add new function to manage adding the NVRAM device options to the command line removing that task from the mainline qemuBuildCommandLine. 2016-03-15 John Ferlan qemu: Introduce qemuBuildRNGCommandLine Add new function to manage adding the RNG device options to the command line removing that task from the mainline qemuBuildCommandLine. Also modify the qemuBuildRNGDevStr to use const virDomainDef instead of virDomainDefPtr. 2016-03-15 John Ferlan qemu: Introduce qemuBuildMemballoonCommandLine Add new function to manage adding the memballoon device options to the command line removing that task from the mainline qemuBuildCommandLine. Also modify the qemuBuildMemballoonDevStr to use const virDomainDef instead of virDomainDefPtr. 2016-03-15 John Ferlan qemu: Introduce qemuBuildHostdevCommandLine Add new function to manage adding the host device options to the command line removing that task from the mainline qemuBuildCommandLine. Also modify qemuBuildPCIHostdevDevStr, qemuBuildUSBHostdevDevStr, and qemuBuildSCSIHostdevDevStr to use const virDomainDef instead of virDomainDefPtr. Make qemuBuildPCIHostdevPCIDevStr and qemuBuildUSBHostdevUSBDevStr static to the qemu_command.c. 2016-03-15 John Ferlan qemu: Introduce qemuBuildRedirdevCommandLine Add new function to manage adding the redirdev device options to the command line removing that task from the mainline qemuBuildCommandLine. Also move the qemuBuildRedirdevDevStr closer to the new function and modify to use the const virDomainDef instead of virDomainDefPtr 2016-03-15 John Ferlan qemu: Introduce qemuBuildWatchdogCommandLine Add new function to manage adding the watchdog device options to the command line removing that task from the mainline qemuBuildCommandLine. Also since qemuBuildWatchdogDevStr was only local here, make it static as well as modifying the const virDomainDef. 2016-03-15 John Ferlan qemu: Introduce qemuBuildSoundCommandLine Add new function to manage adding the sound device options to the command line removing that task from the mainline qemuBuildCommandLine. Also since qemuBuildSoundDevStr was only local here, make it static as well as modifying the const virDomainDef. 2016-03-15 Andrea Bolognani hostdev: Add more comments These comments explain the difference between a virPCIDevice instance used for lookups and an actual device instance; some information is also provided for specific uses. hostdev: Use consistent variable names This is not just a cosmetic change: the name of the variable now gives a hint about what it is supposed to be used for. 2016-03-15 Andrea Bolognani hostdev: Remove virHostdevGetActivePCIHostDeviceList() virHostdevGetPCIHostDeviceList() is similar but does not filter out devices that are not in the active list; that said, we are looking up the device in the active list just a few lines after anyway, so we might as well just keep a single function around. This also helps stress the fact the objects contained in pcidevs are only for looking up the actual devices, which is something later commits will make even more explicit. 2016-03-14 Jim Fehlig schema: support 'default' cache mode The docs claims the cache attribute of the disk element supports 'default' as one of its permissible values, but such configuration fails virt-xml-validate. Add 'default' as one of the cache attribute choices in domaincommon.rng. 2016-03-14 Andrea Bolognani hostdev: Rename usesVfio -> usesVFIO Acronyms should be written in all caps. 2016-03-14 Andrea Bolognani hostdev: Rename hostdev_mgr -> mgr We're in the hostdev module, so mgr is not an ambiguous name, and in fact it's already used in some cases. Switch all the code over. Take the chance to shorten declaration of virHostdevIsPCINodeDeviceUsedData structures. 2016-03-14 Andrea Bolognani hostdev: Look up devices using IDs when possible When we want to look up a device in a device list and we already have the IDs from another source, we can simply use virPCIDeviceListFindByIDs() instead of creating a temporary device object. hostdev: Change argument order for virHostdevReattachPCIDevice() The new order aligns better with the virHostdev prefix. hostdev: virHostdevIsPCINetDevice() should return a bool The only possible return values are true and false, so the return type should be bool instead of int. 2016-03-14 Andrea Bolognani hostdev: Rework resetvfnetconfig loop condition If 'last_processed_hostdev_vf != -1' is false then, since the loop counter 'i' starts at 0, 'i <= last_processed_hostdev_vf' can't possibly be true and the loop body will never be executed. However, since 'i' is unsigned and 'last_processed_hostdev_vf' is signed, we can't just get rid of the check completely; what we can do is move it outside of the loop to avoid checking its value on every iteration and cluttering the actual loop condition. 2016-03-14 Maxim Nestratov vz: fix active domain listing Since commit 9c14a9ab we have broken active domain listing because reworked prlsdkLoadDomain doesn't set dom->def->id propely. It just looses it when a new def structure is set. Now we make prlsdkConvertDomainState function return void and move calling it after an old dom->def is replaces with a new one within prlsdkLoadDomain function. 2016-03-14 Michal Privoznik qemuBuildVideoCommandLine: Don't access def->videos without check This function can be called over a domain definition that has no video configured. The tests/qemuxml2argvdata/qemuxml2argv-minimal.xml file could serve as an example. Problem is, before the check that domain has some or none video configured, def->videos is dereferenced causing a segmentation fault in case there's none video configured. 2016-03-12 John Ferlan qemu: Introduce qemuBuildVideoCommandLine Add new function to manage adding the video device options to the command line removing that task from the mainline qemuBuildCommandLine. 2016-03-12 John Ferlan qemu: Introduce qemuBuildInputCommandLine Add new function to manage adding the input device options to the command line removing that task from the mainline qemuBuildCommandLine. Make qemuBuildUSBInputDevStr static since only this module calls it. Also the change to use const virDomainDef forces other changes. 2016-03-12 John Ferlan qemu: Modify qemuBuildTPMCommandLine Modify the argument order and types to match other similar helpers. Also modify called functions to use the def->emulator instead of passing def->emulator and def. 2016-03-12 John Ferlan qemu: Introduce qemuBuildConsoleCommandLine Add new function to manage adding the console device options to the command line removing that task from the mainline qemuBuildCommandLine. qemu: Introduce qemuBuildChannelsCommandLine Add new function to manage adding the channel device options to the command line removing that task from the mainline qemuBuildCommandLine. qemu: Introduce qemuBuildParallelsCommandLine Add new function to manage adding the parallels device options to the command line removing that task from the mainline qemuBuildCommandLine. Alter logic slight to reduce indention level. 2016-03-12 John Ferlan qemu: Introduce qemuBuildSerialCommandLine Add new function to manage adding the serial device options to the command line removing that task from the mainline qemuBuildCommandLine. Using const virDomainDef causes collateral damage in other called APIs which need to make the similar adjustment 2016-03-12 John Ferlan qemu: Introduce qemuBuildSmartcardCommandLine Add new function to manage adding the smartcard device options to the command line removing that task from the mainline qemuBuildCommandLine. Alter the logic slightly to make !nsmartcards check first so that remainder of the code is less indented. 2016-03-11 Martin Kletzander gendispatch: Use proper error for limit checking All other places use VIR_ERR_RPC except this one, let's be consistent, shall we? virt-admin: Don't tell everyone needlessly we're connected There are cases when we don't want to tell the user we are connected. That's for example when we first connect to the server without the command 'connect' itself. That helps to clear out output of first command, mainly when running non-interactively. remote: Generate what's possible Since gendisplatch can now generate "modern" *ListAll* functions, let them all be generated. gendispatch: Support modern listing of more types gendispatch: Remember the name of snapshot variable name Until now, the script assumed that snapshot name is 'snap', but that's going to change. gendispatch: Accept server as an argument admin: Generate ConnectListServers dispatch helpers Since we have the opportunity now, let's save some precious code lines. gendispatch: Be able to generate multi-return values Let's call it modern_ret_as_list as opposed to single_ret_as_list. The latter was able to return list of things. However the new, more modern, version came and it is used since listAllDomains till nowadays in ListServers. gendispatch: Cluster, don't capture if not needed We were using parentheses for grouping admin|remote even though we didn't need to capture what's in it. That caused some changes to be greater than needed and, to be honest, some confusion as well. Let's use it as it should be used. It'll also make future changes more consistent. admin: Be consistent when resetting errors Resetting an error should be the first thing public API does. virt-admin: Don't leak uri in cmdSrvList virAdmConnectGetURI() returns string that needs to be free()'d but we haven't done that. admin: Don't use priority for admin APIs There are no priority workers as they don't make sense for now. Change virNetDaemonGetServerNames to virNetDaemonGetServers For now it does not matter which ones we return as the code is similarly complex, however it will fit in with other constructs in the future, mainly when we will be able to generate dispatch helpers. 2016-03-11 Martin Kletzander admin: Do not work with virAdm on the server side virAdm is prefix only used on the client side. Or at least for now. On server, though, this corresponds to virNet structures (virAdmConnect is virNetDaemon, virAdmServer should be virNetServer, in the future virAdmClient will be resolved to virNetServerClient, and so on). This will also make future work clearer and easier. 2016-03-11 Martin Kletzander Expose virNetServerGetName 2016-03-11 Martin Kletzander daemon: Properly check for clients virHashForEach() returns 0 if everything went nice, so our session daemon was timing out even when there was a client connected. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1315606 2016-03-11 Martin Kletzander daemon: Set error for unknown server name virerror: Introduce new error type NO_SERVER This serves the same purpose as VIR_ERR_NO_xxx where xxx is any object that API can be called upon. Only this particular one is used for daemon's servers. daemon: Get server name from the server itself Since servers know their name, there is no need to supply such information twice. Also defeats inconsistencies. server: Store server name in server object At first I did not want to do this, but after trying to implement some newer feaures in the admin API I realized we need that to make our lives easier. On the other hand they are not saved redundantly and the virNetServer objects are still kept in a hash table. admin: Check for flags properly Function virAdmConnectListServers() forgot to check for flags at all, virAdmConnectOpen() on the other hand checked them but did no dispatch the error. virCheckFlags() should be used only when there should be no other thing done after erroring out and since they are used on different places then just public API, they cannot dispatch errors. So let's use virCheckFlagsGoto instead. admin: Make virAdmServerFree() handle NULL gracefully We don't want to end up like with virDomainFree() and other, right? 2016-03-11 John Ferlan qemu: Introduce qemuBuildNetCommandLine Add new function to manage adding the network device options to the command line removing that task from the mainline qemuBuildCommandLine. 2016-03-11 John Ferlan qemu: Introduce qemuBuildFSDevCommandLine Add new function to manage adding the -fsdev options to the command line removing that task from the mainline qemuBuildCommandLine. Alter the code slightly to perform the !caps and fsdev failure check up front. Since both qemuBuildFSStr and qemuBuildFSDevStr are local, make them static and fix their prototypes to use the const virDomainDef as well. Make some minor formatting changes for long lines. 2016-03-11 John Ferlan qemu: Introduce qemuBuildDiskDriveCommandLine Add new function to manage adding the disk -drive options to the command line removing that task from the mainline qemuBuildCommandLine. Also since using const virDomainDef in new function, that means other functions called needed to change their usage. 2016-03-11 John Ferlan qemu: Introduce qemuBuildHubCommandLine Add new function to manage adding the hub -device options to the command line removing that task from the mainline qemuBuildCommandLine. Also make qemuBuildHubDevStr static to the module since it's only used here. 2016-03-11 John Ferlan qemu: Introduce qemuBuildControllerDevCommandLine Add new function to manage adding the controller -device options to the command line removing that task from the mainline qemuBuildCommandLine. Also adjust to using const virDomainDef instead of virDomainDefPtr. This causes collateral damage in order to modify called APIs to use the const virDomainDef instead as well. 2016-03-11 John Ferlan qemu: Introduce qemuBuildGlobalControllerCommandLine Add new function to manage adding the -global controller options to the command line removing that task from the mainline qemuBuildCommandLine. qemu: Introduce qemuBuildBootCommandLine Add new function to manage adding the -boot options to the command line removing that task from the mainline qemuBuildCommandLine. qemu: Introduce qemuBuildPMCommandLine Add new function to manage adding the power management options to the command line removing that task from the mainline qemuBuildCommandLine. 2016-03-11 John Ferlan qemu: Introduce qemuBuildClockCommandLine Add new function to manage adding the '-clock' options to the command line removing that task from the mainline qemuBuildCommandLine. Also includes some minor formatting cleanups. 2016-03-11 Marc-André Lureau qemu: enable debug threads When debug-threads is enabled, individual threads are given a separate name (on Linux) Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1140121 2016-03-11 Marc-André Lureau qemu: check for debug-threads capability QEMU (somewhere around 2.0) added a new sub-option to the -name flag -name debug-threads=on. 2016-03-11 Chunyan Liu libxl_conf: reuse virDomainNetGetActualtype in libxlMakeNicList Reuse existing helper function virDomainNetGetActualtype. 2016-03-11 Jiri Denemark qemuxml2argvtest: Fix monitor path in serial-file-log 2016-03-11 Cole Robinson docs: generic.css: Indentation and spacing tweaks - Add line-height:150% spacing for all text. This makes text lines far less cramped, and seems closer visually to what wikipedia uses. - Remove bottom and top margin from lists: entries seemed needlessly spread out. - Reduce sublist indentation a bit - Add a bottom border after headings: IMO this greatly helps in break up the vertical flow of a big page of text. Doesn't look great on the front page, but helps a lot on dense pages like formatdomain 2016-03-11 Cole Robinson docs: generic.css: font size tweaks - change font-family to just 'sans-serif' rather than hardcode a few font families. this means we abide the user's browser font setting, and makes us consistent with other sites like en.wikipedia.org - raise font-size to 90%. this is what en.wikipedia.org uses. With these two tweaks, libvirt.org text renders the same as en.wikipedia.org with fedora firefox out of the box config. Previously the font on libvirt.org was very small and difficult to read. 2016-03-11 Cole Robinson docs: generic.css: minor cleanups - Drop some redundant bits - Use consistent spacing - Group similar blocks near each other There should be no functional change 2016-03-11 Cole Robinson docs: website: Remove the et.redhat.com footer This is long since obsolete, just scrap it all 2016-03-10 Daniel P. Berrange qemu: support use of virtlogd with file based chardevs Currently the file based character devices let QEMU write directly to a file on disk. This allows a malicious QEMU to inflict a denial of service by consuming all free space. Switch QEMU to use a pipe to virtlogd, which will enforce file rollover. 2016-03-10 Daniel P. Berrange qemu: use virtlogd for character device log files If use of virtlogd is enabled, then use it for backing the character device log files too. This avoids the possibility of a guest denial of service by writing too much data to the log file. logging: support truncation of logfiles when opening The virtlogd daemon currently opens all files for append, but in some cases the user may wish to discard existing data. Define a new flag to indicate that logfiles should be truncated when opening. qemu: move functions for handling FD passing The functions for handling FD passing when building command line arguments need to be used by many different bits of code, so need to be at the start of the source file qemu: don't append -chardev arg until after value is formatted The act of formatting a chardev backend value may need to append command line arguments for passing FDs. If we append the -chardev arg before formatting the value, then the resulting arguments will end up interspersed qemu: add support for logging chardev output to a file Honour the element in chardevs to output data to a file. This requires QEMU >= 2.6 2016-03-10 Daniel P. Berrange conf: allow use of a logfile with chardev backends Extend the chardev source XML so that there is a new optional element, which is applicable to all character device backend types. For example, to log output of a TCP backed serial port Not all hypervisors will support use of logfiles. 2016-03-10 Daniel P. Berrange logging: allow inode/offset params to be NULL Not all callers of virLogManagerDomainOpenLogFile will care about getting the current inode/offset, so we should allow those parameters to be NULL 2016-03-10 Peter Krempa qemu: cpu: Don't remove pinning of cold-unplugged cpu After adding support for offline vcpu pinning the code that removes the pinning for cpu cold-unplug was forgotten. This fixes up commit 02ae21d Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1316371 2016-03-10 Peter Krempa qemu: Fix memory leak in qemuGetSchedInfo Memory returned from virStringSplit shall be freed with virStringFreeList rather than VIR_FREE. Introduced in commit 511e7c5b. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1316433 2016-03-10 Peter Krempa conf: Fix off-by-one in virDomainDefGetVcpu Cpus are indexed starting from '0' so the check was invalid. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1316384 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1316420 2016-03-10 Peter Krempa qemu: Refactor bitmap handling in qemuDomainPinVcpuFlags Now that the function was extracted we can get rid of some temp variables. Additionally formatting of the bitmap string for the event code should be checked. qemu: vcpupin: Extract live vcpupin setting into a separate function The function was now beyond maintainability. 2016-03-10 Cole Robinson util: virfile: Only setuid for virFileRemove if on NFS NFS with root-squash is the only reason we need to do setuid/setgid crazyness in virFileRemove, so limit that behavior to the NFS case. util: virfile: Clarify setuid usage for virFileRemove Break these checks out into their own function, and clearly document each one. This shouldn't change behavior 2016-03-09 Peter Krempa qemu: add support for offline vcpupin Allow pinning for inactive vcpus. The pinning mask will be automatically applied as we would apply the default mask in case of a cpu hotplug. Setting the scheduler settings for a vcpu has the same semantics. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1306556 2016-03-09 Peter Krempa conf: extract ignoring of inactive vcpu pinning information Introduce VIR_DOMAIN_DEF_FEATURE_OFFLINE_VCPUPIN domain feature flag whcih will allow to skip ignoring of the pinning information for hypervisor drivers which will want to implement forward-pinning of vcpus. 2016-03-09 Peter Krempa conf: refactor checking for unsupported memory devices Introduce a helper to check supported device and domain config and move the memory hotplug checks to it. The advantage of this approach is that by default all new features are considered unsupported by all hypervisors unless specifically changed rather than the previous approach where every hypervisor would need to declare that a given feature is unsupported. 2016-03-09 Peter Krempa conf: introduce parser feature flags To avoid having to forbid new features added to domain XML in post parse callbacks for individual hypervisor drivers the feature flag mechanism will allow to add a central check that will be disabled for the drivers that will add support. As a first example flag, the 'hasWideSCSIBus' is converted to the new bitmap. 2016-03-09 Peter Krempa qemu: Report pinning for all vCPUs in qemuDomainGetVcpuPinInfo The API documentation states that the function is returning pinning for all vCPUs, so we can actually do so if the user passes a large enough array. conf: Extract code filling data for virDomainGetVcpuPinInfo The implementation of the inner guts of the function is similar for all drivers, so we can add a helper and not have to reimplement it three times. 2016-03-09 Peter Krempa virsh: vcpupin: Ask for pinning info for all vCPUs The API docs state that the API queries pinning info for all vCPUs and thus we should allocate the bitmap even for the inactive ones. The API will currently return bitmap only for the active vCPUs but that will change in the future. 2016-03-08 Jiri Denemark qemu: Add support for job completed event Introduce job completed event The VIR_DOMAIN_EVENT_ID_JOB_COMPLETED event will be triggered once a job (such as migration) finishes and it will contain statistics for the job as one would get by calling virDomainGetJobStats. Thanks to this event it is now possible to get statistics of a completed migration of a transient domain on the source host. qemu: Do not report completed stats until the job finishes We would happily report and free statistics of a completed migration even before it actually completed (on the source host while migration is in the Finish phase). 2016-03-08 Jiri Denemark qemu: Fix a race when computing migration downtime Computing a total downtime during a migration requires us to store a time stamp when guest CPUs get stopped. The value (and all other statistics) is then transferred to the destination to compute the downtime. Because the stopped time stamp is stored by a STOP event handler while the statistics which will be sent over to the destination are copied synchronously within qemuMigrationWaitForCompletion. Depending on the timing of STOP and MIGRATION events, we may end up copying (and transferring) statistics without the stopped time stamp set. Let's make sure we always use the correct time stamp. https://bugzilla.redhat.com/show_bug.cgi?id=1282744 2016-03-08 Jiri Denemark qemu: Don't explicitly stop CPUs after migration With a very old QEMU which doesn't support events we need to explicitly call qemuMigrationSetOffline at the end of migration to update our internal state. On the other hand, if we talk to QEMU using QMP, we should just wait for the STOP event and let the event handler update the state and trigger a libvirt event. qemu: Properly update completed migration stats We should not overwrite all migration statistics on the source with the numbers sent by the destination since the source may have an updated view in some cases (such as post-copy migration). It's safer to update just the timing info we need to get from the destination and be prepared for the future. And we should only do all this after a successful migration. qemu: Store completed stats at the very end of migration Statistics for a completed migration only make sense if the migration was successful. Let's not store them in priv->job.completed until we are sure it was a success. 2016-03-08 Andrea Bolognani hostdev: Remove explicit NULL checks NULL checks are performed implicitly in the rest of the module, including other allocations in the very same function. hostdev: Fix indentation hostdev: Remove inaccurate comment The comment claimed that virPCIDeviceReattach() does not reattach a device to the host driver; except it actually does, so the comment is just confusing and we're better off removing it. 2016-03-08 Andrea Bolognani hostdev: Make comments easier to change later Replace the term "loop" with the more generic "step". This allows us to be more flexible and eg. have a step that consists in a single function call. Don't include the number of steps in the first comment of the function, so that we can add or remove steps without having to worry about keeping that comment in sync. For the same reason, remove the summary contained in that comment. Clean up some weird vertical spacing while we're at it. 2016-03-08 Andrea Bolognani tests: hostdev: Group test cases Instead of considering each single step its own test case, create high level test cases that reproduce a certain scenario. tests: hostdev: Add more checks on list size Always call CHECK_LIST_COUNT() to check the size of both the active and inactive devices list. tests: hostdev: Use size_t for count variables virPCIDeviceListCount()'s return type is size_t, so variables that store its return value should be of that type. 2016-03-08 Andrea Bolognani tests: hostdev: Move variable declaration inside CHECK_LIST_COUNT() The 'actualCount' variable, formerly just 'count', is only used internally by the macro, so it's better to move its declaration inside the macro as well: this way, it doesn't have to be declared by every single user. The new name is less generic to make clashes less likely. 2016-03-08 Andrea Bolognani tests: hostdev: Use better variable names Change the extremely generic count1 and count2 to the more descriptive active_count and inactive_count. tests: hostdev: Remove magic numbers When checking the number of devices added to a device list, use the nhostdevs variable instead of its value, so that the test can keep working even if more hostdevs are added. 2016-03-08 Michal Privoznik _virtualboxCreateMachine: Avoid unbounded stack If the stars are in the right position and you're building with VBox >= 4.2.0 it will happen that compiler thinks an array allocated on the stack may be unbounded: In file included from vbox/vbox_V4_2.c:13:0: vbox/vbox_tmpl.c: In function '_virtualboxCreateMachine': vbox/vbox_tmpl.c:2811:1: error: stack usage might be unbounded [-Werror=stack-usage=] _virtualboxCreateMachine(vboxGlobalData *data, virDomainDefPtr def, IMachine **machine, char *uuidstr ATTRIBUTE_UNUSED) ^ Well, given how the variable is declared, I had some hard time seeing it is actually bounded. Surprisingly compiler does not complain because of -Wframe-larger-than. This is because variable length arrays do not count into that warning. 2016-03-08 John Ferlan Add secretObjFromSecret locking: Use bit shift for flag values not constant values. So far it hasn't bitten us, but if the next value wasn't 4, then the logic used to check flag bits would have issues. 2016-03-08 Yuri Chornoivan Fix minor typos 2016-03-07 Shanzhi Yu qemu: improve the error when try to undefine transient network Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1315059 2016-03-07 Peter Krempa qemu: rename: Forbid renaming domains with managed save image The code does not handle renaming of the save state file. In addition to that the resuming code would need to be tweaked to handle the name change since the XML is extracted from the save image. The easies option is to make the rename API even less useful by forbiding this. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1314594 2016-03-04 Michal Privoznik virLXCProcessMonitorInitNotify: Initialize @inode This is an error message I've just seen. Fix it by initializing @inode. CC lxc/libvirt_driver_lxc_impl_la-lxc_process.lo lxc/lxc_process.c: In function 'virLXCProcessMonitorInitNotify': lxc/lxc_process.c:767:23: error: 'inode' may be used uninitialized in this function [-Werror=maybe-uninitialized] virDomainAuditInit(vm, initpid, inode); ^ 2016-03-04 Nikolay Shirokovskiy libxl: reuse virDomainObjUpdateModificationImpact Original current flag expansion does not filter out non _CONFIG and _LIVE flags explicitly but they are prohibited earlier by virCheckFlags. lxc: reuse virDomainObjUpdateModificationImpact libxl: Use virDomainLiveConfigHelperMethod for libxlDomainSetMemoryFlags Flag expansion is the same as in virDomainObjUpdateModificationImpact which virDomainLiveConfigHelperMethod calls internally. The difference is merely in implementation. Note that VIR_DOMAIN_MEM_CONFIG is the same as VIR_DOMAIN_AFFECT_CONFIG. Additionally, the called functions will properly use flag OR and thus handle the VIR_DOMAIN_MEM_MAXIMUM case. 2016-03-04 Ján Tomko tools: do not leak uri in disconnect handler Commit 035947e introduced a call to virConnectGetURI without a matching free() in virshCatchDisconnect. Also fix vshAdmCatchDisconnect where it was copied by commit 6dd7e42. https://bugzilla.redhat.com/show_bug.cgi?id=1303891 2016-03-03 Michal Privoznik Initialize couple of variables. While trying to build with -Os couple of compile errors showed up. conf/domain_conf.c: In function 'virDomainChrRemove': conf/domain_conf.c:13666:24: error: 'ret' may be used uninitialized in this function [-Werror=maybe-uninitialized] virDomainChrDefPtr ret, **arrPtr = NULL; ^ Compiler fails to see that @ret is used only if set in the loop, but whatever, there's no harm in initializing the variable. In vboxAttachDrivesNew and _vboxAttachDrivesOld compiler thinks that @rc may be used uninitialized. Well, not directly, but maybe after some optimization. Yet again, no harm in initializing a variable. In file included from ./util/virthread.h:26:0, from ./datatypes.h:28, from vbox/vbox_tmpl.c:43, from vbox/vbox_V3_1.c:37: vbox/vbox_tmpl.c: In function '_vboxAttachDrivesOld': ./util/virerror.h:181:5: error: 'rc' may be used uninitialized in this function [-Werror=maybe-uninitialized] virReportErrorHelper(VIR_FROM_THIS, code, __FILE__, \ ^ In file included from vbox/vbox_V3_1.c:37:0: vbox/vbox_tmpl.c:1041:14: note: 'rc' was declared here nsresult rc; ^ Yet again, one uninitialized variable: qemu/qemu_driver.c: In function 'qemuDomainBlockCommit': qemu/qemu_driver.c:17194:9: error: 'baseSource' may be used uninitialized in this function [-Werror=maybe-uninitialized] qemuDomainPrepareDiskChainElement(driver, vm, baseSource, ^ And another one: storage/storage_backend_logical.c: In function 'virStorageBackendLogicalMatchPoolSource.isra.2': storage/storage_backend_logical.c:618:33: error: 'thisSource' may be used uninitialized in this function [-Werror=maybe-uninitialized] thisSource->devices[j].path)) ^ 2016-03-03 Michal Privoznik Drop inline keyword from some functions. While trying to build with -Os I've encountered some build failures. util/vircommand.c: In function 'virCommandAddEnvFormat': util/vircommand.c:1257:1: error: inlining failed in call to 'virCommandAddEnv': call is unlikely and code size would grow [-Werror=inline] virCommandAddEnv(virCommandPtr cmd, char *env) ^ util/vircommand.c:1308:5: error: called from here [-Werror=inline] virCommandAddEnv(cmd, env); ^ This function is big enough for the compiler to be not inlined. This is the error message I'm seeing: Then virDomainNumatuneNodeSpecified is exported and called from other places. It shouldn't be inlined then. In file included from network/bridge_driver_platform.h:30:0, from network/bridge_driver_platform.c:26: network/bridge_driver_linux.c: In function 'networkRemoveRoutingFirewallRules': ./conf/network_conf.h:350:1: error: inlining failed in call to 'virNetworkDefForwardIf.constprop': call is unlikely and code size would grow [-Werror=inline] virNetworkDefForwardIf(const virNetworkDef *def, size_t n) ^ 2016-03-03 Jiri Denemark qemu: Check if domain is active in GetControlInfo Reporting status of a control connection makes no sense for an inactive domain. https://bugzilla.redhat.com/show_bug.cgi?id=1281706 2016-03-03 Jiri Denemark Use correct LDFLAGS for leaseshelper 2016-03-03 Nikolay Shirokovskiy daemon: fixup refcounting in close callback handling remoteDispatchConnectCloseCallbackRegister introduced in f484310a has problems. It refcounts network client object and in case of NOOP driver operations for registering/unregistering close callback (any driver except for vz) nobody will unref it later. As a result, client connection will not be disposed and driver connection will not be closed. The fix is easy. We don't need to refcount at all. We don't get a dangling pointer because in remoteClientFreeFunc, which is called upon disposing this network client object, we unregister the close callback. 2016-03-03 John Ferlan util: Cleanup error path for virPolkitAgentCreate More fallout from changing to using virPolkitAgent and handling error paths. Needed to clear the 'cmd' once stored and of course add the virCommandFree(cmd) in the error: label. 2016-03-02 Michal Privoznik datatypes.c: Replace 'close' with 'closeData' Older compilers fail to see that 'close' is not used a function rather than a variable and produce the following error: cc1: warnings being treated as errors ../../src/datatypes.c: In function 'virConnectCloseCallbackDataReset': ../../src/datatypes.c:149: error: declaration of 'close' shadows a global declaration [-Wshadow] Replace all the 'close' occurrences with 'closeData' to resolve this. 2016-03-02 John Ferlan util: Fix missing initializer for agent In virPolkitAgentCreate neglected to initialize agent to NULL. If there was an error in the pipe, then we jump to error and would have an issue. Found by coverity. 2016-03-02 Jason J. Herne Libvirt: Add missing default value for config option max_queued_clients Commit 1199edb1d4e3 added config option max_queued_clients and documented the default value as 1000 but never actually set that value. This patch sets the default value. This addresses an issue whereby the following error message is reported if too many migrations are started simultaneously: error: End of file while reading data: Ncat: Invalid argument.: Input/output error The problem is that too many ncat processes are spawned on the destination system. They all attempt to connect to the libvirt socket. Because the destination libvirtd cannot respond to the connect requests quickly enough we overrun the socket's pending connections queue. Reviewed-by: Boris Fiuczynski 2016-03-01 Nikolay Shirokovskiy libxl: Remove extraneous AFFECT_LIVE and not active check. libxlDomainPinVcpuFlags calls virDomainLiveConfigHelperMethod which will call virDomainObjUpdateModificationImpact make the same AFFECT_LIVE flags and !active check, so remove this duplicated check. 2016-03-01 Nikolay Shirokovskiy conf: Combine if condition in virDomainObjUpdateModificationImpact Prior to commit id '3d021381' virDomainObjUpdateModificationImpact was part of virDomainLiveConfigHelperMethod and the *flags if condition VIR_DOMAIN_AFFECT_CONFIG checked the ->persistent boolean and made the virDomainObjGetPersistentDef call. Since the functions were split the ->persistent check is all that remained and thus could be combined into one if statement. 2016-03-01 Shanzhi Yu qemu: enalbe hotplugging of macvtap device with multiqueue in commit 81a110, multiqueue for macvtap is enabled but forget to support hotplugging enabled 2016-03-01 Jiri Denemark docs: Clarify interface/target/@dev docs https://bugzilla.redhat.com/show_bug.cgi?id=1313314 2016-03-01 Jiri Denemark qemu: Don't always wait for SPICE to finish migration When SPICE graphics is configured for a domain but we did not ask the client to switch to the destination, we should not wait for SPICE_MIGRATE_COMPLETED event (which will never come). https://bugzilla.redhat.com/show_bug.cgi?id=1151723 2016-03-01 Jiri Denemark qemu: Don't try to fetch migration stats on destination Migration statistics are not available on the destination host and starting a query job during incoming migration is not allowed. Trying to do that would result in Timed out during operation: cannot acquire state change lock (held by remoteDispatchDomainMigratePrepare3Params) error. We should not even try to start the job. https://bugzilla.redhat.com/show_bug.cgi?id=1278727 2016-03-01 Jiri Denemark Fix formatting in remote_protocol-structs util: Fix build without polkit 2016-03-01 Alexander Burluka Implement handling of per-domain bandwidth settings Implement qemuSetupGlobalCpuCgroup This functions setups per-domain cpu bandwidth parameters Add global_period and global_quota XML validation test Add error checking on global quota and period Add global quota parameter necessary definitions This parameter controls the maximum bandwidth to be used within a period for whole domain. Add global period definitions This parameter represents top level period cgroup that limits whole domain enforcement period for a quota 2016-03-01 Nikolay Shirokovskiy vz: implement connection close notification daemon: add connection close rpc remote: factor out feature checks on connection open close callback: move it to driver virConnectCloseCallbackDataDispose: remove unnecessary locks We don't need locks in dispose functions as they can only be run in one thread for given object. close callback API: remove unnecessary locks closeCallback pointer is immutable (set on connection object creation) and self-locking. virConnectCloseCallbackData: factor out callback disarming 2016-03-01 Nikolay Shirokovskiy close callback: make unregister clean after connect close event If connect close is fired then following unregister will fail as we set callback to NULL and thus callback equality checking will fail. Callback is set to NULL to make it fired only one time probabaly. Instead lets use connection equality to NULL to check if callback is already fired. 2016-03-01 Nikolay Shirokovskiy virConnectCloseCallbackData: fix connection object refcount We have reference to connection object in virConnectCloseCallbackData object thus we have to refcount it. Obviously we have problems in dispose and call functions. Let's fix it. factor out virConnectCloseCallbackDataPtr methods Make register and unregister functions return void because we can check the state of callback object beforehand via virConnectCloseCallbackDataGetCallback. This can be done without race conditions if we use higher level locks for registering and unregistering. The fact they return void simplifies task of consistent registering/unregistering. 2016-03-01 Henning Schild qemu_cgroup: use virCgroupAddTask instead of virCgroupMoveTask qemuProcessSetupEmulator runs at a point in time where there is only the qemu main thread. Use virCgroupAddTask to put just that one task into the emulator cgroup. That patch makes virCgroupMoveTask and virCgroupAddTaskStrController obsolete. qemu_cgroup: put qemu right into emulator sub-cgroup Move qemuProcessSetupEmulator up under qemuSetupCgroup. That way we move the one main thread right into the emulator cgroup, instead of moving multiple threads later on. And we do not actually want any threads running in the parent cgroups (cpu cpuacct cpuset). 2016-03-01 Peter Krempa qemu: process: Move emulator thread setting code into one function Similarly to the refactors to iothreads and vcpus, move the code that initializes the emulator thread settings into single function. 2016-03-01 Pavel Hrdina qemu: introduce vram64 attribute for QXL video device This attribute is used to extend secondary PCI bar and expose it to the guest as 64bit memory. It works like this: attribute vram is there to set size of secondary PCI bar and guest sees it as 32bit memory, attribute vram64 can extend this secondary PCI bar. If both attributes are used, guest sees two memory bars, both address the same memory, with the difference that the 32bit bar can address only the first part of the whole memory. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1260749 2016-03-01 Pavel Hrdina qemu_capabilities: introduce QEMU_CAPS_QXL(_VGA)_VRAM64 docs/formatdomain: rewrite video documentation domain_conf: always set primary video device as primary We always place primary video device at first place, to make it easier to create a qemu command or format an xml, but we should also set the primary boolean for primary video device to 'true'. 2016-03-01 John Ferlan virsh: Add support for text based polkit authentication https://bugzilla.redhat.com/show_bug.cgi?id=872166 When the login session doesn't have an ssh -X type display agent in order for libvirtd to run the polkit session authentication, attempts to run 'virsh -c qemu:///system list' from an unauthorized user (or one that isn't part of the libvirt /etc/group) will fail with the following error from libvirtd: error: authentication unavailable: no polkit agent available to authenticate action 'org.libvirt.unix.manage' In order to handle the local authentication, we will use the new virPolkitAgentCreate API in order to create a text based authentication agent for our non readonly session to authenticate with. The new code will execute in a loop allowing 5 failures to authenticate before failing out. With this patch in place, the following occurs: $ virsh -c qemu:///system list ==== AUTHENTICATING FOR org.libvirt.unix.manage === System policy prevents management of local virtualized systems Authenticating as: Some User (SUser) Password: ==== AUTHENTICATION COMPLETE === Id Name State ---------------------------------------------------- 1 somedomain running $ 2016-03-01 John Ferlan util: Introduce API's for Polkit text authentication Introduce virPolkitAgentCreate and virPolkitAgentDestroy virPolkitAgentCreate will run the polkit pkttyagent image as an asynchronous command in order to handle the local agent authentication via stdin/stdout. The code makes use of the pkttyagent --notify-fd mechanism to let it know when the agent is successfully registered. virPolkitAgentDestroy will close the command effectively reaping our child process 2016-03-01 John Ferlan polkit: Adjust message when authentication agent isn't found When there isn't a ssh -X type session running and a user has not been added to the libvirt group, attempts to run 'virsh -c qemu:///system' commands from an otherwise unprivileged user will fail with rather generic or opaque error message: "error: authentication failed: no agent is available to authenticate" This patch will adjust the error code and message to help reflect the situation that the problem is the requested mechanism is UNAVAILABLE and a slightly more descriptive error. The result on a failure then becomes: "error: authentication unavailable: no polkit agent available to authenticate action 'org.libvirt.unix.manage'" A bit more history on this - at one time a failure generated the following type message when running the 'pkcheck' as a subprocess: "error: authentication failed: polkit\56retains_authorization_after_challenge=1 Authorization requires authentication but no agent is available." but, a patch was generated to adjust the error message to help provide more details about what failed. This was pushed as commit id '96a108c99'. That patch prepended a "polkit: " to the output. It really didn't solve the problem, but gave a hint. After some time it was deemed using DBus API calls directly was a better way to go (since pkcheck calls them anyway). So, commit id '1b854c76' (more or less) copied the code from remoteDispatchAuthPolkit and adjusted it. Then commit id 'c7542573' adjusted the remote.c code to call the new API (virPolkitCheckAuth). Finally, commit id '308c0c5a' altered the code to call DBus APIs directly. In doing so, it reverted the failing error message to the generic message that would have been received from DBus anyway. 2016-03-01 John Ferlan secret: Rename loadSecrets Rename to secretLoadAllConfigs and add the 'driver->configDir' as a parameter. secret: Introduce secretAssignDef This new API will allocate the secret, assign the def pointer, and insert the secret onto the passed list. Whether that's the temporary list in loadSecrets which gets loaded into the driver list or driver list during secretDefineXML. secret: Introduce listUnlinkSecret Add a temporary helper to search for a specific secret by address on the list and remove it if it's found. The following patch will introduce a common allocation and listInsert helper. That means error paths of the routines calling would need a way to remove the secret off the list. 2016-03-01 John Ferlan secret: Create a 'base64File' in virSecretObj This patch removes need for secretBase64Path and secretComputePath. Similar to the configFile, create an entry for base64File, which will be generated as the driver->configDir, the UUID value, plus the ".base" suffix. Rather than generating on the fly, store this in the virSecretObj. The buildup of the pathname done in loadSecrets where the failure to build is ignored which is no different than the failure to generate the name in secretLoadValue which would have been ignored in the failure path after secretLoad. This also removes the need for secretComputPath and secretBase64Path. 2016-03-01 John Ferlan secret: Create a 'configFile' in virSecretObj This patch removes the need for secretXMLPath. Instead save 'path' during loadSecret as 'configFile'. The secretXMLPath is nothing more than an open coded virFileBuildPath. All that code did was concantenate the driver->configDir, the UUID of the secret, and the ".xml" suffix to form the configFile name which we now will generate and save instead. 2016-03-01 John Ferlan secret: Adjust logic to build file path in secretLoad The 'secretLoad' was essentially open coding virFileBuildPath. Adjust the logic to have the caller build the path and pass it. The net sum of ignoring the virFileBuildPath failure is the same as before where the failure to virAsprintf the path would have been ignored anyway in the secretLoad error path. 2016-03-01 John Ferlan secret: Rename directory to configDir This follows other drivers usage model. secret: Use 'secret' instead of 's' for variable name Remove one letter variable. secret: Rename virSecretObjPtr 'entry' to 'secret' Just renaming the variable in secretConnectListAllSecrets. secret: Remove local virSecretPtr 'secret' Remove the need for the local 'secret' in secretConnectListAllSecrets. A subsequent patch will rename the ObjPtr entry to secret. secret: Rename virSecretEntry Rename to virSecretObj - preparation for future patch, but also follows similar code in other drivers. secret: Use virFileRewrite instead of replaceFile Use the common API instead of essentially open coding same functionality. 2016-03-01 John Ferlan secret: Various formatting cleanups Rather than having it interspersed with other changes, do it once. Remove a couple ^L, 1 argument per line for functions, less than 80 chars per line, use of spacing between logical groups of code, use of one line if statements when doing fetch followed by comparison, use direct return when no cleanup to be done. 2016-03-01 Henning Schild vircgroup: one central point for adding tasks to cgroups Use virCgroupAddTaskController in virCgroupAddTask so we have one single point where we add tasks to cgroups. 2016-03-01 Peter Krempa qemu: Allow setting pinning of emulator/iohtread with automatic placement We honour the placement bitmaps when starting up, so there's no point in having this check. Additionally the check was buggy since it checked vm->def all the time even if the user requested to modify the persistent definition which had different configuration. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1308317 2016-03-01 Marc-André Lureau qemu: add spice opengl support Add Spice graphics gl attribute. qemu 2.6 should have -spice gl=on argument to enable opengl rendering context (patches on the ML). This is necessary to actually enable virgl rendering. Add a qemuxml2argv test for virtio-gpu + spice with virgl. 2016-03-01 Michal Privoznik Post-release version bump to 1.3.3 2016-03-01 Martin Kletzander qemu: Shorten per-domain directory names Per-domain directories were introduced in order to be able to completely separate security labels for each domain (commit f1f68ca33433825ce0deed2d96f1990200bc6618). However when the domain name is long (let's say a ridiculous 110 characters), we cannot connect to the monitor socket because on length of UNIX socket address is limited. In order to get around this, let's shorten it in similar fashion and in order to avoid conflicts, throw in an ID there as well. Also save that into the status XML and load the old status XMLs properly (to clean up after older domains). That way we can change it in the future. The shortening can be seen in qemuxml2argv tests, for example in the hugepages-pages2 case. 2016-03-01 Daniel Veillard Release of libvirt-1.3.2 * docs/news.html.in libvirt.spec.in: update for release * po/*.po*: regenerated 2016-02-27 Roman Bogorodskiy docs: mention ZFS on Linux support 2016-02-26 John Ferlan storage: Fix error path in storagePoolDefineXML Found by inspection - after calling virStoragePoolObjAssignDef the pool is part of the driver->pools.objs list and the failure path for the virStoragePoolObjSaveDef will use virStoragePoolObjRemove to remove the pool from the objs list which will unlock and free the pool pointer (as pools->objs[i] during the loop). Since the call doesn't clear the pool address from the callee, we need to set it to NULL; otherwise, the virStoragePoolObjUnlock in the cleanup: code will fail miserably. 2016-02-26 John Ferlan storage: Fix error path in virStoragePoolObjLoad While reviewing how storage driver used ObjListPtr's for reference in some recent secret driver patches to use the same mechanism, I came across an instance where the wrong API was called for error paths after successfully allocating the storage pool pointer and inserting into the driver pool list. The path is after virStoragePoolObjAssignDef succeeds - the 'def' passed in is assigned to pool->def (or newDef) so it shouldn't be the only thing deleted. The pool is now part of driver->pools.objs, so it would need to be removed (as happens in the storagePoolCreateXML error paths). Rather than calling virStoragePoolDefFree to free the def which is now assigned to the pool, call virStoragePoolObjRemove to ensure the pool element is removed from the driver list and that anything stored in pool is properly handled by virStoragePoolObjFree including the call to virStoragePoolDefFree for the pool->{def|newDef} element. 2016-02-26 Richard W.M. Jones docs: formatdomain: Document "spice" as a valid value for Trivial documentation fix. 2016-02-26 Nitesh Konkar virsh: reject migration with both --live and --offline 2016-02-26 Ján Tomko qemu: error out on missing machine type in configs Commit f1a89a8 allowed parsing configs from /etc/libvirt without validating the emulator capabilities. Check for the presence of a machine type in the qemu driver's post parse function instead of crashing. https://bugzilla.redhat.com/show_bug.cgi?id=1267256 2016-02-26 Ján Tomko tests: add parseFlags to qemuxml2argvtest tests: add a test for persistent LXC XML parsing Check if we correctly parse the persistent config even with the VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS flag. 2016-02-26 Ján Tomko Revert "Error out on missing machine type in machine configs" Revert commit 55e6d8cd9eac7eb2aaa4d221585e9402cf7269d5. This fix for https://bugzilla.redhat.com/show_bug.cgi?id=1267256 unconditionally required a machine type for all machine types even though qemu is the only emulator using them. Revert it to fix persistent configs for drivers with no machine type: https://www.redhat.com/archives/libvir-list/2016-February/msg01228.html 2016-02-26 Ján Tomko testCompareDomXML2XMLFiles: add parseFlags parameter Allow testing XML parsing with different flags. 2016-02-26 Jim Fehlig libxl: unref objects in error paths libxlMakeNic opens a virConnect object and takes a reference on a virNetwork object, but doesn't drop the references on all error paths. Rework the function to follow the standard libvirt pattern of using a local 'ret' variable to hold the function return value, performing all cleanup and returning 'ret' at a 'cleanup' label. 2016-02-26 John Ferlan storage: No need to check ret after VIR_APPEND_ELEMENT Generates a false positive for Coverity, but it turns out there's no need to check ret == -1 since if VIR_APPEND_ELEMENT is successful, the local vol pointer is cleared anyway. zfs: Resolve RESOURCE_LEAK Found by my Coverity checker - virCheckFlags call could return -1, but not virCommandFree(destroy_cmd). openvz: Use virStringSplitCount instead of strtok_r When parsing the barrier:limit values, use virStringSplitCount in order to split the pair and make the approriate checks to get the data. 2016-02-26 Andrea Bolognani hostdev: Remove temporary variable when checking for VF The virHostdevIsVirtualFunction() was called exactly twice, and in both cases the return value was saved to a temporary variable before being checked. This would be okay if it improved readability, but in this case is pretty pointless. Get rid of the temporary variable and check the return value directly; while at it, change the check from '<= 0' to '!= 1' to align it with the way other similar *IsVirtualFunction() functions are used thorough the code. 2016-02-26 Andrea Bolognani netdev: Use virNetDevIsVirtualFunction() properly virNetDevIsVirtualFunction() returns 1 if the interface is a virtual function, 0 if it isn't and -1 on error. This means that, despite the name suggesting otherwise, using it as a predicate is not correct. Fix two callers that were doing so adding an explicit check on the return value. 2016-02-25 Jiri Denemark util: Avoid calling closedir(NULL) 2016-02-25 Michal Privoznik vircgroupmock: Mock access("/sys/devices/system/cpu/present") There's been a report on the upstream list [1] describing we access /sys/devices/system/cpu/present directly on the host from within our test suite. This may end up in unpredictable results as no all linux systems are required to have that file. Mock access to the file. libvirt.git/tests $ ../run strace vircgrouptest ... access("/sys/devices/system/cpu/present", F_OK) = 0 ... 2016-02-25 Osier Yang Fix bug of attaching redirdev device RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1298070 The corresponding chardev must be attached first, otherwise the the qemu command line won't be complete (missing the host part), 2016-02-25 Eric Blake build: accomodate selinux 2.5 header API change Yet again, selinux has been adding const-correctness; this change is ABI-compatible, but breaks API, which affects us when we try to override things in our testsuite: ../../tests/securityselinuxhelper.c:307:24: error: conflicting types for 'selabel_open' struct selabel_handle *selabel_open(unsigned int backend, ^~~~~~~~~~~~ In file included from ../../tests/securityselinuxhelper.c:32:0: /usr/include/selinux/label.h:73:24: note: previous declaration of 'selabel_open' was here The problem is a new 'const' prior to the second parameter. Fix it the same way we did in commit 292d3f2d: check for the new const at configure time. 2016-02-25 Joao Martins libxl: implement virDomainInterfaceStats Introduce support for domainInterfaceStats API call for querying network interface statistics. Consequently it also enables the use of `virsh domifstat ` command plus seeing the interfaces names instead of "-" when doing `virsh domiflist `. After successful guest creation we fill the network interfaces names based on domain, device id and append suffix if it's emulated in the following form: vif.[-emu]. We extract the network interfaces info from the libxl_domain_config object in libxlDomainCreateIfaceNames() to generate ifname. On domain cleanup we also clear ifname, in case it was set by libvirt (i.e. being prefixed with "vif"). We also skip these two steps in case the name of the interface was manually inserted by the administrator. Since the introduction of netprefix (commit a040ba9), ifnames with a registered prefix will be freed on virDomain{Obj,Def}Format*, thus eliminating the migration issues observed with the reverted commit d2e5538 whereas source and destination would have the same ifname. For getting the interface statistics we resort to virNetInterfaceStats and let libvirt handle the platform specific nits. Note that the latter is not yet supported in FreeBSD. 2016-02-24 Chunyan Liu libxl: small fix in parsing network 2016-02-24 Eric Blake rbd: fix 32-bit build %zu is not always synonymous with uint64_t; on 32-bit machines, size_t is only 32 bits. Prefer "%lld"/'unsigned long long' when the variable is under our control, and "%"PRIu64 when we are stuck with 'uint64_t' from RBD. Fixes errors such as: ../../src/storage/storage_backend_rbd.c: In function 'virStorageBackendRBDVolWipe': ../../src/storage/storage_backend_rbd.c:1281:15: error: format '%zu' expects argument of type 'size_t', but argument 8 has type 'uint64_t {aka long long unsigned int}' [-Werror=format=] VIR_DEBUG("Need to wipe %zu bytes from RBD image %s/%s", ^ ../../src/util/virlog.h:90:73: note: in definition of macro 'VIR_DEBUG_INT' virLogMessage(src, VIR_LOG_DEBUG, filename, linenr, funcname, NULL, __VA_ARGS__) ^ ../../src/storage/storage_backend_rbd.c:1281:5: note: in expansion of macro 'VIR_DEBUG' VIR_DEBUG("Need to wipe %zu bytes from RBD image %s/%s", ^ 2016-02-24 Jim Fehlig libxl: fix bogus indentation from commit fb2bd208 2016-02-23 Michal Privoznik qemuBuildCommandLine: Change the condition for -nographics There's this check when building command line that whenever domain has no graphics card configured we put -nographics onto qemu command line. The check is 'if (!def->graphics)'. This makes coverity think that def->graphics can be NULL, which is true. But later in the code every access to def->graphics is guarded by check for def->ngraphics, so no crash occurs. But this is something that coverity fails to deduct. In order to shut coverity up lets change the condition to 'if (!def->ngraphics)'. xen: Check return value of virStringReplace After 6604a3dd9f8 in which new helper function has been introduced, the code calls virStringReplace and dereference the result immediately. The string function can, however, return NULL so this would SIGSEGV right away. Check for the return value of the string function. vbox: Avoid signed and unsigned comparison After 457ff97fa there are two defects in our code. In both of them we use a signed variable to hold up a number of snapshots that domain has. We use a helper function to count the number. However, the helper function may fail in which case it returns a negative one and control jumps to cleanup label where an unsigned variable is used to iterate over array of snapshots. The loop condition thus compare signed and unsigned variables which in this specific case ends up badly for us. docs: Try harder to uninstall Imagine you have partially installed libvirt, or maybe you're just running 'make uninstall' from a different version than 'make install' has been ran. One way or another, we are doing plain 'rm' instead of 'rm -f' and thus not trying hard enough when uninstalling. In the rest of our code we stick with -f switch. Do that for docs too. 2016-02-23 Andrea Bolognani tests: Fix typo oaque -> opaque No functional changes. 2016-02-23 Jim Fehlig libxl: add support for rbd qdisk xl/libxl already supports qemu's network-based block backends such as nbd and rbd. libvirt has supported configuring such s for long time too. This patch adds support for rbd disks in the libxl driver by generating a rbd device URL from the virDomainDiskDef object. The URL is passed to libxl via the pdev_path field of libxl_device_disk struct. libxl then passes the URL to qemu for cosumption by the rbd backend. 2016-02-23 Jim Fehlig xenconfig: support xl<->xml conversion of rbd disk devices The target= setting in xl disk configuration can be used to encode meta info that is meaningful to a backend. Leverage this fact to support qdisk network disk types such as rbd. E.g. config such as
can be converted to the following xl config (and vice versa) disk = [ "format=raw,vdev=hdb,access=rw,backendtype=qdisk, target=rbd:pool/image:auth_supported=none:mon_host=mon1.example.org\\:6321\\;mon2.example.org\\:6322\\;mon3.example.org\\:6322" ] Note that in xl disk config, a literal backslash in target= must be escaped with a backslash. Conversion of config is not handled in this patch, but can be done in a follow-up patch. Also add a test for the conversions. 2016-02-23 Jim Fehlig xenconfig: produce key=value disk config syntax in xl formatter The most formal form of xl disk configuration uses key=value syntax to define each configuration item, e.g. format=raw, vdev=xvda, access=rw, backendtype=phy, target=disksrc Change the xl disk formatter to produce this syntax, which allows target= to contain meta info needed to setup a network-based disksrc (e.g. rbd, nbd, iscsi). For details on xl disk config format, see $xen-src/docs/misc/xl-disk-configuration.txt Update the disk config in the tests to use the formal syntax. But add tests to ensure disks specified with the positional parameter syntax are correctly converted to XML. 2016-02-23 Jim Fehlig xenconfig: replace text 'xm' with 'xl' in xlconfigtest While at it, improve a few comments. No functional change. 2016-02-23 Andrea Bolognani hostdev: Minor style adjustments Mostly labels names and whitespace. No functional changes. 2016-02-22 Michal Privoznik cmdSaveImageEdit: Prefer VSH_EXCLUSIVE_OPTIONS over by hand check Since we have the macro there's no need for us to unwind it by hand and check for mutually exclusive flags ourselves. cmdNetworkUpdate: Prefer VSH_EXCLUSIVE_OPTIONS over if-else tree We have macros that check and reject mutually exclusive parameters to our commands. Use those instead of if-else tree. At the same time, the variable @current becomes useless therefore it is dropped. 2016-02-22 Marc-André Lureau util: TristateBool and TristateSwitch are interchangeable It may be useful in some cases to call TristateSwitch helper with TristateBool. Document that enum values equivalency in the code. 2016-02-22 Pavel Hrdina qemu_process: mark auto-generated spice ports as reserved In case you will specify graphics like this: or libvirt will automatically add autoport='no'. This leads to an issue that in qemuProcessStop() we don't release that port because we are releasing both port if autoport=yes or only port marked as reserved. If autoport=no but we request to generate port via '-1' we need to mark that port as reserved in order to release it. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1299696 2016-02-22 Martin Kletzander Miscellaneous for-loop syntax clean-ups Checking whether x > 0 before looping over [0..x] items doesn't make sense and multi-line body must have curly brackets around it. Best viewed with '-w'. 2016-02-22 Paolo Bonzini qemu: add support for LSI SAS1068 (aka MPT Fusion) SCSI controller This does nothing more than adding the new device and capability. The device is present since QEMU 2.6.0. 2016-02-22 Michal Privoznik virDomainDefFormatInternal: Drop useless check There's a check if a domain definition has any graphics card and if so, we iterate over each one of them. This makes no sense, because even if it has none we can still iterate over. 2016-02-22 Michal Privoznik adminDaemonListServers: Don't leak @srv_names array When getting a list of servers registered for a daemon, it's returned as a dynamically allocated array filled in with pointers to constant strings. Because the array is dynamic, it should be freed when no longer needed (but not the strings!). Even the function that creates the array suggests that. ==19446== 48 bytes in 3 blocks are definitely lost in loss record 821 of 1,034 ==19446== at 0x4C2C28E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==19446== by 0x54BAFC8: virReallocN (viralloc.c:245) ==19446== by 0x54BB0BE: virExpandN (viralloc.c:294) ==19446== by 0x54BB391: virInsertElementsN (viralloc.c:436) ==19446== by 0x164E3D: virNetDaemonGetServerNames (virnetdaemon.c:217) ==19446== by 0x15616F: adminDaemonListServers (admin_server.c:52) ==19446== by 0x155B8C: adminDispatchConnectListServers (admin.c:151) ==19446== by 0x155FD8: adminDispatchConnectListServersHelper (admin_dispatch.h:101) ==19446== by 0x568E862: virNetServerProgramDispatchCall (virnetserverprogram.c:437) ==19446== by 0x568E3C3: virNetServerProgramDispatch (virnetserverprogram.c:307) ==19446== by 0x5687B5B: virNetServerProcessMsg (virnetserver.c:135) ==19446== by 0x5687C1B: virNetServerHandleJob (virnetserver.c:156) 2016-02-20 Andrea Bolognani gic: Introduce VIR_GIC_VERSION_DEFAULT alias GIC v2 is the default, but checking against that specific version when we want to know whether the default has been selected is potentially error prone; using an alias instead makes it safer. docs: List possible GIC versions Recent changes to the handling of GIC version, specifically commit 2a7b11eafb67, have clearly defined what values are acceptable for the version attribute of the element. Update the documentation accordingly. 2016-02-20 Laurent Bigonville security_selinux: Fix typo in error message 2016-02-19 Peter Krempa qemu: iothreadpin: Always set affinity when pinning iothread Similarly to VM startup always set the legacy affinity. Additionally we don't need to report an explicit error since virProcessSetAffinity reports them themselves. qemu: emulatorpin: Always set affinity when pinning emulator thread Similarly to VM startup always set the legacy affinity. Additionally we don't need to report an explicit error since virProcessSetAffinity reports them themselves. 2016-02-19 Cole Robinson qemu: parse: drop redundant AddImplicitControllers PostParse handles it for us now. This causes some test suite churn; qemu's custom PostParse could is now invoked before the generic AddImplicitControllers, so PCI controllers end up sequentially in the XML before the generically added IDE controllers. So it's just some XML reordering 2016-02-19 Cole Robinson qemu: parse: rename qemuCaps->caps Everywhere else in qemu driver code 'qemuCaps' is a virQEMUCapsPtr, and virCapsPtr is generally named just 'caps'. Rename the offenders 2016-02-19 Cole Robinson domain: add implicit controllers from post parse Seems like the natural fit, since we are already adding other XML bits in the PostParse routine. Previously AddImplicitControllers was only called at the end of XML parsing, meaning code that builds a DomainDef by hand had to manually call it. Now those PostParse callers get it for free. There's some test churn here; xen xm and sexpr test suite bits weren't calling this before, but now they are, so you'll see new IDE controllers. I don't think this will cause problems in practice, since the code already needs to handle these implicit controllers like in the case when a user defines their own XML. 2016-02-19 Jiri Denemark Check for active domain in virDomainObjWait virDomainObjWait is designed to be called in a loop. Make sure we break the loop in case the domain dies to avoid waiting for an event which will never happen. 2016-02-19 Jiri Denemark qemu: Avoid calling qemuProcessStop without a job Calling qemuProcessStop without a job opens a way to race conditions with qemuDomainObjExitMonitor called in another thread. A real world example of such a race condition: - migration thread (A) calls qemuMigrationWaitForSpice - another thread (B) starts processing qemuDomainAbortJob API - thread B signals thread A via qemuDomainObjAbortAsyncJob - thread B enters monitor (qemuDomainObjEnterMonitor) - thread B calls qemuMonitorSend - thread A awakens and calls qemuProcessStop - thread A calls qemuMonitorClose and sets priv->mon to NULL - thread B calls qemuDomainObjExitMonitor with priv->mon == NULL => monitor stays ref'ed and locked Depending on how lucky we are, the race may result in a memory leak or it can even deadlock libvirtd's event loop if it tries to lock the monitor to process an event received before qemuMonitorClose was called. 2016-02-19 Jiri Denemark qemu: Simplify error handling in qemuProcessReconnect qemu: Process monitor EOF in a job Stopping a domain without a job risks a race condition with another thread which started a job a which does not expect anyone else to be messing around with the same domain object. qemu: Start an async job for processGuestPanicEvent Only a small portion of processGuestPanicEvent was enclosed within a job, let's make sure we use the job for all operations to avoid race conditions. qemu: Start job in qemuDomainDestroyFlags early 2016-02-19 Jiri Denemark qemu: Introduce qemuProcessBeginStopJob When destroying a domain we need to make sure we will be able to start a job no matter what other operations are running or even stuck in a job. This is done by killing the domain before starting the destroy job. Let's introduce qemuProcessBeginStopJob which combines killing a domain and starting a job in a single API which can be called everywhere we need a job to stop a domain. 2016-02-19 Jiri Denemark qemu: Pass async job to qemuProcessInit qemu: End nested jobs properly Ending a nested job is no different from ending any other (non-async) job, after all the code in qemuDomainBeginJobInternal does not handle them differently either. Thus we should call qemuDomainObjEndJob to stop nested jobs. qemu: Export qemuDomainObjBeginNestedJob 2016-02-19 Peter Krempa virsh: cpupin: Extract getter code into a separate function qemu: qemuDomainGetStatsVcpu: Fix output for possible sparse vCPU settings qemuDomainHelperGetVcpus would correctly return an array of virVcpuInfoPtr structs for online vcpus even for sparse topologies, but the loop that fills the returned typed parameters would number the vcpus incorrectly. Fortunately sparse topologies aren't supported yet. qemu: vcpupin: Always set affinity even when cgroups are supported VM startup and CPU hotplug always set the affinity regardless of cgroups support. Use the same approach for the pinning API. qemu: vcpupin: Don't overwrite errors from functions setting pinning Both errors from the cgroups code and from the affinity code would be overwritten by the API. Report the more specific error. util: Use virBitmapIsBitSet in freebsd impl of virProcessSetAffinity Use the helper that does not return errors to fix spuriously looking dead return of -1. virsh: cmdVcpuPin: Simplify handling of API flags Rather than setting flags to -1 if none were specified, move the logic to use the old API to the place where we need to decide. It simplifies the logic a bit. 2016-02-19 Andrea Bolognani test: qemuxml2argv: Drop QEMU_CAPS_DEVICE uses Since commit 51045df01b3c, the QEMU_CAPS_DEVICE capability is enabled automatically and shouldn't be passed as an argument to DO_TEST(); however, commit 998a936c4c1a accidentally introduced few such uses. 2016-02-19 Erik Skultety admin: Fix memory leak in remoteAdminConnectClose When virt-admin is run with valgrind, this kind of output can be obtained: HEAP SUMMARY: in use at exit: 134,589 bytes in 1,031 blocks total heap usage: 2,667 allocs, 1,636 frees, 496,755 bytes allocated 88 bytes in 1 blocks are definitely lost in loss record 82 of 128 at 0x4C2A9C7: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x52F6D1F: virAllocVar (viralloc.c:560) by 0x5350268: virObjectNew (virobject.c:193) by 0x53503E0: virObjectLockableNew (virobject.c:219) by 0x4E3BBCB: virAdmConnectNew (datatypes.c:832) by 0x4E38495: virAdmConnectOpen (libvirt-admin.c:209) by 0x10C541: vshAdmConnect (virt-admin.c:107) by 0x10C7B2: vshAdmReconnect (virt-admin.c:163) by 0x10CC7C: cmdConnect (virt-admin.c:298) by 0x110838: vshCommandRun (vsh.c:1224) by 0x10DFD8: main (virt-admin.c:862) LEAK SUMMARY: definitely lost: 88 bytes in 1 blocks indirectly lost: 0 bytes in 0 blocks possibly lost: 0 bytes in 0 blocks still reachable: 134,501 bytes in 1,030 blocks suppressed: 0 bytes in 0 blocks This is because virNetClientSetCloseCallback was being reinitialized incorrectly. By resetting the callbacks in a proper way, the leak is fixed. 2016-02-19 Matthias Bolte esx: Avoid using vSphere SessionIsActive function A login session with the vSphere API might expire after some idle time. The esxVI_EnsureSession function uses the SessionIsActive function to check if the current session has expired and a relogin needs to be done. But the SessionIsActive function needs the Sessions.ValidateSession privilege that is considered as an admin level privilege. Only vCenter actually provides the SessionIsActive function. This results in requiring an admin level privilege even for read-only operations on a vCenter server. ESX and VMware Server don't provide the SessionIsActive function and the code already works around that. Use the same workaround for vCenter again. This basically reverts commit 5699034b65afd49d91dff13c46481bea545cbaac. 2016-02-18 Ján Tomko Error out on missing machine type in machine configs Commit f1a89a8 allowed parsing configs from /etc/libvirt without validating the emulator capabilities. Check for the presence of os->type.machine even if the VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS flag is set, otherwise the daemon can crash on carelessly crafted input in the config directory. https://bugzilla.redhat.com/show_bug.cgi?id=1267256 2016-02-18 Ján Tomko vsh: use virBufferTrim in vshOutputLogFile Use virBufferTrim to strip the extra newline at the end of the message instead of open-coding it after the buffer's string is formatted. 2016-02-18 John Ferlan qemu: Introduce qemuBuildMonitorCommandLine Add new function to manage adding the '-mon' or '-monitor' options to the command line removing that task from the mainline qemuBuildCommandLine. Also adjusted qemuBuildChrChardevStr and qemuBuildChrArgStr to use const virDomainChrSourceDef *def rather than virDomainChrSourceDefPtr def. 2016-02-18 John Ferlan qemu: Introduce qemuBuildSgaCommandLine Add new function to manage adding the '-device sga' to the command line removing that task from the mainline qemuBuildCommandLine 2016-02-18 John Ferlan qemu: Introduce qemuBuildSmbiosCommandLine Add new function to manage adding the '-smbios' options to the command line removing that task from the mainline qemuBuildCommandLine Also while I was looking at it, move the uuid processing closer to usage. 2016-02-18 John Ferlan qemu: Introduce qemuBuildNumaCommandLine Add new function to manage adding the '-numa' options to the command line removing that task from the mainline qemuBuildCommandLine qemu: Introduce qemuBuildIOThreadCommandLine Add new function to manage adding the IOThread '-object' to the command line removing that task from the mainline qemuBuildCommandLine qemu: Rename qemuBuildSmpArgStr to qemuBuildSmpCommandLine Rename function and move code in from qemuBuildCommandLine to keep smp related code together. Also make a few style changes for long lines, return value change, and 2 spaces between functions. qemu: Introduce qemuBuildMemCommandLine Add new function to manage adding the '-m' memory options to the command line removing that task from the mainline qemuBuildCommandLine qemu: Rename qemuBuildCpuArgStr to qemuBuildCpuCommandLine Rename function and move code from mainline qemuBuildCommandLine to keep alike code together. qemu: Rename qemuBuildMachineArgStr Rename to qemuBuildMachineCommandLine to fit current (and future) helper naming conventions. qemu: Make basic upfront checks before create command Create qemuBuildCommandLineValidate to make some checks before trying to build the command. This will move some logic from much later to much earlier - we shouldn't be adjusting any data so that shouldn't matter. 2016-02-18 Bjoern Walk qemu: cgroup: fix cgroup permission logic Fix logic error introduced in commit d6c91b3c which essentially broke starting any domain. 2016-02-18 Peter Krempa virsh: Remove when changing cdrom media source Since the code is changing the source image path by modifying the existing XML snippet the stays in place. As is relevant to the part of the image, the update of that part makes the element invalid. CD/floppy images usually don't have a backing chain and the element is currently ignored though but it might start being used in the future so let's start behaving correctly. Drop the subtree once we want to update the XML. Before this patch, you'd get: $ virsh change-media --eject --print-xml 10 hdc ... After: $ virsh change-media --eject --print-xml 10 hdc ... 2016-02-18 John Ferlan qemu: Remove local emulator Remove the local variable 'emulator' and just use def->emulator 2016-02-18 Peter Krempa qemu: Kill VIR_WRAPPER_SHELL_PREFIX The migration code now doesn't need it, so remove the macros and the configure code that is detecting it. 2016-02-18 Cole Robinson qemu: Move PORT definitions to qemu_conf.c Which is the only user. That was the only reason for including qemu_command.h, though we need to explicitly include qemu_domain.h afterwards. tests: Remove unused virtTestClearLineRegex This was only used for test 'xml blanking', which has now all been removed, and isn't an ideal paradigm anyways since it inhibits easy XML regeneration. tests: lxcconf2xml: Drop XML blanking Hardcode a UUID like we did for qemuargv2xml, so we can use standard comparison helpers, which gives us VIR_TEST_REGENERATE_OUTPUT support 2016-02-18 Cole Robinson tests: qemuargv2xml: Drop memory XML blanking The memory XML blanking is only there to avoid the unit= churn that was added by default a long time ago. Drop the blanking, switch over to using the standard comparison helpers, and regenerate the output with VIR_TEST_REGENERATE_OUTPUT. 2016-02-18 Cole Robinson tests: qemuargv2xml: hardcode disk auth usage If a qemuargv has iscsi or ceph secrets on the command line, we will convert that to XML like: This is not valid XML, as either a UUID or usage must be specified in the secret block. It's not clear though how the argv2xml code can do anything correct here, since XML like this requires a libvirt secret object to have already been defined. The current test suite handles this by blanking out any block in the XML. This avoids domainschematest failures. Instead of blanking, let's hardcode a usage= name. This lets us test the other bits of generated XML, and is a step towards wiring up VIR_TEST_REGENERATE_OUTPUT 2016-02-18 Cole Robinson tests: qemuargv2xml: Remove UUID randomness Overwrite any randomly generated UUID to use a hardcoded value, so we don't need to blank it when comparing XML. tests: qemuargv2xml: Remove unneeded XML blanking None of the test cases depend on dropping these XML bits 2016-02-17 Peter Krempa qemu: Remove unnecessary calculations in qemuDomainSaveMemory Now that the file migration doesn't require us to use 'dd' and other legacy stuff for too old qemus we don't even have to calcuate the offsets and other stuff. 2016-02-17 Peter Krempa qemu: monitor: Remove unused qemuMonitorMigrateToFile With the currently supported qemus we always migrate to file descriptors so the old function is not required any more. Additionally QEMU_MONITOR_MIGRATE_TO_FILE_TRANSFER_SIZE macro is now unused. 2016-02-17 Michal Privoznik vircgroup: Update virCgroupDenyDevicePath stub In cf113e8d we changed the declaration of virCgroupAllowDevicePath() and virCgroupDenyDevicePath(). However, while updating the stub for non-cgroup platforms for the former we forgot to update the latter too causing a build failure. 2016-02-17 Ján Tomko Revert "storageVolCreateXMLFrom: Check if backend knows how to createVol" This reverts commit 611a278fa46d3136b7fe5c6ab05e660ca3c8fdf4. According to the original commit message, this is dead code: It is highly unlikely that a backend will know how to create a volume from a different volume (buildVolFrom) and not know how to create an empty volume (createVol). 2016-02-17 Erik Skultety syms: add forgotten virAdmConnectClass symbol Although it currently doesn't cause any linking issues, the symbol should be exported correctly according to our conventions. virt-admin: Introduce cmdSrvList Since we introduced listing API earlier in these series, it's time to wire up the API to the virt-admin client. admin: Introduce adminDaemonConnectListServers API This API is merely a convenience API, i.e. when managing clients connected to daemon's servers, we should know (convenience) which server the specific client is connected to. This implies a client-side representation of a server along with a basic API to let the administrating client know what servers are actually available on the daemon. admin: Introduce virAdmServer structure This is the key structure of all management operations performed on the daemon/clients. An admin client needs to be able to identify another client (either admin or non-privileged client) to perform an action on it. This identification includes a server the client is connected to, thus a client-side representation of a server is needed. 2016-02-17 Erik Skultety admin: Move admin_server.{h,c} to admin.{h,c} This change is merely because admin_server would contain all the code from dispatchers and helpers to the actual APIs. Admin should have similar structure to the daemon-side remote driver - dispatchers and helpers in a separate module, APIs in a separate module. Best viewed with -M. 2016-02-17 Erik Skultety virnetdaemon: Store servers in a hash table Since the daemon can manage and add (at fresh start) multiple servers, we also should be able to add them from a JSON state file in case of a daemon restart, so post exec restart support for multiple servers is also provided. Patch also updates virnetdaemontest accordingly. util: Refactor virHashForEach so it returns as soon as an iterator fails The method will now return 0 on success and -1 on error, rather than number of items which it iterated over before it returned back to the caller. Since the only place where we actually check the number of elements iterated is in virhashtest, return value of 0 and -1 can be a pretty accurate hint that it iterated over all the items. However, if we really want to know the number of items iterated over (like virhashtest does), a counter has to be provided through opaque data to each iterator call. This patch adjusts return value of virHashForEach, refactors the body, so it returns as soon as one of the iterators fail and adjusts virhashtest to reflect these changes. util: Add a return value to void hash iterators Our existing virHashForEach method iterates through all items disregarding the fact, that some of the iterators might have actually failed. Errors are usually dispatched through an error element in opaque data which then causes the original caller of virHashForEach to return -1. In that case, virHashForEach could return as soon as one of the iterators fail. This patch changes the iterator return type and adjusts all of its instances accordingly, so the actual refactor of virHashForEach method can be dealt with later. 2016-02-17 Peter Krempa qemu: cgroup: Setup cgroups for bios/firmware images oVirt wants to use OVMF images on top of lvm for their 'logical' storage thus we should set up device ACLs for them so it will actually work. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1305922 2016-02-17 Peter Krempa qemu: cgroup: Extract guts of qemuSetupImageCgroupInternal They will later be reused for setting cgroup for other image backed devices. qemu: cgroup: Split up qemuSetImageCgroupInternal Separate the Teardown and Setup code paths into separate helpers. qemu: cgroup: Switch to qemu(Setup|Teardown)ImageCgroup For other objects we use the two functions rather than one with a bool. Convert qemuSetImageCgroup to the same approach. qemu: cgroup: Avoid reporting errors from inaccessible NFS volumes Rather than reporting it and then reseting the error, don't report it in the first place. 2016-02-17 Peter Krempa util: cgroup: Allow ignoring EACCES in virCgroup(Allow|Deny)DevicePath When adding disk images to ACL we may call those functions on NFS shares. In that case we might get an EACCES, which isn't really relevant since NFS would not hold a block device. This patch adds a flag that allows to stop reporting an error on EACCES to avoid spaming logs. Currently there's no functional change. 2016-02-17 Peter Krempa util: cgroup: Drop virCgroup(Allow|Deny)DeviceMajor Since commit 47e5b5ae virCgroupAllowDevice allows to pass -1 as either the minor or major device number and it automatically uses '*' in place of that. Reuse the new approach through the code and drop the duplicated functions. util: cgroup: Instrument virCgroupDenyDevice to handle -1 device number as * Similarly to commit 47e5b5ae virCgroupDenyDevice will handle -1 as *. 2016-02-17 Peter Krempa qemu: migration: Refactor code now that we assume support for fd migration After removing capability check for fd migration the code that was left behind didn't make quite sense. The old exec migration would be used in case when pipe() failed. Remove the old code and make failure of pipe() a hard error. This additionally removes usage of virCgroupAllowDevicePath outside of qemu_cgroup.c. 2016-02-17 Peter Krempa qemu: cgroup: Remove abandoned function qemuAddToCgroup This function doesn't do anything useful since 2049ef99425db33f1e66fa8. 2016-02-17 Andrea Bolognani conf: Use a temporary int variable to store GIC version Since no value in the virGICVersion enumeration is negative, a clever enough compiler can report an error such as src/conf/domain_conf.c:15337:75: error: comparison of unsigned enum expression < 0 is always false [-Werror,-Wtautological-compare] if ((def->gic_version = virGICVersionTypeFromString(tmp)) < 0 || ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~ virGICVersionTypeFromString() can, however, return a negative value if the input string is not part of the enumeration, so we definitely need that check. Work around the problem by storing the return value in a temporary int variable. 2016-02-17 John Ferlan qemu: Move qemuDomainNetVLAN Move function into qemu_domain.c. qemu: Move qemuAssign*Alias* API's into their own module Create a new module qemu_alias.c to handle the qemuAssign*Alias* APIs and the qemuDomainDeviceAliasIndex qemu: Move qemuNetworkPrepareDevices Move function to qemu_process.c, rename to qemuProcessNetworkPrepareDevices and make it static. qemu: Move and rename qemuOpenVhostNet Move function to qemu_interface.c and rename to qemuInterfaceOpenVhostNet 2016-02-17 John Ferlan qemu: Move qemuDomain*Address* functions Create new modules qemu_domain_address.c and qemu_domain_address.h to contain all the new functions and header data. Additionally move any supporting static functions. Make qemuDomainSupportsPCI non static. Also, move and rename the following: qemuSetSCSIControllerModel to qemuDomainSetSCSIControllerModel qemuCollectPCIAddress to qemuDomainCollectPCIAddress qemuValidateDevicePCISlotsPIIX3 to qemuDomainValidateDevicePCISlotsPIIX3 qemuAssignDevicePCISlots to qemuDomainAssignDevicePCISlots 2016-02-17 John Ferlan qemu: Move qemuDomainSupports* functions Move qemuDomainSupportsNicdev and qemuDomainSupportsNetdev into qemu_domain.c and expose from there. 2016-02-17 John Ferlan qemu: Move qemuNetworkIfaceConnect to qemu_interface.c and rename Move the misplaced function from qemu_command.c to qemu_interface.c since it's closer in functionality there and had less to do with building the command line. Rename function to qemuInterfaceBridgeConnect and modify callers. 2016-02-17 John Ferlan qemu: Move qemuPhysIfaceConnect to qemu_interface.c and rename Move the misplaced function from qemu_command.c to qemu_interface.c since it's closer in functionality there and had less to do with building the command line. Rename function to qemuInterfaceDirectConnect and modify callers. 2016-02-17 John Ferlan qemu: Move qemuVirCommandGetDevSet Move function closer to where it's used in qemuBuildTPMBackendStr 2016-02-17 John Ferlan qemu: Move qemuBuildTPMDevStr Move function closer to where it's used in qemuBuildTPMCommandLine Also fix function header to match current coding practices 2016-02-17 John Ferlan qemu: Move qemuVirCommandGetFDSet Move function closer to where it's used in qemuBuildTPMCommandLine 2016-02-17 John Ferlan qemu: Move qemuBuildTPMBackendStr Move function closer to where it's called in qemuBuildTPMCommandLine Also adjust function header to fit current coding guidelines 2016-02-16 Andrea Bolognani tests: Add more GIC test cases Test all kinds of scenarios, including guests asking for GIC but failing to specify a version, guests specifying an invalid version and guests trying to use GIC with non-virt or even non-ARM machines. 2016-02-16 Andrea Bolognani tests: Reorganize and simplify GIC test cases Unify the naming to prepare for new test cases that will be added later on. Convert a couple of output XML files for the qemuxml2xml test to symlinks while at it, since they were identical to the corresponding input XML files anyways. Moreover, since we're only interested in testing GIC support here, simplify XML files by getting rid of the unrelevant bits. 2016-02-16 Andrea Bolognani qemu: Always enable GIC on ARM virt machines GIC is always available to ARM virt machines, and the domain XML should reflect this fact. qemu: Default to GIC v2 When a domain is configured to use GIC but no version has been specified by the user, default to GIC v2. conf: Use virGICVersion enumeration in virDomainDef Instead of allowing any random positive number, restrict the possible values to the ones that are part of the virGICVersion enumeration. 2016-02-16 Andrea Bolognani schema: List allowed GIC versions This change allows to use "host" as a GIC version in the domain XML. Since we'll need to update the virGICVersion enumeration to support new GIC versions anyway, it makes sense to be a bit more strict in the schema as well and reject values that are not in the enumeration. 2016-02-16 Andrea Bolognani gic: Introduce virGICVersion enumeration We currently blindly accept any numeric value as a GIC version, even though only GIC v2 and GIC v3 actually exist; on the other hand, we reject "host", which is a perfectly legitimate value for QEMU guests. This new enumeration contains all GIC versions libvirt is aware of. 2016-02-16 Ludovic Beliveau qemu: fix hot unplug of PCI devices with VFIO Currently, on hot unplug of PCI devices with VFIO driver for QEMU, libvirt is trying to restore the host devices to it's previous value (basically a chown on the previous user/group). However for devices with VFIO driver, when the device is unbinded it is removed from the /dev/vfio file system causing the restore label to fail. The fix is to not restore the label for those PCI devices since they are going to be teared down anyway. 2016-02-15 Ján Tomko Spell VMware with a lowercase w Replace all occurrences of VMWare outside the news. 2016-02-15 Peter Krempa vsh: Replace vshPrint macro with function The macro would eat the first parameter. In some cases the format string for vshPrint was eaten. In other cases the calls referenced variables which did not exist in the given context. Avoid errors by doing compile time checking. vsh: Simplify bailing out on OOM conditions When we hit OOM it doesn't really make sense to format the error message by attempting to allocate it. Introduce a simple helper that prints a static message and terminates the execution. 2016-02-15 Laine Stump util: clean up and expand 802.1QbX negotiation logging The existing log messages for this have several problems; there are two lines of log when one will suffice, they duplicate the function name in log message (when it's already included by VIR_DEBUG), they're missing some useful bits, they get logged even when the call is a NOP. This patch cleans up the problems with those existing logs, and also adds a new VIR_INFO-level log down at the function that is actually creating and sending the netlink message that logs *everything* going into the netlink message (which turns out to be much more useful in practice for me; I didn't want to eliminate the logs at the existing location though, in case they are useful in some scenario I'm unfamiliar with; anyway those logs are remaining at debug level, so it shouldn't be a bother to anyone). 2016-02-15 Laine Stump network: consolidated info log for all network allocate/free operations There are three functions that deal with allocating and freeing devices from a networks netdev/pci device pool: network(Allocate|Notify|Release)ActualDevice(). These functions also maintain a counter of the number of domains currently using a network (regardless of whether or not that network uses a device pool). Each of these functions had multiple log messages (output using VIR_DEBUG) that were in slightly different formats and gave varying amounts of information. This patch creates a single function to log the pertinent information in a consistent manner for all three of these functions. Along with assuring that all the functions produce a consistent form of output (and making it simpler to change), it adds the MAC address of the domain interface involved in the operation, making it possible to verify which interface of which domain the operation is being done for (assuming that all MAC addresses are unique, of course). All of these messages are raised from DEBUG to INFO, since they don't happen that often (once per interface per domain/libvirtd start or domain stop), and can be very informative and helpful - eliminating the need to log debug level messages makes it much easier to sort these out. 2016-02-15 Laine Stump network: consolidate connection count updates for device pool networkReleaseActualDevice() and networkNotifyActualDevice() both were updating the individual devices' connections count in two separate places (unlike networkAllocateActualDevice() which does it in a single unified place after success:). The code is correct, but prone to confusion / later breakage. All of these updates are anyway located at the end of if/else clauses that are (with the exception of a single VIR_DEBUG() in each case) immediately followed by the success: label anyway, so this patch replaces the duplicated ++/-- instructions with a single ++/-- inside a qualifying "if (dev)" down below success:. (NB: if dev != NULL, by definition we are using a device (either pci or netdev, doesn't matter for these purposes) from the network's pool) The VIR_DEBUG args (which will be replaced in a followup patch anyway) were all adjusted to account for the connection count being out of date at the time. 2016-02-13 Wido den Hollander rbd: Use RBD fast-diff for querying actual volume allocation Since Ceph version Infernalis (9.2.0) the new fast-diff mechanism of RBD allows for querying actual volume usage. Prior to this version there was no easy and fast way to query how much allocation a RBD volume had inside a Ceph cluster. To use the fast-diff feature it needs to be enabled per RBD image and is only supported by Ceph cluster running version Infernalis (9.2.0) or newer. Without the fast-diff feature enabled libvirt will report an allocation identical to the image capacity. This is how libvirt behaves currently. 'virsh vol-info rbd/image2' might output for example: Name: image2 Type: network Capacity: 1,00 GiB Allocation: 124,00 MiB Newly created volumes will have the fast-diff feature enabled if the backing Ceph cluster supports it. 2016-02-13 Wido den Hollander rbd: rbd_diff_iterate2() is available in librbd since 266 In commit 0b15f920 there is a #ifdef which requires LIBRBD_VERSION_CODE 266 or newer for rbd_diff_iterate2() rbd_diff_iterate2() is available since 266, so this if-statement should require anything newer than 265. 2016-02-13 Wido den Hollander rbd: Add volStorageBackendRBDGetFeatures() for internal calls As more and more features are added to RBD volumes we will need to call this method more often. By moving it into a internal function we can re-use code inside the storage backend. 2016-02-12 Andrea Bolognani domsuspend: Fix warning on mingw build Commit d82170d introduced a workaround for domtop: in that example program, we define a symbol called ERROR for our own use, but since a symbol with the same name is already defined in one of mingw's header files, we get a warning when using that compiler. domsuspend defines the same problematic symbol, so the workaround has been copied over. 2016-02-12 Michal Privoznik storageVolCreateXMLFrom: Check if backend knows how to createVol It is highly unlikely that a backend will know how to create a volume from a different volume (buildVolFrom) and not know how to create an empty volume (createVol). But: 1) we call the function without any prior check so if that's the case we would SIGSEGV immediatelly 2) it's better to be safe than sorry. storageVolCreateXML: Swap order of two operations Firstly, we realloc internal list to hold new item (=volume that will be potentially created) and then we check whether we actually know how to create it. If we don't we consume more memory than we really need for no good reason. virsh: Teach vol-create-as to --print-xml We have the same argument to many other commands that produce an XML based on what user typed. But unfortunately vol-create-as was missing it. Maybe nobody had needed it yet. Well, I did just now. cmdVolCreateAs: Rework to follow usual func pattern The way we usually write functions is that we start the work and if something goes bad we goto cleanup and roll back there. Or just free resources that are no longer needed. Do the same here. 2016-02-12 Michal Privoznik virportallocatortest: Run on linux only After the rework of mocking of our tests there's the virportallocator test failing to link on mingw. Well, it's the mocking library actually: ../gnulib/lib/.libs/libgnu.a(bind.o): In function `rpl_bind': /home/jenkins/libvirt-mingw/build32/gnulib/lib/../../../gnulib/lib/bind.c:33: multiple definition of `rpl_bind' .libs/virportallocatormock_la-virportallocatormock.o:/home/jenkins/libvirt-mingw/build32/tests/../../tests/virportallocatormock.c:79: first defined here I've no idea why this matters to mingw and does not to others. Nevertheless, if we make the test linux only the problem goes away. Apparently, our test for RTLD_NEXT is not sufficient because mingw32 defines it. Lets put aside for a while fact that it has the same value as RTLD_DEFAULT which by description has different meaning, shall we? 2016-02-12 Mikhail Feoktistov vz: fix race condition when adding domain to domains list Race condition: User calls defineXML to create new instance. The main thread from vzDomainDefineXMLFlags() creates new instance by prlsdkCreateVm. Then this thread calls prlsdkAddDomain to add new domain to domains list. The second thread receives notification from hypervisor that new VM was created. It calls prlsdkHandleVmAddedEvent() and also tries to add new domain to domains list. These two threads call virDomainObjListFindByUUID() from prlsdkAddDomain() and don't find new domain. So they add two domains with the same uuid to domains list. This fix splits logic of prlsdkAddDomain() into two functions. 1. vzNewDomain() creates new empty domain in domains list with the specific uuid. 2. prlsdkLoadDomain() add data from VM to domain object. New algorithm for creating an instance: In vzDomainDefineXMLFlags() we add new domain to domain list by calling vzNewDomain() and only after that we call CreateVm() to create VM. It means that we "reserve" domain object with the specific uuid. After creation of new VM we add info from this VM to reserved domain object by calling prlsdkLoadDomain(). Before this patch prlsdkLoadDomain() worked in 2 different cases: 1. It creates and initializes new domain. Then updates it from sdk handle. 2. It updates existed domain from sdk handle. In this patch we remove code which creates new domain from LoadDomain() and move it to vzNewDomain(). Now prlsdkLoadDomain() only updates domain from skd handle. In notification handler prlsdkHandleVmAddedEvent() we check the existence of a domain and if it doesn't exist we add new domain by calling vzNewDomain() and load info from sdk handle via prlsdkLoadDomain(). 2016-02-12 Mikhail Feoktistov vz: fix notification subscription Bug cause: Update the domain that is subscribed to hypervisor notification. LoadDomain() rewrites notifications fields in vzDomObj structure and makes domain as "unsubscribed". Fix: Initialize notification fields in vzDomObj only if we create a new domain. And do not reinitialize these fields if we update domain (by calling LoadDomain with olddom argument) vz: remove unused struct field In commit 7039bb3c we have removed code that saves uuid to vzDomObj.uuid So this field is no longer needed. vz: make output arguments in prlsdkGetDomainIds as optional prlsdkGetDomainIds() returns name and uuid for specified instance. Now output arguments can be NULL. It allows to get only necessary info(name or uuid). 2016-02-12 Maxim Nestratov Change maintainers list Add Maxim Nestratov to the commiters list. Move Dmitry Guryanov to the previous maintainers list. 2016-02-12 Andrea Bolognani tests: Rename virmockdbus -> virdbusmock for consistency All mock libraries were called vir*mock except for this one; now the naming is consistent across the board. tests: Don't use "lib" prefix for mock libraries virportallocatormock was the only one using it, and has been changed accordingly. 2016-02-12 Andrea Bolognani tests: Allow use of close() in mock libraries As mock libraries are not to be linked against libvirt, the sc_prohibit_close syntax-check rule does not apply. This fixes a syntax-check failure introduced by commit a03cbfe0fb. 2016-02-12 Andrea Bolognani tests: Split off the mock part of the port allocator test Instead of compiling either the mock or the non-mock part of the file based on a compiler flag, split the mock part off to its own file. 2016-02-11 Peter Krempa conf: snapshot: Avoid autogenerating duplicate snapshot names The snapshot name generator truncates the original file name after a '.' and replaces the suffix with the snapshot name. If two disks source images differ only in the suffix portion, the generated name will be duplicate. Since this is a corner case just error out stating that a duplicate name was generated. The user can work around this situation by providing the file names explicitly. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1283085 2016-02-11 Peter Krempa conf: snapshot: Refactor virDomainSnapshotDefAssignExternalNames Get rid of one indentation level by negating condition and remove ugly pointer arithmetic at the cost of one extra allocation. conf: snapshot: Extract code to generate default external file names conf: snapshot: Rename disksorter to virDomainSnapshotCompareDiskIndex Stick to the naming pattern. 2016-02-11 Andrea Bolognani tests: Link mock libraries against gnulib and gnulib only Mock libraries should not be linked against libvirt, but some of them did - fix that. On the other hand, not linking against gnulib can cause build failures on mingw, so define a new $(MOCKLIBS_LIBS) variable and use it everywhere. 2016-02-11 Andrea Bolognani tests: Use plain close() in mock code The virportallocatortest.c file is compiled both as a test case and as a mock library; in the latter case, it can't use VIR_FORCE_CLOSE() because mock libraries are not linked against libvirt. Replace VIR_FORCE_CLOSE() with plain close() to solve the issue. 2016-02-11 Michal Privoznik dbus: Don't unref NULL messages Apparently we are not the only ones with dumb free functions because dbus_message_unref() does not accept NULL either. But if I were to vote, this one is even more evil. Instead of returning an error just like we do it immediately dereference any pointer passed and thus crash you app. Well done DBus! Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f878ebda700 (LWP 31264)] 0x00007f87be4016e5 in ?? () from /usr/lib64/libdbus-1.so.3 (gdb) bt #0 0x00007f87be4016e5 in ?? () from /usr/lib64/libdbus-1.so.3 #1 0x00007f87be3f004e in dbus_message_unref () from /usr/lib64/libdbus-1.so.3 #2 0x00007f87bf6ecf95 in virSystemdGetMachineNameByPID (pid=9849) at util/virsystemd.c:228 #3 0x00007f879761bd4d in qemuConnectCgroup (driver=0x7f87600a32a0, vm=0x7f87600c7550) at qemu/qemu_cgroup.c:909 #4 0x00007f87976386b7 in qemuProcessReconnect (opaque=0x7f87600db840) at qemu/qemu_process.c:3386 #5 0x00007f87bf6edfff in virThreadHelper (data=0x7f87600d5580) at util/virthread.c:206 #6 0x00007f87bb602334 in start_thread (arg=0x7f878ebda700) at pthread_create.c:333 #7 0x00007f87bb3481bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 (gdb) frame 2 #2 0x00007f87bf6ecf95 in virSystemdGetMachineNameByPID (pid=9849) at util/virsystemd.c:228 228 dbus_message_unref(reply); (gdb) p reply $1 = (DBusMessage *) 0x0 2016-02-11 Ján Tomko virhook: do not save the return value of virBuildPath This function returns -1 on allocation error, there's no need to check the path for NULL again. 2016-02-11 Ján Tomko Clean up usage of 'ret' variable Do not store the return value of called functions in the same variable as the (future) return value of the current function. This makes tracking the origin of the value easier and reduces the chance of introducing a new point of exit without resetting the return value back to -1. 2016-02-11 Ján Tomko Prohibit verbose strcat Using strcat directly is more readable than passing strlen of the copied string to strncat. vbox: remove more extra spaces vbox: remove extra spaces from function headers Also fix the curly brace to pass sytnax-check. vbox: remove extra spaces from assignments vbox: remove extra spaces from variable initializations vbox: remove extra spaces from macro definitions 2016-02-11 Michal Privoznik qemu: Connect to guest agent iff needed https://bugzilla.redhat.com/show_bug.cgi?id=1293351 Since we already have virtio channel events, we know when guest agent within guest has (dis-)connected. Instead of us blindly connecting to a socket that no one is listening to, we can just follow what qemu-ga does. This has a nice benefit that we don't need to 'guest-ping' the agent just to timeout and find out nobody is listening. The way that this commit is implemented: - don't connect in qemuProcessLaunch directly, defer that to event callback (which already follows the agent) - processSerialChangedEvent - after migration is settled, before we resume vCPUs, ask qemu whether somebody is listening on the socket and if so, connect to it. 2016-02-11 John Ferlan qemu: Split the command parsing routines into own module Extract out the qemuParseCommandLine{String|Pid} into their own separate module - taking with it all the various static functions. Causes a ripple effect with a few other modules to include the new qemu_parse_command.h. Narrowed down the list of #include's in the split out module to those that are necessary for build. 2016-02-11 John Ferlan qemu: Check return status for virDomainGraphicsListenSetAddress Recent refactors in the vbox code to check the return status for the function tipped Coverity's scales of justice for any functions that do not check status - such as this one. While I'm at it, since the call is essentially the same other than whether starting from val or val+1 when val[0] = '[', just adjust the val pointer by one and have one call instead of two. Additionally, the call to virDomainGraphicsListenGetAddress is redundant since it checking that the address field got filled. It's a leftover from the strndup -> ListenSetAddress conversion (commit id 'ef79fb5b5') 2016-02-11 John Ferlan qemu: Introduce qemuParseCommandLineVnc Refactor qemuParseCommandLine to pull out the "-vnc" argument parsing into its own helper function. Modify the code to use "cleanup" instead of "error" and use the standard return processing to indicate success or failure by using ret 2016-02-11 Andrea Bolognani Revert "tests: Don't link mock libraries against libvirt and gnulib" This reverts commit 6aa90452aa63cb1e1ffa84ff5f93f5873bf810a0. Turns out that not linking against libvirt and gnulib is okay for regular Linux (and FreeBSD) builds, but makes mingw very unhappy. .../virnetserverclientmock_la-virnetserverclientmock.o: In function `virNetSocketGetSELinuxContext': .../virnetserverclientmock.c:61: undefined reference to `rpl_strdup' .../libvirportallocatormock_la-virportallocatortest.o: In function `init_syms': .../virportallocatortest.c:61: undefined reference to `virFileClose' 2016-02-11 Andrea Bolognani tests: Don't link mock libraries against libvirt and gnulib Mock libraries are used with LD_PRELOAD from test binaries that are already linked against those libraries, so they will be able to resolve the symbols anyway. 2016-02-10 Michal Privoznik xenconfig: Properly check retval of virDomainGraphicsListenSetAddress The function, like others in our code, returns zero on success and a negative value on error. However, there are two places in xenconfig source code where we check for non-zero value. While the function can't currently return a positive value, those checks look okay, but does not really follow our style. 2016-02-10 Joao Martins libxl: keepalive messages support This patch introduces keep alive messages support for P2P migration and it adds two new configuration entries namely 'keepalive_interval' 'keepalive_count' to control it. Behavior of these entries is the same as qemu driver thus the description is copied from there with just a few simplifications. 2016-02-10 Joao Martins libxl: add p2p migration Introduce support for VIR_MIGRATE_PEER2PEER in libvirt migration. Most of the changes occur at the source and no modifications at the receiver. In P2P mode there is only the Perform phase so we must handle the connection with the destination and actually perform the migration. libxlDomainPerformP2P implements the connection to the destination and libxlDoMigrateP2P implements the actual migration logic with virConnectPtr. In this function we take care of doing all phases of migration in the destination similar to virDomainMigrateVersion3Full. We appropriately save the last error reported in each of the phases to provide proper reporting. We don't yet support VIR_MIGRATE_TUNNELED and we always use V3 with extensible params, thus it also makes the implementation simpler. It is worth noting that the receiver didn't have any changes, and since it's still the v3 sequence thus it is possible to migrate from a P2P to non-P2P host. 2016-02-10 Cole Robinson tests: qemu: More aarch64 virtio and pci tests Clarify the point of some of the test cases by renaming them. Add more xml2xml tests. 2016-02-10 Cole Robinson tests: qemuxml2xml: assign device addresses We use the PreFormat callback for this. Many test cases need to be extended to pass in proper qemuCaps flags so AssignAddresses doesn't throw errors. One test case (pcie-root-port-too-many) is dropped, since it was meant only for checking an error condition in qemuxml2argv, and one we add in AssignAddresses it errors here too. Long term I think AssignAddresses should be handled in qemu's PostParse callback, but that's not entirely straightforward. Handling it here means we can get the test suite churn over with. 2016-02-10 Cole Robinson tests: utils: Add PreFormat callback for CompareXML2XML helper This allows individual driver tests to hook in their own code before the def is formatted and compared. We will eventually use this in the qemuxml2xml 2016-02-10 Michal Privoznik virStringListLength: Ensure const correctness The virStringListLength function does not ever modify the passed string list. It merely counts the items in it. Make sure that we reflect this bit in the function header. (crobinso: fix up spacing and squash in sheepdog bit suggested by Andrea) 2016-02-10 Cole Robinson tests: qemuxml2xml: specify qemuCaps in test cases Similar to how we do it for qemuxml2argvtest. This will be used in future patches. tests: Unconditionally enable QEMU_CAPS_DEVICE QEMU_CAPS_DEVICE is always enabled for qemu binaries we support. Sync qemuxml2* to match, and regenerate all test output. 2016-02-10 Cole Robinson tests: qemuxml2argv: remove some QEMU_CAPS_DEVICE problem cases When we unconditionally enable QEMU_CAPS_DEVICE, these tests need some massaging, so do it ahead of time to not mix it in with the big test refresh. - minimal-s390 is not a real world working config, so drop it - disk-usb was testing for an old code path that will be removed. instead use it to test lack of USB disk support, and rename it to disk-usb-nosupport. Switch xml2xml to use disk-usb-device for input. - cputune-numatune was needlessly using q35, switch it to an older machine type 2016-02-10 Michal Privoznik virDomainFormatSchedDef: Initialize @priority Older gcc fails to see that the variable is set iff @hasPriority == true in which case the former is set a value. Initialize the value while declaring it to make the compiler shut up. 2016-02-09 Martin Kletzander util: Get rid of virStringListLen() It does exactly the same thing as virStringListLength() and it's used in one place only. 2016-02-09 Cole Robinson tests: qemuxml2xml: Always use different output file Most qemuxml2xml tests expect that the input XML is unchanged after parsing. This is unlike 99% of new qemu configs in the wild, which after initial parsing end up with stable PCI device addresses. The xml2xml bit doesn't currently hit that code path though, so most XML testing indeed does not change. Future patches will add that PCI address bits, which means most test cases will have different output. So let's do away with the hardcoded same vs different test split, and always track a separate output file. Tests can still have same input and output, it just necessitates 2 separate XML files. 2016-02-09 Martin Kletzander Fix '-pie' build with clang Commit 97e70a593589e8f0432a748b4b93c3cdc18b9e5a added the option -pie to CFLAGS and LDFLAGS, however '-pie' is just a linker option. That wouldn't be a problem. However, clang is checking for that and outputs an error or unused argument: error: argument unused during compilation: '-pie' 2016-02-09 Ján Tomko leaseshelper: swap two parameters of virLeaseNew My commit e11aa74 messed up the parameter order. Reported by John Ferlan. 2016-02-09 Ján Tomko vboxDumpDisplay: realign variable initializations Remove the extra spaces, do not align them on '='. 2016-02-09 Ján Tomko vboxDumpDisplay: remove suspicious strlen The return type of strlen is 'size_t', which is unsigned and therefore never less than zero. Use STREQ to make the check obvious. 2016-02-09 Ján Tomko vboxDumpDisplay: reuse the keyUtf16 variable We free the key right after calling the API. Reuse a single variable to remove the typo. 2016-02-09 Ján Tomko vboxDumpDisplay: use VIR_APPEND_ELEMENT Instead of open-coding it. vboxDumpDisplay: check return of virDomainGraphicsListenSetAddress Error out if the allocation failed. 2016-02-09 Ján Tomko vboxDumpDisplay: clean up VIR_STRDUP usage Two VIR_STRDUP calls are redundant - just steal the string converted by VBOX_UTF16_TO_UTF8. Report an error when the third one fails. 2016-02-09 Ján Tomko vboxDumpDisplay: fill out the graphics structure earlier Remove the need to track what type of graphics were present by temporary variables. 2016-02-09 Ján Tomko vboxDumpDisplay: allocate the graphics structure upfront Allocate it as soon as we know we will need it. Add it to def->ngraphics if it's allocated, removing the need to use the addDesktop and totalPresent variables to track this. 2016-02-09 Ján Tomko vboxDumpDisplay: split out def->graphics allocation Separate allocation of the def->graphics array from the allocation and initialization of its first element. Note that the only possible values of totalPresent at this point are 0 or 1, because it equals to guiPresent + sdlPresent. 2016-02-09 Ján Tomko vboxDumpDisplay: remove extra virReportOOMError VIR_ALLOC* already reported an error. vboxDumpDisplay: add addDesktop bool When FRONTEND/Type is not any of "sdl", "gui", "vrdp", we add a DESKTOP. Use a bool to track this, instead of checking that both totalPresent ("sdl" or "gui" present) and vrdpPresent are zero. vboxDumpDisplay: more indentation reducing VRDxEnabled is initialized to false. Put the if (VRDxEnabled) on the top level to reduce nesting. vboxDumpDisplay: reduce indentation level Use STREQ_NULLABLE instead of deep nesting. 2016-02-09 Ján Tomko Check return value of vboxDumpVideo Error out on allocation failures instead of creating an incomplete definition. Fixes a possible crash when def->nvideos is 1, but def->videos is NULL. 2016-02-09 Ján Tomko leaseshelper: split out virLeaseNew For the actions ADD and OLD, split out creating the new lease object, as well as getting the environment variables that do not affect the parsing of command line arguments. 2016-02-09 Peter Krempa qemu: iothread: Reuse qemuProcessSetupIOThread in iothread hotplug Since majority of the steps is shared, the function can be reused to simplify code. Similarly to previous path doing this same for vCPUs this also fixes the a similar bug (which is not tracked). 2016-02-09 Peter Krempa qemu: iothread: Aggregate code to set IOThread tuning Rather than iterating 3 times for various settings this function aggregates all the code into single place. One of the other advantages is that it can then be reused for properly setting IOThread info on hotplug. 2016-02-09 Peter Krempa qemu: vcpu: Reuse qemuProcessSetupVcpu in vcpu hotplug Since majority of the steps is shared, the function can be reused to simplify code. Additionally this resolves https://bugzilla.redhat.com/show_bug.cgi?id=1244128 since the cpu bandwidth limiting with cgroups would not be set on the hotplug path. Additionally the code now sets the thread affinity and honors autoCpuset as in the regular startup code path. 2016-02-09 Peter Krempa qemu: vcpu: Aggregate code to set vCPU tuning Rather than iterating 3 times for various settings this function aggregates all the code into single place. One of the other advantages is that it can then be reused for properly setting vCPU info on hotplug. With this approach autoCpuset is also used when setting the process affinity rather than just via cgroups. 2016-02-08 Joao Martins remote: enforce VIR_TYPED_PARAM_STRING_OKAY flag on client side serialization Commit 8cd1d54 consolidates both daemon and remote driver typed param serialization functions. The consolidation now enforces client to use VIR_TYPED_PARAM_STRING_OKAY flag to properly serialize string parameters, which server has used for quite some time now. And this caused an issue, since the commit had not adjusted client remote calls appropriately, thus causing a failure in blkiotune, numatune and migration APIs (as per Xen CI tests). This patch adjusts both remote_driver.c and gendispatch.pl to properly address this issue. http://lists.xenproject.org/archives/html/xen-devel/2016-02/msg01012.html 2016-02-08 Michal Privoznik vircgroup: Update virCgroupGetPercpuStats stump In the commit 7938b533 we've changed the function signature, however forgot to update stump that's used on systems without CGroups causing a build failure. 2016-02-08 Peter Krempa conf: Fix how iothread scheduler info is stored Similarly to previous commit change the way how iothread scheduler info is stored and clean up a lot of unnecessary code. 2016-02-08 Peter Krempa conf: Don't store vcpusched orthogonally to other vcpu info Due to bad design the vcpu sched element is orthogonal to the way how the data belongs to the corresponding objects. Now that vcpus are a struct that allow to store other info too, let's convert the data to the sane structure. The helpers for the conversion are made universal so that they can be reused for iothreads too. This patch also resolves https://bugzilla.redhat.com/show_bug.cgi?id=1235180 since with the correct storage approach you can't have dangling data. 2016-02-08 Peter Krempa conf: Extract code that formats virDomainDefFormatInternal is growing rather large. Extract the cputune formatter into a separate function. conf: remove unused cpu pinning helpers and data structures Now that the pinning info is stored elsewhere we can delete all the obsolete code. conf: Store cpu pinning data in def->vcpus Now with the new struct the data can be stored in a much saner place. conf: Don't copy def->cpumask into cpu pinning info This step can be omitted, so that drivers can decide what to do when the user requests to use default vcpu pinning. 2016-02-08 Peter Krempa qemu: Reuse qemuDomainDetectVcpuPids in cpu hot(un)plug Now that qemuDomainDetectVcpuPids is able to refresh the vCPU pid information it can be reused in the hotplug and hotunplug code paths rather than open-coding a very similar algorithm. A slight algorithm change is necessary for unplug since the vCPU needs to be marked offline prior to calling the thread detector function and eventually rolled back if something fails. 2016-02-08 Peter Krempa qemu: Differentiate error codes when VM exits in qemuDomainDetectVcpuPids Some callers will need to behave differently when the detection failed and when the VM crashed during the redetection. Return -2 if it crashed. cgroup: Prepare for sparse vCPU topologies in virCgroupGetPercpuStats Pass a bitmap of enabled guest vCPUs to virCgroupGetPercpuStats so that non-continuous vCPU topologies can be used. 2016-02-08 Peter Krempa conf: Move and optimize disk target duplicity checking Move the logic from virDomainDiskDefDstDuplicates into virDomainDiskDefCheckDuplicateInfo so that we don't have to loop multiple times through the array of disks. Since the original function was called in qemuBuildDriveDevStr, it was actually called for every single disk which was quite wasteful. Additionally the target uniqueness check needed to be duplicated in the disk hotplug case, since the disk was inserted into the domain definition after the device string was formatted and thus virDomainDiskDefDstDuplicates didn't do anything in that case. 2016-02-08 Peter Krempa tests: Integrate startup checks to qemuxml2argvtest Some of the tests that are not a part of qemuBuildCommandLine were not executed in the test suite. We can now reuse qemuProcessStartValidate to integrate these tests. qemu: process: Extract pre-start checks into a function When starting a qemu process there are certain checks done to ensure that the configuration makes sense. Extract them into a separate function so that they can be reused in the test code. qemu: process: Reorder operations on early VM startup Retrieval of the driver capabilities as well as emulator capabilities does not require the complete qemuProcessStop to be executed on failure. qemu: hotplug: Check duplicate disk serial/wwn on hotplug too We do the check on VM start, but the user could still hotplug a disk with a conflicting serial or WWN. Reuse the checker function to fix the issue. conf: Extract code that checks disk serial/wwn conflict Put it into a separate function that can be called on two disk def pointers. qemu: hotplug: Extract common code to qemuDomainAttachDeviceDiskLive Target uniqueness check was duplicated in all of the three workers called from it. Extract it to the parent. qemu: hotplug: Use more common 'cleanup' label in qemuDomainAttachDeviceDiskLive qemu: hotplug: Break up if/else statement into switch qemu: hotplug: Remove unnecessary variable qemu: hotplug: Use typecasted switch Remove the default case since all cases are covered. qemu: snapshot: Avoid infinite loop if vCPUs can't be resumed In b3d2a42e I've refactored the code and moved the 'cleanup' label. Unfortunately the code that was originally in the 'endjob' label and wanted to jump to cleanup is now in the cleanup label. Remove the jump and let the function finish. qemu: snapshot: Don't overwrite existing errors when thawing filesystems If we are attempting to thaw the filesystems on error, the code would overwrite the error code that caused the snapshot to fail with the error of thawing the filesystem. Since the thawing function allows control of error reporting behavior we can use this feature. 2016-02-07 Roman Bogorodskiy nodedev: stub nodeDeviceSysfsGetPCIRelatedDevCaps Add a stub for nodeDeviceSysfsGetPCIRelatedDevCaps() for non-Linux platforms. It allows nodedev driver to work on non-Linux platoforms that, however, have HAL. 2016-02-06 John Ferlan util: Fix virCgroupNewMachine ATTRIBUTE_NONNULL args Commit id 'c3bd0019c0' removed arg3, but forgot to adjust the numbers for NONNULL - caused build failure for coverity 2016-02-06 Roman Bogorodskiy bhyve: fix preprocessor indentation Syntax-check fails with: cppi: src/bhyve/bhyve_driver.h: line 26: not properly indented cppi: src/bhyve/bhyve_driver.h: line 27: not properly indented maint.mk: incorrect preprocessor indentation Fix by properly indenting '#include's. Pushed as trivial. 2016-02-06 Michal Privoznik bhyve: Fix the build After 1036ddadb276e we use bhyveDriverGetCapabilities from other sources too, not only from bhyve_driver.c. However, the function was static so not properly expose to other files. In order to expose it, we need to move couple of #include-s too. Then, there has been a copy paste error in virBhyveProcessReconnect: s/privconn/data->driver/. 2016-02-06 Cole Robinson tests: qemuargv2xml: separate from qemuxml2argv data Most of the qemuargv2xml tests are parsing old style qemu command lines (with -disk, -serial, etc), and it gets its input from qemuxml2argv output. But since we've raise the minimum supported qemu version to 0.12.0, which supports -device, once that changes propagates through libvirt the vast majority of qemuxml2argv output is _not_ going to be using old style qemu options. In preparation for this, switch qemuargv2xml to use its own copies of input and output, so it's not tied to qemuxml2argv results. This is just a straight copy of the current tests. 2016-02-06 Cole Robinson tests: Run test-wrap-argv with REGENERATE_OUTPUT To get properly wrapped output 2016-02-06 Wido den Hollander rbd: Use %zu for uint64_t instead of casting to unsigned long long This was only used in debugging messages and not in any real code. Ceph/RBD uses uint64_t for sizes internally and they can be printed with %zu without any need for casting. 2016-02-06 Wido den Hollander rbd: Code styling cleanup Through the years the RBD storage pool code hasn't maintained the same or correct coding standard which applies to libvirt. This patch doesn't change any logic in the code, it only applies the proper coding standards to the code where possible without making large changes. This way the code style used in this storage pool is consistent throughout the whole file. 2016-02-06 Michal Privoznik virSystemdGetMachineNameByPID: Initialize @reply I've noticed that variable @reply is not initialized and if something at the beginning of the function fails, e.g. virDBusGetSystemBus(), the control jump straight to cleanup label where dbus_message_unref() is then called over this uninitialized variable. 2016-02-05 Michal Privoznik virnetdevbandwidth: Compute quantum value I've noticed couple of warning in dmesg while debugging something: [ 9683.973754] HTB: quantum of class 10001 is big. Consider r2q change. [ 9683.976460] HTB: quantum of class 10002 is big. Consider r2q change. I've read the HTB documentation and linux kernel code to find out what's wrong. Basically we need to pass another argument "quantum" to our tc cmd line because the default computed by HTB does not always work in which case the warning message is printed out. You can read more details here: http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm#sharing 2016-02-05 Peter Krempa conf: Extract code for parsing thread resource scheduler info As the scheduler info elements are represented orthogonally to how it makes sense to actually store the information, the extracted code will be later used when converting between XML and internal definitions. conf: Add helper to return a bitmap of active iothread ids util: bitmap: Introduce bitmap subtraction Performs binary subtraction of two bitmaps. Stores result in the first operand. 2016-02-05 Martin Kletzander systemd: Modernize machine naming So, systemd-machined has this philosophy that machine names are like hostnames and hence should follow the same rules. But we always allowed international characters in domain names. Thus we need to modify the machine name we are passing to systemd. In order to change some machine names that we will be passing to systemd, we also need to call TerminateMachine at the end of a lifetime of a domain. Even for domains that were started with older libvirt. That can be achieved thanks to virSystemdGetMachineNameByPID(). And because we can change machine names, we can get rid of the inconsistent and pointless escaping of domain names when creating machine names. So this patch modifies the naming in the following way. It creates the name as -- where invalid hostname characters are stripped out of the name and if the resulting name is longer, it truncates it to 64 characters. That way we can start domains we couldn't start before. Well, at least on systemd. To make it work all together, the machineName (which is needed only with systemd) is saved in domain's private data. That way the generation is moved to the driver and we don't need to pass various unnecessary arguments to cgroup functions. The only thing this complicates a bit is the scope generation when validating a cgroup where we must check both old and new naming, so a slight modification was needed there. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1282846 2016-02-05 Joao Martins conf: add caps to virDomainSnapshotDefFormat The virDomainSnapshotDefFormat calls into virDomainDefFormat, so should be providing a non-NULL virCapsPtr instance. On the qemu driver we change qemuDomainSnapshotWriteMetadata to also include caps since it calls virDomainSnapshotDefFormat. 2016-02-05 Daniel P. Berrange conf: add caps to virDomainObjFormat/SaveStatus The virDomainObjFormat and virDomainSaveStatus methods both call into virDomainDefFormat, so should be providing a non-NULL virCapsPtr instance. 2016-02-05 Roman Bogorodskiy bhyve: fix build Fix build fail introduced as a side effect of commit d239a54. Pushed under the build breaker rule. 2016-02-04 Nikolay Shirokovskiy qemu migration: factor out setting migration option 2016-02-04 Peter Krempa Fix build after recent patches Few build breaking mistakes in less-popular parts of our code. 2016-02-04 John Ferlan logical: Clarify pieces of lvs regex Rather than have a unwieldy regex string - split it up into its components each having it's own #define and then combine in a different #define 2016-02-04 Joao Martins libxl: set net device prefix Use the newly added virCapabilitiesSetNetPrefix to set the network prefix for the driver. This in return will be use by NetDefFormat() and NetDefParseXML() routines to free any interface name that start with the registered prefix. Acked-by: Daniel P. Berrange 2016-02-04 Joao Martins conf: add caps to virDomainSaveConfig virDomainSaveConfig calls virDomainDefFormat which was setting the caps to NULL, thus keeping the old behaviour (i.e. not looking at netprefix). This patch adds the virCapsPtr to the function and allows the configuration to be saved and skipping interface names that were registered with virCapabilitiesSetNetPrefix(). conf: add caps to virDomainDefFormat* And use the newly added caps->host.netprefix (if it exists) for interface names that match the autogenerated target names. conf: add prefix in virDomainNetDefParseXML And use the newly added caps->host.netprefix for free interface names that match the autogenerated target names. 2016-02-04 Joao Martins conf: add net device prefix to capabilities In the reverted commit d2e5538b1, the libxl driver was changed to copy interface names autogenerated by libxl to the corresponding network def in the domain's virDomainDef object. The copied name is freed when the domain transitions to the shutoff state. But when migrating a domain, the autogenerated name is included in the XML sent to the destination host. It is possible an interface with the same name already exists on the destination host, causing migration to fail. This patch defines a new capability for setting the network device prefix that will be used in the driver. Valid prefixes are VIR_NET_GENERATED_PREFIX or the one announced by the driver. 2016-02-04 Roman Bogorodskiy virsh: display if ZFS storage backend is enabled Make 'virsh -V' list ZFS storage backend if it's enabled. 2016-02-04 Roman Bogorodskiy configure: zfs: enable on Linux ZFS-on-Linux implementation of ZFS starting with version 0.6.4 contains all the features we use. Additionally, as we support 'volmode' option handling that's not available on ZoL but is available on FreeBSD, there is no need to block ZFS storage driver on Linux anymore. So un-mark zfs storage driver as FreeBSD-only. 2016-02-04 Roman Bogorodskiy storage: zfs: flexible use of 'volmode' option There are slight differences in various ZFS implementations. Specifically, ZFS on FreeBSD requires to set value of 'volmode' option to 'dev' to expose volumes as raw disk device (that's what we need) rather than geom provides, for example. With ZFS on Linux, however, such option is not available and volumes exposed like we need by default. To make our implementation more flexible, only pass 'volmode' when it's supported. Support is checked by parsing usage information of the 'zfs get' command. 2016-02-03 Erik Skultety util: Export remoteSerializeTypedParameters internally via util Same as for deserializer, this method might get handy for admin one day. The major reason for this patch is to stay consistent with idea, i.e. when deserializer can be shared, why not serializer as well. The only problem to be solved was that the daemon side serializer uses a code snippet which handles sparse arrays returned by some APIs as well as removes any string parameters that can't be returned to older clients. This patch makes of the new virTypedParameterRemote datatype introduced by one of the pvious patches. util: Export remoteFreeTypedParameters internally via util Since the method is static to remote_driver, it can't even be used by our daemon. Other than that, it would be useful to be able to use it with admin as well. This patch uses the new virTypedParameterRemote datatype introduced in one of previous patches. 2016-02-03 Erik Skultety util: Export remoteDeserializeTypedParameters internally via util Currently, the deserializer is hardcoded into remote_driver which makes it impossible for admin to use it. One way to achieve a shared implementation (besides moving the code to another module) would be pass @ret_params_val as a void pointer as opposed to the remote_typed_param pointer and add a new extra argument specifying which of those two protocols is being used and typecast the pointer at the function entry. An example from remote_protocol: struct remote_typed_param_value { int type; union { int i; u_int ui; int64_t l; uint64_t ul; double d; int b; remote_nonnull_string s; } remote_typed_param_value_u; }; typedef struct remote_typed_param_value remote_typed_param_value; struct remote_typed_param { remote_nonnull_string field; remote_typed_param_value value; }; That would leave us with a bunch of if-then-elses that needed to be used across the method. This patch takes the other approach using the new datatype introduced in one of earlier commits. 2016-02-03 Erik Skultety util: Introduce virTypedParameterRemote datatype Both admin and remote protocols define their own types (remote_typed_param vs admin_typed_param). Because of the naming convention, admin typed params wouldn't be able to reuse the serialization/deserialization methods, which are tailored for use by remote protocol, even if those method were exported properly. In that case, introduce a new internal data type structurally copying both admin and remote protocols which, eventually, would allow serializer and deserializer to be used in a more generic way. 2016-02-03 Nikolay Shirokovskiy qemu: qemuDomainRename and virDomainObjListNumOfDomains ABBA deadlock fix A pretty nasty deadlock occurs while trying to rename a VM in parallel with virDomainObjListNumOfDomains. The short description of the problem is as follows: Thread #1: qemuDomainRename: ------> aquires domain lock by qemuDomObjFromDomain ---------> waits for domain list lock in any of the listed functions: - virDomainObjListFindByName - virDomainObjListRenameAddNew - virDomainObjListRenameRemove Thread #2: virDomainObjListNumOfDomains: ------> aquires domain list lock ---------> waits for domain lock in virDomainObjListCount Introduce generic virDomainObjListRename function for renaming domains. It aquires list lock in right order to avoid deadlock. Callback is used to make driver specific domain updates. 2016-02-03 Martin Kletzander systemd: Add virSystemdGetMachineNameByPID 2016-02-03 Martin Kletzander Revert "systemd: Escape only needed characters for machined" This reverts commit 0e0149ce91d84f40b98acf4c4bb0da6e29b9c15c. That commit was added to comply with systemd rules that were changed in the meantime, so this patch is pointless. 2016-02-03 Ján Tomko Simplify virDomainParseMemory Do not store the return value of virDomainParseScaledValue, it was overwritten anyway. Delete the cleanup label, there is nothing to clean up. 2016-02-03 Peter Krempa conf: Split out logic to determine whether cpupin was provided qemu: domain: Prepare qemuDomainDetectVcpuPids for reuse Free the old vcpupids array in case when this function is called again during the run of the VM. It will be later reused in the vCPU hotplug code. The function now returns the number of detected VCPUs. qemu: Move and rename qemuProcessDetectVcpuPIDs to qemuDomainDetectVcpuPids Future patches will tweak and reuse the function in different places so move it separately first. qemu: cpu hotplug: Set vcpu state directly in the new structure Avoid using virDomainDefSetVcpus when we can set it directly in the structure. conf: Add helper to retrieve bitmap of active vcpus for a definition In some cases it may be better to have a bitmap representing state of individual vcpus rather than iterating the definition. The new helper creates a bitmap representing the state from the domain definition. cgroup: Clean up virCgroupGetPercpuStats Use 'ret' for return variable name, clarify use of 'param_idx' and avoid unnecessary 'success' label. No functional changes. Also document the function. 2016-02-03 Martin Kletzander qemu: Don't crash when create fails early Since commit 714080791778e3dfbd484ccb3953bffd820b8ba9 we are generating socket path later than before -- when starting a domain. That makes one particular inconsistent state of a chardev, which was not possible before, currently valid. However, SELinux security driver forgot to guard the main restoring function by a check for NULL-paths. So make it no-op for NULL paths, as in the DAC driver. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1300532 2016-02-03 Erik Skultety cfg.mk: Adjust sc_prohibit_int_ijk to support 'exempt from syntax-check' There might be cases, like with typed params, where triggering this check isn't desirable. But including the whole module in the exception regex is not always to right way of doing things. By adding an option to manually disable this check on a specific occurrence, the module itself will still be checked against the rule. 2016-02-03 Dmitry Andreev qemuDomainResume: allow to resume domain with guest panicked In case of guest panicked, preserved crashed domain has stopped CPUs. It's not possible to use tools like WinDbg for the problem investigation until we start CPUs back. 2016-02-03 Nikolay Shirokovskiy qemu: return -1 on error paths in qemuDomainSaveImageStartVM Error paths after sending the event that domain is started written as if ret = -1 which is set at the beginning of the function. It's common idioma to keep 'ret' equal to -1 until the end of function where it is set to 0. But here we use ret to keep result of restore operation too and thus breaks the idioma and its users :) Let's use different variable to hold restore result. 2016-02-03 John Ferlan logical: Clean up allocation when building regex on the fly Rather than a loop reallocating space to build the regex, just allocate it once up front, then if there's more than 1 nextent, append a comma and another regex_unit string. logical: Use 'stripes' value for mirror/raid segtype The 'stripes' value is described as the "Number of stripes or mirrors in a logical volume". So add "mirror" and anything that starts with "raid" to the list of segtypes that can have an 'nextents' value greater than one. Use of raid segtypes (raid1, raid4, raid5*, raid6*, and raid10) is favored over mirror in more recent lvm code. logical: Use VIR_APPEND_ELEMENT instead of VIR_REALLOC_N Rather than preallocating a set number of elements, then walking through the extents and adjusting the specific element in place, use the APPEND macros to handle that chore. 2016-02-02 Michal Privoznik include: Handle case when builddir == srcdir In my previous commit a70f3b1c779120129 I've tried to fix case when building from VPATH and a file wasn't being installed. However, my fix broke non-VPATH build. 2016-02-02 Eric Blake tests: avoid realpath in test-lib.sh Ever since commit ace4aecd, running 'make check' on RHEL 6 produces: ./test-lib.sh: line 21: realpath: command not found for every shell script test, because 'realpath' was not part of coreutils back then. * tests/test-lib.sh (_scriptdir): Compute with only portable shell. 2016-02-02 Michael Chapman virsh: improve waiting for block job readiness After a block job hits 100%, we only need to apply a timeout waiting for a block job event if exactly one of the BLOCK_JOB or BLOCK_JOB_2 callbacks were able to be registered. If neither callback could be registered, there's clearly no need for a timeout. If both callbacks were registered, then we're guaranteed to eventually get one of the events. The path being used by virsh must be exactly the source path or target device in the domain's disk definition, and these are the respective strings sent back in these two events. 2016-02-02 Michael Chapman virsh: ensure SIGINT action is reset on all errors If virTimeMillisNow() fails, the SIGINT action must be reset back to its previous state. virsh: be consistent with style of loop exit When waiting for a block job, the various statuses (COMPLETED, READY, CANCELED, etc.) should all be treated consistently by having the loop be exited with "break". Use "goto cleanup" for the error cases only, when no block job status is available. virsh: avoid unnecessary progress updates There is no need to call virshPrintJobProgress() unless the block job's cur or end cursors have changed since the last iteration. 2016-02-01 Cole Robinson qemu: Mark some functions as static 2016-02-01 Michal Privoznik fdstream: Realign Some lines in this file are misaligned which fires up my OCD. 2016-02-01 Boris Fiuczynski qemu: Align dump options for watchdog and on_crash events Having on_crash set to either coredump-destroy or coredump-restart creates core dumps with option memory-only in the directory specified by auto_dump_path. When a watchdog is triggered with the action dump the core dump is also placed into the directory specified by auto_dump_path but is created without the option memory-only. This patch sets the option memory-only also for core dumps created by the watchdog event. Reviewed-by: Bjoern Walk Reviewed-by: Stefan Zimmermann 2016-01-30 Michal Privoznik includes: Install libvirt-common.h The libvirt-common.h is build time generated file from .in. Obviously, it's generated into builddir and not srcdir. Problem is, the list of header files to install, virinc_HEADERS contains only $(srcdir)/*.h and this misses libvirt-common.h. This problem is pretty obvious when doing a VPATH build. 2016-01-30 John Ferlan logical: Create helper virStorageBackendLogicalParseVolExtents Create a helper routine in order to parse any extents information including the extent size, length, and the device string contained within the generated 'lvs' output string. A future patch would then be able to avoid the code more cleanly 2016-01-30 Wido den Hollander rbd: Open in Read-Only mode when refreshing a volume By opening a RBD volume in Read-Only we do not register a watcher on the header object inside the Ceph cluster. Refreshing a volume only calls rbd_stat() which is a operation which does not write to a RBD image. This allows us to use a cephx user which has no write permissions if we would want to use the libvirt storage pool for informational purposes only. It also saves us a write into the Ceph cluster which should speed up refreshing a RBD pool. rbd_open_read_only() is available in all librbd versions which also support rbd_open(). 2016-01-30 Wido den Hollander rbd: Implement buildVolFrom using RBD cloning RBD supports cloning by creating a snapshot, protecting it and create a child image based on that snapshot afterwards. The RBD storage driver will try to find a snapshot with zero deltas between the current state of the original volume and the snapshot. If such a snapshot is found a clone/child image will be created using the rbd_clone2() function from librbd. rbd_clone2() is available in librbd since Ceph version Dumpling (0.67) which dates back to August 2013. It will use the same features, strip size and stripe count as the parent image. This implementation will only create a single snapshot on the parent image if never changes. This reduces the amount of snapshots created for that RBD image which benefits the performance of the Ceph cluster. During build the decision will be made to use either rbd_diff_iterate() or rbd_diff_iterate2(). The latter is faster, but only available on Ceph versions after 0.94 (Hammer). Cloning is only supported if RBD format 2 is used. All images created by libvirt are already format 2. If a RBD format 1 image is used as the original volume the backend will report a VIR_ERR_OPERATION_UNSUPPORTED error. 2016-01-30 Wido den Hollander rbd: Add support for wiping RBD volumes using TRIM. Using VIR_STORAGE_VOL_WIPE_ALG_TRIM a RBD volume can be trimmed down to 0 bytes using rbd_discard() Effectively all the data on the volume will be lost/gone, but the volume remains available for use afterwards. Starting at offset 0 the storage pool will call rbd_discard() in stripe size * count increments which is usually 4MB. Stripe size being 4MB and count 1. rbd_discard() is available since Ceph version Dumpling (0.67) which dates back to August 2013. 2016-01-30 Wido den Hollander storage: Add TRIM algorithm to storage volume API This new algorithm adds support for wiping volumes using TRIM. It does not overwrite all the data in a volume, but it tells the backing storage pool/driver that all bytes in a volume can be discarded. It depends on the backing storage pool how this is handled. A SCSI backend might send UNMAP commands to remove all data present on a LUN. A Ceph backend might use rbd_discard() to instruct the Ceph cluster that all data on that RBD volume can be discarded. 2016-01-29 Wido den Hollander rbd: Add support for wiping RBD volumes When wiping the RBD image will be filled with zeros started at offset 0 and until the end of the volume. This will result in the RBD volume growing to it's full allocation on the Ceph cluster. All data on the volume will be overwritten however, making it unavailable. It does NOT take any RBD snapshots into account. The original data might still be in a snapshot of that RBD volume. 2016-01-29 Wido den Hollander storage: Adjust fix virStorageBackendVolWipeLocal switch Use the cast of (virStorageVolWipeAlgorithm) adding the missing case:'s (VIR_STORAGE_VOL_WIPE_ALG_ZERO and VIR_STORAGE_VOL_WIPE_ALG_LAST). Additionally, the old code would also still run the SCRUB command on default since it didn't go to cleanup when a invalid flag was supplied. We now go to cleanup and exit if a invalid flag would be provided. 2016-01-29 John Ferlan logical: Fix comment examples for virStorageBackendLogicalFindLVs When commit id '82c1740a' made changes to the output format (changing from using a ',' separator to '#'), the examples in the lvs output from the comments weren't changed. Additionally, the two new fields added ('segtype' and 'stripes') were not included in the output, leaving it well confusing. This patch fixes the sample output, adds a 'striped' example, and makes other comment related adjustments for long line and spacing between followup 'NB' remarks (while I'm there). 2016-01-29 Andrea Bolognani pci: Use bool return type for some virPCIDeviceGet*() functions The affected functions are: virPCIDeviceGetManaged() virPCIDeviceGetUnbindFromStub() virPCIDeviceGetRemoveSlot() virPCIDeviceGetReprobe() Change their return type from unsigned int to bool: the corresponding members in struct _virPCIDevice are defined as bool, and even the corresponding virPCIDeviceSet*() functions take a bool value as input so there's no point in these functions having unsigned int as return type. Suggested-by: John Ferlan 2016-01-29 Michal Privoznik gendispatch: Don't output spaces on empty line In our generator for some code we put empty lines in the output to separate blocks of code. However, in some cases we put couple of spaces on the empty line too. It's not bug, it just isn't nice. 2016-01-28 Andrea Bolognani pci: Add debug messages when unbinding from stub driver Unbinding a PCI device from the stub driver can require several steps, and it can be useful for debugging to be able to trace which of these steps are performed and which are skipped for each device. pci: Phase out virPCIDeviceReattachInit() The name is confusing, and there are just two uses: one is a test case, and the other will be removed as part of an upcoming refactoring of the hostdev code. 2016-01-28 Peter Krempa qemu: don't iterate vcpus using priv->nvcpupids in qemuProcessSetSchedParams This should be the last offender. conf: disallow empty cpuset for emulatorpin It's disallowed in the API. 2016-01-28 Peter Krempa conf: disallow empty cpusets for vcpu pinning when parsing XML They are disallowed in the pinning API and as default cpuset. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1293241 2016-01-28 Peter Krempa qemu: Don't use priv->ncpus to iterate cgroup setting Iterate over all cpus skipping inactive ones. 2016-01-27 Andrea Bolognani virnetdevopenvswitch: Don't call strlen() twice on the same string Commit 871e10f fixed a memory corruption error, but called strlen() twice on the same string to do so. Even though the compiler is probably smart enough to optimize the second call away, having a single invocation makes the code slightly cleaner. Suggested-by: Michal Privoznik 2016-01-27 Michal Privoznik virnetdevmacvlan: Provide stubs for build without macvtap In 370608b4c76f we have introduced two new internal APIs. However, there are no stubs for build without macvtap. Therefore build on systems lacking macvtap support (e.g. mingw or freebds) fails when trying to link. 2016-01-27 Jason J. Herne Fix libvirtd free() segfault when migrating guest with deleted open vswitch port libvirtd crashes on free()ing portData for an open vswitch port if that port was deleted. To reproduce: ovs-vsctl del-port vnet0 virsh migrate --live kvm1 qemu+ssh://dstHost/system Error message: libvirtd: *** Error in `/usr/sbin/libvirtd': free(): invalid pointer: 0x000003ff90001e20 *** The problem is that virCommandRun can return an empty string in the event that the port being queried does not exist. When this happens then we are unconditionally overwriting a newline character at position strlen()-1. When strlen is 0, we overwrite memory that does not belong to the string. The fix: Only overwrite the newline if the string is not empty. Reviewed-by: Bjoern Walk 2016-01-27 Laine Stump util: keep/use a bitmap of in-use macvtap devices This patch creates two bitmaps, one for macvlan device names and one for macvtap. The bitmap position is used to indicate that libvirt is currently using a device with the name macvtap%d/macvlan%d, where %d is the position in the bitmap. When requested to create a new macvtap/macvlan device, libvirt will now look for the first clear bit in the appropriate bitmap and derive the device name from that rather than just starting at 0 and counting up until one works. When libvirtd is restarted, the qemu driver code that reattaches to active domains calls the appropriate function to "re-reserve" the device names as it is scanning the status of running domains. Note that it may seem strange that the retry counter now starts at 8191 instead of 5. This is because we now don't do a "pre-check" for the existence of a device once we've reserved it in the bitmap - we move straight to creating it; although very unlikely, it's possible that someone has a running system where they have a large number of network devices *created outside libvirt* named "macvtap%d" or "macvlan%d" - such a setup would still allow creating more devices with the old code, while a low retry max in the new code would cause a failure. Since the objective of the retry max is just to prevent an infinite loop, and it's highly unlikely to do more than 1 iteration anyway, having a high max is a reasonable concession in order to prevent lots of new failures. 2016-01-27 Leno Hou util: increase libnl buffer size In the following cases nl_recv() was returning the error "No buffer space available": * When switching CPUs to offline/online in a system more than 128 cpus * When using virsh to destroy domain in a system with many interfaces This patch sets the buffer size for all netlink sockets created by libnl to 128K and turns on message peeking for nl_recv(). This eliminates the "No buffer space available" errors seen in the cases above, and also preempts other future errors the smaller buffers could have caused. 2016-01-27 Pavel Hrdina device: cleanup input device code The current code was a little bit odd. At first we've removed all possible implicit input devices from domain definition to add them later back if there was any graphics device defined while parsing XML description. That's not all, while formating domain definition to XML description we at first ignore any input devices with bus different to USB and VIRTIO and few lines later we add implicit input devices to XML. This seems to me as a lot of code for nothing. This patch may look to be more complicated than original approach, but this is a preferred way to modify/add driver specific stuff only in those drivers and not deal with them in common parsing/formating functions. The update is to add those implicit input devices into config XML to follow the real HW configuration visible by guest OS. There was also inconsistence between our behavior and QEMU's in the way, that in QEMU there is no way how to disable those implicit input devices for x86 architecture and they are available always, even without graphics device. This applies also to XEN hypervisor. VZ driver already does its part by putting correct implicit devices into live XML. 2016-01-27 Pavel Hrdina tests: add some missing tests to qemuxml2xmltest Those tests are in qemuargv2xmltest and it makes sense to include them also in qemuxml2xmltest and qemuxml2argvtest. tests: use virtTestDifferenceFull in tests where we have output file This will enable regenerate functionality for those tests to make developer lives easier while updating tests. 2016-01-27 Michal Privoznik vircgroup: Finish renaming of virCgroupIsolateMount In dc576025c360 we renamed virCgroupIsolateMount function to virCgroupBindMount. However, we forgot about one occurrence in section of the code which provides stubs for platforms without support for CGroups like *BSD for instance. 2016-01-27 Daniel P. Berrange lxc: don't try to hide parent cgroups inside container On the host when we start a container, it will be placed in a cgroup path of /machine.slice/machine-lxc\x2ddemo.scope under /sys/fs/cgroup/* Inside the containers' namespace we need to setup /sys/fs/cgroup mounts, and currently will bind mount /machine.slice/machine-lxc\x2ddemo.scope on the host to appear as / in the container. While this may sound nice, it confuses applications dealing with cgroups, because /proc/$PID/cgroup now does not match the directory in /sys/fs/cgroup This particularly causes problems for systems and will make it create repeated path components in the cgroup for apps run in the container eg /machine.slice/machine-lxc\x2ddemo.scope/machine.slice/machine-lxc\x2ddemo.scope/user.slice/user-0.slice/session-61.scope This also causes any systemd service that uses sd-notify to fail to start, because when systemd receives the notification it won't be able to identify the corresponding unit it came from. In particular this break rabbitmq-server startup Future kernels will provide proper cgroup namespacing which will handle this problem, but until that time we should not try to play games with hiding parent cgroups. 2016-01-26 Daniel P. Berrange qemu: add reporting of vCPU wait time The VIR_DOMAIN_STATS_VCPU flag to virDomainListGetStats enables reporting of stats about vCPUs. Currently we only report the cumulative CPU running time and the execution state. This adds reporting of the wait time - time the vCPU wants to run, but the host scheduler has something else running ahead of it. The data is reported per-vCPU eg $ virsh domstats --vcpu demo Domain: 'demo' vcpu.current=4 vcpu.maximum=4 vcpu.0.state=1 vcpu.0.time=1420000000 vcpu.0.wait=18403928 vcpu.1.state=1 vcpu.1.time=130000000 vcpu.1.wait=10612111 vcpu.2.state=1 vcpu.2.time=110000000 vcpu.2.wait=12759501 vcpu.3.state=1 vcpu.3.time=90000000 vcpu.3.wait=21825087 In implementing this I notice our reporting of CPU execute time has very poor granularity, since we are getting it from /proc/$PID/stat. As a future enhancement we should prefer to get CPU execute time from /proc/$PID/schedstat or /proc/$PID/sched (if either exist on the running kernel) 2016-01-26 Luyao Huang virsh: fix cpu-stats command output format issue After commit 57177f1, the cpu-stats command format change to: CPU0: cpu_time 14401.507878990 seconds vcpu_time 14378732785511 vcpu_time is not user friendly. After this patch, it will change back: CPU0: cpu_time 14401.507878990 seconds vcpu_time 14378.732785511 seconds https://bugzilla.redhat.com/show_bug.cgi?id=1301807 2016-01-26 Peter Krempa util: buffer: Sanitize comment for virBufferAddBuffer Idioms are usually weird and obscure when translated literally. test: Touch up error message when attempting to pin invalid vCPU Report error: invalid argument: requested vcpu '100' is not present in the domain instead of error: invalid argument: requested vcpu is higher than allocated vcpus tests: qemuxml2xml: Order pinning information numerically A future patch will refactor the storage of the pinning information in a way where the ordering will be lost. Order them numerically to avoid changing the tests later. virsh: cpu-stats: Remove unneeded flags virDomainGetCPUStats doesn't support flags so there's no need to carry the 'flags' variable around. Additionally since the API is poorly designed I doubt that it will be extended. virsh: cpu-stats: Extract common printing code into a function Simplify the code by extracting a common code path. (qemu|lxc)DomainGetCPUStats: Clean up Remove unnecessary condition and variable. vz: Fix invalid iteration of def->cputune.vcpupin The array doesn't necessarily have the same cardinality as the count of vCPUs for a domain. Iterating it can cause access beyond the end of the array. 2016-01-26 Peter Krempa qemu: process: Disallow VMs with 0 vcpus Counterintuitively the user would end up with a VM with maximum number of vCPUs available. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1290324 2016-01-26 Peter Krempa qemu: process: refactor and rename qemuValidateCpuMax to qemuValidateCpuCount Next patch will add minimum checking, so use a more generic name. Refactor return values to the commonly used semantics. 2016-01-25 Michal Privoznik virt-host-validate: Fix error level for user namespace check From the code it seems to me that we need user namespace if configured in domain XML. Otherwise we don't use it at all. However our tool is more strict about that. Fix this discrepancy. virt-host-validate: Check those CGroups that we actually use Since the introduction of virt-host-validate tool the set of cgroup controllers we use has changed so the tool is checking for some cgroups that we don't need (e.g. net_cls, although I doubt we have ever used that one) and is not checking for those we actually use (e.g. cpuset). 2016-01-25 Michal Privoznik virsh: Correctly detect inserted media in change-media command https://bugzilla.redhat.com/show_bug.cgi?id=1250331 It all works like this. The change-media command dumps domain XML, finds the corresponding cdrom device we want to change media in and returns it in the xmlNodePtr form. This way we don't have to bother with keeping all the subelements or attributes that we don't care about in the XML that is fed back to libvirt for the update API. Now, the problem is we try to be clever here and detect if disk already has a source (indicated by subelement). However, bare fact that the element is there does not mean disk has source. Make our clever check better. 2016-01-25 Michal Privoznik vmx: Adapt to emptyBackingString for cdrom-image https://bugzilla.redhat.com/show_bug.cgi?id=1266088 We are missing this value for cdrom-image device. It seems like there's no added value to extend this to other types of disk devices [1]. 1: https://www.redhat.com/archives/libvir-list/2016-January/msg01038.html 2016-01-25 Peter Krempa qemu: snapshot: Correctly report qemu error on 'savevm' Since 'savevm' was not converted to QMP libvirt has to parse for error strings in the text monitor output. One of the unhandled errors is produced when qemu treats a device as unmigratable. As current qemu actually does support AHCI migration this bug is applicable only to older versions of qemu. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1293899 2016-01-25 Peter Krempa qemu: monitor: Refactor error handling for 'savevm' Unify few error conditions into a single error reporting case. 2016-01-25 Roman Bogorodskiy bhyve: bhyveload: respect boot dev and boot order Make bhyveload respect boot order as specified by os.boot section of the domain XML or by "boot order" for specific devices. As bhyve does not support a real boot order specification right now, it's just about choosing a single device to boot from. conf: expose virDomainBootType(From|To)String These functions are going to be used by the Bhyve driver. 2016-01-23 Laine Stump util: reset MAC address of macvtap passthrough physdev after disassociate libvirt always resets the MAC address of the physdev used for macvtap passthrough when the guest is finished with it. This was happening prior to the 802.1Qb[gh] DISASSOCIATE command, and was quite often failing, presumably because the driver wouldn't allow the MAC address to be reset while the association was still active, with a log message like this: virNetDevSetMAC:168 : Cannot set interface MAC to 00:00:00:00:00:00 on 'eth13': Cannot assign requested address This patch changes the order - we now do the 802.1Qb[gh] disassociate and delete the macvtap interface first, then and reset the MAC address. 2016-01-22 Cole Robinson lxc: fuse: Stub out Slab bits in /proc/meminfo 'free' on fedora23 wants to use the Slab field for calculated used memory. The equation is: used = MemTotal - MemFree - (Cached + Slab) - Buffers We already set Cached and Buffers to 0, do the same for Slab and its related values https://bugzilla.redhat.com/show_bug.cgi?id=1300781 2016-01-22 Cole Robinson lxc: fuse: Fill in MemAvailable for /proc/meminfo 'free' on Fedora 23 will use MemAvailable to calculate its 'available' field, but we are passing through the host's value. Set it to match MemFree, which is what 'free' will do for older linux that don't have MemAvailable https://bugzilla.redhat.com/show_bug.cgi?id=1300781 2016-01-22 Cole Robinson lxc: fuse: Fix /proc/meminfo size calculation We virtualize bits of /proc/meminfo by replacing host values with values specific to the container. However for calculating the final size of the returned data, we are using the size of the original file and not the altered copy, which could give garbelled output. 2016-01-22 Cole Robinson lxc: fuse: Unindent meminfo logic Reverse the conditional at the start so we aren't stuffing all the logic in an 'if' block 2016-01-22 Ian Campbell libxl: Support cmdline= in xl config files ... and consolidate the cmdline/extra/root parsing to facilitate doing so. The logic is the same as xl's parse_cmdline from the current xen.git master branch (e6f0e099d2c17de47fd86e817b1998db903cab61). On the formatting side switch to producing cmdline= instead of extra=. Update a few tests and add serveral more. - test-cmdline is added to test the exclusive use of cmdline. - test-fullvirt-direct-kernel-boot.cfg is updated due to the switch on the formatting side and now tests the exclusive use of cmdline=. - Tests are added for both paravirt and fullvirt where the .cfg uses extra= and (paravirt only) root=. These are format (xl->xml) only since the inverse will generate cmdline= hence is not a round trip (which was already true if using root=, which used to generate extra= on the way back). - Tests are added for both paravirt and fullvirt where the .cfg declares cmdline= as well as bogus extra= and (paravirt only) root= entries which should be ignored. Again these are format only tests since the inverse won't include the bogus lines. The last two bullets here required splitting the DO_TEST macro into two halves, as is done in the xmconfigtest.c case. In order to introduce a use of VIR_WARN for logging I had to add virerror.h and VIR_LOG_INIT. 2016-01-22 Joao Martins libxl: dispose libxl_dominfo after libxl_domain_info() As suggested in a previous thread [0] this patch adds some missing calls to libxl_dominfo_{init,dispose} when doing some of the libxl_domain_info operations which would otherwise lead to memory leaks. [0] https://www.redhat.com/archives/libvir-list/2015-September/msg00519.html 2016-01-22 Jim Fehlig Xen: add XENXL to virErrorDomain enum Add "Xen XL Config" to the virErrorDomain enum and use it in src/xenconfig/xen_xl.c. Xen: VIR_FROM_THIS cleanup The virErrorDomain enum has VIR_FROM_XEN, VIR_FROM_XEND, VIR_FROM_XENSTORE, VIR_FROM_SEXPR, and VIR_FROM_XENXM. Use these elements in the corresponding .c files. While at it, remove the VIR_FROM_THIS define in src/xenconfig/xenxs_private.h. 2016-01-21 Jiri Denemark qemu: Add support for migration iteration event The corresponding event in QEMU is called MIGRATION_PASS. Introduce migration iteration event The VIR_DOMAIN_EVENT_ID_MIGRATION_ITERATION event will be triggered whenever VIR_DOMAIN_JOB_MEMORY_ITERATION changes its value, i.e., whenever a new iteration over guest memory pages is started during migration. 2016-01-21 Dmitry Andreev qemuDomainReboot: use fakeReboot=true only for acpi mode When acpi is used to reboot/shutdown qemu domain, qemu emits SHUTDOWN event. Libvirt uses fakeReboot variable in order to differentiate reboot or shutdown. fakeReboot value is reseted to false after domain restart/reset. When mode=agent is used to reboot qemu domain, qemu doesn't emit SHUTDOWN event and libvirt doesn't reset fakeReboot value to false. In this case next 'shutdown -h now' performs reboot. That's why we don't need to set fakeReboot=true for mode=agent. 2016-01-21 Michal Privoznik virsh: Don't fetch status for all domains in cmdList We are getting the list of domains and after that we iterate over the list and try to get status for each domain hoping it will skip over domains that disappeared meanwhile. However, this solution to race is bogus - domain may disappear right after we have checked its state and before we exec another API over it (e.g. virDomainHasManagedSaveImage()). Also, when printing just names or uuids (list --name / --uuid) we issue APIs to obtain the values, however these require no RPC call as all requested info is in virDomain object that client already has. Therefore move the status obtaining only to the place that really needs it. 2016-01-20 Cole Robinson docs: fix syntax-check long line error 2016-01-20 Cole Robinson build: predictably generate systemtap tapsets (bz 1173641) The generated output is dependent on perl hashtable ordering, which gives different results for i686 and x86_64. Fix this by sorting the hash keys before iterating over them https://bugzilla.redhat.com/show_bug.cgi?id=1173641 2016-01-20 Daniel P. Berrange docs: fix generation of docs from VPATH build When generating docs in a VPATH build we get a failure to create a file due to the 'internals' subdir not existing: Generating internals/locking.html.tmp /bin/sh: line 3: internals/locking.html.tmp: No such file or directory rm: cannot remove ‘internals/locking.html.tmp’: No such file or directory Makefile:2229: recipe for target 'internals/locking.html.tmp' failed make: *** [internals/locking.html.tmp] Error 1 For some reason, make has decided to run the target %.html.tmp: %.html.in site.xsl page.xsl sitemap.html.in $(acl_generated) instead of the target internals/%.html.tmp: internals/%.html.in subsite.xsl page.xsl sitemap.html.in Removing '$(acl_generated)' from the first target, inexplicably causes make to now run the correct target for the internals/ files. Rather than figure this out, lets just combine the two targets into one. 2016-01-20 Ján Tomko leaseshelper: reduce indentation level in virLeaseReadCustomLeaseFile Instead of nested ifs, jump out early. Mostly whitespace changes. 2016-01-20 Ján Tomko leaseshelper: remove useless comparison We do not care if the mac was specified in the delete section, we are going to delete the record anyway. leaseshelper: move comment about adding IPv6 leases The comment is relevant to the ADD action, not DEL. leaseshelper: split out virLeasePrintLeases Introduce a function for printing the leases on the 'init' operation. 2016-01-20 Ján Tomko leaseshelper: split out custom leases file read Introduce virLeaseReadCustomLeaseFile which will populate the new leases array with all the leases, except for expired ones and the ones matching 'ip_to_delete'. This removes five variables from main(). 2016-01-20 Ján Tomko leaseshelper: store server_duid as an allocated string We either use the value from the environment variable, or learn it from the existing lease file. In the second case, the pointer would be pointing into the JSON object of the first lease with a DUID, owned by leases_array, then leases_array_new. Always allocate the string instead, making obvious who should free the string. 2016-01-20 Ján Tomko leaseshelper: fix crash when no mac is specified If dnsmasq specified DNSMASQ_IAID (so we're dealing with an IPv6 lease) but no DNSMASQ_MAC, we skip creation of the new lease object. Also skip adding it to the leases array. https://bugzilla.redhat.com/show_bug.cgi?id=1202350 2016-01-20 John Ferlan storage: Add new flag for libvirt_parthelper https://bugzilla.redhat.com/show_bug.cgi?id=1265694 In order to be able to process disk storage pool's using a multipath device to handle the partitions, libvirt_parthelper will need a way to not automatically add a partition separator "p" to the generated device name for each partition found. This is designed to mimic the multipath features known as 'user_friendly_names' and custom 'alias' name. If the part_separator attribute is set to "no", then generation of the multipath partition name will not include the "p" partition separator unless the source device path name ends with a number. The generated partition names that get passed back to libvirt are processed in order to find the device mapper multipath (dm-#) path device. For example, device path "/dev/mapper/mpatha" would create partitions "/dev/mapper/mpatha1", "/dev/mapper/mpatha2", etc. instead of "/dev/mapper/mpathap1", "/dev/mapper/mpathap2", etc. If the device path ends with a number "/dev/mapper/mpatha1", then the algorithm to generate names "/dev/mapper/mpatha1p1", "/dev/mapper/mpatha1p2", etc. would be utilized. 2016-01-20 John Ferlan conf: Add storage pool device attribute part_separator Add a new storage pool source device attribute 'part_separator=[yes|no]' in order to allow a 'disk' storage pool using a device mapper multipath device to not add the "p" partition separator to the generated device name when libvirt_parthelper is run. This will allow libvirt to find device mapper multipath devices which were configured in /etc/multipath.conf to use 'user_friendly_names' or custom 'alias' names for the LUN. 2016-01-19 Michal Privoznik virLogManagerDomainReadLogFile: Don't do dummy allocs Since we pass dummy variables @fdout and @fdoutlen into virNetClientProgramCall() we make it alloc @fdout array (even though it's an array of 0 elements since vitlogd can hardly pass us some FDs at this stage). Nevertheless, it's an allocation not followed by free(): ==29385== 0 bytes in 60 blocks are definitely lost in loss record 2 of 1,009 ==29385== at 0x4C2C070: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==29385== by 0x54B99EF: virAllocN (viralloc.c:191) ==29385== by 0x56821B1: virNetClientProgramCall (virnetclientprogram.c:359) ==29385== by 0x563B304: virLogManagerDomainReadLogFile (log_manager.c:272) ==29385== by 0x217CD613: qemuDomainLogContextRead (qemu_domain.c:2485) ==29385== by 0x217EDC76: qemuProcessReadLog (qemu_process.c:1660) ==29385== by 0x217EDE1D: qemuProcessReportLogError (qemu_process.c:1696) ==29385== by 0x217EE8C1: qemuProcessWaitForMonitor (qemu_process.c:1957) ==29385== by 0x217F6636: qemuProcessLaunch (qemu_process.c:4955) ==29385== by 0x217F71A4: qemuProcessStart (qemu_process.c:5152) ==29385== by 0x21846582: qemuDomainObjStart (qemu_driver.c:7396) ==29385== by 0x218467DE: qemuDomainCreateWithFlags (qemu_driver.c:7450) 2016-01-19 Michal Privoznik qemuProcessReadLog: Fix memmove arguments So I can observe this crasher that with freshly started daemon (and virtlogd enabled) I am trying to startup a domain that immediately dies (because it's said to use huge pages but I haven't allocated a single one in the pool). Hardly reproducible with -O0 or under valgrind. But I just got lucky: ==20469== Invalid write of size 8 ==20469== at 0x4C2E99B: memcpy@GLIBC_2.2.5 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==20469== by 0x217EDD07: qemuProcessReadLog (qemu_process.c:1670) ==20469== by 0x217EDE1D: qemuProcessReportLogError (qemu_process.c:1696) ==20469== by 0x217EE8C1: qemuProcessWaitForMonitor (qemu_process.c:1957) ==20469== by 0x217F6636: qemuProcessLaunch (qemu_process.c:4955) ==20469== by 0x217F71A4: qemuProcessStart (qemu_process.c:5152) ==20469== by 0x21846582: qemuDomainObjStart (qemu_driver.c:7396) ==20469== by 0x218467DE: qemuDomainCreateWithFlags (qemu_driver.c:7450) ==20469== by 0x21846845: qemuDomainCreate (qemu_driver.c:7468) ==20469== by 0x5611CD0: virDomainCreate (libvirt-domain.c:6753) ==20469== by 0x125D9A: remoteDispatchDomainCreate (remote_dispatch.h:3613) ==20469== by 0x125CB7: remoteDispatchDomainCreateHelper (remote_dispatch.h:3589) ==20469== Address 0x27a52ad0 is 0 bytes after a block of size 5,584 alloc'd ==20469== at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==20469== by 0x9B8D1DB: xdr_string (in /lib64/libc-2.21.so) ==20469== by 0x563B39C: xdr_virLogManagerProtocolNonNullString (log_protocol.c:24) ==20469== by 0x563B6B7: xdr_virLogManagerProtocolDomainReadLogFileRet (log_protocol.c:123) ==20469== by 0x164B34: virNetMessageDecodePayload (virnetmessage.c:407) ==20469== by 0x5682360: virNetClientProgramCall (virnetclientprogram.c:379) ==20469== by 0x563B30E: virLogManagerDomainReadLogFile (log_manager.c:272) ==20469== by 0x217CD613: qemuDomainLogContextRead (qemu_domain.c:2485) ==20469== by 0x217EDC76: qemuProcessReadLog (qemu_process.c:1660) ==20469== by 0x217EDE1D: qemuProcessReportLogError (qemu_process.c:1696) ==20469== by 0x217EE8C1: qemuProcessWaitForMonitor (qemu_process.c:1957) ==20469== by 0x217F6636: qemuProcessLaunch (qemu_process.c:4955) This points to memmove() in qemuProcessReadLog(). Imagine we just read the following string from qemu: "abc\n2016-01-18T09:40:44.022744Z qemu-system-x86_64: Error\n" After the first pass of the while() loop in the qemuProcessReadLog() (in which we have taken the false branch in the if) @buf still points to the beginning of the string, @filter_next points to the beginning of the second line. So we start second iteration because there is yet another newline character at the end. In this iteration @eol points to it actually. Now, the control gets inside true branch of if(). Just to remind you: got = 58 filter_next = buf + 5, eol = buf + 58. Therefore skip = 54 which is correct. The message we want to skip is 54 bytes long. However: memmove(filter_next, eol + 1, (got - skip) +1); which is memmove(filter_next, eol + 1, 5) is obviously wrong as there is only one byte we can access, not 5! 2016-01-18 Martin Kletzander Fix make check with gcc version 5 When building with gcc-5 (particularly gcc-5.3.0 now) and having pdwtags installed (package dwarves) make check fails with the following error: $ make lock_protocol-struct GEN lock_protocol-struct --- lock_protocol-structs 2016-01-13 15:04:59.318809607 +0100 +++ lock_protocol-struct-t3 2016-01-13 15:05:17.703501234 +0100 @@ -26,10 +26,6 @@ virLockSpaceProtocolNonNullString name; u_int flags; }; -enum virLockSpaceProtocolAcquireResourceFlags { - VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_SHARED = 1, - VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_AUTOCREATE = 2, -}; struct virLockSpaceProtocolAcquireResourceArgs { virLockSpaceProtocolNonNullString path; virLockSpaceProtocolNonNullString name; Makefile:10415: recipe for target 'lock_protocol-struct' failed make: *** [lock_protocol-struct] Error 1 That happens because without any specific options gcc doesn't keep enum information in the resulting binary object. I managed to isolate the parameters of gcc that caused this issue to disappear, however I remember that they influenced the resulting binaries quite a bit and were definitely not something we would want to add as mandatory to the build process. So to deal with this cleanly, let's take that enum and separate it out to its own header file. Since it is only used in the lockd driver and the protocol, lock_driver_lockd.h feels like a suitable name. 2016-01-18 Wido den Hollander rbd: Set r variable so it can be returned should an error occur This was reported in bug #1298024 where r would be filled with the return code of rbd_open(). Should rbd_snap_unprotect() fail for any reason the virReportSystemError call would return 'Success' since rbd_open() succeeded. https://bugzilla.redhat.com/show_bug.cgi?id=1298024 2016-01-18 Michal Privoznik qemuTestDriverInit: fill driver with zeroes In the commit aea47e48c473a we have fixed a single pointer within driver structure. Since all callers pass statically allocated driver on stack other pointers within driver may contain random values too. Before touching it lets overwrite it with zeroes and thus fix all dangling pointers. Post-release version bump to 1.3.2 2016-01-18 Andrea Bolognani NEWS: Don't prefix version numbers with 'v' It was only used in two instances, so get rid of it for consistency's sake. NEWS: Fix whitespace issues NEWS: Move 2015 entries to a separate file Now that the first release made in 2016 is out, we can move all entries for 2015 to their own file, just like we did for all previous years. 2016-01-17 Daniel Veillard Release of libvirt-1.3.1 * docs/news.html.in libvirt.spec.in: update for release * po/*.po*: regenerated 2016-01-15 Jiri Denemark security: Do not restore labels on device tree binary A device tree binary file specified by /domain/os/dtb element is a read-only resource similar to kernel and initrd files. We shouldn't restore its label when destroying a domain to avoid breaking other domains configure with the same device tree. 2016-01-15 Jiri Denemark security: Do not restore kernel and initrd labels Kernel/initrd files are essentially read-only shareable images and thus should be handled in the same way. We already use the appropriate label for kernel/initrd files when starting a domain, but when a domain gets destroyed we would remove the labels which would make other running domains using the same files very unhappy. https://bugzilla.redhat.com/show_bug.cgi?id=921135 2016-01-15 Yaniv Kaul qemu: Print better warning in qemuAgentNotifyEvent We have this function qemuAgentNotifyEvent() which is supposed to be called from thread pool responsible for processing qemu monitor events. The function then should wake up other thread that is waiting for a guest to shutdown or reboot. However, if we have received a different error a warning is printed out. This warning lacks info on which event is expected. 2016-01-15 John Ferlan cgroup: Fix possible bug as a result of code motion for vcpu cgroup setup Commit id '90b721e43' moved where the virCgroupAddTask was made until after the check for the vcpupin checks. However, in doing so it missed an option where if the cpumap didn't exist, then the code would continue back to the top of the current vcpu loop. The results was that the virCgroupAddTask wouldn't be called. 2016-01-15 John Ferlan Revert "lxc_cgroup: Add check for NULL cgroup before AddTask call" This reverts commit ae09988eb787df63d3bb298f713a3bbd77275901. Since commit id '71ce4759' has been reverted, this one is no longer necessary. 2016-01-15 John Ferlan Revert "util: cgroups do not implicitly add task to new machine cgroup" This reverts commit 71ce475967b3523882b0e1a0f649fdbea5abf9d5. Since commit id 'a41c00b47' has been reverted, this no longer is necessary 2016-01-14 John Ferlan Revert "qemu: do not put a task into machine cgroup" This reverts commit a41c00b472efaa192d2deae51ab732e65903238f. After much testing and upstream discussion this has been deemed to be the incorrect operation since it means we no longer have any guarantee about which resource controllers the QEMU processes in general are in. 2016-01-14 Cédric Bosdonnat virt-aa-helper: don't deny writes to readonly mounts There is no need to deny writes on a readonly mount: write still won't be accepted, even if the user remounts the folder as RW in the guest as qemu sets the 9p mount as ro. This deny rule was leading to problems for example with readonly /: The qemu process had to write to a bunch of files in / like logs, sockets, etc. This deny rule was also preventing auditing of these denials, making it harder to debug. 2016-01-14 John Ferlan conf: Initialize 'deflate' for balloon parse XML Commit id '7bf3198df' neglected to initialize deflate leading to a possibility if model allocation/checks fail, then the VIR_FREE(deflate) would be erroneous. Noted by Jan Tomko. 2016-01-14 Michal Privoznik wireshark: Drop DESTDIR from install path In 50078cfbcbf3c8 I've tried to fix distcheck but accidentally broke rpm build. The problem is that rpm build not only sets DESTDIR but also passes plugindir path. This results in double DESTDIR being in the plugin path, Drop one. 2016-01-14 Guido Günther virsh: Update description of lxc-enter-namespace Mention that we run a command in that namespace 2016-01-13 Cole Robinson build: fix distdir with wireshark disabled Even though the Makefile has WITH_WIRESHARK guards, the _SOURCES variables are still processed when adding bits to the dist archive. plugin.c is a generated file that is only built when wireshark is enabled and it shouldn't be distributed, so use 'nodist' 2016-01-13 Michal Privoznik qemuProcessCleanupChardevDevice: Don't unlink NULL paths So, you try to start a domain, but before we even get to the part where chardev part of qemu command line is generated (and possibly missing path to unix sockets is made up) an error occurs which results in calling qemuProcessStop. This will then try to clean up the mess and possibly ends up calling unlink(NULL). ==8085== Thread 3: ==8085== Syscall param unlink(pathname) points to unaddressable byte(s) ==8085== at 0xA85EA57: unlink (in /lib64/libc-2.21.so) ==8085== by 0x213D3C24: qemuProcessCleanupChardevDevice (qemu_process.c:2866) ==8085== by 0x558D6B1: virDomainChrDefForeach (domain_conf.c:22924) ==8085== by 0x213DA9AE: qemuProcessStop (qemu_process.c:5326) ==8085== by 0x213DA2F2: qemuProcessStart (qemu_process.c:5190) ==8085== by 0x2142957F: qemuDomainObjStart (qemu_driver.c:7396) ==8085== by 0x214297DB: qemuDomainCreateWithFlags (qemu_driver.c:7450) ==8085== by 0x21429842: qemuDomainCreate (qemu_driver.c:7468) ==8085== by 0x5611B95: virDomainCreate (libvirt-domain.c:6753) ==8085== by 0x125D9A: remoteDispatchDomainCreate (remote_dispatch.h:3613) ==8085== by 0x125CB7: remoteDispatchDomainCreateHelper (remote_dispatch.h:3589) ==8085== by 0x568BF41: virNetServerProgramDispatchCall (virnetserverprogram.c:437) ==8085== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==8085== 2016-01-13 Jim Fehlig xenconfig: check return value of regcomp Commit ec63000a missed checking the return value of regcomp(), which coverity promptly identified. 2016-01-13 Michal Privoznik wireshark: Install into DESTDIR Like everything we install, it should be prefixed with DESTDIR. 2016-01-13 Jim Fehlig Xen: use correct domctl version in domaininfolist union Commmit fd2e3c4c used the domctl version 8 structure for version 9 in the xen_getdomaininfolist union, resulting in insufficient buffer size (and subsequent memory corruption) for the GETDOMAININFOLIST ioctl. 2016-01-13 Cole Robinson testutils: Fix coverity warning with REGENERATE_OUTPUT - Don't double check for expectName - actual is always non-NULL by this point, so don't check it either build: Kill tools/wireshark Makefiles Just handle it all in tools/Makefile.am. I verified the generated output looks similar to the pre patch output, but I didn't test it. 2016-01-13 Michal Privoznik Expand $(wildcard) correctly So after da176bf6b756 and friend we have switched to $(wildcard some/path/*.xml) instead of enumerating the files explicitly. This is nice, however it makes distcheck build from VPATH fail. The reason is that it's is not obvious to what does the wildcard refer to: srcdir or builddir? 2016-01-12 Dmitry Andreev qemu: add support of optional 'autodeflate' attribute Autodeflate can be enabled/disabled for memballon device of model 'virtio'. xml: qemu: qemu -device virtio-balloon-pci,...,deflate-on-oom=on Autodeflate cannot be enabled/disabled for running domain. 2016-01-12 Dmitry Andreev qemu: add capability check for memballoon 'deflate-on-oom' feature Add appropriate capability check and new virQEMUCaps flag for the new virtio balloon feature. QEMU commit with the complete feature description: http://git.qemu.org/?p=qemu.git;a=commit;h=e3816255bf4b6377bb405331e2ee0dc14d841b80 2016-01-12 Dmitry Andreev conf: introduce 'autodeflate' attribute for memballoon device Excessive memory balloon inflation can cause invocation of OOM-killer, when Linux is under severe memory pressure. QEMU memballoon device has a feature to release some memory at the last moment before some process will be get killed by OOM-killer. Introduce a new optional balloon device attribute 'autodeflate' to enable or disable this feature. 2016-01-12 Cole Robinson rpc: socket: Don't repeatedly attempt to launch daemon On every socket connect(2) attempt we were re-launching session libvirtd, up to 100 times in 5 seconds. This understandably caused some weird load races and intermittent qemu:///session startup failures https://bugzilla.redhat.com/show_bug.cgi?id=1271183 2016-01-12 Cole Robinson rpc: socket: Explicitly error if we exceed retry count When we autolaunch libvirtd for session URIs, we spin in a retry loop waiting for the daemon to start and the connect(2) to succeed. However if we exceed the retry count, we don't explicitly raise an error, which can yield a slew of different error messages elsewhere in the code. Explicitly raise the last connect(2) failure if we run out of retries. 2016-01-12 Cole Robinson rpc: socket: Minor cleanups - Add some debugging - Make the loop dependent only on retries - Make it explicit that connect(2) success exits the loop - Invert the error checking logic 2016-01-12 Roman Bogorodskiy Add missing virxdrdefs.h include to log_protocol Commit 2b6f6ad introduced the virxdrdefs.h header with common definitions to be included in the protocol files, but logging/log_protocol.x was missed, so add it there as well. Hopefully this fixes build on OS X. 2016-01-12 Andrea Bolognani virsh: Fix alignment in VIRSH_COMMON_OPT_CONFIG definition 2016-01-12 Ben Gray rpc: Don't rewrite msg->fds on every read dispatch When we are receiving data in smaller chunks it might happen that virNetServerClientDispatchRead() will be called multiple times. And as that happens, if it is a message that also transfer headers, we decode the number of them every single time and, unfortunately, also allocate the memory for them. That causes a leak, in the best scenario. Best viewed with '-w'. 2016-01-12 John Ferlan virsh: Create macro for common "interface" option Rather than continually cut-n-paste the strings into each command, create a common macro to be used generically. Note that not all '{.name = "interface",' entries are replaced, just those that have the common .help string of "interface name or MAC address". virsh: Create macro for common "network" option Rather than continually cut-n-paste the strings into each command, create a common macro to be used generically. Note that not all '{.name = "network",' entries are replaced, just those that have the common .help string of "network name or uuid". virsh: Create macros for common "vol" options Rather than continually cut-n-paste the strings into each command, create common macros to be used generically. Replace the more commonly used "vol" option with a macro. This also adjusts 2 commands that didn't have the correct helpstr - 'vol-create-from' and 'vol-clone'. Both are described in the man page as taking vol, path, or key and the code uses the virshCommandOptVol instead of virshCommandOptVolBy. virsh: Create macro for common "file" option Rather than continually cut-n-paste the strings into each command, create a common macro to be used generically. The macro will take a single argument _helpstr for the less common help string for each command option. Note that only file options using "OT_DATA" and "OFLAG_REQ" will be replace - others are left as is. virsh: Create macro for common "current" option Rather than continually cut-n-paste the strings into each command, create a common macro to be used generically. The macro will take a single argument _helpstr which for many options in virsh-domain.c is simply "affect current domain". So, create a second macro within that file in order to define the more common use as a revector to the common macro with the common _helpstr. virsh: Create macro for common "live" option Rather than continually cut-n-paste the strings into each command, create a common macro to be used generically. The macro will take a single argument _helpstr which for many options in virsh-domain.c is simply "affect running domain". So, create a second macro within that file in order to define the more common use as a revector to the common macro with the common _helpstr. virsh: Create macro for common "config" option Rather than continually cut-n-paste the strings into each command, create a common macro to be used generically. The macro will take a single argument _helpstr which for many options in virsh-domain.c is simply "affect next boot". So, create a second macro within that file in order to define the more common use as a revector to the common macro with the common _helpstr. 2016-01-12 John Ferlan virsh: Create macro for common "persistent" option Rather than continually cut-n-paste the strings into each command, create a common macro to be used generically. Note that not all '{.name = "persistent",' entries are replaced, just those that have the common .help string of "make live change persistent". Non replaced instances are unique to the command. 2016-01-12 John Ferlan virsh: Create macro for common "domain" option Rather than continually cut-n-paste the strings into each command, create a common macro to be used generically. The macro will take a single argument _helpstr which will be used to pass the translatable helpstr since not all domain options can take the same string. The majority of the options take 'N_("domain name, id or uuid")', so create a separate macro with a _FULL suffix while those that do not take the same string will use the VIRSH_COMMON_OPT_DOMAIN macro. 2016-01-12 John Ferlan virsh: Adjustments for the VIRSH_COMMON_OPT_POOL The macro is slightly adjusted to add an argument "_helpstr". This will be passed as a translation macro string since other uses of the option may not have the same exact help string (such as is the case when the uuid is not suppliable for create commands). In virsh-pool.c - we'll create a singular VIRSH_COMMON_OPT_POOL_FULL in order to pass along the 'N_("pool name or uuid")' In virsh-volume.c there will be a VIRSH_COMMON_OPT_POOL_FULL and a VIRSH_COMMON_OPT_POOL_NAME, which passes 'N_("pool name")' for the commands that can only pass a name. There will also be a VIRSH_COMMON_OPT_POOL_OPTIONAL which is used for the command options which use OT_STRING and don't require the --pool argument. 2016-01-12 John Ferlan virsh: Convert VSH_POOL_ macro to VIRSH_COMMON_OPT_ Commit id's 'cf793b00', 'e178688f', 'f9a6110f', '5372d49', and 'e193735' added new VSH_POOL_ macros; however, it was pointed out after push that commit id '834c5720' preferred use of VIRSH_ for the prefix over VSH_. So this patch just changes the VSH_ to VIRSH_ and it changes the naming format from VIRSH__OPT_COMMON to VIRSH_COMMON_OPT_. 2016-01-12 Laine Stump util: eliminate bogus error log in virNetDevVPortProfileGetStatus if instanceId is NULL When virNetDevVPortProfileGetStatus() was called with instanceId = NULL (which is the case for all DISASSOCIATE requests in 802.1Qbh) it would log the following error: Could not find netlink response with expected parameters even though the disassociate had been successfully completely. Then, due to the fortunate coincidence of status having been initialized to 0 and then not changed when the "failure" was encountered, it would still return a status of 0 (PORT_VDP_RESPONSE_SUCCESS), so the caller would assume a successful operation. This would result in a spurious log message though, and would fill in LastErrorMessage, so that the API would return that error if it happened during cleanup from some other error. That, in turn, would lead to an incorrect supposition that the response to the port profile disassociate was the cause of the failure. During debugging, I noticed that the VF in question usually had *no uuid* associated with it (big surprise)by the time the disassociate completed, so the solution is *not* to send the previous instanceId down. This patch fixes virNetDevVPortProfileGetStatus() to only check the VF's uuid in the status if it was given an instanceId to check against when originally called. Otherwise it only checks that the particular VF is present (it will be). This does cause a slight difference in behavior - rather than returning with status unchanged (and thus always 0) it will actually get the IFLA_PORT_RESPONSE. This could lead to revelation of error conditions we were previously ignoring. Or not. So far "not". 2016-01-12 Laine Stump qemu: use enum when setting PCI "multi" value, not 0 or 1 Use the VIR_TRISTATE_SWITCH_* enums appropriately. No functional change. 2016-01-12 Laine Stump qemu: auto-add a USB2 controller set for Q35 machines Use virDomainDefAddUSBController() to add an EHCI1+UHCI1+UHCI2+UHCI3 controller set to newly defined Q35 domains that don't have any USB controllers defined. 2016-01-12 Laine Stump qemu: define virDomainDevAddUSBController() This new function will add a single controller of the given model, except the case of ich9-usb-ehci1 (the master controller for a USB2 controller set) in which case a set of related controllers will be added (EHCI1, UHCI1, UHCI2, UHCI3). These controllers will not be given PCI addresses, but should be otherwise ready to use. "-1" is allowed for controller model, and means "default for this machinetype". This matches the existing practice in qemuDomainDefPostParse(), which always adds the default controller with model = -1, and relies on the commandline builder to set a model (that is wrong, but will be fixed later). 2016-01-12 Laine Stump conf: add virDomainDefAddController() We need a virDomainDefAddController() that doesn't check for an existing controller at the same index (since USB2 controllers must be added in sets of 4 that are all at the same index), so rather than duplicating the code in virDomainDefMaybeAddController(), split it into two functions, in the process eliminating existing duplicated code that loops through the controller list by calling virDomainControllerFind(), which does the same thing). 2016-01-12 Laine Stump qemu: prefer 00:1D.x and 00:1A.x for USB2 controllers on Q35 The real Q35 machine puts the first USB controller set (EHCI+(UHCIx4)) on bus 0 slot 0x1D, and the 2nd USB controller set on bus 0 slot 0x1A, so let's attempt to make the virtual machine match that for controllers with auto-assigned addresses when possible. Three test cases were added to assure that the proper addresses are assigned - one with a single set of unaddressed USB controllers, one with 3 (to grab both preferred slots plus one more), and one with the order of the controller definitions reordered, to assure that the auto-assignment isn't mixed up by order. 2016-01-12 Laine Stump qemu: don't assume slot 0 is unused/reserved. When qemuAssignDevicePCISlots() is looking for companion controllers for a USB controller that has no PCI address specified, it initializes a virDevicePCIAddress to 0000:00:00.0, fills it in with the companion's address if one is found, then checks whether or not there was a find based on slot == 0. On a system with a single PCI bus, that is a valid way to check, because slot 0 is reserved, but on most other PCI buses, slot 0 is not reserved, and is open for use by any device. This patch adds a separate bool that is set when a companion is found rather than relying on the faulty information provided with "slot == 0". 2016-01-12 Jasper Lievisse Adriaanse Unify int types handling in protocol files Some of the protocol files already include handing of the missing int types such as xdr_uint64_t, some don't. To fix it everywhere, move out of the appropriate defines to the utils/virxdrdefs.h file and include it where needed. Use struct sockpeercred when available OpenBSD uses 'struct sockpeercred' instead of 'struct ucred'. Add a configure check that detects its presence and use if in the code that could be compiled on OpenBSD. 2016-01-12 Jasper Lievisse Adriaanse cgroup: don't include sys/mount.h if not needed As cgroup implementation only works on Linux, it does not make much sense to include sys/mount.h if other requirements are not met, such as HAVE_MNTENT_H and HAVE_GETMNTENT_R. Also, it fixes build on OpenBSD that requires to include sys/param.h along with sys/mount.h. 2016-01-12 Cole Robinson build: Kill docs/schemas/Makefile.am Move the logic to docs/Makefile.am, and simplify it with a wildcard expression. build: Kill include/libvirt/Makefile.am Move all the logic to include/Makefile.am, simplify it with a wildcard, then kill include/libvirt/Makefile.am 2016-01-12 Michal Privoznik wireshark: Fix header of get_message_len() In wireshark commit ceb8d954 (v1.99.2) they have changed the signature of a function that determines how long a libvirt packet is. Now it accepts a void pointer for passing data into the function. Well, this is nice, but we don't need it right now. Anyway, we have to change our code. wireshark: Replace WIRESHARK_COMPAT with actual version comparison In the upcoming patch we will need yet another #ifdef code block depending on wireshark version. Instead of defining WIRESHARK_COMPAT2 or something lets just compare the version right at the place so that we can clearly see what version broke API. wireshark: s/tvb_length/tvb_captured_length/ In wireshak commit 22149c55 (v.1.11.3) the API was renamed. Follow the change in our code too. Since the wireshark change was made in the very same version that we require at least we are good to go. wireshark: s/ep_alloc/wmem_alloc/ In wireshark, they have introduced their own memory allocator wmem. This means that we need to adapt our code to that change too. Notably 0ad15f88ccf434e8210ca is the wireshark commit you want to look at. It's the one where they dropped the old API. The new allocator has been introduced in 84cc3daa (v1.10.0), however, was not exposed until 5c05c9e0 (v1.10.0). Since we already are requiring 1.11.3 or higher no other change is needed. 2016-01-12 Michal Privoznik wireshark: s/proto_tree_add_text/proto_tree_add_item/ In the wireshark commit e2735ecfdd7a96c they dropped proto_tree_add_text in favor of proto_tree_add_item. Adapt to this change. Moreover, the proto_tree_add_item API is around for ages and we are already using it anyway. Therefore we don't need to change required version of wireshark. 2016-01-12 Michal Privoznik qemu: Introduce QEMU_CAPS_VSERPORT_CHANGE This capability tells if qemu is capable of vserport_change events. qemu: change qemuFindAgentConfig return type While this is no functional change, whole channel definition is going to be needed very soon. Moreover, while touching this obey const correctness rule in qemuAgentOpen() - so far it was passed regular pointer to channel config even though the function is expected to not change pointee at all. Pass const pointer instead. qemu: Set virtio channel state sooner In qemu driver we listen to virtio channel events like an agent connected to or disconnected from the guest part of socket. However, with a little exception - when we find out that the socket in question is the guest agent one, we connect or disconnect guest agent which is done prior setting new state in internal structure. Due to a bug in our code it may happen that we got the event but failed to set it in internal structure representing the channel. 2016-01-11 Martin Kletzander Fix LSB requirements in service script and sync them Commit b22344f3285187ee1768d6e031bc0ff20e32552d mistakenly reordered Default-* lines. Thanks to that I noticed that we are very inconsistent with our init scripts, so I took the liberty of synchronizing them, updating them and making them all look shiny and new. So apart from fixing the LSB requirements, I also fixed the ordering, specified runlevels and fix the link to the reference specification. 2016-01-11 Michal Privoznik virDomainGetTime: Deny on RO connections We have a policy that if API may end up talking to a guest agent it should require RW connection. We don't obey the rule in virDomainGetTime(). virDomainInterfaceAddresses: Allow API on RO connection too This API does not change domain state. However, we have a policy that an API talking to a guest agent requires RW access. But that happens only if source == VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT. 2016-01-11 Andrea Bolognani virsh: Document the --timestamp option The event, net-event and qemu-monitor-event virsh commands all support the --timestamp option now, but such option was not referenced in the man page. 2016-01-11 Andrea Bolognani virsh: Add timestamps to network events Implement a --timestamp option for 'virsh net-event', similar to the one for 'virsh event'. When the option is used, the human-readable timestamp will be printed before the message. 2016-01-11 Andrea Bolognani virsh: Add timestamps to QEMU monitor events Implement a --timestamp option for 'virsh qemu-monitor-event', similar to the one for 'virsh event'. When the option is used, the human-readable timestamp will be printed before the message, and the timing information provided by QEMU will not be displayed. 2016-01-11 Martin Kletzander Don't clear libvirt-internal paths when parsing status XML Earlier commit 714080791778e3dfbd484ccb3953bffd820b8ba9 forgot to deal properly with status XMLs where we want the libvirt-internal paths to be kept in place and not cleared, otherwise we could end up copying a NULL string and segfaulting th daemon. Provide parse flags to PostParse functions This way both Domain and Device PostParse functions can act based on the flags. 2016-01-11 Cole Robinson qemu: command: wire up usage of q35/ich9 disable s3/s4 If the q35 specific disable s3/s4 setting isn't supported, fallback to specifying the PIIX setting, which is the previous behavior. It doesn't have any effect, but qemu will just warn about it rather than error: qemu-system-x86_64: Warning: global PIIX4_PM.disable_s3=1 not used qemu-system-x86_64: Warning: global PIIX4_PM.disable_s4=1 not used Since it doesn't error, I don't think we should either, since there may be configs in the wild that already have q35 + disable_s3/4 (via virt-manager) 2016-01-11 Cole Robinson qemu: caps: check for q35/ICH9 disable S3/S4 Update test data to match qemu: caps: Rename CAPS_DISABLE_S[34] to CAPS_PIIX_DISABLE_S[34] These settings are specific to PIIX, so clarify it qemu: capabilities: s/Pixx/Piix/g The chipset is called PIIX; the functions are misnamed 2016-01-10 Cole Robinson examples: Use one top level makefile Using one Makefile per example subdirectory essentially serializes 'make' calls. Convert to one example/Makefile that builds and distributes all the subdir files. This reduces example/ rebuild time from about 5.8 seconds to 1.5 seconds on my machine. One slight difference is that we no longer ship Makefile.am with the examples in the rpm. This was virtually useless anyways since the Makefile was very specific to libvirt infrastructure, so wasn't generically reusable anyways. Tested with 'make distcheck' and 'make rpm' 2016-01-10 Cole Robinson cfg.mk: Drop period after filename for indent failures The period makes it more difficult to copy/paste the errant filename for manual fixup 2016-01-10 Michal Privoznik virt-host-validate-common: Print warning on missing IOMMU No only coverity warns about this, but it kind of makes sense too. We have a test whether host supports IOMMU. Some platforms don't have it, I know. But in that case we should print a message that it's unknown whether platform has it or not. Before: (no output) After: QEMU: Checking for device assignment IOMMU support : WARN (Unknown if this platform has IOMMU support) 2016-01-10 Michal Privoznik virDomainMigrateUnmanagedParams: Don't blindly dereference @dconnuri This function may be called with @dconnuri == NULL, e.g. from virDomainMigrateToURI3() if the flags are missing VIR_MIGRATE_PEER2PEER flag. Moreover, all later functions called from here do wrap it into NULLSTR() so why not do the same here? 2016-01-10 Martin Kletzander Fix USB model defaults for ppc64 The condition was checking for UHCI (and OHCI for ppc64) availability so that it can specify the proper device instead of legacy usb. However, for ppc64, we don't need to check both OHCI and UHCI, but only OHCI as that is the legacy default. The condition is so big that it was just a matter of time when someone will make a mistake there, so let's use more lines so that it is visible what the condition checks for. This fixes usage of -device instead of -usb for ppc64 that supports pci-usb-ohci and does not support piix3-usb-uhci. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1297020 2016-01-10 Martin Kletzander Avoid wild securityManager pointer in tests For some reason we are not setting the driver with memset() to zeros. But since commit 74abc3deac6e14ffa9151e425c6e6cd2b075aac5 driver->securityManager is being accessed and qemuagenttest started crashing due to that. 2016-01-09 Cole Robinson tests: qemuxml2xml: Wire up QEMUCaps usage Future changes will make some of these tests dependent on specific QEMUCaps flags, so wire up the basic handling. Flags will be added in future patches. tests: add genericxml2xmltest For testing hypervisor independent XML handling. Right now it's just populated with an example test case. tests: qemuxml2xml: drop early file loading For the standard active/inactive XML testing, if we leave the file loading up to the generic XML2XML infrastructure, we get the benefit of VIR_TEST_REGENERATE_OUTPUT, at the price of a few more disk reads. Seems worth it. tests: Share domain XML2XML compare helper This creates a shared function in testutils.c that consolidates all the slightly different implementations. 2016-01-09 Cole Robinson tests: Fix running schematests directly from topdir Previously it failed like: $ ./tests/domainschematest ./tests/domainschematest: line 4: ./test-lib.sh: No such file or directory 2016-01-09 Cole Robinson tests: Add newlines with VIR_TEST_REGENERATE_OUTPUT Since test files are formatted predictably nowadays, we can make VIR_TEST_REGENERATE_OUTPUT handle most cases for us with a simple replacement. test-wrap-argv.pl is still canon, but this bit makes it easier to confirm test output changes during active development. 2016-01-09 Jim Fehlig libxl: support vif outgoing bandwidth QoS The libxl_device_nic structure supports specifying an outgoing rate limit based on a time interval and bytes allowed per interval. In xl config a rate limit is specified as "/s@". INTERVAL is optional and defaults to 50ms. libvirt expresses outgoing limits by average (required), peak, burst, and floor attributes in units of KB/s. This patch supports the outgoing bandwidth limit by converting the average KB/s to bytes per interval based on the same default interval (50ms) used by xl. 2016-01-09 Jim Fehlig xenconfig: support vif bandwidth in xm and xl parser and formatter Both xm and xl config have long supported specifying vif rate limiting, e.g. vif = [ 'mac=00:16:3E:74:3d:76,bridge=br0,rate=10MB/s' ] Add support for mapping rate to and from in the xenconfig parser and formatter. rate is mapped to the required 'average' attribute of the element, e.g. ... Also add a unit test to check the conversion logic. 2016-01-09 Jim Fehlig xenconfig: support vif bandwidth in sexpr parser and formatter The xen sexpr config format has long supported specifying vif rate limiting, e.g. (device (vif (mac '00:16:3e:1b:b1:47') (rate '10240KB/s') ... ) ) Add support for mapping rate to and from in the xenconfig sexpr parser and formatter. rate is mapped to the required 'average' attribute of the element, e.g. ... Also add unit tests to check the conversion logic. This patch benefits both the old xen driver and the libxl driver. Both drivers gain support for vif bandwidth when converting to/from domXML and xen-sxpr. In addition, the old xen driver will now be able to handle vif 'rate' setting when communicating with xend. 2016-01-09 Cole Robinson qemu: Fix crash when defining XML with bogus emulator We weren't checking for failure of qemuCaps lookup 2016-01-09 Laine Stump util: add missing newline Somehow I managed to backspace over the newline between the closing brace and goto cleanup; in commit 36e244f3. 2016-01-09 Andrea Bolognani tests: qemuxml2argv: Add tests for USB controller on q35 2016-01-09 Cole Robinson tests: qemuxml2xml: Convert fprintf to VIR_TEST_DEBUG qemu: Handle SecurityManagerVerify in post parse Rather than open coding calls. I can't see any reason not to qemu: Handle CanonicalizeMachine in post parse Rather than open coding calls. I can't see any reason not to qemu: domain: split out post parse default device handling Should be a no-op domain: separate out function for post parse timer validation This should be a no-op domain: separate out function for post parse console compat This should be a no-op 2016-01-09 Jiri Denemark qemu: Refactor qemuMigrationFinish To get rid of a giant if-else block which is very easy to get lost in. qemu: Report more migration statistics memory_dirty_rate corresponds to dirty-pages-rate in QEMU and memory_iteration is what QEMU reports in dirty-sync-count. qemu: Create a proper type for migration status enum The enum will be called qemuMonitorMigrationStatus. qemu: Rename qemuMonitorMigrationStatus struct The structure actually contains migration statistics rather than just the status as the name suggests. Renaming it as qemuMonitorMigrationStats removes the confusion. qemu: Reorder migration status enum A migration is in "setup" state after it was "inactive" and before it becomes "active". Let's reflect this in our migration status enum. 2016-01-08 Pavel Hrdina tests.nwfilterebiptablestest: swap actual and expected Those parameters should be in opposite order. tests.testutils: use virTestDifferenceFull in virtTestCompareToFile Let's use the new virTestDifferenceFull function that will regenerate the expected output and fail the test to let developer know that there something was updated. tests.testutils: use VIR_TEST_REGENERATE_OUTPUT for virTestDifferenceFull This patch enable regeneration of expected output file for virTestDifferenceFull. It also introduces new virTestDifferenceFullNoRegenerate function for special cases, where we don't want to regenerate output. tests: add helper for VIR_TEST_REGENERATE_OUTPUT flag When this flag is specified, some of the expected output files will be regenerated with the actual output data. Use helper function like for other flags. xen: move virDomainDefPostParse to xenParseSxpr This patch partially reverts previous commit 91a00424 and moves the post parse function to xenParseSxpr. This update is required because xen driver calls xenParseSxpr directly. 2016-01-08 Martin Kletzander Remove non-breaking space in comment It was added by mistake before the 'If' by commit 714080791778. 2016-01-08 Jiri Denemark qemu: Fix NBD migration with default listenAddress My commit 674afcb09e3d33500cfbbcf870ebf92cb99ecfa3 moved computing the default listen address from qemuMigrationPrepareAny to qemuMigrationPrepareIncoming. However, I didn't notice listenAddress was later passed to qemuMigrationStartNBDServer. Thus, it would be called with the original value of listenAddress (NULL). Let's add the updated listen address to qemuProcessIncomingDef and use it when starting NBD servers. Reported-by: Michael Chapman 2016-01-08 Jiri Denemark virsh: Add timestamps to events A new --timestamp option for event virsh command can be used to print timestamp of each event. virsh: Refactor event printing To reduce code duplication. 2016-01-08 Andrea Bolognani pci: Log debug messages when manipulating the inactive list Most of the changes to the list of active and inactive PCI devices happen in virHostdev, where they are properly logged. virPCIDeviceDetach() and virPCIDeviceReattach(), however, change the inactive list as well, so they should be logging similar messages. 2016-01-08 Michal Privoznik virLogVMessage: Don't leak rawinitmsg Instead of misusing a const string to hold up runtime allocated data, introduce new variable @hoststr and obey const correctness. ==6879== 15 bytes in 1 blocks are definitely lost in loss record 68 of 1,064 ==6879== at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==6879== by 0xA7DDF97: vasprintf (in /lib64/libc-2.21.so) ==6879== by 0x552BBC6: virVasprintfInternal (virstring.c:493) ==6879== by 0x552BCDB: virAsprintfInternal (virstring.c:514) ==6879== by 0x54FA44C: virLogHostnameString (virlog.c:468) ==6879== by 0x54FAB0F: virLogVMessage (virlog.c:645) ==6879== by 0x54FA680: virLogMessage (virlog.c:531) ==6879== by 0x54FBBF4: virLogParseOutputs (virlog.c:1130) ==6879== by 0x11CB4F: daemonSetupLogging (libvirtd.c:685) ==6879== by 0x11E137: main (libvirtd.c:1297) 2016-01-08 Michal Privoznik virLogHostnameString: Don't leak hostname Once @hostname is printed into @hoststr we don't need it anymore. ==6879== 5 bytes in 1 blocks are definitely lost in loss record 10 of 1,064 ==6879== at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==6879== by 0xA7ED599: strdup (in /lib64/libc-2.21.so) ==6879== by 0x552C126: virStrdup (virstring.c:726) ==6879== by 0x553B13E: virGetHostnameImpl (virutil.c:720) ==6879== by 0x553B1BF: virGetHostnameQuiet (virutil.c:741) ==6879== by 0x54FA3FD: virLogHostnameString (virlog.c:462) ==6879== by 0x54FAB0F: virLogVMessage (virlog.c:645) ==6879== by 0x54FA680: virLogMessage (virlog.c:531) ==6879== by 0x54FBBF4: virLogParseOutputs (virlog.c:1130) ==6879== by 0x11CB4F: daemonSetupLogging (libvirtd.c:685) ==6879== by 0x11E137: main (libvirtd.c:1297) 2016-01-08 Jiri Denemark virsh: Interrupt *event --loop on disconnect The *event --loop commands would keep running even though a connection to libvirtd is lost. This doesn't make a lot of sense since clearly we won't get any new events from the closed connection. virsh: Pass ctl to virshCatchDisconnect virshCatchDisconnect expects ctl, but we were just passing NULL instead. 2016-01-07 Jiri Denemark qemu: Add debug message to spice migration 2016-01-07 Martin Kletzander qemu: Don't bother user with libvirt-internal paths If user defines a virtio channel with UNIX socket backend and doesn't care about the path for the socket (e.g. qemu-agent channel), we still generate it into the persistent XML. Moreover when then user renames the domain, due to its persistent socket path saved into the per-domain directory, it will not start. So let's forget about old generated paths and also stop putting them into the persistent definition. https://bugzilla.redhat.com/show_bug.cgi?id=1278068 2016-01-07 Peter Krempa qemu: snapshot: Skip 'transaction' command when no disks are selected When doing a memory-only snapshot libvirt would still issue the 'transaction' command without any disk. Skip it if it isn't necessary. 2016-01-06 Wido den Hollander rbd: Do not append Ceph monitor port number 6789 if not provided If no port number was provided for a storage pool libvirt defaults to port 6789; however, librbd/librados already default to 6789 when no port number is provided. In the future Ceph will switch to a new port for the Ceph monitors since port 6789 is already assigned to a different application by IANA. Port 6789 is assigned to SMC-HTTPS and Ceph now has port 3300 assigned as the 'Ceph monitor' port. In this case it is the best solution to not hardcode any port number into libvirt and let librados handle the connection. Only if a user specifies a different port number we pass it down to librados, otherwise we leave it blank. merge 2016-01-06 Wido den Hollander rbd: Do not error out on a single image during pool refresh It could happen that rbd_list() returns X names, but that while refreshing the pool one of those RBD images is removed from Ceph through a different route then libvirt. We do not need to error out in such case, we can simply ignore the volume and continue. error : volStorageBackendRBDRefreshVolInfo:289 : failed to open the RBD image 'vol-998': No such file or directory It could also be that one or more Placement Groups (PGs) inside Ceph are inactive due to a system failure. If that happens it could be that some RBD images can not be refreshed and a timeout will be raised by librados. error : volStorageBackendRBDRefreshVolInfo:289 : failed to open the RBD image 'vol-893': Connection timed out Ignore the error and continue to refresh the rest of the pool's contents. 2016-01-06 Wido den Hollander rbd: Only close RBD image if it has been opened It could be that we error out while the RBD image has not been opened yet. This would cause us to call rbd_close() on pointer which has not been initialized. Set it to NULL by default and only close if it is not NULL. 2016-01-06 Olaf Hering fix LSB part of virtlogd runlevel script Currently pkg build of master branch fails: [ 300s] + /usr/lib/rpm/brp-boot-scripts [ 300s] E: File `virtlogd' is missing `Required-Start', please add even if empty! [ 300s] W: File `virtlogd' is missing `Required-Stop', please add even if empty! [ 300s] E: File `virtlogd' has empty `Default-Start', please specify default runlevel(s)! [ 300s] ERROR: found one or more broken init or boot scripts, please fix them. [ 300s] For more information about LSB headers please read the manual [ 300s] page of of insserv by executing the command `man 8 insserv'. [ 300s] If you don't understand this, mailto=werner@suse.de [ 300s] error: Bad exit status from /var/tmp/rpm-tmp.44965 (%install) Add the required tags, fix the existing tags. Use soft dependency "Should-Start" because virtlogd may work without network. 2016-01-06 Michael Chapman virtlogd: fix lock file path in initscript The virtlogd initscript's lock file should go in /var/lock/subsys/, not (the nonexistent) /var/log/subsys/. spec: chkconfig(8) and service(8) are in /sbin/, not /bin/ spec: dbus-devel is needed as build dependency if polkit support is enabled 2016-01-05 Michal Privoznik qemu: Specify format= iff disk source is not empty Just recently, qemu forbade specifying format for sourceless disks (qemu commit 39c4ae941ed992a3bb5). It kind of makes sense. If there's no file to open, why specify its format. Anyway, I have a domain like this:
and obviously I am unable to start it. Therefore, a fix on our side is needed too. 2016-01-05 John Ferlan storage: Clean up error path for create buildPool failure Commit id 'aeb1078ab' added a buildPool option and failure path which calls virStoragePoolObjRemove, which unlocks the pool, clears the 'pool' variable, and goto cleanup. However, at cleanup virStoragePoolObjUnlock is called without check if pool is non NULL. 2016-01-05 Ján Tomko libvirt-domain: fix dxml passing in virDomainMigrateToURI2 The refactoring in commit a26669d silently ignored the dxml parameter of virDomainMigrateToURI2. https://bugzilla.redhat.com/show_bug.cgi?id=1295405 2016-01-05 Dmitry Mishin conf: Rework code around 'append' attribute Commit id '70ffa02fc' added the data.file.append option to some VIR_DOMAIN_CHR_TYPE_FILE cases in switch statements allowing the code to "fall through" for the remainder of the cases. This causes angst in code profiling tools, like Coverity since there is no break; followed by more case conditions. Adjust the logic to be more specific within each case. Use tristate constants for new 'append' field For completeness, use the VIR_TRISTATE_SWITCH_ABSENT for data.file.append comparisons. Commit ids '70ffa02f' and '53a15aed' just went with the non zero comparison. docs: Describe new 'append' attribute for chardevs source 2016-01-05 Ján Tomko schema: interleave domain name and uuid with other elements Allow and anywhere under , not just at the top: error:XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/domain.rng Expecting an element name, got nothing Invalid sequence in interleave Element domain failed to validate content Introduced with the first RelaxNG schema in commit c642103. https://bugzilla.redhat.com/show_bug.cgi?id=1292131 2016-01-05 Martin Kletzander Fix formatting for virDomainGetCPUStats docstring We have few code samples there that are almost unreadable when formatted because they are not indented properly. By indenting them they are formatted as code and hence quite readable. Also adjust descriptions to be comments and add semicolons so that the code sample looks like sample of a working code. 2016-01-05 Michal Privoznik qemu: Fix return value of qemuDomainGetBlockJobInfo While reviewing 1b43885d1784640 I've noticed a virReportError() followed by a goto endjob; without setting the correct return value. Problem is, if block job is so fast that it's bandwidth does not fit into ulong, an error is reported. However, by that time @ret is already set to 1 which means success. Since the scenario can be hardly considered successful, we should return a value meaning error. 2016-01-05 Eric Blake maint: update to latest gnulib Required for the copyright year bump to keep 'make syntax-check' happy, and also pulls in several portability fixes. * .gnulib: Update to latest. * bootstrap: Resync from upstream. * gnulib/local/m4/ssize_t.m4.diff: Regenerate. 2016-01-05 Laine Stump docs: update to properly reflect meaning of fields in log filter The documentation (and comment in libvirtd.conf) says that the text in a log filter is compared to the "source file name", and gives the example of "util/json", but this is not correct (at least not since commit 2835c1e, possibly earlier). It is instead compared to the string given in the VIR_LOG_INIT() macro invocation at the top of each source file, which is always "similar to but not the same as" the source file name (in the example above, the proper name is "util.json", while the file name is "util/virjson.c"). This patch corrects the misstatement in both the documentation and in libvirtd.conf. 2016-01-05 Laine Stump util: reduce debug log in virPCIGetVirtualFunctions() Due to debug logs like this: virPCIGetDeviceAddressFromSysfsLink:2432 : Attempting to resolve device path from device link '/sys/class/net/eth1/device/virtfn6' logStrToLong_ui:2369 : Converted '0000:07:00.7' to unsigned int 0 logStrToLong_ui:2369 : Converted '07:00.7' to unsigned int 7 logStrToLong_ui:2369 : Converted '00.7' to unsigned int 0 logStrToLong_ui:2369 : Converted '7' to unsigned int 7 virPCIGetDeviceAddressFromSysfs:1947 : virPCIDeviceAddress 0000:07:00.7 virPCIGetVirtualFunctions:2554 : Found virtual function 7 printed *once for each SR-IOV Virtual Function* of a Physical Function each time libvirt retrieved the list of VFs (so if the system has 128 VFs, there would be 900 lines of log for each call), the debug logs on any system with a large number of VFs was dominated by "information" that was possibly useful for debugging when the code was being written, but is now useless for debugging of any problem on a running system, and only serves to obscure the real useful information. This overkill has no place in production code, so this patch removes it. 2016-01-05 Laine Stump util: improve error reporting in virNetDevVPortProfileGetStatus The previous error message just indicated that the desired response couldn't be found, this patch tells what was desired, as well as listing out the entire table that had been in the netlink response, to give some kind of idea why it failed. util: report the MAC address that couldn't be set I noticed in a log file that we had failed to set a MAC address. The log said which interface we were trying to set, but didn't give the offending MAC address, which could have been useful in determining the source of the problem. This patch modifies all three places in the code that set MAC addresses to report the failed MAC as well as interface. 2016-01-04 Wido den Hollander rbd: Return VIR_STORAGE_FILE_RAW as format for RBD volumes This used to return 'unkown' and that was not correct. A vol-dumpxml now returns: image3 libvirt/image3 10737418240 10737418240 libvirt/image3 The RBD driver will now error out if a different format than RAW is provided when creating a volume. 2016-01-04 Michael Chapman storage: do not leak storage pool XML filename Valgrind complained: ==28277== 38 bytes in 1 blocks are definitely lost in loss record 298 of 957 ==28277== at 0x4A06A2E: malloc (vg_replace_malloc.c:270) ==28277== by 0x82D7F57: __vasprintf_chk (in /lib64/libc-2.12.so) ==28277== by 0x52EF16A: virVasprintfInternal (stdio2.h:199) ==28277== by 0x52EF25C: virAsprintfInternal (virstring.c:514) ==28277== by 0x52B1FA9: virFileBuildPath (virfile.c:2831) ==28277== by 0x19B1947C: storageDriverAutostart (storage_driver.c:191) ==28277== by 0x19B196A7: storageStateAutoStart (storage_driver.c:307) ==28277== by 0x538527E: virStateInitialize (libvirt.c:793) ==28277== by 0x11D7CF: daemonRunStateInit (libvirtd.c:947) ==28277== by 0x52F4694: virThreadHelper (virthread.c:206) ==28277== by 0x6E08A50: start_thread (in /lib64/libpthread-2.12.so) ==28277== by 0x82BE93C: clone (in /lib64/libc-2.12.so) 2016-01-04 Michael Chapman qemu: do not leak NBD disk data in migration cookie Valgrind complained: ==18990== 20 (16 direct, 4 indirect) bytes in 1 blocks are definitely lost in loss record 188 of 996 ==18990== at 0x4A057BB: calloc (vg_replace_malloc.c:593) ==18990== by 0x5292E9B: virAllocN (viralloc.c:191) ==18990== by 0x2221E731: qemuMigrationCookieXMLParseStr (qemu_migration.c:1012) ==18990== by 0x2221F390: qemuMigrationEatCookie (qemu_migration.c:1413) ==18990== by 0x222228CE: qemuMigrationPrepareAny (qemu_migration.c:3463) ==18990== by 0x22224121: qemuMigrationPrepareDirect (qemu_migration.c:3865) ==18990== by 0x22251C25: qemuDomainMigratePrepare3Params (qemu_driver.c:12414) ==18990== by 0x5389EE0: virDomainMigratePrepare3Params (libvirt-domain.c:5107) ==18990== by 0x1278DB: remoteDispatchDomainMigratePrepare3ParamsHelper (remote.c:5425) ==18990== by 0x53FF287: virNetServerProgramDispatch (virnetserverprogram.c:437) ==18990== by 0x540523D: virNetServerProcessMsg (virnetserver.c:135) ==18990== by 0x54052C7: virNetServerHandleJob (virnetserver.c:156) ==18990== ==18990== 20 (16 direct, 4 indirect) bytes in 1 blocks are definitely lost in loss record 189 of 996 ==18990== at 0x4A057BB: calloc (vg_replace_malloc.c:593) ==18990== by 0x5292E9B: virAllocN (viralloc.c:191) ==18990== by 0x2221E731: qemuMigrationCookieXMLParseStr (qemu_migration.c:1012) ==18990== by 0x2221F390: qemuMigrationEatCookie (qemu_migration.c:1413) ==18990== by 0x222249D2: qemuMigrationRun (qemu_migration.c:4395) ==18990== by 0x22226365: doNativeMigrate (qemu_migration.c:4693) ==18990== by 0x22228E45: qemuMigrationPerform (qemu_migration.c:5553) ==18990== by 0x2225144B: qemuDomainMigratePerform3Params (qemu_driver.c:12621) ==18990== by 0x539F5D8: virDomainMigratePerform3Params (libvirt-domain.c:5206) ==18990== by 0x127305: remoteDispatchDomainMigratePerform3ParamsHelper (remote.c:5557) ==18990== by 0x53FF287: virNetServerProgramDispatch (virnetserverprogram.c:437) ==18990== by 0x540523D: virNetServerProcessMsg (virnetserver.c:135) If we're replacing the NBD data, it's simplest to free the old object (including the disk list) and allocate a new one. 2016-01-04 Michael Chapman qemu: do not copy out non-existent block job info Valgrind complained: ==23975== Conditional jump or move depends on uninitialised value(s) ==23975== at 0x22255FA6: qemuDomainGetBlockJobInfo (qemu_driver.c:16538) ==23975== by 0x538E97C: virDomainGetBlockJobInfo (libvirt-domain.c:9685) ==23975== by 0x12F740: remoteDispatchDomainGetBlockJobInfoHelper (remote.c:2834) ==23975== by 0x53FF287: virNetServerProgramDispatch (virnetserverprogram.c:437) ==23975== by 0x540523D: virNetServerProcessMsg (virnetserver.c:135) ==23975== by 0x54052C7: virNetServerHandleJob (virnetserver.c:156) ==23975== by 0x52F515B: virThreadPoolWorker (virthreadpool.c:145) ==23975== by 0x52F4668: virThreadHelper (virthread.c:206) ==23975== by 0x6E08A50: start_thread (in /lib64/libpthread-2.12.so) ==23975== by 0x82BE93C: clone (in /lib64/libc-2.12.so) ==23975== ==23975== Conditional jump or move depends on uninitialised value(s) ==23975== at 0x22255FB4: qemuDomainGetBlockJobInfo (qemu_driver.c:16542) ==23975== by 0x538E97C: virDomainGetBlockJobInfo (libvirt-domain.c:9685) ==23975== by 0x12F740: remoteDispatchDomainGetBlockJobInfoHelper (remote.c:2834) ==23975== by 0x53FF287: virNetServerProgramDispatch (virnetserverprogram.c:437) ==23975== by 0x540523D: virNetServerProcessMsg (virnetserver.c:135) ==23975== by 0x54052C7: virNetServerHandleJob (virnetserver.c:156) ==23975== by 0x52F515B: virThreadPoolWorker (virthreadpool.c:145) ==23975== by 0x52F4668: virThreadHelper (virthread.c:206) ==23975== by 0x6E08A50: start_thread (in /lib64/libpthread-2.12.so) ==23975== by 0x82BE93C: clone (in /lib64/libc-2.12.so) If no matching block job is found, qemuMonitorGetBlockJobInfo returns 0 and we should not write anything to the caller-supplied virDomainBlockJobInfo pointer. 2015-12-29 Michal Privoznik tests: Make test-wrap-argv.pl executable While 'perl test-wrap-argv.pl' is not too long, './test-wrap-argv.pl' is shorter. 2015-12-25 Michal Privoznik tools: Disable virt-login-shell on mingw So, after bec787ee9da we are building virt-login-shell independent of LXC driver. This is nice, but the binary is enabled by default which makes no sense on mingw. In fact, it triggers some compilation errors there: CC virt_login_shell-virt-login-shell.o ../../tools/virt-login-shell.c: In function 'main': ../../tools/virt-login-shell.c:289:15: error: implicit declaration of function 'sysconf' [-Werror=implicit-function-declaration] openmax = sysconf(_SC_OPEN_MAX); ^ ../../tools/virt-login-shell.c:289:5: error: nested extern declaration of 'sysconf' [-Werror=nested-externs] openmax = sysconf(_SC_OPEN_MAX); ^ ../../tools/virt-login-shell.c:289:23: error: '_SC_OPEN_MAX' undeclared (first use in this function) openmax = sysconf(_SC_OPEN_MAX); ^ ../../tools/virt-login-shell.c:289:23: note: each undeclared identifier is reported only once for each function it appears in cc1: all warnings being treated as errors While we could workaround sysconf(_SC_OPEN_MAX) issue, the binary itself makes no sense on systems where no LXC can be spawned. 2015-12-25 Michal Privoznik tools: Include PIE_LDFLAGS at the correct place This is no functional change, but I find it disturbing that something_LDADD contains PIE_LDFLAGS while something_LDFLAGS doesn't. sysconf: Include unistd.h The manpage for sysconf() suggest including unistd.h as the function is declared there. Even though we are not hitting any compile issues currently, let's include the correct header file instead of relying on some hidden include chain. virStorageVolWipe: Document that wiping journaled FS is useless So you have a libvirt volume that you want to wipe out. But lets say that the volume is actually a file stored on a journaled filesystem. Overwriting it with zeroes or a pattern does not mean that corresponding physical location on the disk is overwritten too, due to journaling. It's the same story with network based volumes, copy-on-write filesystems, and so on. Since there is no way that an userland application can write onto specific areas on disk, all that we can do is document the fact. 2015-12-24 Maxim Nestratov vz: BUG: fix connecting hang in case of init failure In case of prlsdkLoadDomains fails, vzOpenDefault should clear connection privateData pointer every time its memory is actually freed. Also it is not necessary to call vzConnectClose if a call to vzOpenDefault fails, because they both make cleanup of connection privateData. 2015-12-24 Dmitry Mishin qemu: Process new 'append' attribute for char dev with output to a file By default, QEMU truncates serial file on open. Sometimes, it could be weird - for example, when we are trying to investigate some event, which occured several restarts ago. This patch adds an ability to preserve previous content. conf: Add new 'append' attribute for chardevs with file source Currently, there is no possibility for user to specify desired behaviour of output to file - truncate or append. This patch adds an ability to explicitly specify that user wants to preserve file's content on reopen. tests: add qemu 2.6 caps test 2015-12-24 Maxim Nestratov vz: support additional flags in domain undefine Implement VIR_DOMAIN_UNDEFINE_MANAGED_SAVE and VIR_DOMAIN_UNDEFINE_SNAPSHOTS_METADATA flags support. vz: move prlsdkCleanupBridgedNet after domain deletion prlsdkCleanupBridgedNet call should be made strongly after any actual domain deletion accurs. By doing this we avoid any potential problems connected with second undefine call when it is made after first one fails by some reason, and we detect that network is already deleted. vz: delete domains when undefine is called Currently vz driver unregisters domains when undefine is called, which is wrong because it contradicts with expected behavior. All vz domains are persistent, which means that when one is defined a new bundle directory containing meta data is created. Undefining domains in a way we do now leaves those directories undeleted, which prevents subsequent define call for the same domain xml. I.e. the following sequence define->undefine->define doesn't work now. The patch fixes the problem by calling PrlVm_Delete instead of PrlVm_Unreg detaching all disks prior actually doing this to prevent images deletion. 2015-12-21 Andrea Bolognani hostdev: Emit debug messages while handling PCI hostdevs Both detach and reattach are complex operations involving several steps, and it can be useful to be able to follow along by reading the log. hostdev: Only rollback detach of managed devices on error Since we don't detach unmanaged devices before attaching them to a domain, we shouldn't reattach them to rollback an error either. 2015-12-21 Andrea Bolognani hostdev: Mark PCI devices as inactive as they're detached We want to eventually factor out the code dealing with device detaching and reattaching, so that we can share it and make sure it's called eg. when 'virsh nodedev-detach' is used. For that to happen, it's important that the lists of active and inactive PCI devices are updated every time a device changes its state. Instead of passing NULL as the last argument of virPCIDeviceDetach() and virPCIDeviceReattach(), pass the proper list so that it can be updated. 2015-12-21 Andrea Bolognani pci: Introduce virPCIStubDriver enumeration This replaces the virPCIKnownStubs string array that was used internally for stub driver validation. Advantages: * possible values are well-defined * typos in driver names will be detected at compile time * avoids having several copies of the same string around * no error checking required when setting / getting value The names used mirror those in the virDomainHostdevSubsysPCIBackendType enumeration. 2015-12-21 Andrea Bolognani pci: Remove 'reprobe' parameter from virPCIDeviceUnbind() The value is not inspected inside the function, so it makes more sense for the caller to change the device's setting explicitly. 2015-12-21 Andrea Bolognani pci: Remove redundant parameter from virPCIDeviceBindToStub() This internal function supports, in theory, binding to a different stub driver than the one the PCI device has been configured to use. In practice, it is only ever called like virPCIDeviceBindToStub(dev, dev->stubDriver); which makes its second parameter redundant. Get rid of it, along with the extra string copy required to support it. 2015-12-21 Erik Skultety Revert "admin: Rename virAdmConnect to virAdmDaemon" Commmit df8192aa introduced admin related rename and some minor (caused by automated approach, aka sed) and some more severe isues along with it. First reason to revert is the inconsistency with libvirt library. Although we deal with the daemon directly rather than with a specific hypervisor, we still do have a connection. That being said, contributors might get under the impression that AdmDaemonNew would spawn/start a new daemon (since it's admin API, why not...), or AdmDaemonClose would do the exact opposite or they might expect DaemonIsAlive report overall status of the daemon which definitely isn't the case. The second reason to revert this patch is renaming virt-admin client. The client tool does not necessarily have to reflect the names of the API's it's using in his internals. An example would be 's/vshAdmConnect/vshAdmDaemon' where noone can be certain of what the latter function really does. The former is quite expressive about some connection magic it performs, but the latter does not say anything, especially when vshAdmReconnect and vshAdmDisconnect were left untouched. 2015-12-19 Jim Fehlig Xen: support maxvcpus in xm and xl config From: Ian Campbell xend prior to 4.0 understands vcpus as maxvcpus and vcpu_avail as a bit map of which cpus are online (default is all). xend from 4.0 onwards understands maxvcpus as maxvcpus and vcpus as the number which are online (from 0..N-1). The upstream commit (68a94cf528e6 "xm: Add maxvcpus support") claims that if maxvcpus is omitted then the old behaviour (i.e. obeying vcpu_avail) is retained, but AFAICT it was not, in this case vcpu==maxcpus==online cpus. This is good for us because handling anything else would be fiddly. This patch changes parsing of the virDomainDef maxvcpus and vcpus entries to use the corresponding 'maxvcpus' and 'vcpus' settings from xm and xl config. It also drops use of the old Xen 3.x 'vcpu_avail' setting. The change also removes the maxvcpus limit of MAX_VIRT_VCPUS (since maxvcpus is simply a count, not a bit mask), which is particularly crucial on ARM where MAX_VIRT_CPUS == 1 (since all guests are expected to support vcpu placement, and therefore only the boot vcpu's info lives in the shared info page). Existing tests adjusted accordingly, and new tests added for the 'maxvcpus' setting. 2015-12-18 John Ferlan virsh: Add --delete-snapshots flag for undefine and vol-delete https://bugzilla.redhat.com/show_bug.cgi?id=1281710 Commit id '3c7590e0a' added the flag to the rbd backend, but provided no means via virsh to use the flag. This patch adds a '--delete-snapshots' option to both the "undefine" and "vol-delete" commands. For "undefine", the flag is combined with the "--remove-all-storage" flag in order to add the appropriate flag for the virStorageVolDelete call; whereas, for the "vol-delete" command, just the flag is sufficient since it's only operating on one volume. Currently only supported for rbd backends. 2015-12-18 John Ferlan libvirt: Add virStorageVolDeleteFlags to virStorageVolDelete Although they've been present for quite a while, they weren't added to the API definition, so add them there to make it clearer. Currently only the RBD backend even checks for any flags. 2015-12-18 John Ferlan storage: Add virCheckFlags to virStorageBackendRBDDeleteVol The initial commit '74951eade' did not include the proper check for whether any flags are supported by the driver. Even though the driver doesn't support VIR_STORAGE_VOL_DELETE_ZEROED, it still checks and allows the processing to continue Also add the new VIR_STORAGE_VOL_DELETE_WITH_SNAPSHOTS since it is handled as of commit id '3c7590e0a'. 2015-12-18 John Ferlan lxc_cgroup: Add check for NULL cgroup before AddTask call Commit id '71ce4759' altered the cgroup processing with respect to the call to virCgroupAddTask being moved out from lower layers into the calling layers especially for qemu processing of emulator and vcpu threads. The movement affected lxc insomuch as it is possible for a code path to return a NULL cgroup *and* a 0 return status via virCgroupNewPartition failure when virCgroupNewIgnoreError succeeded when virCgroupNewMachineManual returns. Coverity pointed out that would cause virCgroupAddTask to core. This patch will check for a NULL cgroup as well as the negative return and just return the NULL cgroup to the caller (as it would have previously) 2015-12-18 Jim Fehlig Xen: remove xendConfigVersion from driver private struct xendConfigVersion is no longer used, so remove it from the xenUnifiedPrivate struct. Xen: xenconfig: remove xendConfigVersion from public sexpr functions Remove use of xendConfigVersion in the s-expresion config formatter/parser in src/xenconfig/. Adjust callers in the xen and libxl drivers accordingly. Xen: xend: remove use of XEND_CONFIG_VERSION Remove use of XEND_CONFIG_VERSION_* in xend_internal.c Xen: xen_driver: remove use of XEND_CONFIG_VERSION Remove use of XEND_CONFIG_VERSION_* in the Xen unified driver. Xen: xenconfig: remove use of XEND_CONFIG_VERSION in xen_sxpr Remove use of XEND_CONFIG_VERSION_* in s-expression parser/formatter. Xen: tests: use latest XEND_CONFIG_VERSION in xml2sexpr tests Change all xml2sexpr tests to use the latest XEND_CONFIG_VERSION (XEND_CONFIG_VERSION_3_1_0 = 4). Fix tests that do not conform to the latest version. Xen: xenconfig: remove disks from '(image)' sexpr It has been quite some time since xend required specifying cdroms and fds in '(image (hvm ...))'. Remove the code from the parsing and formatting functions and fixup the associated tests. Xen: tests: use latest XEND_CONFIG_VERSION in sexpr2xml tests Change all sexpr2xml tests to use the latest XEND_CONFIG_VERSION (XEND_CONFIG_VERSION_3_1_0 = 4). Fix tests that do not conform to the latest version. Xen: xenconfig: remove xendConfigVersion from public functions Remove use of xendConfigVersion in the xm and xl config formatter/parsers in src/xenconfig/. Adjust callers in the xen and libxl drivers accordingly. Xen: xenconfig: remove use of XEND_CONFIG_VERSION in xen_xm Remove use of XEND_CONFIG_VERSION_* in xm parser/formatter. Xen: xenconfig: remove XEND_CONFIG_VERSION in common code Remove use of XEND_CONFIG_VERSION_* from xenconfig/xen_common.c Xen: tests: use latest XEND_CONFIG_VERSION in xm/xl tests Change all tests to use the latest XEND_CONFIG_VERSION (XEND_CONFIG_VERSION_3_1_0 = 4). Fix tests that do not conform to the latest version. Xen: tests: remove old xml2sexpr tests Remove XML to s-expression converstion tests for old xend 3.0.2 config format. Xen: tests: remove old sexpr2xml tests Remove s-expression to XML conversion tests for old xend 3.0.2 config format. Xen: tests: remove net-ioemu xm config test Remove the fullvirt-net-ioemu test since explicitly specifying 'type=ioemu' has not been needed in xm/xend for a long time. It is not used at all in xl/libxl. Xen: tests: remove old xm config tests Remove xm config tests for old xend 3.0.2 config format. 2015-12-18 John Ferlan virsh: Add build flags to pool-create[-as] and pool-start https://bugzilla.redhat.com/show_bug.cgi?id=830056 Utilize recently added VIR_STORAGE_POOL_CREATE_WITH_BUILD* flags in order to pass the flags along to the virStoragePoolCreateXML and virStoragePoolCreate API's. This affects the 'virsh pool-create', 'virsh pool-create-as', and 'virsh pool-start' commands. While it could be argued that pool-start doesn't need the flags, they could prove useful for someone trying to do one command build --overwrite and start command processing or essentially starting with a clean slate. NB: This patch is loosely based upon code originally authored by Osier Yang that were not reviewed and pushed, see: https://www.redhat.com/archives/libvir-list/2012-July/msg00497.html 2015-12-18 John Ferlan virsh: Create a macro for pool-define-as and pool-create-as options Although they both are the same now, a future patch will add new options to pool-create-as. So create a common macro to capture commonality, then use that in the command specific structure. 2015-12-18 John Ferlan virsh: Create macro for "overwrite" and no-overwrite" options Although not currently used in more than one command, it soon will be so create a common macro to be used in the new command location. Additionally, add the ".flags = 0," for both to match the expections of the structure being predefined. 2015-12-18 John Ferlan virsh: Create macro for "file" option Rather than continually cut/paste the "file" option for pool command option structures, generate a macro which will commonly define it for any command. Then of course use that macro. virsh: Create macro for "pool" option Rather than continually cut/paste the "pool" option for pool command option structures, generate a macro which will commonly define it for any command. Then of course use that macro. 2015-12-18 John Ferlan storage: Add flags to allow building pool during create processing https://bugzilla.redhat.com/show_bug.cgi?id=830056 Add flags handling to the virStoragePoolCreate and virStoragePoolCreateXML API's which will allow the caller to provide the capability for the storage pool create API's to also perform a pool build during creation rather than requiring the additional buildPool step. This will allow transient pools to be defined, built, and started. The new flags are: * VIR_STORAGE_POOL_CREATE_WITH_BUILD Perform buildPool without any flags passed. * VIR_STORAGE_POOL_CREATE_WITH_BUILD_OVERWRITE Perform buildPool using VIR_STORAGE_POOL_BUILD_OVERWRITE flag. * VIR_STORAGE_POOL_CREATE_WITH_BUILD_NO_OVERWRITE Perform buildPool using VIR_STORAGE_POOL_BUILD_NO_OVERWRITE flag. It is up to the backend to handle the processing of build flags. The overwrite and no-overwrite flags are mutually exclusive. NB: This patch is loosely based upon code originally authored by Osier Yang that were not reviewed and pushed, see: https://www.redhat.com/archives/libvir-list/2012-July/msg01328.html 2015-12-17 Ján Tomko mark virDomainVirtioSerialAddrSetAddController as static. This function is no longer used outside domain_addr.c 2015-12-17 Ján Tomko Remove dead code from qemuDomainAttachControllerDevice We only support hotplugging SCSI controllers. The USB and virtio-serial related code was never reachable because this function was only called for VIR_DOMAIN_CONTROLLER_TYPE_SCSI controllers. This reverts commit ee0d97a and parts of commits 16db8d2 and d6d54cd1. 2015-12-17 Ján Tomko qemu_hotplug: remove qemuDomainAttachDeviceControllerLive This function calls qemuDomainAttachControllerDevice for SCSI controllers and reports an error for all other controllers. Move the error inside qemuDomainAttachControllerDevice and delete this wrapper. 2015-12-17 Cédric Bosdonnat Allow building lxc without virt-login-shell Add a configure option to disable virt-login-shell build even if lxc is enabled. 2015-12-17 John Ferlan storage: Fix startup issue for logical pool Commit id '71b803ac' assumed that the storage pool source device path was required for a 'logical' pool. This resulted in a failure to start a pool without any device path defined. So, adjust the virStorageBackendLogicalMatchPoolSource logic to return success if at least the pool name matches the vgs output when no pool source device path is/are provided. 2015-12-17 John Ferlan qemu: Fix event generated for qemuDomainRevertToSnapshot (pause->run) A closer review of the code shows that for the transition from paused to running which was supposed to emit the VIR_DOMAIN_EVENT_RESUMED - no event would be generated. Rather the event is generated when going from running to running. Following the 'was_running' boolean shows it is set when the domain obj is active and the domain obj state is VIR_DOMAIN_RUNNING. So rather than using was_running to generate the RESUMED event, use !was_running 2015-12-17 John Ferlan storage: Attempt to refresh volume after successful wipe volume https://bugzilla.redhat.com/show_bug.cgi?id=1270709 When a volume wipe is successful, perform a volume refresh afterwards to update any volume data that may be used in future volume commands, such as volume resize. For a raw file volume, a wipe could truncate the file and a followup volume resize the capacity may fail because the volume target allocation isn't updated to reflect the wipe activity. 2015-12-17 Ján Tomko virStorageBackendWipeLocal: remove bytes_wiped argument It is not used by the caller. 2015-12-17 Ján Tomko storage: drop 'Extent' from virStorageBackendWipeExtentLocal The only caller always passes 0 for the extent start. Drop the 'extent_start' parameter, as well as the mention of extents from the function name. Change off_t extent_length to unsigned long long wipe_len, as well as the 'remain' variable. 2015-12-17 Ján Tomko storage: move buffer allocation inside virStorageBackendWipeExtentLocal We do not need to pass a zero-filled buffer as an argument, the function can allocate its own. storage: fix return values of virStorageBackendWipeExtentLocal Return -1: * on all failures of fdatasync. Instead of propagating -errno all the way up to the virStorageVolWipe API, which is documented to return 0 or -1. * after a partial wipe. If safewrite failed, we would re-use the non-negative return value of lseek (which should be 0 in this case, because that's the only offset we seek to). 2015-12-17 Andrea Bolognani qemu: Replace Mlock with MemLock in function names MemLock is already used in other modules and, while still an abbreviation, is not ambiguous. 2015-12-17 Andrea Bolognani qemu: Allow qemuDomainAdjustMaxMemLock() to restore previous value When the function changes the memory lock limit for the first time, it will retrieve the current value and store it inside the virDomainObj for the domain. When the function is called again, if memory locking is no longer needed, it will be able to restore the memory locking limit to its original value. 2015-12-17 Andrea Bolognani qemu: Reduce memlock limit after detaching PCI hostdev We increase the limit before plugging in a PCI hostdev or a memory module because some memory might need to be locked due to eg. VFIO. Of course we should do the opposite after unplugging a device: this was already the case for memory modules, but not for PCI hostdevs. 2015-12-17 Andrea Bolognani qemu: Use qemuDomainAdjustMaxMemLock() Replace all uses of the qemuDomainRequiresMlock/virProcessSetMaxMemLock combination with the equivalent qemuDomainAdjustMaxMemLock() call. qemu: Add qemuDomainAdjustMaxMemLock() This function detects whether a domain needs RLIMIT_MEMLOCK to be set, and if so, uses an appropriate value. 2015-12-17 Andrea Bolognani process: Add virProcessGetMaxMemLock() This function can be used to retrieve the current locked memory limit for a process, so that the setting can be later restored. Add a configure check for getrlimit(), which we now use. 2015-12-17 Andrea Bolognani process: Allow virProcessPrLimit() to get current limit The prlimit() function allows both getting and setting limits for a process; expose the same functionality in our wrapper. Add the const modifier for new_limit, in accordance with the prototype for prlimit(). 2015-12-17 Eric Blake build: disable vbox on cygwin Cygwin cannot build the vbox driver yet: CC vbox/libvirt_driver_vbox_impl_la-vbox_glue.lo In file included from vbox/vbox_glue.c:27:0: vblox/vbox_XPCOMCGlue.c:63:3: error: #error "Port me" # error "Port me" ^ In file included from vbox/vbox_XPCOMCGlue.c:45:0, from vbox/vbox_glue.c:27: vbox/vbox_XPCOMCGlue.c: In function 'tryLoadOne': vbox/vbox_XPCOMCGlue.c:98:46: error: 'DYNLIB_NAME' undeclared (first use in this function) if (virAsprintf(&name, "%s/%s", dir, DYNLIB_NAME) < 0) ^ ./util/virstring.h:245:31: note: in definition of macro 'virAsprintf' strp, __VA_ARGS__) ^ Rather than trying to figure out how to get dynamic loading of vbox to work under cygwin (since I don't even have a working vbox setup to test whether it works), I'm going to be lazy and just default to not even trying vbox on cygwin. 2015-12-16 Martin Kletzander qemu: Search all nodes for shared memory access In commit 686eb7a24f7d, the break was not considered part of the condition, hence breaking after first node when searching. 2015-12-16 Andrea Bolognani pci: Use virPCIDeviceAddress in virPCIDevice Instead of replicating the information (domain, bus, slot, function) inside the virPCIDevice structure, use the already-existing virPCIDeviceAddress structure. For users of the module, this means that the object returned by virPCIDeviceGetAddress() can no longer be NULL and must no longer be freed by the caller. 2015-12-16 Ian Campbell libxl: Use libxentoollog in preference to libxenctrl if available. Upstream Xen is in the process of splitting the (stable API) xtl_* interfaces out from the (unstable API) libxenctrl library and into a new (stable API) libxentoollog. In order to be compatible with Xen both before and after this transition check for xtl_createlogger_stdiostream in a libxentoollog library and use it if present. If it is not present assume it is in libxenctrl. Compile tested on Xen 4.6 and a development tree with the split in place. 2015-12-16 Joao Martins libxl: implement virDomainGetJobStats Introduces support for domainGetJobStats which has the same info as domainGetJobInfo but in a slightly different format. Another difference is that virDomainGetJobStats can also retrieve info on the most recently completed job. Though so far this is only used in the source node to know if the migration has been completed. But because we don't support completed jobs we will deliver an error. 2015-12-16 Joao Martins libxl: implement virDomainGetJobInfo Introduce support for domainGetJobInfo to get info about the ongoing job. If the job is active it will update the timeElapsed which is computed with the "started" field added to struct libxlDomainJobObj. For now we support just the very basic info and all jobs have VIR_DOMAIN_JOB_UNBOUNDED (i.e. no completion time estimation) plus timeElapsed computed. Openstack Kilo uses the Job API to monitor live-migration progress which is currently nonexistent in libxl driver and therefore leads to a crash in the nova compute node. Right now, migration doesn't use jobs in the source node and will return VIR_DOMAIN_JOB_NONE. Though nova handles this case and will migrate it properly instead of crashing. 2015-12-16 John Ferlan storage: Add helper to compare logical pool def against pvs output https://bugzilla.redhat.com/show_bug.cgi?id=1025230 Add a new helper virStorageBackendLogicalMatchPoolSource to compare the pool's source name against the output from a 'pvs' command to list all volume group physical volume data on the host. In addition, compare the pool's source device list against the particular volume group's device list to ensure the source device(s) listed for the pool match what the was listed for the volume group. Then for pool startup or check API's we need to call this new API in order to ensure that the pool we're about to start or declare active during checkPool has a valid definition vs. the running host. 2015-12-16 John Ferlan storage: Create helper for virStorageBackendLogicalFindPoolSources Rework virStorageBackendLogicalFindPoolSources a bit to create a helper virStorageBackendLogicalGetPoolSources that will make the pvs call in order to generate a list of associated pv_name and vg_name's. A future patch will make use of this for start/check processing to ensure the storage pool source definition matches expectations. 2015-12-16 John Ferlan storage: Check FS pool source during virStorageBackendFileSystemIsMounted https://bugzilla.redhat.com/show_bug.cgi?id=1025230 When determining whether a FS pool is mounted, rather than assuming that the FS pool is mounted just because the target.path is in the mount list, let's make sure that the FS pool source matches what is mounted 2015-12-16 John Ferlan storage: Refactor virStorageBackendFileSystemGetPoolSource Refactor code to use standard return functioning with respect to setting a ret value and going to cleanup. 2015-12-16 John Ferlan storage: Create helper to generate FS pool source value Refactor the code that builds the pool source string during the FS storage pool mount to be a separate helper. A future patch will use the helper in order to validate the mounted FS matches the pool's expectation during poolCheck processing 2015-12-15 Laine Stump qemu: add bootindex option to hostdev network interface commandline when appropriate, of course. If the config for a domain specifies boot order with elements, e.g.: ... Then the first disk device in the config will have ",bootindex=1" appended to its qemu commandline -device options, and the first (and *only* the first) network interface device will get ",bootindex=2". However, if the first network interface device is a "hostdev" device (an SRIOV Virtual Function (VF) being assigned to the domain with vfio), then the bootindex option will *not* be appended. This happens because the bootindex=n option corresponding to the order of "" is added to the -device for the first network device when network device commandline args are constructed, but if it's a hostdev network device, its commandline arg is instead constructed in the loop for hostdevs. This patch fixes that omission by noticing (in bootHostdevNet) if the first network device was a hostdev, and if so passing on the proper bootindex to the commandline generator for hostdev devices - the result is that ",bootindex=2" will be properly appended to the first "network" device in the config even if it is really a hostdev (including if it is assigned from a libvirt network pool). (note that this is only the case if there is no element in the config ("-boot menu-on" in qemu) , since the two are mutually exclusive - when the bootmenu is enabled, the individual per-device bootindex options can't be used by qemu, and we revert to using "-boot order=xyz" instead). If a greater level of control over boot order is desired (e.g., more than one network device should be tried, or a network device other than the first one encountered in the config), then in the element should not be used; instead, the individual device elements in the config should be given a " Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1278421 2015-12-15 Ján Tomko security_stack: remove extra Security from function names Many of the functions follow the pattern: virSecurity.*Security.*Label Remove the second 'Security' from the names, it should be obvious that the virSecurity* functions deal with security labels even without it. 2015-12-15 Ján Tomko security_selinux: remove extra Security from function names Many of the functions follow the pattern: virSecurity.*Security.*Label Remove the second 'Security' from the names, it should be obvious that the virSecurity* functions deal with security labels even without it. 2015-12-15 Ján Tomko security_dac: remove extra Security from function names Many of the functions follow the pattern: virSecurity.*Security.*Label Remove the second 'Security' from the names, it should be obvious that the virSecurity* functions deal with security labels even without it. 2015-12-15 Pavel Hrdina qemuMonitorJSONEjectMedia: don't stringify the replay at all Commit 256496e1 introduced a detection if "is locked" in error replay from qemu monitor. Commit c4073657 fixed a memory leak, but it was pointed out by Peter, that this could be done cleaner without stringifing the replay. 2015-12-15 Andrea Bolognani pci: Use 'addr' instead of 'dev' for virPCIDeviceAddressPtr The name 'dev' is more appropriate for virPCIDevicePtr. 2015-12-15 Michal Privoznik qemuMonitorJSONEjectMedia: Don't leak stringified reply The return value of virJSONValueToString() should be freed when no longer needed. This is not the case after 256496e1. ==26902== 138 bytes in 2 blocks are definitely lost in loss record 1,051 of 1,239 ==26902== at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==26902== by 0xAA5F599: strdup (in /lib64/libc-2.21.so) ==26902== by 0x552BAD9: virStrdup (virstring.c:726) ==26902== by 0x54F60A7: virJSONValueToString (virjson.c:1790) ==26902== by 0x1DF6EBB9: qemuMonitorJSONEjectMedia (qemu_monitor_json.c:2225) ==26902== by 0x1DF57A4C: qemuMonitorEjectMedia (qemu_monitor.c:1985) ==26902== by 0x1DF1EF2D: qemuDomainChangeEjectableMedia (qemu_hotplug.c:199) ==26902== by 0x1DF90314: qemuDomainChangeDiskLive (qemu_driver.c:7985) ==26902== by 0x1DF90476: qemuDomainUpdateDeviceLive (qemu_driver.c:8030) ==26902== by 0x1DF91ED7: qemuDomainUpdateDeviceFlags (qemu_driver.c:8677) ==26902== by 0x561785F: virDomainUpdateDeviceFlags (libvirt-domain.c:8559) ==26902== by 0x134210: remoteDispatchDomainUpdateDeviceFlags (remote_dispatch.h:10966) ==26902== 106 bytes in 1 blocks are definitely lost in loss record 1,033 of 1,239 ==26902== at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==26902== by 0xAA5F599: strdup (in /lib64/libc-2.21.so) ==26902== by 0x552BAD9: virStrdup (virstring.c:726) ==26902== by 0x54F60A7: virJSONValueToString (virjson.c:1790) ==26902== by 0x1DF6EC0C: qemuMonitorJSONEjectMedia (qemu_monitor_json.c:2227) ==26902== by 0x1DF57A4C: qemuMonitorEjectMedia (qemu_monitor.c:1985) ==26902== by 0x1DF1EF2D: qemuDomainChangeEjectableMedia (qemu_hotplug.c:199) ==26902== by 0x1DF90314: qemuDomainChangeDiskLive (qemu_driver.c:7985) ==26902== by 0x1DF90476: qemuDomainUpdateDeviceLive (qemu_driver.c:8030) ==26902== by 0x1DF91ED7: qemuDomainUpdateDeviceFlags (qemu_driver.c:8677) ==26902== by 0x561785F: virDomainUpdateDeviceFlags (libvirt-domain.c:8559) ==26902== by 0x134210: remoteDispatchDomainUpdateDeviceFlags (remote_dispatch.h:10966) 2015-12-15 Henning Schild qemu cgroups: move new threads to new cgroup after cpuset is set up Moving tasks to cgroups implied sched_setaffinity. Changing the cpus in a set implies the same for all tasks in the group. The old code put the the thread into the cpuset inherited from the machine cgroup, which allowed it to run outside of vcpupin for a short while. qemu: do not put a task into machine cgroup The machine cgroup is a superset, a parent to the emulator and vcpuX cgroups. The parent cgroup should never have any tasks directly in it. In fact the parent cpuset might contain way more cpus than the sum of emulatorpin and vcpupins. So putting tasks in the superset will allow them to run outside of . util: cgroups do not implicitly add task to new machine cgroup virCgroupNewMachine used to add the pidleader to the newly created machine cgroup. Do not do this implicit anymore. 2015-12-14 Michal Privoznik virNetDevMacVLanTapSetup: Drop @multiqueue argument Firstly, there's a bug (or typo) in the only place where we call this function: @multiqueue is set whenever @tapfdSize is greater than zero, while in fact the condition should have been 'greater than one'. Then, secondly, since the condition depends on just one variable, that we are even passing down to the function, we can move the condition into the function and drop useless argument. 2015-12-14 Martin Kletzander qemu: Warn when using vhost-user without shared memory When user configures vhost-user interface and forgets to also configure any shared memory, the search for the root cause of non-operational interface might take unpleasantly long time. Let's enhance user experience by emitting a warning in the logs. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1266982 2015-12-13 Michal Privoznik virNetDevMacVLanTapSetup: Work around older systems Some older systems, e.g. RHEL-6 do not have IFF_MULTI_QUEUE flag which we use to enable multiqueue feature. Therefore one gets the following compile error there: CC util/libvirt_util_la-virnetdevmacvlan.lo util/virnetdevmacvlan.c: In function 'virNetDevMacVLanTapSetup': util/virnetdevmacvlan.c:338: error: 'IFF_MULTI_QUEUE' undeclared (first use in this function) util/virnetdevmacvlan.c:338: error: (Each undeclared identifier is reported only once util/virnetdevmacvlan.c:338: error: for each function it appears in.) make[3]: *** [util/libvirt_util_la-virnetdevmacvlan.lo] Error 1 So, whenever user wants us to enable the feature on such systems, we will just throw a runtime error instead. 2015-12-12 Eric Blake CVE-2015-5313: storage: don't allow '/' in filesystem volume names The libvirt file system storage driver determines what file to act on by concatenating the pool location with the volume name. If a user is able to pick names like "../../../etc/passwd", then they can escape the bounds of the pool. For that matter, virStoragePoolListVolumes() doesn't descend into subdirectories, so a user really shouldn't use a name with a slash. Normally, only privileged users can coerce libvirt into creating or opening existing files using the virStorageVol APIs; and such users already have full privilege to create any domain XML (so it is not an escalation of privilege). But in the case of fine-grained ACLs, it is feasible that a user can be granted storage_vol:create but not domain:write, and it violates assumptions if such a user can abuse libvirt to access files outside of the storage pool. Therefore, prevent all use of volume names that contain "/", whether or not such a name is actually attempting to escape the pool. This changes things from: $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 Vol ../../../../../../etc/haha created $ rm /etc/haha to: $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 error: Failed to create vol ../../../../../../etc/haha error: Requested operation is not valid: volume name '../../../../../../etc/haha' cannot contain '/' 2015-12-11 John Ferlan util: Fixup virnetdevmacvlan.h ATTRIBUTE_NONNULL's Commit id '56e2171c6' removed a variable from the argument list, but neglected to update the ATTRIBUTE_NONNULL values, so when commit id '08da97bfb' added a couple of arguments, the values were off. 2015-12-11 Peter Krempa test: qemuxml2argv: Mock virMemoryMaxValue to remove 32/64 bit difference Always return LLONG_MAX even on 32 bit systems. The limitation originates from our use of "unsigned long" in several APIs. The internal data type is unsigned long long. Make the test suite deterministic by removing the architecture difference. Flaw was introduced in 645881139b3d2c86acf9d644c3a1471520bc9e57 where I've added a test that uses too large numbers. 2015-12-11 Michal Privoznik qemu: Enable multiqueue for macvtaps https://bugzilla.redhat.com/show_bug.cgi?id=1240439 Ta-da! Now that we know how to open a macvtap device multiple times, we can finally enable the multiqueue feature. Everything else is already prepared (e.g. command line generation) from the previous iteration where the feature was implemented for TUN/TAP devices. 2015-12-11 Michal Privoznik virNetDevMacVLanCreateWithVPortProfile: Rework to support multiple FDs For the multiqueue on macvtaps we are going to need to open the device multiple times. Currently, this is not supported. Rework the function, so that upper layers can be reworked too. virNetDevMacVLanTapSetup: Allow enabling of IFF_MULTI_QUEUE Like we are doing for TUN/TAP devices, we should do the same for macvtaps. Although, it's not as critical as in that case, we should do it for the consistency. virNetDevMacVLanTapSetup: Rework to support multiple FDs For the multiqueue on macvtaps we are going to need to open the device multiple times. Currently, this is not supported. Rework the function, so that upper layers can be reworked too. virNetDevMacVLanTapOpen: Rework to support multiple FDs For the multiqueue on macvtaps we are going to need to open the device multiple times. Currently, this is not supported. Rework the function, so that upper layers can be reworked too. virNetDevMacVLanTapOpen: Slightly rework There are few outdated things. Firstly, we don't need to undergo the torture of fopen, fscanf and fclose just to get the interface index when we have nice wrapper over that: virNetDevGetIndex. Secondly, we don't need to have statically allocated buffer for the path we are opening. virNetDevMacVLanCreateWithVPortProfile: Turn vnet_hdr into flag So yet again one of integer arguments that we use as a boolean. Since the argument count of the function is unbearably long enough, lets turn those booleans into flags. 2015-12-11 Daniel P. Berrange log: include hostname in initial log message On the very first log message we send to any output, we include the libvirt version number and package string. In some bug reports we have been given libvirtd.log files that came from a different host than the corresponding /var/log/libvirt/qemu log files. So extend the initial log message to include the hostname too. eg on first log message we would now see: $ libvirtd 2015-12-04 17:35:36.610+0000: 20917: info : libvirt version: 1.3.0 2015-12-04 17:35:36.610+0000: 20917: info : hostname: dhcp-1-180.lcy.redhat.com 2015-12-04 17:35:36.610+0000: 20917: error : qemuMonitorIO:687 : internal error: End of file from monitor 2015-12-10 John Ferlan storage: Ignore block devices that fail format detection https://bugzilla.redhat.com/show_bug.cgi?id=1276198 Prior to commit id '98322052' failure to saferead the block device would cause an error to be logged and the device to be skipped while attempting to discover/create a stable target path for a new LUN (NPIV). This was because virStorageBackendSCSIFindLUs ignored errors from processLU and virStorageBackendSCSINewLun. Ignoring the failure allowed a multipath device with an "active" and "ghost" to be present on the host with the "ghost" block device being ignored. This patch will return a -2 to the caller indicating the desire to ignore the block device since it cannot be used directly rather than fail the pool startup. 2015-12-10 John Ferlan storage: Add debug message I found this useful while processing a volume that wouldn't end up showing up in the resulting list of block volumes. In this case, the partition type wasn't found in the disk_types table. storage: Handle readflags errors Similar to the openflags VIR_STORAGE_VOL_OPEN_NOERROR processing, if some read processing operation fails, check the readflags for the corresponding error flag being set. If so, rather then causing an error - use VIR_WARN to flag the error, but return -2 which some callers can use to perform specific actions. Use a new VIR_STORAGE_VOL_READ_NOERROR flag in a new VolReadErrorMode enum. storage: Set ret = -1 on failures in virStorageBackendUpdateVolTargetInfo While processing the volume for lseek, virFileReadHeaderFD, and virStorageFileGetMetadataFromBuf - failure would cause an error, but ret would not be set. That would result in an error message being sent, but successful status being returned. storage: Add comments for backend APIs Just so it's clearer what to expect upon input and what types of return values could be generated. These were loosely copied from existing virStorageBackendUpdateVolTargetInfoFD. storage: Add readflags for backend error processing Similar to the openflags which allow VIR_STORAGE_VOL_OPEN_NOERROR to be passed to avoid open errors, add a 'readflags' variable so that in the future read failures could also be ignored. 2015-12-09 Andrea Bolognani tests: scsihost: Use fakerootdir instead of fakesysfsdir This updates the test program to make it consistent with recent changes to the mock libraries, and also opens up the possibility of mocking more than just /sys in the future. 2015-12-09 Andrea Bolognani tests: Use more specific names for variables Instead of fakesysfsdir, which is very generic, use fakesysfspcidir and fakesysfscgroupdir. This makes it explicit what part of the fake sysfs filesystem they're referring to, and also leaves open the possibility of handling files in two unrelated parts of the fake sysfs filesystem. No functional changes. 2015-12-09 Andrea Bolognani tests: Rename LIBVIRT_FAKE_SYSFS_DIR to LIBVIRT_FAKE_ROOT_DIR The old name is no longer accurate, since now we're using its value as the root of the fake filesystem. No functional changes. 2015-12-09 Andrea Bolognani tests: cgroupmock: Use the temporary directory as fake root We might need to mock files living outside SYSFS_PREFIX later on, so it's better to treat the temporary directory we are passed via the environment as the root of the fake filesystem and create SYSFS_PREFIX inside it. The environment variable name will be changed to reflect the new use we're making of it in a later commit. 2015-12-09 Andrea Bolognani tests: pcimock: Use the temporary directory as fake root We might need to mock files living outside PCI_SYSFS_PREFIX later on, so it's better to treat the temporary directory we are passed via the environment as the root of the fake filesystem and create PCI_SYSFS_PREFIX inside it. The environment variable name will be changed to reflect the new use we're making of it in a later commit. 2015-12-09 Andrea Bolognani tests: pcimock: Remove check for fakesysfsdir init_env() will return right away if fakesysfsdir is already initialized, so this check is redundant. tests: scsihost: Don't set LIBVIRT_FAKE_SYSFS_DIR The test program is not preloading any of the mock libraries that read that environment variable, so setting it is pointless. 2015-12-09 Peter Krempa qemu: cgroup: Don't use priv->ncpupids to iterate domain vCPUs Use the proper data structures for the iteration since ncpupids will be made private later. qemu: driver: Refactor qemuDomainHelperGetVcpus Change some of the control structures and switch to using the new vcpu structure. qemu: Add helper to retrieve vCPU pid Instead of directly accessing the array add a helper to do this. 2015-12-09 Peter Krempa qemu: Replace checking for vcpu<->pid mapping availability with a helper Add qemuDomainHasVCpuPids to do the checking and replace in place checks with it. We no longer need checking whether the thread contains fake data (vcpupids[0] == vm->pid) as in b07f3d821dfb11a118ee75ea275fd6ab737d9500 and 65686e5a81d654d834d338fceeaf0229b2ca4f0d this was removed. 2015-12-09 Peter Krempa qemu: Drop checking vcpu threads in emulator bandwidth getter/setter The vCPU threads make sense in the counterparts that set the vCPU bandwidth/quota, not in the emulator one. The emulator tunables are set all the time anyways. Drop the extra check and remove the now unneeded vm argument. 2015-12-09 Peter Krempa qemu: cgroup: Remove now unreachable check Since commit 0c04906fa the check for priv->cgroup doesn't make sense as the calls to virCgroupHasController return the same information. Remove it and move it's comment partially to the new check. The already spurious check was also later copied to the iothreads code. 2015-12-09 Peter Krempa conf: Add helper to get pointer to a certain vCPU definition Once more stuff will be moved into the vCPU data structure it will be necessary to get a specific one in some ocasions. Add a helper that will simplify this task. conf: ABI: Split up and improve vcpu info ABI checking Extract the checking code into a separate function and prepare the infrastructure for checking the new structure type. conf: turn def->vcpus into a structure To allow collecting all relevant data at one place let's make def->vcpus a structure and then we can start moving stuff into it. 2015-12-09 Peter Krempa qemu: refactor qemuDomainHotunplugVcpus Refactor the code flow so that 'exit_monitor:' can be removed. This patch moves the auditing functions into places where it's certain that hotunplug was or was not successful and reports errors from qemuMonitorGetCPUInfo properly. 2015-12-09 Peter Krempa qemu: Refactor qemuDomainHotplugVcpus Refactor the code flow so that 'exit_monitor:' can be removed. This patch also moves the auditing and setting of the new vCPU count right to the place where the hotplug happens, since it's possible that the hotplug succeeds and adds a cpu while other stuff fails. Lastly, failures of qemuMonitorGetCPUInfo are now reported rather than ignored. The function retuns 0 if it "successfully" detected 0 threads. 2015-12-09 Peter Krempa qemu: cpu hotplug: Move loops to qemuDomainSetVcpusFlags qemuDomainHotplugVcpus/qemuDomainHotunplugVcpus are complex enough in regards of adding one CPU. Additionally it will be desired to reuse those functions later with specific vCPU hotplug. Move the loops for adding vCPUs into qemuDomainSetVcpusFlags so that the helpers can be made simpler and more straightforward. 2015-12-09 Peter Krempa qemu: monitor: Remove weird return values from qemuMonitorSetCPU Let the function report errors internally and change it to return standard return codes. 2015-12-09 Peter Krempa qemu: cpu hotplug: Fix error handling logic The cpu hotplug helper functions used negative error handling in a part of them, although some code that was added later didn't properly set the error codes in some cases. This would cause improper error messages in cases where we couldn't modify the numa cpu mask and a few other cases. Fix the logic by converting it to the regularly used pattern. 2015-12-09 Peter Krempa qemu: Split up vCPU hotplug and hotunplug There's only very little common code among the two operations. Split the functions so that the internals are easier to understand and refactor later. qemu: qemuDomainSetVcpusAgent: re-check agent before calling it the again With a very unfortunate timing, the agent might vanish before we do the second call while the locks were down. Re-check that the agent is available before attempting it again. qemu: Extract vCPU onlining/offlining via agent into a separate function Separate the code so that qemuDomainSetVcpusFlags contains only code relevant to hardware hotplug/unplug. qemu: domain: Add helper to access vm->privateData->agent As in commit 88dc7e0c2fb, the helper can be used in cases where the function actually does not access anyting in the private data besides the agent. conf: Turn def->maxvcpus into size_t Later on this will also be used to track size of the vcpu data array. Use size_t so that we can utilize the memory allocation helpers. conf: Replace read accesses to def->vcpus with accessor conf: Move vcpu count check into helper conf: Replace writes to def->vcpus with accessor conf: Replace read access to def->maxvcpus with accessor Finalize the refactor by adding the 'virDomainDefGetVCpusMax' getter and reusing it accross libvirt. conf: Add helper to check whether domain has offline vCPUs The new helper will simplify checking whether the domain config contains inactive vCPUs. conf: Extract update of vcpu count if maxvcpus is decreased The code can be unified into the new accessor rather than being scattered accross the drivers. conf: Use local copy of maxvcpus in virDomainVcpuParse Use the local variable rather than getting it all the time from the struct. This will simplify further refactors. conf: Replace writes to def->maxvcpus with accessor To support further refactors replace all write access to def->maxvcpus with a accessor function. 2015-12-09 Pavel Hrdina libxl: copy persistent domain definition while starting a guest We should make a copy of current definition to preserve a persistent definition, because we later update the definition with live changes. The live definition is discarded on domain shutdown and replaced by the copy we make before starting the domain. xen: fix timer bug found by updated test Only 'tsc' timer allows set mode and track is valid only for 'rtc' and 'platform' timers. xen: use virDomainDefPostParse for parsing XM/XL/SEXPR cofings This change ensures to call driver specific post-parse code to modify domain definition after parsing hypervisor config the same way we do after parsing XML. lxc: use virDomainDefPostParse for parsing LXC config string This change ensures to call driver specific post-parse code to modify domain definition after parsing hypervisor config the same way we do after parsing XML. vmware/vmx: use virDomainDefPostParse after parsing vmx config This change ensures to call driver specific post-parse code to modify domain definition after parsing hypervisor config the same way we do after parsing XML. 2015-12-09 Ján Tomko virsh: rename vshCommandOptString to vshCommandOptStringQuiet This function does not set an error. Make it obvious in its name to discourage its usage without reporting an error in the caller. security_selinux: fix indentation 2015-12-09 Ján Tomko security_dac: check if virSecurityDACGetIds returns negative Use the customary check '< 0' instead of checking for non-zero. No functional change. 2015-12-09 Ján Tomko Post-release version bump to 1.3.1 2015-12-09 Daniel Veillard Release of libvirt-1.3.0 * docs/news.html.in libvirt.spec.in: update for release * po/*.po*: regenerated 2015-12-08 Jim Fehlig Revert "libxl: implement virDomainInterfaceStats" This reverts commit d2e5538b16e325d9095f3ccb0dac88bbd9fc98f0. A migration regression was introduced by this commit. When migrating a domain, its active XML is sent to the destination libvirtd, where it is parsed as inactive XML. d2e5538b copied the libxl generated interface name into the active config, which was being passed to the migration destination and being parsed into inactive config. Attempting to start the config could result in failure if an interface with the same generated name already exists. The qemu driver behaves similarly, but the parser contains a hack to skip interface names starting with 'vnet' when parsing inactive XML. We could extend the hack to skip names starting with 'vif' too, but a better fix would be to expose these hypervisor-specific interface name prefixes in capabilities. See the following discussion thread for more details https://www.redhat.com/archives/libvir-list/2015-December/msg00262.html For the pending 1.3.0 release, it is best to revert d2e5538b. It can be added again post release, after moving the prefix to capabilities. 2015-12-08 Daniel P. Berrange rpm: explicitly enable & start virtlogd on install When installing the libvirt-daemon RPM, we have a %post rule to enable the libvirtd.service, virtlockd.socket and virtlogd.socket files. This is only done, however, when the RPM is first installed, not when upgrading RPMs. So virtlogd will not get activated on upgrading, which is a problem as libvirt qemu driver will expect it to be available by default. This adds a trigger that is run when uninstalling libvirt-daemon older than 1.3.0 that will enable & start virtlogd.socket if libvirtd is enabled and/or started. Using the trigger rather than %post ensures that it only runs once, allowing admins to disable it explicitly thereafter without future upgrades re-enabling it. 2015-12-08 Daniel P. Berrange libvirtd: enable virtlockd/virtlogd socket activation on install When someone does 'systemctl enable libvirtd.service' we should also enable virtlockd.socket/virtlogd.socket, so that they can be auto-activated if libvirtd tries to access the sockets. Without this, people have to manually enable the units themselves via 'systemctl enable virtdlogd.socket'. This also ensures that if distros uses 'systemctl preset' for enabling 'libvirtd.service', then the virtdlogd.socket gets enabled without having to wait for the distro to update their presets file. 2015-12-08 Daniel P. Berrange logging: validate flags passed from client in virtlogd The virtlogd RPC messages all have a flags parameter. For sake of future error reporting we should be verifying these are all 0 for now. 2015-12-08 Daniel P. Berrange logging: change log protocol to be more reusable The current virtlogd RPC protocol provides the ability to handle log files associated with QEMU stdout/err. The log protocol messages take the virt driver, domain name and use that to form a log file path. This is quite restrictive as it prevents us re-using the same RPC protocol messages for logging to char device backends where the filename can be arbitrarily user specified. It is also bad because it means we have 2 separate locations which have to decide on logfile name. This change alters the RPC protocol so that we pass the desired log file path along when opening the log file initially. Now the virt driver is exclusively in charge of deciding the log filename 2015-12-08 Daniel P. Berrange logging: preserve driver, dom name & uuid against log file The virt driver, dom name and uuid associated with a log file are important pieces of metadata to keep around for sake of future enhancements to virtlogd. Currently we discard them after opening the log file, but we should preserve them, even across restarts. qemu: fix memory leak in opening log file The qemuDomainLogContextNew method leaks the "logfile" path on the non-virtlogd code path. 2015-12-05 Nikolay Shirokovskiy libvirt: Update virDomainSetMemory description virDomainSetMemory is documented to change only runtime configuration of running domain. However, that's not true of all hypervisors supported. Seems as though when commit id '0f2e50be5' added the current flag, the function description should have been updated similar to when commit id 'c1795c52' updated the virDomainSetMaxMemory description. Especially since commit id '80427f1d' updated the virsh 'setmem' description to indicate "behavior is different depending on hypervisor." This patch will update the description to match current functionality. 2015-12-05 Boris Fiuczynski qemu: Automatic SCSI controller creation in SCSI disk hotplug broken When a SCSI disk is hotplugged to a domain that does not have the required SCSI controller already defined and loaded the following internal error occurs error: Failed to attach device from scsi_disk.xml error: internal error: Could not find scsi controller with index 0 required for device Commit 0260506c added in method qemuBuildDriveDevStr a lookup of the controller alias. The internal error occurs because in method qemuDomainAttachSCSIDisk the automatic creation of the potentially missing SCSI controller occurs after calling qemuBuildDriveDevStr. This patch reverses the calling sequence. Reviewed-by: Bjoern Walk Reviewed-by: Stefan Zimmermann 2015-12-05 Daniel P. Berrange qemu: include hostname in QEMU log files Often when debugging bug reports one is given a copy of the file from /var/log/libvirt/qemu/$NAME.log along with other supporting files. In a number of cases I've been given sets of files which were from different machines. Including the hostname in the QEMU log file will help identify when the bug reporter is providing bad information. rotatingfile: mark log files as close-on-exec The log file descriptor associated with the virRotatingFile struct should be marked close-on-exec, as even when virtlogd re-exec's itself it expect to open the log file fresh. It does not need to preserve the logfile handles, only the network client FDs. 2015-12-05 Guido Günther libvirtd: require virtlogd to start before libvirtd In the non-systemd case, without socket activation, we need to proper ordering. 2015-12-04 Peter Krempa qemu: domain: Prevent overflows in memory alignment code Since libvirt for dubious historical reasons stores memory size as kibibytes, it's possible that the alignments done in the qemu code overflow the the maximum representable size in bytes. The XML parser code handles them in bytes in some stages. Prevent this by doing overflow checks when alinging the size and add a test case. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1260576 2015-12-04 Peter Krempa schema: Allow > UINT_MAX KiB of memory for NUMA nodes Using more than 4TiB of memory per NUMA node would not be possible to express in the XML without violating the schema. Not that such boxes would be common, but we should use a longer type at this point. The pattern is not necessary since libvirt redefines the type already in basictypes.rng with the same pattern. 2015-12-04 Boris Fiuczynski conf: Revert some code to resolve issues for hostdev hotplug This patch reverts parts of commits 0d8b24f6b and 0785966d dealing with the addition of a controller during virDomainHostdevAssignAddress. This caused a regression for the hostdev hotplug path which assumes the qemuDomainFindOrCreateSCSIDiskController will add the new controller during qemuDomainAttachHostSCSIDevice to both the running domain and the domain def controller list when the controller doesn't yet exist (whether due to no SCSI controllers existing or the addition of a new controller because existing ones are full). Since commit id 0d8b24f6 will call virDomainHostdevAssignAddress during virDomainDeviceDefPostParseInternal which is called either during domain definition post processing (via an iterator during virDomainDefPostParse) or directly from virDomainDeviceDefParse during hotplug, the change broke the "side effect" of being able to add both a hostdev and controller to the running domain. The regression would only be seen if the running domain didn't have a SCSI controller already defined or if the existing SCSI controller was "full" of devices and a new controller needed to be created. This patch will also add some extra comments to the code to avoid a similar future change. Reviewed-by: Bjoern Walk Reviewed-by: Stefan Zimmermann 2015-12-03 Ján Tomko virsh: remove custom error for cpulist from cmdIOThreadPin Instead of the custom error: error: iothreadpin: invalid cpulist. use vshCommandOptStringReq and let it report a more specific error: error: Failed to get option 'cpulist': Option argument is empty 2015-12-03 Ján Tomko virsh: report errors for empty strings Several callers were using vshCommandOptString without setting an error. Use vshCommandOptStringReq which sets the error. https://bugzilla.redhat.com/show_bug.cgi?id=1281707 2015-12-03 Ján Tomko bridge: check for invalid MAC in networkGetDHCPLeases Instead of comparing garbage strings against real MAC addresses, introduce an error mesage for unparsable ones: $ virsh net-dhcp-leases default --mac t12 error: Failed to get leases info for default error: invalid MAC address: t12 https://bugzilla.redhat.com/show_bug.cgi?id=1261432 2015-12-03 Joao Martins libxl: implement virDomainInterfaceStats Introduce support for domainInterfaceStats API call for querying network interface statistics. Consequently it also enables the use of `virsh domifstat ` command plus seeing the interfaces names instead of "-" when doing `virsh domiflist `. After successful guest creation we fill the network interfaces names based on domain, device id and append suffix if it's emulated in the following form: vif.[-emu]. We extract the network interfaces info from the libxl_domain_config object in libxlDomainCreateIfaceNames() to generate ifname. On domain cleanup we also clear ifname, in case it was set by libvirt (i.e. being prefixed with "vif"). We also skip these two steps in case the name of the interface was manually inserted by the adminstrator. For getting the interface statistics we resort to virNetInterfaceStats and let libvirt handle the platform specific nits. Note that the latter is not yet supported in FreeBSD. 2015-12-02 Ian Campbell network: selectively disable -Wcast-align in virNetDevParseDadStatus Commit 0f7436ca54c9 "network: wait for DAD to finish for bridge IPv6 addresses" results in: CC util/libvirt_util_la-virnetdevmacvlan.lo util/virnetdev.c: In function 'virNetDevParseDadStatus': util/virnetdev.c:1319:188: error: cast increases required alignment of target type [-Werror=cast-align] util/virnetdev.c:1332:41: error: cast increases required alignment of target type [-Werror=cast-align] util/virnetdev.c:1334:92: error: cast increases required alignment of target type [-Werror=cast-align] cc1: all warnings being treated as errors on at least ARM platforms. The three macros involved (NLMSG_NEXT, IFA_RTA and RTA_NEXT) all appear to correctly take care of alignment, therefore suppress Wcast-align around their uses. Cc: Maxim Perevedentsev Cc: Laine Stump Cc: Dario Faggioli Cc: Jim Fehlig 2015-12-01 Michal Privoznik log_manager: Include configmake.h last The problem is that in some mingw header DATADIR is used but gnulib defines it too. This leads to the following compile error: CC locking/libvirt_driver_la-lock_manager.lo In file included from /usr/i686-w64-mingw32/sys-root/mingw/include/objbase.h:66:0, from /usr/i686-w64-mingw32/sys-root/mingw/include/ole2.h:17, from /usr/i686-w64-mingw32/sys-root/mingw/include/wtypes.h:12, from /usr/i686-w64-mingw32/sys-root/mingw/include/winscard.h:10, from /usr/i686-w64-mingw32/sys-root/mingw/include/windows.h:97, from /usr/i686-w64-mingw32/sys-root/mingw/include/winsock2.h:23, from ../gnulib/lib/unistd.h:48, from ../../src/util/virutil.h:29, from ../../src/logging/log_manager.c:30: /usr/i686-w64-mingw32/sys-root/mingw/include/objidl.h:12275:2: error: expected identifier or '(' before string constant } DATADIR; ^ Makefile:7888: recipe for target 'logging/libvirt_driver_la-log_manager.lo' failed The fix is to include configmake.h at the end of includes. 2015-12-01 Michal Privoznik tests: Run virnetdaemontest iff WITH_YAJL The test itself and daemon require a JSON parsing library. If not present, skip the test. 2015-12-01 Martin Kletzander admin: Distribute libvirt-admin.conf Commit 48cd3dfa668e5033b02dd029c2e6de558a3c4583 introduced configuration file for libvirt-admin but forgot to distribute it. Also the change made to libvirt.conf in commit dbecb87f94e8f1591e3c471b34ae48a7203c9cb3 should've been removed thanks to introduction of separate config file. 2015-12-01 Martin Kletzander admin: Rename virAdmConnect to virAdmDaemon virAdmConnect was named after virConnect, but after some discussions, most of the APIs called will be working with remote daemon and starting them virAdmDaemon will make more sense. Only possibly controversal name is CloseCallback (de)registration, and connecting to the daemon (which will still be Open/Close), but even this makes sense if one thinks about the daemon being opened and closed, e.g. as file, etc. This way all the APIs working with the daemon will start with virAdmDaemon prefix, they will accept virAdmDaemonPtr as first parameter and that will better suit with other namings as well (virDomain*, virAdmServer*, etc.). Because in virt-admin, the connection name does not refer to a struct that would have a connect in its name, also adjust 'connname' in clients. And because it is not used anywhere in the vsh code, move it from there into each client. 2015-12-01 Martin Kletzander spec: Temporarily disable new admin-related files The virt-admin binary and its man page should not yet be distributed, but we need libvirt-common.h. RPM build fails without specifying these. admin: Include admin_remote.c in the dist package Otherwise all builds from the package will fail. 2015-12-01 Wang Yufei qemu_agent: fix deadlock in qemuProcessHandleAgentEOF If VM A is shutdown a by qemu agent at appoximately the same time an agent EOF of VM A happened, there's a chance that deadlock may occur: qemuProcessHandleAgentEOF in main thread A) priv->agent = NULL; //A happened before B //deadlock when we get agent lock which's held by worker thread qemuAgentClose(agent); qemuDomainObjExitAgent called by qemuDomainShutdownFlags in worker thread B) hasRefs = virObjectUnref(priv->agent); // priv->agent is NULL, // return false if (hasRefs) virObjectUnlock(priv->agent); //agent lock will not be released here In order to resolve, during EOF close the agent first, then set priv->agent to NULL to fix the deadlock. This essentially reverts commit id '1020a504'. It's also of note that commit id '362d0477' notes a possible/rare deadlock similar to what was seen in the monitor in commit id '25f582e3'. However, it seems interceding changes including commit id 'd960d06f' should remove the deadlock issue. With this change, if EOF is called: Get VM lock Check if !priv->agent || priv->beingDestroyed, then unlock VM Call qemuAgentClose Unlock VM When qemuAgentClose is called Get Agent lock If Agent->fd open, close it Unlock Agent Unref Agent qemuDomainObjEnterAgent Enter with VM lock Get Agent lock Increase Agent refcnt Unlock VM After running agent command, calling qemuDomainObjExitAgent Enter with Agent lock Unref Agent If not last reference, unlock Agent Get VM lock If we were in the middle of an EnterAgent, call Agent command, and ExitAgent sequence and the EOF code is triggered, then the EOF code can get the VM lock, make it's checks against !priv->agent || priv->beingDestroyed, and call qemuAgentClose. The CloseAgent would wait to get agent lock. The other thread then will eventually call ExitAgent, release the Agent lock and unref the Agent. Once ExitAgent releases the Agent lock, AgentClose will get the Agent Agent lock, close the fd, unlock the agent, and unref the agent. The final unref would cause deletion of the agent. Reviewed-by: Ren Guannan 2015-11-30 Martin Kletzander build: Create needed folders without dependency tracking The parameter --disable-dependency-tracking is supposed to speed up one-time build due to the fact that it disables some dependency extractors that, apparently, take longer time to execute. That is a problem for code that is generated into builddir (especially some specific subdirectory) because the directory it should be installed to does not exists in VPATH and without the dependency tracking is not created. Generating such file hence fails with -ENOENT. In order to keep generating files into builddir instead of srcdir, we must create the directory ourselves. This should finally fix the problem that is being fixed multiple times since its introduction in commit a9fe62037214 and let us continue with cleaning those parts of Makefiles that depend on generating files into the srcdir rather than builddir as it should be. include: Install libvirt-common.h Otherwise nobody will be able to include libvirt.h. util: Avoid variable named 'truncate' shadowing global declaration 2015-11-30 Wei Jiangang tools: fix output of list with state-shutoff Due to the default of flags is VIR_CONNECT_LIST_DOMAINS_ACTIVE, It doesn't show the domains that have been shutdown when we use 'virsh list' with only --state-shutoff. 2015-11-30 Michal Privoznik conf: Split virDomainObjList into a separate file Our domain_conf.* files are big enough. Not only they contain XML parsing code, but they served as a storage of all functions whose name is virDomain prefixed. This is just wrong as it gathers not related functions (and modules) into one big file which is then harder to maintain. Split virDomainObjList module into a separate file called virdomainobjlist.[ch]. 2015-11-30 Ján Tomko qemu: build command line for virtio-input-host device results in: -device virtio-input-host-pci,id=input0,evdev=/dev/input/event1234 https://bugzilla.redhat.com/show_bug.cgi?id=1231114 2015-11-30 Ján Tomko qemu: add passed-through input devs to cgroup ACL https://bugzilla.redhat.com/show_bug.cgi?id=1231114 2015-11-30 Ján Tomko security: label the evdev for input device passthrough Add functions for setting and restoring the label of input devices to DAC and SELinux drivers. https://bugzilla.redhat.com/show_bug.cgi?id=1231114 2015-11-30 Ján Tomko conf: add XML for input device passthrough Add xml for the new virtio-input-host-pci device: https://bugzilla.redhat.com/show_bug.cgi?id=1231114 2015-11-30 Ján Tomko qemu: add capability for virtio-input-host-device Add QEMU_CAPS_VIRTIO_INPUT_HOST for both virtio-input-host-device and virtio-input-host-pci. 2015-11-30 Ján Tomko qemu: build command line for virtio input devices Add support for these qemu devices: virtio-mouse-{pci,device} virtio-keyboard-{pci,device} virtio-tablet-{pci,device} https://bugzilla.redhat.com/show_bug.cgi?id=1231114 2015-11-30 Ján Tomko conf: parse and format virtio input bus in domain XML To be used by the family of virtio input devices: https://bugzilla.redhat.com/show_bug.cgi?id=1231114 2015-11-30 Ján Tomko qemu: add capabilities for virtio input devices Add capabilities for virtio-keyboard, virtio-mouse and virtio-tablet devices: name "virtio-keyboard-device", bus virtio-bus name "virtio-keyboard-pci", bus PCI name "virtio-mouse-device", bus virtio-bus name "virtio-mouse-pci", bus PCI name "virtio-tablet-device", bus virtio-bus name "virtio-tablet-pci", bus PCI Map both -device and -pci versions of the device to one capability. https://bugzilla.redhat.com/show_bug.cgi?id=1231114 2015-11-30 Pavel Hrdina virlogd: fix crash if log file exists and it's larger the maxlen If for some reason there is an existing log file, that is larger then max length of log file, we need to rollover that file immediately. Trying to figure out how much data we could write will resolve in overflow of unsigned variable 'towrite' and this leads to segfault. 2015-11-30 Erik Skultety virt-admin: Provide a man page for virt-admin admin: Introduce virAdmConnectGetLibVersion Introduce a new API to get libvirt version. It is worth noting, that libvirt-admin and libvirt share the same version number. Unfortunately, our existing API isn't generic enough to be used with virAdmConnectPtr as well. Also this patch wires up this API to the virt-admin client as a generic cmdVersion command. admin: Add support for connection close callbacks As we need a client disconnect handler, we also need a mechanism to register such handlers for a client. This patch introduced both the close callbacks and also the client vshAdmCatchDisconnect handler to be registered with it. By registering the handler we still need to make sure the client can react to daemon's events like disconnect or keepalive, so asynchronous I/O event polling is necessary to be enabled too. admin: Add support for URI aliases Now that we introduced URI support in libvirt-admin, we should also support URI aliases during connection establishment phase. After applying this patch, virAdmConnectOpen will also support VIR_CONNECT_NO_ALIASES flag. livirt: Move URI alias matching to util As we need to provide support for URI aliases in libvirt-admin as well, URI alias matching needs to be internally visible. Since virConnectOpenResolveURIAlias does have a compatible signature, it could be easily reused by libvirt-admin. This patch moves URI alias matching to util, renaming it accordingly. admin: Add URI support and introduce virAdmGetDefaultURI Since virt-admin should be able to connect to various admin servers on hosted different daemons, we need to provide URI support to libvirt-admin. admin: Do not generate remoteAdminConnect{Open,Close} As we plan to add more and more logic to remote connecting methods, these cannot be generated from admin_protocol.x anymore. Instead, this patch implements these to methods explicitly. admin: Move remote admin API version to a separate module By moving the remote version into a separate module, we gain a slightly better maintainability in the long run than just by leaving it in one place with the existing libvirt-admin library which can start getting pretty messy later on. admin: Introduce virAdmConnectIsAlive Since most of our APIs rely on an acive functional connection to a daemon and we have such a mechanism in libvirt already, there's need to have such a way in libvirt-admin as well. By introducing a new public API, this patch provides support to check for an active connection. virt-admin: Introduce first working skeleton This patch introduces virt-admin client which is based on virsh client, but had to reimplement several methods to meet virt-admin specific needs or remove unnecessary virsh specific logic. admin: introduce virAdmGetVersion Unfortunately, client side version retrieval API virGetVersion uses one-time initialization (due to the fact we might not have initialized the library by calling connect prior to this) which is not completely compatible with admin initialization. This API is rather simplistic and reimplementing it for admin might be the preferred method of reusing it. Note that even though the method will be reimplemented, the version number is still the same for both the libvirt and libvirt-admin library. libvirt: Move config getters to util virConnectGetConfig and virConnectGetConfigPath were static libvirt methods, merely because there hasn't been any need for having them internally exported yet. Since libvirt-admin also needs to reference its config file, 'xGetConfig' should be exported. Besides moving, this patch also renames the methods accordingly, as they are libvirt config specific. admin: Introduce libvirt-admin.conf Since libvirt-admin is a separate library, it should also have a separate config file. Available settings are currently the same as for libvirt.conf. libvirt: introduce libvirt/libvirt-common.h.in As it turned out, we need to share some enums and declarations between libvirt.h and libvirt-admin.h, but since our policy forbids direct includes of libvirt*.h, there has to be some header exempt from this rule. This patch moves the relevant part of code from libvirt.h.in to libvirt-common.h.in. Moreover, since there is no need to have libvirt.h generated anymore, introduce a new header libvirt.h which was previosly ignored from git and make the common header ignored and generated instead. 2015-11-27 Marc-André Lureau qemu: add virtio-gpu virgl support Check if virtio-gpu provides virgl option, and add qemu command line formatter. It is enabled with the existing accel3d attribute: 2015-11-27 Marc-André Lureau qemu: add virtio video device qemu 2.5 provides virtio video device. It can be used with -device virtio-vga for primary devices, or -device virtio-gpu for non-vga devices. However, only the primary device (VGA) is supported with this patch. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1195176 2015-11-27 Marc-André Lureau domain: replace bool accel{2d, 3d} with a tristate Allowing to have the extra undefined/default state. Replace support{2d,3d} with accel{2d,3d} Following the domain XML naming 2015-11-27 Martin Kletzander systemd: Escape only needed characters for machined Machine name escaping follows the same rules as serice name escape, except that '.' and '-' must not be escaped in machine names, due to a bug in systemd-machined. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1282846 2015-11-27 Martin Kletzander virtlogd: Fix build without DBus The rule for virrotatingfiletest was defined in DBUS-only block even though the test does not use DBus at all. Also DBUS_CFLAGS and DBUS_LIBS are removed from the rules. The original error was: /usr/lib/gcc/x86_64-pc-linux-gnu/5.2.0/../../../../lib64/Scrt1.o: In function `_start': (.text+0x20): undefined reference to `main' 2015-11-27 Daniel P. Berrange logging: remove reference to non-existent augeas files The libvirt_logd.aug and test_libvirt_logd.aug.in files have never existed so shouldn't be in EXTRA_DIST. It was a copy+paste mistake when closing virtlogd from virtlockd logging: avoid variables called 'daemon' due to function clash With some versions of GLibC / GCC, a variable called 'daemon' will result in a warning about clashing with the function also named 'daemon'. Rename it to 'dmn' to avoid the clash. 2015-11-27 Guido Günther virtlogd: use %llu to print 64bit types Otherwise we fail on 32bit with: CC logging/virtlogd-log_daemon_dispatch.o logging/log_daemon_dispatch.c: In function 'virLogManagerProtocolDispatchDomainReadLogFile': logging/log_daemon_dispatch.c:120:9: error: format '%zu' expects argument of type 'size_t', but argument 7 has type 'uint64_t' [-Werror=format] 2015-11-26 Daniel P. Berrange virtlockd: fix misc memory leaks and other bugs Fix memory leaks, failure to restore umask and missing man page docs. logging: inhibit virtlogd shutdown while log files are open The virtlogd daemon is launched with a 30 second timeout for unprivileged users. Unfortunately the timeout is only inhibited while RPC clients are connected, and they only connect for a short while to open the log file descriptor. We need to hold an inhibition for as long as the log file descriptor itself is open. 2015-11-26 Daniel P. Berrange qemu: add support for sending QEMU stdout/stderr to virtlogd Currently the QEMU stdout/stderr streams are written directly to a regular file (eg /var/log/libvirt/qemu/$GUEST.log). While those can be rotated by logrotate (using copytruncate option) this is not very efficient. It also leaves open a window of opportunity for a compromised/broken QEMU to DOS the host filesystem by writing lots of text to stdout/stderr. This makes it possible to connect the stdout/stderr file handles to a pipe that is provided by virtlogd. The virtlogd daemon will read from this pipe and write data to the log file, performing file rotation whenever a pre-determined size limit is reached. 2015-11-26 Daniel P. Berrange qemu: convert monitor to use qemuDomainLogContextPtr indirectly Currently the QEMU monitor is given an FD to the logfile. This won't work in the future with virtlogd, so it needs to use the qemuDomainLogContextPtr instead, but it shouldn't directly access that object either. So define a callback that the monitor can use for reporting errors from the log file. qemu: convert process stop/attach to use qemuDomainLogContextPtr When the qemuProcessAttach/Stop methods write a marker into the log file, they can use qemuDomainLogContextWrite to write a formatted message. qemu: convert qemuLogOperation to take a qemuDomainLogContextPtr Instead of writing directly to a log file descriptor, change qemuLogOperation to use qemuDomainLogContextWrite(). qemu: change qemuDomainTaint APIs to accept qemuDomainLogContextPtr The qemuDomainTaint APIs currently expect to be passed a log file descriptor. Change them to instead use a qemuDomainLogContextPtr to hide the implementation details. qemu: convert log file creation to use qemuDomainLogContextPtr Convert the places which create/open log files to use the new qemuDomainLogContextPtr object instead. qemu: introduce a qemuDomainLogContext object Introduce a qemuDomainLogContext object to encapsulate handling of I/O to/from the domain log file. This will hide details of the log file implementation from the rest of the driver, making it easier to introduce support for virtlogd later. 2015-11-26 Daniel P. Berrange qemu: unify code for reporting errors from QEMU log files There are two pretty similar functions qemuProcessReadLog and qemuProcessReadChildErrors. Both read from the QEMU log file and try to strip out libvirt messages. The latter then reports an error, while the former lets the callers report an error. Re-write qemuProcessReadLog so that it uses a single read into a dynamically allocated buffer. Then introduce a new qemuProcessReportLogError that calls qemuProcessReadLog and reports an error. Convert all callers to use qemuProcessReportLogError. 2015-11-26 Daniel P. Berrange qemu: remove writing to QEMU log file for rename operation The rename operation only works on inactive virtual machines, but it none the less writes to the log file used by the QEMU processes. This log file is not intended to provide a general purpose audit trail of operations performed on VMs. The audit subsystem has recording of important operations. If we want to extend that to cover all significant public APIs that is a valid thing to consider, but we shouldn't arbitrarily log specific APIs into the QEMU log file in the meantime. 2015-11-26 Daniel P. Berrange logging: add client for virtlogd daemon Add the virLogManager API which allows for communication with the virtlogd daemon to RPC program. This provides the client side API to open log files for guest domains. The virtlogd daemon is setup to auto-spawn on first use when running unprivileged. For privileged usage, systemd socket activation is used instead. 2015-11-26 Daniel P. Berrange logging: introduce log handling protocol Define a new RPC protocol for the virtlogd daemon that provides for handling of logs. The initial RPC method defined allows a client to obtain a file handle to use for writing to a log file for a guest domain. The file handle passed back will not actually refer to the log file, but rather an anonymous pipe. The virtlogd daemon will forward I/O between them, ensuring file rotation happens when required. Initially the log setup is hardcoded to cap log files at 128 KB, and keep 3 backups when rolling over, which gives a max usage of 512 KB per guest. 2015-11-26 Daniel P. Berrange Import stripped down virtlockd code as basis of virtlogd Copy the virtlockd codebase across to form the initial virlogd code. Simple search & replace of s/lock/log/ and gut the remote protocol & dispatcher. This gives us a daemon that starts up and listens for connections, but does nothing with them. util: add APIs for reading/writing from/to rotating files Add virRotatingFileReader and virRotatingFileWriter objects which allow reading & writing from/to files with automation rotation to N backup files when a size limit is reached. This is useful for guest logging when a guaranteed finite size limit is required. Use of external tools like logrotate is inadequate since it leaves the possibility for guest to DOS the host in between invokations of logrotate. 2015-11-26 Martin Kletzander systemd: Escape machine name for machined According to the documentation, CreateMachine accepts only 7bit ASCII characters in the machinename parameter, so let's make sure we can start machines with unicode names with systemd. We already have a function for that, we just forgot to use it. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1062943 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1282846 2015-11-26 Martin Kletzander virsh: Try to keep printed XML pretty with change-media When adding a new media with change-media and --print-xml, let's try making it more readable and nice. Before: ...
After: ...
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1219719 2015-11-26 Ján Tomko schema: use a better regex for listen addresses A domain with '::' as the listen address fails to validate. Reuse the 'ipAddr' and 'dnsName' regexes from basictypes instead of reinventing them. https://bugzilla.redhat.com/show_bug.cgi?id=1285665 2015-11-25 Jiri Denemark Enhance documentation of virDomainDetachDevice Link it to virDomainDetachDeviceFlags. https://bugzilla.redhat.com/show_bug.cgi?id=1257280 2015-11-25 Jiri Denemark qemu: Use qemuProcessLaunch in migration Prepare phase Using qemuProcess{Init,Launch,FinishStartup} allows us to run pre-migration commands on destination before asking QEMU to wait for incoming migration data. qemu: Skip starting NBD servers for offline migration NBD storage migration will not work with offline migration anyway and we already checked that the user did not ask for it. Thus it doesn't make sense to keep the code after 'done' label where we jump in case of offline migration. qemu: Kill QEMU process if Prepare phase fails Some failure paths in qemuMigrationPrepareAny forgot to kill the just started QEMU process. This patch fixes this by combining 'stop' and 'endjob' label into a new label 'stopjob'. This name was chosen to avoid confusion with the most common semantics of 'endjob'. Normally, 'endjob' is always called at the end of an API to stop the job we entered at the beginning. In qemuMigrationPrepareAny we only want to stop the job in failure path; on success we need to carry the job over to the Finish phase. qemu: Separate incoming URI generation from qemuMigrationPrepareAny qemu: Introduce qemuProcessFinishStartup Finishes starting a new domain launched by qemuProcessLaunch. qemu: Introduce qemuProcessLaunch Once qemuProcessInit was called, qemuProcessLaunch will launch a new QEMU process with stopped virtual CPUs. 2015-11-25 Jiri Denemark qemu: Introduce qemuProcessInit qemuProcessStart is going to be split in three parts: qemuProcessInit, qemuProcessLaunch, and qemuProcessFinish so that migration Prepare phase can insert additional code in the process. qemuProcessStart will be a small wrapper for all other callers. qemuProcessInit prepares the domain up to the point when priv->qemuCaps is initialized. 2015-11-25 Dmitry Andreev conf: reject multiple panic devices of same model Only one panic device per model is allowed. Allow multiple panic devices 'model' attribute was added to a panic device but only one panic device is allowed. This patch changes panic device presence from 'optional' to 'zeroOrMore'. 2015-11-25 Dmitry Andreev qemu: add support for hv_crash feature as a panic device Panic device type used depends on 'model' attribute. If no model is specified then device type depends on hypervisor and guest arch. 'pseries' model is used for pSeries guest and 'isa' model is used in other cases. XML: QEMU command line: qemu -cpu ,hv_crash 2015-11-25 Dmitry Andreev tests: add tests for the new panic device attribute - 'model' 2015-11-25 Dmitry Andreev conf: add 'model' attribute for panic device with values isa, pseries, hyperv Libvirt already has two types of panic devices - pvpanic and pSeries firmware. This patch introduces the 'model' attribute and a new type of panic device. 'isa' model is for ISA pvpanic device. 'pseries' model is a default value for pSeries guests. 'hyperv' model is the new type. It's used for Hyper-V crash. Schema and docs are updated for the new attribute. 2015-11-25 Dmitry Andreev conf: refactor code for checking ABI stability of panic device 2015-11-25 Guido Günther apparmor: add missing qemu binaries This adds the qemu binaries as of 1.2.4 in Debian. It also removes a duplicate sparc64 entry. 2015-11-25 Laine Stump nodedev: report maxCount for virtual_functions capability A PCI device may have the capability to setup virtual functions (VFs) but have them currently all disabled. Prior to this patch, if that was the case the the node device XML for the device wouldn't report any virtual_functions capability. With this patch, if a file called "sriov_totalvfs" is found in the device's sysfs directory, its contents will be interpreted as a decimal number, and that value will be reported as "maxCount" in a capability element of the device's XML, e.g.: This will be reported regardless of whether or not any VFs are currently enabled for the device. NB: sriov_numvfs (the number of VFs currently active) is also available in sysfs, but that value is implied by the number of items in the list that is inside the capability element, so there is no reason to explicitly provide it as an attribute. sriov_totalvfs and sriov_numvfs are available in kernels at least as far back as the 2.6.32 that is in RHEL6.7, but in the case that they simply aren't there, libvirt will behave as it did prior to this patch - no maxCount will be displayed, and the virtual_functions capability will be absent from the device's XML when 0 VFs are enabled. 2015-11-25 Laine Stump conf: support reporting maxCount attribute for virtual_functions cap Report the maximum possible number of VFs for an SRIOV PF, like this: ... I've just discovered that the virtual_functions and physical_functions capabilities are not supported in the virNodeDeviceParse functions, only in virNodeDeviceFormat (I suppose because they are only reported, not set from XML). This should probably be remedied, but is less immediately useful than the current patch. 2015-11-24 Peter Krempa qemu: monitor: Explain logic of qemuMonitorGetCPUInfo The return value has non-obvious semantics. Document it. 2015-11-24 Pavel Hrdina Post-release version bump to 1.3.0 2015-11-24 Peter Krempa conf: Drop useless check when parsing cpu scheduler info The checked predicate is a deduction from the following checks: 1) maximum cpu id is checked for every parsed element 2) the resulting bitmaps are checked for overlaps 3) there has to be at least one cpu per From the above checks we can indeed deduce that if we have one element per CPU we will have at most 'maxvcpus' of them. Drop the explicit check since it's redundant. 2015-11-24 Ján Tomko qemu: pass the asyncJob to qemuProcessStartCPUs Now that new domains are started inside a QEMU_ASYNC_JOB_START job, we need to pass it down to qemuProcessStartCPUs too. This removes the warning: qemuDomainObjEnterMonitorInternal:1750 : This thread seems to be the async job owner; entering monitor without asking for a nested job is dangerous Introduced by commit 04c721f, before that this code path was only executed with QEMU_ASYNC_JOB_NONE. (This code is not executed on migration, because qemuMigrationPrepareAny sets the VIR_QEMU_PROCESS_START_PAUSED flag.) 2015-11-24 Peter Krempa xenapi: Refactor extraction of vcpu count To simplify further refactors change the way the vcpu count is extracted to use a temp variable rather than juggling with def->maxvcpus. phyp: Refactor extraction of vcpu count To simplify further refactors change the way the vcpu count is extracted to use a temp variable rather than juggling with def.maxvcpus. openvz: Refactor extraction of vcpu count To simplify further refactors change the way the vcpu count is extracted to use a temp variable rather than juggling with def->maxvcpus. hyperv: Allocate 'def' via virDomainDefNew Use the helper that is necessary to fill out some values rather than allocating it directly. 2015-11-24 Christian Loehle document virCommandRunRegex function 2015-11-23 Ján Tomko qemuSetupChrSourceCgroup: rename dev to source We do not have a pointer to the device here, just its source. 2015-11-23 Ján Tomko Simplify qemuSetupChrSourceCgroup and its callers The domain definition is not needed in any of these functions. Only pass it to qemuSetupChardevCgroup, which is used as a callback for virDomainChrDefForeach. Use the right type for passing virDomainObjPtr instead of void* where possible. 2015-11-23 Ján Tomko rename qemuSetupHostdevCGroup to qemuSetupHostdevCgroup Change CGroup to Cgroup to match other functions in the file. 2015-11-23 Guido Günther qemu: handle more machines with a single builtin IDE controller like I440FX by moving the condition into qemuDomainMachineHasBuiltinIDE and adding more machines. Reference: http://bugs.debian.org/805189 2015-11-21 John Ferlan storage: Change virStorageBackendVolOpen to use virFileOpenAs https://bugzilla.redhat.com/show_bug.cgi?id=1282288 Rather than using just open on the path, allow for the possibility that the path to be opened resides on an NFS root-squash target and was created under a different uid/gid. Without using virFileOpenAs an attempt to get the volume size data may fail if the current user doesn't have permissions to read the volume, such as would be the case if mode wasn't supplied in the volume XML and the default VIR_STORAGE_DEFAULT_VOL_PERM_MODE (e.g. 0600) was used. Under this scenario the owner/group is not root:root, thus this path run under root would fail to open/read the volume. NB: The virFileOpenAs code using OPEN_FORK will only work when the failure is not EACESS/EPERM and the path resolves to a shared file system. 2015-11-21 John Ferlan storage: Really fix setting mode for backend exec in NFS root-squash env https://bugzilla.redhat.com/show_bug.cgi?id=1282288 Although commit id '77346f27' resolves part of the problem regarding creating a qemu-img image in an NFS root-squash environment, it really didn't fix the entire problem. Unfortunately it only masked the problem. It seems qemu-img must open/create the image using 0644, which if used by target.perms would result in the chmod not being called since the mode desired and set match. Although qemu-img could conceivably ignore the mode when creating, libvirt has more knowledge of the environment and can make the adjustment to the mode far more easily by using virFileOpenAs with VIR_FILE_OPEN_FORCE_MODE. If that's successful, then we know on return the file will have the right owner and mode, so we can declare success 2015-11-20 Andrea Bolognani qemu: Always set locked memory limit for ppc64 domains Unlike other architectures, ppc64 domains need to lock memory even when VFIO is not used. Change qemuDomainRequiresMlock() to reflect this fact. 2015-11-20 Andrea Bolognani qemu: Add ppc64-specific math to qemuDomainGetMlockLimitBytes() The amount of memory a ppc64 domain might need to lock is different than that of a equally-sized x86 domain, so we need to check the domain's architecture and act accordingly. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1273480 2015-11-20 Andrea Bolognani qemu: Use qemuDomainRequiresMlock() when attaching PCI hostdev The function is used everywhere else to check whether the locked memory limit should be set / updated, and it should be used here as well. Moreover, qemuDomainGetMlockLimitBytes() expects the hostdev to have already been added to the domain definition, but we only do that at the end of qemuDomainAttachHostPCIDevice(). Work around the issue by adding the hostdev before adjusting the locked memory limit and removing it immediately afterwards. 2015-11-20 Andrea Bolognani qemu: Use qemuDomainRequiresMlock() in qemuBuildCommandLine() This removes a duplication of the logic used to decide whether the memory locking limit should be set. process: Log when limiting the amount of locked memory This can be useful for debugging. 2015-11-19 Jim Fehlig libxl: don't unlock virDomainObj if refcnt is 0 Commit 6472e54a unlocks the virDomainObj even if libxlDomainObjEndJob returns false, indicating that its refcnt has dropped to 0. libxl: unref libxlDriverConfig object Commits b6e19cf4 and 6472e54a missed unref'ing the libxlDriverConfig object. Add missing calls to virObjectUnref. 2015-11-19 John Ferlan qemu: Fix build error in Coverity environment Commit id '08600de37' changed the prototype to reduce an argument, but didn't adjust the ATTRIBUTE_NONNULL(11) to (10) 2015-11-19 Mikhail Feoktistov vz: implementation of domainReboot callback Diff from v1. 1. Add virCheckFlags() call in vzDomainReboot vz: allow only en-us keymap for VNC In virtuozzo we support only en-us keymap for VMs and containers. If keymap is specified than check that it's en-us, otherwise show error message. 2015-11-19 Jiri Denemark qemu: Close logfd when closing monitor Remembering to call qemuMonitorSetDomainLog in the right paths before calling qemuProcessStop is annoying and easy to forget. And I already forgot to do so in commit v1.2.8-52-g0389060: logfd may be leaked if QEMU process dies between Prepare and Finish migration phases. qemu: Do not infer flags from other qemuProcessStart arguments Every caller setting migrateFrom already sets VIR_QEMU_PROCESS_START_PAUSED flag anyway. qemu: Introduce qemuProcessMakeDir qemuProcessMakeDir is used for creating a per-domain directory in a given parent directory. qemu: Separate balloon code from qemuProcessStart qemuProcessStart is so big that any nontrivial code should be moved to dedicated functions to make the code easier to read and maintain. qemu: Enter monitor within qemuProcessSetLinkStates Move {Enter,Exit}Monitor calls inside qemuProcessSetLinkStates to simplify qemuProcessStart. qemu: Separate raw IO code from qemuProcessStart qemuProcessStart is so big that any nontrivial code should be moved to dedicated functions to make the code easier to read and maintain. qemu: Separate graphics handling code from qemuProcessStart qemuProcessStart is so big that any nontrivial code should be moved to dedicated functions to make the code easier to read and maintain. qemu: Separate hook handling code from qemuProcessStart qemuProcessStart is so big that any nontrivial code should be moved to dedicated functions to make the code easier to read and maintain. qemu: Rename stdin_{fd,path} in qemuProcessStart 2015-11-19 Jiri Denemark qemu: Use -incoming defer for migrations Traditionally, we pass incoming migration URI on QEMU command line, which has some drawbacks. Depending on the URI QEMU may initialize its migration state immediately without giving us a chance to set any additional migration parameters (this applies mainly for fd: URIs). For some URIs the monitor may be completely blocked from the beginning until migration is finished, which means we may be stuck in qmp_capabilities command without being able to send any QMP commands. QEMU solved this by introducing "defer" parameter for -incoming command line option. This will tell QEMU to prepare for an incoming migration while the actual incoming URI is sent using migrate-incoming QMP command. Before calling this command we can normally talk to the monitor and even set any migration parameters which will be honored by the incoming migration. 2015-11-19 Jiri Denemark qemu: Add APIs for migrate-incoming QMP command qemu: Always set async job when starting a domain We only started an async job for incoming migration from another host. When we were starting a domain from scratch or restoring from a saved state (migration from file) we didn't set any async job. Let's introduce a new QEMU_ASYNC_JOB_START for these cases. qemu: Introduce qemuProcessIncomingDef Incoming migration may require quite a few parameters (URI, fd, path) to be considered while starting QEMU and we will soon add another one. Let's group all of them in a single struct. qemu: Move incoming URI code to qemu_migration qemu: Don't generate migration URI in qemuBuildCommandLine Make callers of qemuBuildCommandLine responsible for providing the URI which should be passed as a parameter for -incoming. qemu: Refactor the code to build -incoming command line Move the code from qemuBuildCommandLine into dedicated functions. qemu: Refactor waiting for completed migration on destination Move the code from qemuMigrationFinish into a dedicated function. 2015-11-19 Cole Robinson libvirt-domain: Fix typo in debug message 2015-11-19 Joao Martins util: add virDiskNameParse to handle disk and partition idx Introduce a new helper function "virDiskNameParse" which extends virDiskNameToIndex but handling both disk index and partition index. Also rework virDiskNameToIndex to be based on virDiskNameParse. A test is also added for this function testing both valid and invalid disk names. 2015-11-19 Joao Martins libxl: implement virDomainMemorystats Introduce support for domainMemoryStats API call, which consequently enables the use of `virsh dommemstat` command to query for memory statistics of a domain. We support the following statistics: balloon info, available and currently in use. swap-in, swap-out, major-faults, minor-faults require cooperation of the guest and thus currently not supported. We build on the data returned from libxl_domain_info and deliver it in the virDomainMemoryStat format. 2015-11-18 Richard Weinberger virSetUIDGID: Don't leak supplementary groups The LXC driver uses virSetUIDGID() to become UID/GID 0. It passes an empty groups list to virSetUIDGID() to get rid of all supplementary groups from the host side. But virSetUIDGID() calls setgroups() only if the supplied list is larger than 0. This leads to a container root with unrelated supplementary groups. In most cases this issue is unoticed as libvirtd runs as UID/GID 0 without any supplementary groups. lxc: Bind mount container TTYs Instead of creating symlinks, bind mount the devices to /dev/pts/XY. Using bind mounts it is no longer needed to add pts devices to files like /etc/securetty. 2015-11-18 Richard Weinberger lxc: Don't make container's TTY a controlling TTY Userspace does not expect that the initial console is a controlling TTY. systemd can deal with that, others not. On sysv init distros getty will fail to spawn a controlling on /dev/console or /dev/tty1. Which will cause to whole container to reboot upon ctrl-c. This patch changes the behavior of libvirt to match the kernel behavior where the initial TTY is also not controlling. The only user visible change should be that a container with bash as PID 1 would complain. But this matches exactly the kernel be behavior with init=/bin/bash. To get a controlling TTY for bash just run "setsid /bin/bash". 2015-11-18 Michal Privoznik locking: Add io_timeout to sanlock https://bugzilla.redhat.com/show_bug.cgi?id=1251190 So, if domain loses access to storage, sanlock tries to kill it after some timeout. So far, the default is 80 seconds. But for some scenarios this might not be enough. We should allow users to adjust the timeout according to their needs. 2015-11-18 Peter Krempa qemu: ppc64: Support memory hotplug without NUMA enabled ppc64 guests don't require adding a NUMA node for hotplug memory to work. Lift the requirement and add test cases. qemu: command: Prepare memory device def formatter for missing target node Prepare the command line generator for the possibility that in some configurations the target NUMA node info will be missing. conf: Prepare making memory device target node optional Adjust the config code so that it does not enforce that target memory node is specified. To avoid breakage, adjust the qemu memory hotplug config checker to disallow such config for now. qemu: command: Move dimm device checks from formatter to checker Aggregate the checks of the dimm device into the verification function rather than having them in the formatter. qemu: domain: Add common function to perform memory hotplug checks Add a function that will aggregate various checks related to memory hotplug so that they aren't scattered accross various parts of the code. 2015-11-18 Peter Krempa qemu: command: Always execute memory device formatter Since we already make sure before that the domain configuration is valid we may execute it always at the cost of doing 0 iterations of the for loop. This patch will simplify later refactor as it will avoid whitespace changes. 2015-11-18 Peter Krempa qemu: command: Make qemuBuildMemoryBackendStr usable without NUMA Make the function usable so that -1 can be passed to it as cell ID so that we can later enable memory hotplug on non-NUMA guests for certain architectures. 2015-11-18 Guido Günther libvirt-guests: Disable shutdown timeout Since we can't know at service start how many VMs will be running we can't calculate an apropriate shutdown timeout. So instead of killing off the service just let it use it's own internal timeout mechanism. References: http://bugs.debian.org/803714 https://bugzilla.redhat.com/show_bug.cgi?id=1195544 2015-11-18 Stefan Berger tpm: adapt sysfs cancel path for new TPM driver This patch addresses BZ 1244895. Adapt the sysfs TPM command cancel path for the TPM driver that does not use a miscdevice anymore since Linux 4.0. Support old and new paths and check their availability. Add a mockup for the test cases to avoid the testing for availability of the cancel path. 2015-11-18 Joao Martins libxl: implement virDomainGetCPUStats Introduce support for domainGetCPUStats API call and consequently allow us to use `virsh cpu-stats`. The latter returns a more brief output than the one provided by`virsh vcpuinfo`. 2015-11-17 Roman Bogorodskiy bhyve: monitor: do not override domain's privateData Current monitor code overrides domain object's privateData, e.g. in virBhyveProcessStart(): vm->privateData = bhyveMonitorOpen(vm, driver); where bhyveMonitorPtr() returns bhyveMonitorPtr. This is not right thing to do, so make bhyveMonitorPtr a part of the bhyveDomainObjPrivate struct and change related code accordingly. 2015-11-17 Andrea Bolognani syntax-check: Add prohibit_space_in_label rule This guards against code such as cleanup : which is happily accepted by the compiler but does not conform to our style guidelines. 2015-11-16 Chen Hanxiao util: remove unnecessary needSize Use toadd->use directly. 2015-11-12 John Ferlan storage: Don't assume storage pool exists for FC/SCSI refresh thread https://bugzilla.redhat.com/show_bug.cgi?id=1277781 The virStoragePoolFCRefreshThread had passed a pointer to the pool obj in the virStoragePoolFCRefreshInfoPtr; however, we cannot assume that the pool exists still since we don't keep the pool lock throughout the duration of the thread. Therefore, instead of passing the pool obj pointer, pass the UUID of the pool and perform a lookup. If found, then we can perform the refresh using the locked pool obj pointer; otherwise, we just exit the thread since the pool is now gone. 2015-11-12 John Ferlan storage: Introduce virStoragePoolObjFindPoolByUUID Add a new API to search the currently defined pool list for a pool with a matching UUID and return the locked pool object pointer. storage: Change cbdata scsi refresh thread field name Change the field name from 'name' to 'fchost_name' to better id it. storage: Make active boolean Since we treat it like a boolean, let's store it that way. At least one path had already treated as true/false anyway. 2015-11-12 Peter Krempa qemu: Explain mlock limit size more in detail Based on Alex's explanation [1] in the recent discussion let's update the comment explaining the memory lock limit calculation. [1] http://www.redhat.com/archives/libvir-list/2015-November/msg00329.html 2015-11-12 Peter Krempa qemu: domain: Restructurate control flow in qemuDomainGetMlockLimitBytes Break early when hard limit is set so that it's not intermixed by other logic for determining the limit. 2015-11-12 Jiri Denemark qemu: Fix job entry debug message Logging current async job while in BeginJob is useful, but the async job we want to start is even more interesting. tests: Add QEMU 2.4.0 capabilities tests: Remove qemuxmlnstest It's just a copy&paste of qemuxml2argv test anyway. We can test most of them (except for qemuxmlns-qemu-ns-domain.xml which fails to validate against our schema) by qemuxml2argv test. qemu: Fix style in qemuProcessStart security: Cleanup DAC driver Fixes several style issues and removes "DEF" (what is it supposed to mean anyway?) from debug messages. 2015-11-11 Pavel Hrdina domain-conf: reorder usb controllers so the master is first USB controllers can share the same 'index' which indicates, that there is some sort of master-companion relationship. Reorder the controllers in XML in to place the master controller before its companions. This is required by QEMU to not fail with error message: error: internal error: process exited while connecting to monitor: 2015-10-26T16:25:17.630265Z qemu-system-x86_64: -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x6: USB bus 'usb.0' not found Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1166452 2015-11-11 Pavel Hrdina domain-conf: cleanup controller insert function 2015-11-11 Pavel Hrdina virsh-domain: update attach-interface to support type=hostdev Adding this feature will allow users to easily attach a hostdev network interface using PCI passthrough. The interface can be attached using --type=hostdev and PCI address or as --source. This command also allows you to tell, whether the interface should be managed. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=997561 2015-11-11 Pavel Hrdina virsh.pod: improve attach-interface section Rewrite the attach-interface section in man page to be more readable and extendable. 2015-11-10 Nikolay Shirokovskiy vz: support cpu time in driver's domainGetInfo Just straight-forward patch. Use reference counting for privdom as stats internally could drop domain lock. 2015-11-10 Daniel P. Berrange qemu: fix parsing of -sdl arg The previous commit commit 4e8993a25006bc5d7c95311d430cc01d8de63564 Author: Daniel P. Berrange Date: Mon Nov 9 16:20:08 2015 +0000 qemu: assume various QEMU 0.10 features are always available Added broken handling of -sdl. Instead of duplicating existing SDL handling code, just ensure it is invoked in the right scenarios. 2015-11-10 Daniel P. Berrange qemu: assume various QEMU 0.10 features are always available The -sdl and -net ...name=XXX arguments were both introduced in QEMU 0.10, so the QEMU driver can assume they are always available. qemu: assume -vga is always available As of QEMU 0.10.0 the -vga argument was introduced, so the QEMU driver can assume it is always available. qemu: assume -drive format is always available As of QEMU 0.10.0 the -drive format= parameter was added, so the QEMU driver can assume it is always available. qemu: assume -drive cache always uses v2 option names As of QEMU 0.10.0, the -drive cache option stopped using the on/off value names, so the QEMU driver can assume use of the new value names. qemu: assume support for all migration protocols except rdma Since we require QEMU 0.12.0, we can assume that QEMU supports all of the fd, tcp, unix and exec migration protocols. qemu: assume vnet-hdr feature is always available 2015-11-10 Daniel P. Berrange qemu: really remove last traces of Xenner support We have twice previously attempted to remove Xenner support commit de9be0ab4d7abe4c3ae5beaaff7ddb208921f1f1 Author: Daniel P. Berrange Date: Wed Aug 22 17:29:01 2012 +0100 Remove xenner support commit 92572c3d71bd08e6dd1897c7b14be9d27df608e9 Author: Ján Tomko Date: Wed Feb 18 16:33:50 2015 +0100 Remove code handling the QEMU_CAPS_DOMID capability This change really does remove the last traces of it in the capabilities handling code 2015-11-10 Daniel P. Berrange qemu: assume -uuid is always available The -uuid arg was added in QEMU 0.10.0, so the QEMU driver can assume it is always available. qemu: assume -name is always available The -name arg was added in QEMU 0.9.1, so the QEMU driver can assume it is always available. 2015-11-10 Daniel P. Berrange qemu: assume -drive argument is always available As of QEMU 0.9.1 the -drive argument can be used to configure all disks, so the QEMU driver can assume it is always available and drop support for -hda/-cdrom/etc. Many of the tests need updating because a great many were running without CAPS_DRIVE set, so using the -hda legacy syntax. Fixing the tests uncovered a bug in the argv -> xml convertor which failed to handle disk with if=floppy. 2015-11-10 Daniel P. Berrange qemu: handle floppy disk bus when parsing command line argv The QEMU argv -> virDomainDef conversion code was not handling -drive arguments using the floppy bus. This caused them to be added as hard disks instead. qemu: handle USB bus in qemuAssignDeviceDiskAliasFixed() The qemuAssignDeviceDiskAliasFixed() method was missing handling for the USB disk bus type. qemu: assume -no-reboot is always available The -no-reboot arg was added in QEMU 0.9.0, so the QEMU driver can now assume it is always present. qemu: assume 'info chardev' is always available As of QEMU 0.11.0 the 'info chardev' monitor command can be used to report on allocated chardev paths, so we can drop support for parsing QEMU stderr to locate the PTY paths. qemu: assume -vnc arg always takes a ':' As of QEMU 0.9.0 the -vnc option accepts a ':' to separate port from listen address, so the QEMU driver can assume that support for listen addresses is always available. qemu: remove all support for kQEMU The kQEMU accelerator was deleted in QEMU 0.12, so we no longer need to support it in the QEMU driver. qemu: mandate QEMU version 0.12.0 or newer Check the QEMU version and refuse to work with QEMU versions older than 0.12.0. This is approximately the vintage of QEMU that is available in RHEL-6 era distros. 2015-11-10 Peter Krempa qemu: hotplug: Reject VFIO hotplug if setting RLIMIT_MEMLOCK fails Check the return value of virCommandSetMaxMemLock when hotplugging VFIO PCI hostdevs and reject the hotplug if the memory limit can't be set. 2015-11-10 Peter Krempa qemu: hotplug: Fix mlock limit handling on memory hotplug If mlock is required either due to use of VFIO hostdevs or due to the fact that it's enabled it needs to be tweaked prior to adding new memory or after removing a module. Add a helper to determine when it's necessary and reuse it both on hotplug and hotunplug. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1273491 2015-11-10 Peter Krempa qemu: Extract logic to determine the mlock limit size for VFIO New function qemuDomainGetMlockLimitBytes will now handle the calculation so that it unifies the logic to one place and allows later reuse. conf: Make @def const in virDomainDefGetMemoryInitial Keep const correctness and allow to use this function in cases where @def is const in the caller. 2015-11-09 Daniel P. Berrange tests: redo test argv file line wrapping Back in commit bd6c46fa0cfe275c24debc1152cfc5206c04b59b Author: Juerg Haefliger Date: Mon Jan 31 06:42:57 2011 -0500 tests: handle backspace-newline pairs in test input files all the test argv files were line wrapped so that the args were less than 80 characters. The way the line wrapping was done turns out to be quite undesirable, because it often leaves multiple parameters on the same line. If we later need to add or remove individual parameters, then it leaves us having to redo line wrapping. This commit changes the line wrapping so that every single "-param value" is one its own new line. If the "value" is still too long, then we break on ',' or ':' or ' ' as needed. This means that when we come to add / remove parameters from the test files line, the patch diffs will only ever show a single line added/removed which will greatly simplify review work. 2015-11-07 John Ferlan virnetdev: Use virNetDevSetupControl in virNetDevSendEthtoolIoctl Use virNetDevSetupControl instead of open coding using socket(AF_LOCAL...) and clearing virIfreq. By using virNetDevSetupControl, the socket is then opened using AF_PACKET which requires being privileged (effectively root) in order to complete successfully. Since that's now a requirement, then the ioctl(SIOCETHTOOL) should not fail with EPERM, thus it is removed from the filtered listed of failure codes. 2015-11-07 John Ferlan virnetdev: Check for root in virNetDevGetFeatures Since the SIOCETHTOOL ioctl only works for privileged daemons, if called when not root, then virNetDevGetFeatures will VIR_DEBUG a message and return 0 as if the functions were not available for the architecture. This effectively returns an empty bitmap indicating no features available. Introduced by commit id 'c9027d8f4' 2015-11-06 John Ferlan virnetdev: Fix function comments for virNetDevGetFeatures In commit id 'c9027d8f4' when updating the posted patch to generate a bitmap instead of an array of named feature bits, adjustment of the args was missed 2015-11-06 John Ferlan virnetdev: Document reasons for ignoring some SIOCETHTOOL errno values Recently reverted commit id '6f2a0198' showed a need to add extra comments when dealing with filtering of potential "non-issues". Scanning through upstream patch postings indicates early on the reasons for the filtering of specific ioctl failures were provided; however, when converted from causing an error to VIR_DEBUG's the reasons were missing. A future read/change of the code incorrectly assumed they could or should be removed. 2015-11-06 Daniel P. Berrange Revert "utils: Remove the logging of errors from virNetDevSendEthtoolIoctl" This reverts commit 6f2a0198e913c91a2ef8b99db79b7d3cc5396957. This commit removed error reporting from virNetDevSendEthtoolIoctl pushing responsibility onto the callers. This is wrong, however, since virNetDevSendEthtoolIoctl calls virNetDevSetupControl which can still report errors. So as a result virNetDevSendEthtoolIoctl may or may not report errors depending on which bit of it fails, and as a result callers now overwrite some errors. It also introduced a regression causing unprivileged libvirtd to spew error messages to the console due to inability to query the NIC features, an error which was previously ignored. virNetDevSetupControlFull:148 : Cannot open network interface control socket: Operation not permitted virNetDevFeatureAvailable:3062 : Cannot get device wlp3s0 flags: Operation not permitted virNetDevSetupControlFull:148 : Cannot open network interface control socket: Operation not permitted virNetDevFeatureAvailable:3062 : Cannot get device wlp3s0 flags: Operation not permitted virNetDevSetupControlFull:148 : Cannot open network interface control socket: Operation not permitted virNetDevFeatureAvailable:3062 : Cannot get device wlp3s0 flags: Operation not permitted virNetDevSetupControlFull:148 : Cannot open network interface control socket: Operation not permitted virNetDevFeatureAvailable:3062 : Cannot get device wlp3s0 flags: Operation not permitted Looking back at the original posting I see no explanation of why thsi refactoring was needed, so reverting the clearly broken error reporting logic looks like the best option. 2015-11-05 Peter Krempa qemu: migration: Actually error out on unsupported migration flag The code reported that a migration flag is unsupported but didn't jump to the error label. Probably an oversight in commit f88af9dc that introduced the flag checking. 2015-11-05 Peter Krempa qemu: migration: Properly parse memory hotplug migration flag Since the flag was not enabled when 'eating' the migration cookie, libvirt reported a bogus error when memory hotplug was enabled: unsupported migration cookie feature memory-hotplug The error was ignored though due to a bug in the code so it slipped through testing. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1278404 2015-11-05 John Ferlan network: Remove extraneous ATTRIBUTE_NONNULL for virNetDevWaitDadFinish Commit id '0f7436ca' added virNetDevWaitDadFinish using ATTRIBUTE_NONNULL for both arguments, although one is a non-null argument. A Coverity build balks at that. 2015-11-05 John Ferlan virnetdev: Check correct return value for virNetDevFeatureAvailable Rather than "if (virNetDevFeatureAvailable(ifname, &cmd))" change the success criteria to "if (virNetDevFeatureAvailable(ifname, &cmd) == 1)". The called helper returns -1 on failure, 0 on not found, and 1 on found. Thus a failure was setting bits. Introduced by commit ac3ed20 which changed the helper's return values without adjusting its callers 2015-11-04 Michel Normand qemu: add /usr/lib to AC_PATH_PROG for qemu-bridge-helper For openSUSE the qemu-bridge-helper is installed in /usr/lib So libvirt has to search it in this directory. 2015-11-04 John Ferlan storage: On 'buildVol' failure don't delete the volume https://bugzilla.redhat.com/show_bug.cgi?id=1233003 Commit id 'fdda3760' only managed a symptom where it was possible to create a file in a pool without libvirt's knowledge, so it was reverted. The real fix is to have all the createVol API's which actually create a volume (disk, logical, zfs) and the buildVol API's which handle the real creation of some volume file (fs, rbd, sheepdog) manage deleting any volume which they create when there is some sort of error in processing the volume. This way the onus isn't left up to the storage_driver to determine whether the buildVol failure was due to some failure as a result of adjustments made to the volume after creation such as getting sizes, changing ownership, changing volume protections, etc. or simple a failure in creation. Without needing to consider that the volume has to be removed, the buildVol failure path only needs to remove the volume from the pool. This way if a creation failed due to duplicate name, libvirt wouldn't remove a volume that it didn't create in the pool target. 2015-11-04 John Ferlan Revert "storage: Prior to creating a volume, refresh the pool" This reverts commit fdda37608a6e22406fbdfe4ac0c573a96a8d0417. This commit only manages a symptom of finding a buildRet failure where a volume was not listed in the pool, but someone created the volume outside of libvirt in the pool being managed by libvirt. 2015-11-04 John Ferlan storage: Pull volume removal from pool in storageVolDeleteInternal Create a helper function to remove volume from the pool. storage: Cleanup failures in virStorageBackendCreateRaw After successfully returning from virFileOpenAs, if subsequent calls fail, then we need to remove the file since our caller expects that failures after creation will remove the created file. storage: Cleanup failures virStorageBackendCreateExecCommand After a successful qemu-img/qcow-create of the backing file, if we fail to stat the file, change it owner/group, or mode, then the cleanup path should remove the file. 2015-11-04 John Ferlan storage: Fix setting mode in virStorageBackendCreateExecCommand Currently the code does not handle the NFS root squash environment properly since if the file gets created, then the subsequent chmod will fail in a root squash environment where we're creating a file in the pool with qemu tools, such as seen via: $ virsh vol-create-from $pool $file.xml file.img --inputpool $pool assuming $file.xml is creating a file of " from an existing file.img in the pool of "". This patch will utilize the virCommandSetUmask when creating the file in the NETFS pool. The virCommandSetUmask API was added in commit id '0e1a1a8c4', which was after the original code was developed in commit id 'e1f27784' to attempt to handle the root squash environment. Also, rather than blindly attempting to chmod, check to see if the st_mode bits from the stat match what we're trying to set and only make the chmod if they don't. Also, a slight adjustment to the fallback algorithm to move the virCommandSetUID/virCommandSetGID inside the if (!filecreated) since they're only useful if we need to attempt to create the file again. 2015-11-04 Jiri Denemark Remove new lines from log messages VIR_DEBUG and VIR_WARN will automatically add a new line to the message, having "\n" at the end or at the beginning of the message results in empty lines. 2015-11-04 Jiri Denemark qemu: Fix memory leak in qemuProcessStart nodeset should be freed in both success and failure paths. While tmppath is freed immediately after it's consumed, moving it from error to cleanup label is a bit more consistent and robust. 2015-11-04 Jiri Denemark qemu: Introduce cleanup label in qemuProcessStart Remove code duplication by moving common cleanup code in a dedicated label. qemu: Rename ret variable in qemuProcessStart Generally, we use "ret" variable for storing the value we are going to return at the and of a function, but this is not the case in qemuProcessStart. Let's rename "ret" as "rv". qemu: Rename cleanup label in qemuProcessStart Current "cleanup" label is only used in error path, thus it should rather be called "error". qemu: Use correct type when calling qemuPrepareNVRAM qemuProcessStart was passing char * migrateFrom as the third argument to qemuPrepareNVRAM. We should explicitly convert the pointer to bool which is what the function expects. Post-release version bump to 1.2.22 2015-11-04 Daniel Veillard Release of libvirt-1.2.21 * docs/news.html.in libvirt.spec.in: Updated for the release * po/*.po*: regenerated 2015-10-30 Laine Stump util: set max wait for IPv6 DAD to 20 seconds This was originally set to 5 seconds, but times of 5.5 to 7 seconds were experienced. Since it's an arbitrary number intended to prevent an infinite hang, having it a bit too high won't hurt anything, and 20 seconds looks to be adequate (i.e. I think/hope we don't need to make it tunable in libvirtd.conf) 2015-10-30 Luyao Huang util: set error if DAD is not finished If DAD not finished in 5 seconds, user will get an unknown error like this: # virsh net-start ipv6 error: Failed to start network ipv6 error: An error occurred, but the cause is unknown Call virReportError to set an error. 2015-10-29 Michal Privoznik wireshark: Install to generic plugin directory There has been a report on the list [1] that we are not installing the wireshark dissector into the correct plugin directory. And in fact we are not. The problem is, the plugin directory path is constructed at compile time. However, it's dependent on the wireshark version, e.g. /usr/lib/wireshark/plugins/1.12.6 This is rather unfortunate, because if libvirt RPMs were built with one version, but installed on a system with newer one, the plugins are not really loaded. This problem lead fedora packagers to unify plugin path to: /usr/lib/wireshark/plugins/ Cool! But this was enabled just in wireshark-1.12.6-4. Therefore, we must require at least that version. And while at it, on some distributions, the wireshark.pc file already has a variable that defines where plugin dir is. Use that if possible. 1: https://www.redhat.com/archives/libvirt-users/2015-October/msg00063.html 2015-10-29 Roman Bogorodskiy Fix virNetDevWaitDadFinish stub Build on non-Linux fails because the virNetDevWaitDadFinish() stub has unused parameters. Fix by adding appropriate ATTRIBUTE_UNUSED for these parameters. Pushing under build-breaker rule. 2015-10-29 Maxim Perevedentsev network: wait for DAD to finish for bridge IPv6 addresses commit db488c79 assumed that dnsmasq would complete IPv6 DAD before daemonizing, but in reality it doesn't wait, which creates problems when libvirt's bridge driver sets the matching "dummy tap device" to IFF_DOWN prior to DAD completing. This patch waits for DAD completion by periodically polling the kernel using netlink to check whether there are any IPv6 addresses assigned to bridge which have a 'tentative' state (if there are any in this state, then DAD hasn't yet finished). After DAD is finished, execution continues. To avoid an endless hang in case something was wrong with the kernel's DAD, we wait a maximum of 5 seconds. 2015-10-29 Maxim Perevedentsev netlink: add support for multi-part netlink messages. Such messages do not have NLMSG_ERROR or NLMSG_DONE type but they are valid responses. We test 'multi-partness' by looking for NLM_F_MULTI flag. 2015-10-29 Luyao Huang qemu: Use live autoNodeset when numatune placement is auto https://bugzilla.redhat.com/show_bug.cgi?id=1270715 Commit id '9deb96f' removed the code to fetch the nodeset from the CpusetMems cgroup for a running vm in favor of using the return from virDomainNumatuneFormatNodeset introduced by commit id '43b67f2e7'. However, that API will return the value of the passed 'auto_nodeset' when placement is VIR_DOMAIN_NUMATUNE_PLACEMENT_AUTO, which happens to be NULL. Since commit id 'c74d58ad' started using priv->autoNodeset in order to manage the auto placement value during qemuProcessStart, it should be passed along in order to return the correct value if the domain requests the auto placement. 2015-10-28 Wido den Hollander rbd: Remove snapshots if the DELETE_WITH_SNAPSHOTS flag has been provided When a RBD volume has snapshots it can not be removed. This patch introduces a new flag to force volume removal, VIR_STORAGE_VOL_DELETE_WITH_SNAPSHOTS. With this flag any existing snapshots will be removed prior to removing the volume. No existing mechanism in libvirt allowed us to pass such information, so that's why a new flag was introduced. 2015-10-28 Pino Toscano util: implement virProcessGetStartTime on GNU/kFreeBSD Use the virProcessGetStartTime implementation also when only the kernel is FreeBSD, such as on GNU/kFreeBSD. 2015-10-27 Roman Bogorodskiy bhyve: implement domainGetOSType 2015-10-27 Pavel Hrdina virsh-domain: use correct base for virStrToLong_ui While parsing device addresses we should use correct base and don't count on auto-detect. For example, PCI address uses hex numbers, but each number starting with 0 will be auto-detected as octal number and that's wrong. Another wrong use-case is for PCI address if for example bus is 10, than it's incorrectly parsed as decimal number. PCI and CCW addresses have all values as hex numbers, IDE and SCSI addresses are in decimal numbers. 2015-10-27 Luyao Huang libvirt-domain: fix the error reporting when use the localhost as target uri Remove the extra %s in error message when call virReportInvalidArg(). libvirt-domain: fix no error report when p2p migrate fail After commit a26669d7, we only jump to error when virDomainMigrateUnmanagedParams return a value less than -1. this will make the migrate result always be success even we meet some problem. qemu: fix migration flags undefinesource cannot work In commit f41be296, we moved vm->persistent check into qemuDomainRemoveInactive, but we didn't change the vm->persistent before call qemuDomainRemoveInactive in some place before and just call it to remove the inactive vm. 2015-10-27 Luyao Huang conf: Add serial target type to ABI stability check https://bugzilla.redhat.com/show_bug.cgi?id=1273686 There is no ABI check for serial target type attribute, just add it. 2015-10-27 Michal Privoznik lock_daemon: Switch to wrapper locking functions Lets use wrapper functions virLockDaemonLock and virLockDaemonUnlock instead of virMutexLock and virMutexUnlock. This has no functional impact, but it's easier to read (at least for me). 2015-10-26 Andrea Bolognani qemu: hostdev: Introduce qemuHostdevUpdateActiveDomainDevices() This calls the PCI-, USB- and SCSI-specific functions just like qemuHostdev{Prepare,ReAttach}DomainDevices() already do, and was the missing piece for the qemuHostdev API to nicely mirror the virHostdev API. Update qemuProcessReconnect() to use the new function. 2015-10-26 Andrea Bolognani qemu: hostdev: Unify naming for qemuHostdevUpdateActive*Devices() Adopt the same names used for virHostdevUpdateActive*Devices() for consistency's sake and to make it easier to jump between the two. No functional changes. 2015-10-26 Andrea Bolognani qemu: hostdev: Unify naming for qemuHostdevReAttach*Devices() Adopt the same names used for virHostdevReAttach*Devices() for consistency's sake and to make it easier to jump between the two. No functional changes. 2015-10-26 Andrea Bolognani qemu: hostdev: Unify naming for qemuHostdevPrepare*Devices() Adopt the same names used for virHostdevPrepare*Devices() for consistency's sake and to make it easier to jump between the two. No functional changes. 2015-10-26 Andrea Bolognani hostdev: Rename virHostdevUpdateDomainActiveDevices() The new name, virHostdevUpdateActiveDomainDevices(), follows the same naming conventions used by the rest of the module. No functional changes. 2015-10-22 Andrea Bolognani tests: Remove unused nodeinfo test data A bunch of files that we don't currently parse, and are very unlikely to ever start parsing, made their way into the nodeinfo test data. Get rid of them. 2015-10-22 Luyao Huang virsh: Display an error when passing count <= 0 to setvcpus The number of vCPUs for a guest must be between 1 and the maximum value configured in the domain XML. This commit introduces checks to make sure that passing count <= 0 results in an error. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1248277 2015-10-22 John Ferlan conf: Fix error message to use correct parameter Fix a cut-n-paste error from commit id '35eecdde' where the previous check for max_sectors seems to have been copied, but the error message parameter not updated to be ioeventfd 2015-10-22 Luyao Huang util: Produce friendlier error message to user Commit id '1c24cfe9' added error messages for virNumaSetPagePoolSize; however, virNumaGetHugePageInfo also uses virNumaGetHugePageInfoPath in order to build the path, but it never checked upon return if the built path exists which could lead to an error message as follows: $ virsh freepages 0 1 error: Failed to open file '/sys/devices/system/node/node0/hugepages/hugepages-1kB/free_hugepages': No such file or directory Rather than add the same message for the other two callers, adjust the virNumaGetHugePageInfoPath in order not only build the path, but also check if the built path exists. If the path does not exist, then generate the error message and return failure. 2015-10-22 Luyao Huang util: Adjust error paths for virNumaSetPagePoolSize Commit id '1c24cfe9' added new checks and error messaes for failure scenarios. Let's adjust those error messages to after the call to virNumaGetHugePageInfoPath in order to provide a more specific error message depending on node and page_size After this patch: # virsh allocpages --pagesize 2047 --pagecount 1 --cellno 0 error: operation failed: page size 2047 is not available on node 0 # virsh allocpages --pagesize 2047 --pagecount 1 error: operation failed: page size 2047 is not available 2015-10-22 Luyao Huang util: split the virNumaGetHugePageInfoPath into separate function https://bugzilla.redhat.com/show_bug.cgi?id=1265114 Refactor helper virNumaGetHugePageInfoPath to handle returning a directory path when passed a page_size of 0 and suffix == NULL into a new helper virNumaGetHugePageInfoDir which will only be called when a directory path is expected to be returned. This solves the issue where the helper was called with page_size == 0 expecting a file path in return, but instead got a directory path and failed in virFileReadAll with: error : virFileReadAll:1358 : Failed to read file '/sys/devices/system/node/node0/hugepages/': Is a directory Since virNumaGetPages API expects to return a directory by passing page_size == 0 and suffix == NULL, it will now call the new helper. Callers to virNumaGetHugePageInfoPath expect to return a file path which could then be used in the call to virFileReadAll. 2015-10-21 Ishmanpreet Kaur Khera Avoid using !STREQ and !STRNEQ We have macros for both positive and negative string matching. Therefore there is no need to use !STREQ or !STRNEQ. At the same time as we are dropping this, new syntax-check rule is introduced to make sure we won't introduce it again. 2015-10-20 Andrea Bolognani NEWS: Fix XSLT stylesheet This has been broken for a looong time - in fact, we've been shipping a mostly-empty NEWS file for at least the past two years. Including the html namespace and using it for matching elements, like hacking1.xsl and hacking2.xsl were already doing, makes the NEWS file useful again. Add a note explaining that the release list has been split up by year as well. 2015-10-20 Andrea Bolognani NEWS: Split releases by year Update cfg.mk to ignore the split files during syntax-check (thanks Martin). 2015-10-20 Maxim Nestratov vz: implement some domain API calls The following functions are implemented: vzDomainIsUpdated, vzDomainGetVcpusFlags and vzDomainGetMaxVcpus. 2015-10-20 Maxim Nestratov vz: implement API calls of nodeGetxxx family The following functions were implemented: vzNodeGetCPUStats, vzNodeGetMemoryStats, vzNodeGetCellsFreeMemory and vzNodeGetFreeMemory. 2015-10-20 Maxim Nestratov vz: implement connectGetMaxVcpus API calls Because we have no limitation for maximal number of vcpus in containers we report as maximum 1028 just for the sake of common sence. 2015-10-16 Michal Privoznik security_dac: Introduce remember/recall APIs Even though the APIs are not implemented yet, they create a skeleton that can be filled in later. security_dac: Limit usage of virSecurityDACSetOwnershipInternal This function should really be called only when we want to change ownership of a file (or disk source). Lets switch to calling a wrapper function which will eventually record the current owner of the file and call virSecurityDACSetOwnershipInternal subsequently. virSecurityDACRestoreSecurityFileLabel: Pass virSecurityDACDataPtr This is pure code adjustment. The structure is going to be needed later as it will hold a reference that will be used to talk to virtlockd. However, so far this is no functional change just code preparation. virSecurityDACSetOwnership: Pass virSecurityDACDataPtr This is pure code adjustment. The structure is going to be needed later as it will hold a reference that will be used to talk to virtlockd. However, so far this is no functional change just code preparation. virSecurityDACSetOwnershipInternal: Don't chown so often It's better if we stat() file that we are about to chown() at first and check if there's something we need to change. Not that it would make much difference, but for the upcoming patches we need to be doing stat() anyway. Moreover, if we do things this way, we can drop @chown_errno variable which will become redundant. security_dac: Fix TODO marks Correctly mark the places where we need to remember and recall file ownership. We don't want to mislead any potential developer. 2015-10-16 Michal Privoznik virtlockd: Don't SIGSEGV on SIGUSR1 So we have this mechanism that on SIGUSR1 the virtlockd dumps its internal state into a JSON file, reexec itself and the reloads the internal state back. However, there's a bug in our implementation: (gdb) signal SIGUSR1 Continuing with signal SIGUSR1. [Thread 0x7fd094f7b700 (LWP 10602) exited] process 10600 is executing new program: /home/zippy/work/libvirt/libvirt.git/src/virtlockd warning: Could not load shared library symbols for linux-vdso.so.1. Do you need "set solib-search-path" or "set sysroot"? [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". [New Thread 0x7fb28bc3c700 (LWP 14501)] Program received signal SIGSEGV, Segmentation fault. 0x00007fb29133d530 in virExpandN (ptrptr=0x70, size=8, countptr=0x68, add=1, report=true, domcode=7, filename=0x7fb29138aeab "rpc/virnetserver.c", funcname=0x7fb29138b680 <__FUNCTION__.15821> "virNetServerAddProgram", linenr=661) at util/viralloc.c:288 288 if (*countptr + add < *countptr) { (gdb) bt #0 0x00007fb29133d530 in virExpandN (ptrptr=0x70, size=8, countptr=0x68, add=1, report=true, domcode=7, filename=0x7fb29138aeab "rpc/virnetserver.c", funcname=0x7fb29138b680 <__FUNCTION__.15821> "virNetServerAddProgram", linenr=661) at util/viralloc.c:288 #1 0x00007fb29132a267 in virNetServerAddProgram (srv=0x0, prog=0x7fb2915d08b0) at rpc/virnetserver.c:661 #2 0x00007fb29131f27f in main (argc=1, argv=0x7fff8f771298) at locking/lock_daemon.c:1445 Notice the NULL @srv passed to frame 2? Usually, the @srv variable is initialized on fresh start. However, in case of daemon reload, the code path that is responsible for initializing the value was not triggered and therefore we crashed immediately. Fix this by always setting the variable. 2015-10-16 Shivaprasad G Bhat Close the source fd if the destination qemu exits during tunnelled migration Tunnelled migration can hang if the destination qemu exits despite all the ABI checks. This happens whenever the destination qemu exits before the complete transfer is noticed by source qemu. The savevm state checks at runtime can fail at destination and cause qemu to error out. The source qemu cant notice it as the EPIPE is not propogated to it. The qemuMigrationIOFunc() notices the stream being broken from virStreamSend() and it cleans up the stream alone. The qemuMigrationWaitForCompletion() would never get to 100% transfer completion. The qemuMigrationWaitForCompletion() never breaks out as well since the ssh connection to destination is healthy, and the source qemu also thinks the migration is ongoing as the Fd to which it transfers, is never closed or broken. So, the migration will hang forever. Even Ctrl-C on the virsh migrate wouldn't be honoured. Close the source side FD when there is an error in the stream. That way, the source qemu updates itself and qemuMigrationWaitForCompletion() notices the failure. Close the FD for all kinds of errors to be sure. The error message is not copied for EPIPE so that the destination error is copied instead later. Note: Reproducible with repeated migrations between Power hosts running in different subcores-per-core modes. 2015-10-16 John Ferlan conf: Optimize the iothreadid initialization https://bugzilla.redhat.com/show_bug.cgi?id=1264008 The existing algorithm assumed that someone was making small, incremental changes; however, it is possible to change iothreads from 0 (or relatively small number) to some really large number and the algorithm would possibly spin its wheels doing unnecessary searches. So, optimize the algorithm using a bitmap to find available iothread_id's starting at 1 that aren't already defined by a "" and filling in the iothreadids array with those iothread_id values. 2015-10-16 John Ferlan qemu: Fix qemu startup check for QEMU_CAPS_OBJECT_IOTHREAD https://bugzilla.redhat.com/show_bug.cgi?id=1249981 When qemuDomainPinIOThread was added in commit id 'fb562614', a check for the IOThread capability was not needed since a check for iothreadpids covered the condition where the support for IOThreads was not present. The iothreadpids array was only created if qemuProcessDetectIOThreadPIDs was able to query the monitor for IOThreads. It would only do that if the QEMU_CAPS_OBJECT_IOTHREAD capability was set. However, when iothreadids were added in commit id '8d4614a5' and the check for iothreadpids was replaced by a search through the iothreadids[] array for the matching iothread_id that left open the possibility that an iothreadids[] array was defined, but the entries essentially pointed to elements with only the 'iothread_id' defined leaving the 'thread_id' value of 0 and eventually the cpumap entry of NULL. This was because, the original IOThreads commit id '72edaae7' only checked if IOThreads were defined and if the emulator had the IOThreads capability, then IOThread objects were added at startup. The "capability failure" check was only done when a disk was assigned to an IOThread in qemuCheckIOThreads. This was because the initial implementation had no way to dynamically add IOThreads, but it was possible to dynamically add a disk to the domain. So the decision was if the domain supported it, then add the IOThread objects. Then if a disk with an IOThread defined was added, it could check the capability and fail to add if not there. This just meant the 'iothreads' value was essentially ignored. Eventually commit id 'a27ed6e7' allowed for the dynamic addition and deletion of IOThread objects. So it was no longer necessary to generate IOThread objects to dynamically attach a disk to. However, the startup and disk check code was not modified to reflect this. This patch will move the capability failure check to when IOThread objects are being added to the command line. Thus a domain that has IOThreads defined will not be started if the emulator doesn't support the capability. This means when qemuCheckIOThreads is called to add a disk, it's no longer necessary to check the capability. Instead the code can use the IOThreadFind call to indicate that the IOThread doesn't exist. Finally because it could be possible to have a domain running with the iothreadids[] defined prior to this change if libvirtd is restarted each having mostly empty elements, qemuProcessDetectIOThreadPIDs will check if there are niothreadids when the QEMU_CAPS_OBJECT_IOTHREAD capability check fails and remove the elements and array if it exists. With these changes in place, it turns out the cputune-numatune test was failing because the right bit wasn't set in the test. So used the opportunity to fix that and create a test that would expect to fail with some sort of iothreads defined and used, but not having the correct capability. 2015-10-16 John Ferlan qemu: Check for niothreads == 0 in qemuSetupCgroupForIOThreads If there are no IOThreads defined, no sense making other checks qemu: Use 'niothreadids' instead of 'iothreads' Although theoretically both should be the same value, the niothreadids should be used in favor of iothreads when performing comparisons. This leaves the iothreads as a purely numeric value to be saved in the config file. The one exception to the rule is virDomainIOThreadIDDefArrayInit where the iothreadids are being generated from the iothreads count since iothreadids were added after initial iothreads support. 2015-10-16 Peter Krempa virsh: Use 'format' argument only when specified The condition checking whether --format was specified was incorrect. virsh crashed if the following format was used: virsh dump VM dump --format '' --memory-only Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1272301 2015-10-16 Dominik Perpeet docs: event impl. registration before hypervisor connection Event implementations need to be registered before a connection to the Hypervisor is opened, otherwise event handling can be impaired (e.g. delayed messages). This fact is referenced in an e-mail [1], but should also be noted in the documentation of the registration functions. [1] https://www.redhat.com/archives/libvirt-users/2014-April/msg00011.html 2015-10-15 Wei Jiangang Fix conficts with HACKING doc Don't compare a bool variable against the literal, "true". libvirt-secret: Fix typo seclets ==> selects qualfied ==> qualified 2015-10-15 John Ferlan conf: Refactor the iothreadid initialization Create a separate local API that will fill in the iothreadid array entries that were not defined by entries in the XML. 2015-10-15 Andrea Bolognani NEWS: Unify date format There were some inconsistencies, eg. the number of digits used for the day. The month name was also spelled out instead of abbreviated in some instances. NEWS: Unify section titles There were some inconsistencies; now the section title is always one of Bug Fixes, Cleanups, Documentation, Features, Improvements, Portability, Security. NEWS: Add empty lines Make sure there is always an empty line between sections. NEWS: Fix indentation Some of the paragraphs were not properly indented: while this was not a problem in the HTML version, you could tell the difference in the plain text version. NEWS: Fix newlines Some
tags were missing from the end of the corresponding line, some of there were in the middle of the line instead. 2015-10-15 Andrea Bolognani NEWS: Fix whitespace Mostly missing space between change description and author name or spurious space before section title. Reflow the introductory paragraph as well. 2015-10-15 Andrea Bolognani NEWS: Organize old entries Sort all items into the standard categories: Features, Bug Fixes, Improvements, Cleanups, etc. The sorting is somewhat arbitrary in certain instances. 2015-10-14 Andrea Bolognani NEWS: Split old entries (2009) The changes for releases earlier than 0.7.1 were mostly lumped together as opposed to being tidly organized with one change per line, like we have done from that point onwards. As a result, they look awful in the HTML version and don't work too well in the plain text version either. Luckily, except for the very first releases, the information is still very detailed, so it's enough to organize it properly. 2015-10-14 Andrea Bolognani NEWS: Split old entries (2008) The changes for releases earlier than 0.7.1 were mostly lumped together as opposed to being tidly organized with one change per line, like we have done from that point onwards. As a result, they look awful in the HTML version and don't work too well in the plain text version either. Luckily, except for the very first releases, the information is still very detailed, so it's enough to organize it properly. 2015-10-14 Andrea Bolognani NEWS: Split old entries (2006-2007) The changes for releases earlier than 0.7.1 were mostly lumped together as opposed to being tidly organized with one change per line, like we have done from that point onwards. As a result, they look awful in the HTML version and don't work too well in the plain text version either. Luckily, except for the very first releases, the information is still very detailed, so it's enough to organize it properly. 2015-10-14 Andrea Bolognani NEWS: Properly escape > in HTML NEWS: Split off merged sections Portability and Bug Fixes for release 0.7.3 were merged together; same for Features and Security for release 1.1.3. Split them off NEWS: Remove empty sections 2015-10-14 Andrea Bolognani NEWS: Include description for release 0.7.3 The description for this release, unlike all other descriptions, was inside a

element; however, the XSLT stylesheet contains a template that drops all

elements from the output file, so it never made it to the generated NEWS file. Use a

  • element, same as all other releases, instead. 2015-10-14 Wei Jiangang tests: make redirects happen in correct order It should redirect stdout to /dev/null first, then redirect stderr to whatever stdout currently points at. 2015-10-14 John Ferlan storage: Rework error paths for virStorageBackendCreateExecCommand Rework the code in order to use the "ret = -1;" and goto cleanup; coding style. storage: On error rmdir created directory in virDirCreate[NoFork] After a successful creation of a directory, if some other call results in returning a failure, let's remove the directory we created to prevent another round trip or confusion in the caller. In particular, this function can be called during a storage backend buildVol, so in order to ensure that caller doesn't need to distinguish between failed create or some other failure after create, just remove the directory we created. storage: On error unlink created file in virFileOpen{As|Forked} After a successful creation of a file, if some other call results in returning a failure, let's unlink the file we created to prevent another round trip or confusion in the caller. In particular, this function can be called during a storage backend buildVol, so in order to ensure that caller doesn't need to distinguish between failed create or some other failure after create, just remove the volume we created. 2015-10-14 John Ferlan storage: Track successful creation of LV for removal https://bugzilla.redhat.com/show_bug.cgi?id=1233003 Track when the logical volume was successfully created in order to properly handle the call to virStorageBackendLogicalDeleteVol. It's possible that the failure to create was because someone created an LV in the pool outside of libvirt's knowledge. In this case, we don't want to delete that LV. A subsequent or future refresh of the pool will find the volume and cause an earlier failure 2015-10-14 John Ferlan storage: Fix a resource leak in storageVolCreateXML Commit id '1b5685da' refactored the code to move buildvoldef inside the buildVol conditional; however, the VIR_FREE of the memory was left only when 'buildret' failed, thus we're leaking memory. 2015-10-14 John Ferlan storage: Remove duplicitous refreshVol in Sheepdog buildVol As of commit id '155ca616' a 'refreshVol' is called after a buildVol succeeds in storageVolCreateXML, thus a volStorageBackendSheepdogRefreshVolInfo call in virStorageBackendSheepdogBuildVol is no longer necessary. Additionally, the 'conn' parameter becomes unused. 2015-10-14 John Ferlan storage: Remove duplicitous refreshVol in RBD buildVol As of commit id '155ca616' a 'refreshVol' is called after the buildVol succeeds in storageVolCreateXML, thus the volStorageBackendRBDRefreshVolInfo call in virStorageBackendRBDBuildVol is no longer necessary. 2015-10-14 Eric Blake build: include xdr cflags for libvirt-admin Without this, building on cygwin fails with: CC libvirt_admin_la-libvirt-admin.lo libvirt-admin.c:25:21: fatal error: rpc/rpc.h: No such file or directory #include ^ Reported-by: Yaakov Selkowitz 2015-10-13 Daniel P. Berrange virt-host-validate: check for IOMMU support This looks for existance of DMAR (Intel) and IVRS (AMD) files under /sys/firmware/acpi/tables/, as a sign that the platform has IOMMU present & enabled in the BIOS. If these are present and /sys/kernel/iommu_groups does not contain any entries this is taken as a sign that the kernel has not enabled the IOMMU currently. If no ACPI tables are found we can't distinguish between disabled in BIOS and not present in the hardware, so we have to give the user a generic hint. 2015-10-12 Michal Privoznik libvirt-domain: Drop virDomainMigrateCheckNotLocal attribute Our apibuild.py script does not cope with ATTRIBUTE_NONNULL: Parse Error: parsing function type, ')' expected Got token ('name', 'char') Last token: ('name', 'char') Token queue: [('op', '*'), ('name', 'dconnuri'), ('sep', ')')] Line 3297 end: Makefile:2441: recipe for target '../../docs/apibuild.py.stamp' failed Let's drop it. Moreover, up until e17ae3ccc2dbc1400 where it was introduced we did not really care about NULL-ity of dconnuri. And moreover the ATTRIBUTE_NONNULL merely checks for static calls over NULL, it won't catch the dynamic ones, where a NULL is passed by a variable at runtime. 2015-10-12 John Ferlan storage: Fix incorrect format for XML https://bugzilla.redhat.com/show_bug.cgi?id=1256999 After creating a copy of the 'authdef' in a pool -> disk translation, unconditionally clear the 'authType' in the resulting disk auth def structure since that's used for a storage pool and not a disk. This ensures virStorageAuthDefFormat will properly format the XML for a (e.g. it won't have a ). 2015-10-12 Daniel P. Berrange virt-host-validate: disable mntent code on Win32 Win32 does not have support for mntent.h header, so the method which uses this must be stubbed out. virt-host-validate: check for required cgroups Extend the virt-host-validate checks to see if the required cgroups are compiled into the kernel and that they are mounted on the system. The cgroups are all optional except for 3 that LXC mandates virt-host-validate: distinguish exists vs accessible for devices Currently we just check that various devices are accessible. This leads to inaccurate errors reported for /dev/kvm and /dev/vhost-net if they exist but an unprivileged user lacks access. Switch existing checks to look for file existance, and add a separate check for accessibility of /dev/kvm since some distros don't grant users access by default. virt-host-validate.c: check for kernel namespaces The LXC driver requires the uts, mnt, pid & ipc namespaces, while net & user namespaces are optional. Validate all these are present. 2015-10-12 Nikolay Shirokovskiy migration: check dconnuri in p2p mode Check dconnuri is not null or we will catch nullpointer later. I hope this makes Coverity happy. 2015-10-12 Nikolay Shirokovskiy migration: refactor: introduce parameter checking function virDomainMigrateUnmanagedParams is not a good candidate for this functionality as it is used by migrate family functions too and its have its own checks that are superset of extracted and we don't need to check twice. Actually name of the function is slightly misleading as there is also a check for consistensy of flags parameter alone. So it could be refactored further and reused by all migrate functions but for now let it be a matter of a different patchset. It is *not* a pure refactoring patch as it introduces offline check for older versions. Looks like it must be done that way and no one will be broken too. 2015-10-12 Nikolay Shirokovskiy migration: merge all proto branches into single function Finally on this step we get what we were aimed for - toURI{1, 2} (and migration{*} APIs too) now can work thru V3_PARAMS protocol. Execution path goes thru unchanged virDomainMigrateUnmanaged adapter function which is called by all target places. Note that we keep the fact that direct migration never works thru V3_PARAMS proto. We can't change this aspect without further investigation. 2015-10-12 Nikolay Shirokovskiy migration: refactor: refactor parameter compatibility checks Move virDomainMigrateUnmanagedProto* expected params list check into function itself and use common virTypedParamsCheck for this purpose. migration: refactor: extract parameter adaption functions Extract parameter adaptation and checking which is protocol dependent into designated functions. Leave only branching and common checks in virDomainMigrateUnmanagedParams. migration: refactor: introduce params version of unmanaged Let's put main functionality into params version of virDomainMigrateUnmanaged as a preparation step for merging it with virDomainMigratePeer2PeerParams. virDomainMigrateUnmanaged then does nothing more then just adapting arguments. 2015-10-12 Nikolay Shirokovskiy migration: refactor: merge direct and p2p into unmanaged p2p plain and direct function are good candidates for code reuse. Their main function is same - to branch among different versions of migration protocol and implementation of this function is also same. Also they have other common functionality in lesser aspects. So let's merge them. But as they have different signatures we have to get to convention on how to pass direct migration 'uri' in 'dconnuri' and 'miguri'. Fortunately we alreay have such convention in parameters passed to toURI2 function, just let's follow it. 'uri' is passed in miguri and dconnuri is ignored. 2015-10-12 Nikolay Shirokovskiy migration: refactor: rename uri parameter to miguri We use miguri name for this parameter in other places. So make naming more consitent. 2015-10-12 Michal Privoznik migration: remove direct migration dependency on version1 of driver Direct migration should work if *perform3 is present but *perform is not. This is situation when driver migration is implemented after new version of driver function is introduced. We should not be forced to support old version too as its parameter space is subspace of newer one. 2015-10-12 Nikolay Shirokovskiy migration: move implementation check to branches in p2p This is more structured code so it will be easier to add branch for _PARAMS protocol here. It is not a pure refactoring strictly speaking as we remove scenarios for broken cases when driver defines V3 feature and implements perform function. So it is additionally a more solid code. migration: refactor: reuse p2p url check Refactor dconnuri local server URI check to common API. migration: refactor: get rid of use_params p2p_full 'useParams' parameter usage is an example of control coupling. Most of the work inside the function is done differently except for the uri check. Lets split this function into two, one with extensible parameters set and one with hardcoded parameter set. 2015-10-09 Michal Privoznik virJSONValueArraySize: return ssize_t The internal representation of a JSON array counts the items in size_t. However, for some reason, when asking for the count it's reported as int. Firstly, we need the function to return a signed type as it's returning -1 on an error. But, not every system has integer the same size as size_t. Therefore, lets return ssize_t. 2015-10-09 Andrea Bolognani src: Remove $(builddir) usage Commit 4e8032272f1704f7 used $(builddir) in the header search path to fix a build issue; however, $(builddir) is not defined by old autoconf versions such as the one available in CentOS 5, resulting in the following error: cc1: error: /util: No such file or directory make[3]: *** [libvirt_driver_la-fdstream.lo] Error 1 Since $(builddir) is defined to always be '.', just use that value directly instead. 2015-10-09 Andrea Bolognani src: Include $(builddir)/util in the header search path Since a9fe620372144db, we are generating virkeymaps.h at build time; however, we are not including $(builddir)/util in the header search path, so when doing a VPATH build the compiler is unable to locate the file. make[2]: Entering directory `/home/jenkins/libvirt/systems/libvirt-fedora-20/build/src' GEN util/virkeymaps.h ... CC util/libvirt_util_la-virkeycode.lo CC util/libvirt_util_la-virkeyfile.lo CC util/libvirt_util_la-virlockspace.lo CC util/libvirt_util_la-virlog.lo ../../src/util/virkeycode.c:27:24: fatal error: virkeymaps.h: No such file or directory #include "virkeymaps.h" ^ compilation terminated. 2015-10-08 Maxim Nestratov vz: cleanup Remove unused definitions, functions and structure fields. 2015-10-08 John Ferlan storage: Perform some cleanup of calls Cleanup calls to virStorageBackendCopyToFD a bit. 2015-10-08 Andrea Bolognani AUTHORS: Add myself to the list of committers 2015-10-08 John Ferlan qemu: Resolve Coverity FORWARD_NULL Coverity notices that net->ifname is potentially referenced after a VIR_FREE(). Since the net->ifname will eventually be free'd during virDomainDefFree when calling virDomainNetDefFree, let's just that processing take care the free. libxl: Resolve Coverity FORWARD_NULL Since the strtok_r call in libxlCapsInitGuests expects a non NULL first parameter when the third parameter is NULL, we need to check that the returned 'capabilities' from a libxl_get_version_info call is not NULL and error out if so since the code expects it. 2015-10-07 Michal Privoznik virSecurityManagerNew: Turn array of booleans into flags So imagine you want to crate new security manager: if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false, true))); Hard to parse, right? What about this: if (!(mgr = virSecurityManagerNew("selinux", "QEMU", VIR_SECURITY_MANAGER_DEFAULT_CONFINED | VIR_SECURITY_MANAGER_PRIVILEGED))); Now that's better! This is what the commit does. 2015-10-07 Cole Robinson tests: eventtest: Fix coverity warning We can ignore the result of virtTestResult here, because failure is unconditionally reported by the callers 2015-10-07 Andrea Bolognani qemu: Fix indentation issue Two #define lines introduced by b527aa0 did not respect the indentation rules, thus breaking syntax-check. 2015-10-07 Andrea Bolognani qemu: Remove explicit values from virQEMUCapsFlags This gets rid of the partially enforced alignment and makes it less likely for a bogus value to be introduced in the enumeration. Capabilities are divided in five-element groups for better readability. Use #define for QEMU_CAPS_NET_NAME and QEMU_CAPS_HOST_NET_ADD, both of which are aliases for QEMU_CAPS_0_10. 2015-10-07 Peter Krempa qemu: migration: Skip few checks while doing offline migration qemuMigrationIsAllowed would disallow offline migration if the VM contained host devices or memory modules. Since during offline migration we don't transfer any state we can safely migrate VMs with such configuration. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1265049 2015-10-07 Peter Krempa qemu: migration: Use migration flags in qemuMigrationIsAllowed Use the migration @flags for checking various migration aspects rather than picking them out as booleans. Document the new semantics in the function header. 2015-10-07 Peter Krempa qemu: migration: Drop @def from qemuMigrationIsAllowed Now that qemuMigrationIsAllowed is always called with @vm, we can drop the @def argument and simplify the control flow. Additionally the comment is invalid so drop it. 2015-10-07 Peter Krempa qemu: migration: Split source and destination migration checks Extract the hostdev check from qemuMigrationIsAllowed into a separate function since that is the only part that needs to be done in the v2 migration protocol prepare phase on the destination. All other checks were added when the v3 protocol existed so they don't need to be extracted. This change will allow to drop the @def argument for qemuMigrationIsAllowed and further simplify the function. 2015-10-07 Cole Robinson spec: Delete .git after applying patches I'm hitting this little annoyance in fedora's package repo: $ fedpkg prep Downloading libvirt-1.2.20.tar.gz ... + /usr/bin/gzip -dc /home/crobinso/src/fedora/libvirt/libvirt-1.2.20.tar.gz $ git clean -xdf Removing libvirt-1.2.20.tar.gz Skipping repository libvirt-1.2.20/ We git-ify the libvirt directory as part of applying patches in the spec file, but 'git clean' will ignore subfolders that appear to be standalone git repos. Let's just delete the .git directory after we're done with it. 2015-10-06 Maxim Nestratov vz: remove storage driver as never used In fact, it was never used as far as vz has no features supporting it. That is why there will be no harm to anyone if we just remove this code to prevent further misunderstanding and efforts to support dead code. vz: remove network driver as never used At the time this code was added we had intentions to support libvirt interface to manage vz networks. In fact, it was never implemented completely to work correctly that makes me think that there will be no harm to anyone if we just rip it off. Moreover, in vz7 we started to use libvirt bridge network driver to manage networks. 2015-10-06 Cole Robinson tests: qemu: Add aarch64 virtio pci tests - qemuxml2argv-aarch64-mmio-default-pci: Verify that we still default to virtio-mmio even if qemu is new enough to support PCI - qemuxml2argv-aarch64-virtio-pci: Check generated arm virtio PCI args 2015-10-06 Cole Robinson docs: domain: Show canonical pvspinlock XML The example pvspinlock XML is: While this is accepted by libvirt and works correctly, it's currently always output as a tristate like So document that format instead 2015-10-06 Jiri Denemark qemu: Wait until destination QEMU consumes all migration data Even though QEMU on the source host reports completed migration and thus we move to the Finish phase, QEMU on the destination host may still be processing migration data. Thus before we can start guest CPUs on the destination, we have to wait for a completed migration event. https://bugzilla.redhat.com/show_bug.cgi?id=1265902 2015-10-06 Jiri Denemark qemu: Make updating stats in qemuMigrationCheckJobStatus optional With new QEMU which supports migration events, qemuMigrationCheckJobStatus needs to explicitly query QEMU for migration statistics once migration is completed to make sure the caller sees up-to-date statistics with both old and new QEMU. However, some callers are not interested in the statistics at all and once we start waiting for a completed migration on the destination host too, checking the statistics would even fail. Let's push the decision whether to update the statistics or not to the caller. qemu: Introduce flags in qemuMigrationCompleted The function already has two bool parameters and we will need to add a new one. Let's switch to flags to make the callers readable. qemu: Copy completed migration stats only on success The destination host gets detailed statistics about the current migration form the source host via migration cookie and copies them to the domain object so that they can be queried using virDomainGetJobStats. However, we should only copy statistics to the domain object when migration finished successfully. qemu: Always update migration times on destination Even if we are migrating a domain with VIR_MIGRATE_PAUSED flag set, we should still update the total time of the migration. Updating downtime doesn't hurt either, even though we don't actually start guest CPUs. 2015-10-06 Martin Kletzander tests: Check GIC-related XMLs in qemuxml2xmltest Do not distribute generated virkeymaps.h We are distributing virkeymaps.h and all the tools needed to rebuild that file. On top of that, we are generating that file into the $(srcdir) and that sometimes fails when trying to do make dist in VPATH on rawhide fedora. And we don't clean the file when maintainer-clean make target is requested. So let's not distribute the file and rather let everyone rebuild it when needed and clean it when appropriate. 2015-10-06 Cédric Bosdonnat apparmor: differentiate between error and unconfined profiles profile_status function was not making any difference between error cases and unconfined profiles. The problem with this approach is that dominfo was throwing an error on unconfined domains. 2015-10-06 Peter Krempa conf: Remove elements with no namespace Our docs state that subelements of shall have a namespace and the medatata APIs expect that too. To avoid inaccessible sub-elements, just remove those that don't conform to the documentation. Apart from adding the new condition this patch renames the function and refactors the code flow to allow the changes. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1245525 2015-10-06 Cole Robinson testutils: Drop virtTestResult virtTestResult is suboptimal for a few reasons: - It poorly duplicates virtTestRun pass/fail reporting logic - It doesn't have virtTestRun's alloc testing support - It only reports the test name _after_ the test has run. - It doesn't follow the standard virtTestRun pattern that most other tests use. There's no users left, so drop it. If any other async tests like eventtest spring up that don't cleanly fit the virtTestRun pattern, I suggest they just open code the support for it around virtTestRun 2015-10-06 Cole Robinson tests: eventtest: Open code virtTestResult These event tests aren't run synchronously, so there isn't an obvious function to pass to virtTestRun. Instead, open code roughly what virtTestResult did before: printing an error message if a test failed. tests: sheepdog: Drop use of virtTestResult Instead use the same pattern that most other test files use. 2015-10-06 Cole Robinson testutils: Add coloring to verbose PASS/FAILED output Helps to visually track down test failures if debugging the test suite. The colors match what 'make check' does for pass/fail/skip 2015-10-05 John Ferlan storage: Adjust calculation of alloc/capacity for disk https://bugzilla.redhat.com/show_bug.cgi?id=1247987 Calculation of the extended and logical partition values for the disk pool is complex. As the bz points out an extended partition should have it's allocation initialized to 0 (zero) and keep the capacity as the size dictated by the extents read. Then for each logical partition found, adjust the allocation of the extended partition. Finally, previous logic tried to avoid recalculating things if a logical partition was deleted; however, since we now have special logic to handle the allocation of the extended partition, just make life easier by reading the partition table again - rather than doing the reverse adjustment. 2015-10-05 John Ferlan storage: Introduce virStorageBackendDiskStartPool https://bugzilla.redhat.com/show_bug.cgi?id=1251461 When 'starting' up a disk pool, we need to make sure the label on the device is valid; otherwise, the followup refreshPool will assume the disk has been properly formatted for use. If we don't find the valid label, then refuse the start and give a proper reason. 2015-10-05 John Ferlan storage: Add additional errors/checks for disk label Let's check to ensure we can find the Partition Table in the label and that libvirt actually recognizes that type; otherwise, when we go to read the partitions during a refresh operation we may not be reading what we expect. This will expand upon the types of errors or reason that a build would fail, so we can create more direct error messages. 2015-10-05 John Ferlan storage: Add param to check whether we can write a disk label Modify virStorageBackendDiskValidLabel to add a 'writelabel' parameter. While initially for the purpose of determining whether the label should be written during DiskBuild, a future use during DiskStart could determine whether the pool should be started using the label found. Augment the error messages also to give a hint as to what someone may need to do or why the command failed. storage: Refactor disk label checking Create a new function virStorageBackendDiskValidLabel to handle checking whether there is a label on the device and whether it's valid or not. While initially for the purpose of determining whether the label can be overwritten during DiskBuild, a future use during DiskStart could determine whether the pool should be started using the label found. 2015-10-05 John Ferlan storage: Prior to creating a volume, refresh the pool https://bugzilla.redhat.com/show_bug.cgi?id=1233003 Although perhaps bordering on a don't do that type scenario, if someone creates a volume in a pool outside of libvirt, then uses that same name to create a volume in the pool via libvirt, then the creation will fail and in some cases cause the same name volume to be deleted. This patch will refresh the pool just prior to checking whether the named volume exists prior to creating the volume in the pool. While it's still possible to have a timing window to create a file after the check - at least we tried. At that point, someone is being malicious. 2015-10-05 John Ferlan virfile: Fix error path for forked virFileRemove As it turns out the caller in this case expects a return < 0 for failure and to get/use "errno" rather than using the negative of returned status. Again different than the create path. If someone "deleted" a file from the pool without using virsh vol-delete, then the unlink/rmdir would return an error (-1) and set errno to ENOENT. The caller checks errno for ENOENT when determining whether to throw an error message indicating the failure. Without the change, the error message is: error: Failed to delete vol $vol error: cannot unlink file '/$pathto/$vol': Success This patch thus allows the fork path to follow the non-fork path where unlink/rmdir return -1 and errno. 2015-10-05 John Ferlan virfile: Add extra check for direct delete in virFileRemove Unlike create options, if the file to be removed is already in the pool, then the uid/gid will come from the pool. If it's the same as the currently running process, then just do the unlink/rmdir directly rather than going through the fork processing unnecessarily 2015-10-05 Andrea Bolognani qemu: Add conditions for qemu-kvm use on ppc64 qemu-kvm can be used to run ppc64 guests on ppc64le hosts and vice versa, since the hardware is actually the same and the endianness is chosen by the guest kernel. Up until now, however, libvirt didn't allow the use of qemu-kvm to run guests if their endianness didn't match the host's. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1267882 2015-10-05 Peter Krempa rpc: libssh2: Fix regression in ssh host key verification Commit 792f81a40e caused a regression in the libssh2 host key verification code by changing the variable type of 'i' to unsigned. Since one of the loops used -1 as a special value if the asking callback was found the conversion made a subsequent test always fail. The bug was stealth enough to pass review, compilers and coverity. Refactor the condition to avoid problems. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1047861 2015-10-05 Peter Krempa rpc: libssh2: Add more debugging info 2015-10-05 Peter Krempa conf: Reuse virDomainDefCheckDuplicateDiskWWN to check disk serial too Rename the function to virDomainDefCheckDuplicateDiskInfo and make it check disk serials too. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1245013 2015-10-05 Peter Krempa qemu: Perform the disk WWN check only on fresh starts Since we'd disallow migration of a guest that would have possibly invalid config but still be able to work, relax the WWN check to be performed only on new starts of the VM. 2015-10-02 Laine Stump interface: let netcf pre-filter for active vs. inactive If a system has a large number of active or active interfaces, it can be a big waste of time to retrieve and qualify all interfaces if the caller only wanted one subset. Since netcf has a simple flag for this, translate the libvirt flag into a netcf flag and let netcf pre-filter. 2015-10-02 Laine Stump interface: re-use name and mac address rather than re-retrieving Getting the MAC address of an interface is actually fairly expensive, and we've already gotten it and stored it into def, so just keep def around a bit longer and retrieve it from there. This reduces the time for "virsh iface-list --all" from 28 to 23 seconds when there are 400 interfaces. 2015-10-02 Laine Stump interface: report correct interface count when not returning list The spec for virConnectListAllInterfaces says that if the pointer that is supposed to hold the list of interfaces is NULL, the function should just return the count of interfaces that matched the filter, but the code never increments the count if the list pointer is NULL. interface: fail on OOM from virGetInterface() 2015-10-02 Daniel P. Berrange libvirt.spec: fix accidental conditional inclusion of polkit docs In previous change: commit 29b5167417483ef80f6c3fce12811b59a1e2bd55 Author: Jiri Denemark Date: Tue Aug 4 14:05:52 2015 +0200 examples: Add example polkit ACL rules The polkit examples were accidentally added to the spec inside a %if %{with_network} conditional. 2015-10-02 Martin Kletzander qemu: Use memory-backing-file only when needed We are using memory-backing-file even when it's not needed, for example if user requests hugepages for memory backing, but does not specify any pagesize or memory node pinning. This causes migrations to fail when migrating from older libvirt that did not do this. So similarly to commit 7832fac84741d65e851dbdbfaf474785cbfdcf3c which does it for memory-backend-ram, this commit makes is more generic and backend-agnostic, so the backend is not used if there is no specific pagesize of hugepages requested, no nodeset the memory node should be bound to, no memory access change required, and so on. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1266856 2015-10-02 Martin Kletzander qemu: Add -mem-path even with numa So since the introduction of the memory-backend-file object until now we only added '-mem-path' for non-NUMA guests and we used the parameters of the memory-backend-file object to specify the path to the hugetlbfs mount. But hugepages can be also used without memory-backend-file object, as it used to be before its introduction. Let's just get this part of the code back and properly append the '-mem-path' for NUMA guests as well, but only when the memory backend is not needed. This parameter is already being applied when no numa is requested and because we still use memory-object-file unconditionally for hugepage-backed NUMA guests, this should not fire until later. 2015-10-02 Martin Kletzander qemu: Extract -mem-path building into its own function That function is called qemuBuildMemPathStr() and will be used in other places in the future. The change in the test suite is proper due to the fact that -mem-prealloc makes only sense with -mem-path (from qemu documentation -- html/qemu-doc.html). qemu: Move memory size detection to the top of the function To get rid of very long line and make it more readable. qemu: Move simplification variable to begining of the function docs: Add Cuckoo Sandbox into apps.html 2015-10-02 Pavel Fedin qemu: Add test cases for gic-version option These tests make sure that we can use this option only when the capability is set. qemu: Add support for gic-version machine option Support for GICv3 has been recently introduced in qemu using gic-version option for the 'virt' machine. The option can actually take values of '2', '3' and 'host', however, since in libvirt this is a numeric parameter, we limit it only to 2 and 3. Value of 2 is not added to the command line in order to keep backward compatibility with older qemu versions. qemu: Introduce QEMU_CAPS_MACH_VIRT_GIC_VERSION capability Unfortunately qemu currently doesn't offer introspection for machine types, so we have to rely on version number, similar to QEMU_CAPS_MACHINE_USB_OPT. 2015-10-02 Martin Kletzander Post-release version bump to 1.2.21 2015-10-02 Daniel Veillard Release of libvirt-1.2.20 * docs/news.html.in libvirt.spec.in: update for new release * po/*.po*: regenerate localization 2015-09-29 Cole Robinson qemu: Fix dynamic_ownership qemu.conf setting Commit 307fb904 (Sep 10) added a 'privileged' variable when creating the DAC driver: @@ -153,6 +157,7 @@ virSecurityManagerNewDAC(const char *virtDriver, bool defaultConfined, bool requireConfined, bool dynamicOwnership, + bool privileged, virSecurityManagerDACChownCallback chownCallback) But argument order is mixed up at the caller, swapping dynamicOwnership and privileged values. This corrects the argument order https://bugzilla.redhat.com/show_bug.cgi?id=1266628 2015-09-29 Michal Privoznik virsh: Preserve startupPolicy in change-media command https://bugzilla.redhat.com/show_bug.cgi?id=1250331 Even after my rework of startupPolicy handling, one command slipped my attention. The change-media command has a very unique approach to constructing disk XML. However, it will not preserve startupPolicy attribute. 2015-09-29 Ján Tomko Create a shallow copy for volume building only if supported Since the previous commit, the shallow copy is only used inside the if (backend->buildVol) if. 2015-09-29 Ján Tomko Update pool allocation with new values on volume creation Since commit e0139e3, we update the pool allocation with the user-provided allocation values. For qcow2, the allocation is ignored for volume building, but we still subtracted it from pool's allocation. This can result in interesting values if the user-provided allocation is large enough: Capacity: 104.71 GiB Allocation: 109.13 GiB Available: 16.00 EiB We already do a VolRefresh on volume creation. Also refresh the volume after creating and use the new value to update the pool. https://bugzilla.redhat.com/show_bug.cgi?id=1163091 2015-09-26 John Ferlan conf: Fix virtType check Commit id '7383b8cc' changed virDomainDef 'virtType' to an enum, that caused a build failure on some archs due to comparing an unsigned value to < 0. Adjust the fetch of 'type' to be into temporary 'int virtType' and then assign that virtType to the def->virtType 2015-09-26 Shivangi Dhir qemu: Make virtType of type virDomainVirtType Earlier virtType was of type int. After, introducing the enum VIR_DOMAIN_VIRT_NONE, the type of virtType is modified to virDomainVirtType. 2015-09-26 Shivangi Dhir conf: Add new VIR_DOMAIN_VIRT_NONE enum Introduce VIR_DOMAIN_VIRT_NONE to give domaintype the default value of zero. This is specially helpful in constructing better error messages when we don't want to look up the default emulator by virtType. The test data in vircapstest.c is also modified to reflect this change. 2015-09-25 Guido Günther Use daemon log facility for journald otherwise messages end up in /var/log/kern.log if journald forwards to syslog. Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799633 2015-09-25 Michal Privoznik tools: Link libvirt.la and readline to libvirt_shell.a So, our mingw build is broken. It's because while libvirt_shell library is using some of our internal APIs, e.g. virStrndup, and readline API but it's not being linked with nor libvirt.la nor libreadline. Only subsequent users of the library, like virsh, do link to the needed libraries. In fact, I'm surprised Linux linker doesn't care, because how can it make a static library with missing symbols is mystery to me. 2015-09-25 Andrea Bolognani maint: Remove control characters from LGPL license file 2015-09-24 Jiri Denemark domain: Fix migratable XML with graphics/@listen As of commit 6992994, we set graphics/@listen attribute according to the first listen child element even if that element is of type='network'. This was done for backward compatibility with applications which only support the original listen attribute. However, by doing so we broke migration to older libvirt which tried to check that the listen attribute matches one of the listen child elements but which did not take type='network' elements into account. We are not concerned about compatibility with old applications when formatting domain XML for migration for two reasons. The XML is consumed only by libvirtd and the IP address associated with type='network' listen address on the source host is just useless on the destination host. Thus, we can safely avoid propagating the type='network' IP address to graphics/@listen attribute when creating migratable XML. https://bugzilla.redhat.com/show_bug.cgi?id=1265111 2015-09-24 Erik Skultety vsh: create a noinstall libvirt_shell library Instead of referencing vsh sources in all relevant client targets, create a library that the client can link against. 2015-09-24 John Ferlan qemu: Resolve Coverity RESOURCE_LEAK This seemed to be more of a false positive as for some reason Coverity was missing the "ret < 0" goto error condition and somehow believing that event could be overwritten. At first I thought it was just the ret != 0 condition difference, but it wasn't. In any case, make use of the recent change to qemuDomainEventQueue to check event == NULL and just pass it as a parameter directly in the error path. That avoids the error. 2015-09-24 John Ferlan qemu: Clean up ret in qemuDomainSaveMemory and qemuDomainSaveInternal As it turns out, ret can only be 0 or -1, so rather than have some comparisons be "ret < 0" and others be "ret != 0", make them all "ret < 0". qemu: Resolve Coverity CHECKED_RETURN Coverity complains that return from virHookCall is not checked in one place in qemuProcessStop. Since the comment notes that we cannot stop the operation even it if fails, just added the ignore_value. virsh: Resolve Coverity DEADCODE Use 'dead_error_condition' instead of 'dead_error_begin' tests: Resolve Coverity RESOURCE_LEAK The cleanup path did not clear the reference for sk1 and sk2 tests: Resolve Coverity RESOURCE_LEAK In the error path need to unref the 'caps' as well 2015-09-24 Michal Privoznik virDomainRestore: Don't keep transient domains around So while working on my previous patches, I've noticed that virDomainRestore implementation in qemu and test drivers has the same problem as I am fixing. 2015-09-24 Michal Privoznik qemu: Move vm->persistent check into qemuDomainRemoveInactive So far we have the following pattern occurring over and over again: if (!vm->persistent) qemuDomainRemoveInactive(driver, vm); It's safe to put the check into the function and save some LoC. 2015-09-24 Michal Privoznik virDomainCreateXML: Make domain definition transient https://bugzilla.redhat.com/show_bug.cgi?id=871452 So, you want to create a domain from XML. The domain already exists in libvirt's database of domains. It's okay, because name and UUID matches. However, on domain startup, internal representation of the domain is overwritten with your XML even though we claim that the XML you've provided is a transient one. The bug is to be found across nearly all the drivers. Le sigh. 2015-09-24 Michal Privoznik virDomainCreateXML: Don't remove persistent domains on error https://bugzilla.redhat.com/show_bug.cgi?id=871452 Okay, so we allow users to 'virsh create' an already existing domain, providing completely different XML than the one stored in Libvirt. Well, as long as name and UUID matches. However, in some drivers the code that handles errors unconditionally removes the domain that failed to start even though the domain might have been persistent. Fortunately, the domain is removed just from the internal list of domains and the config file is kept around. Steps to reproduce: 1) virsh dumpxml $dom > /tmp/dom.xml 2) change XML so that it is still parse-able but won't boot, e.g. change guest agent path to /foo/bar 3) virsh create /tmp/dom.xml 4) virsh dumpxml $dom 5) Observe "No such domain" error 2015-09-24 Michal Privoznik docs: Add yet another libvirt based app As announced on the list [1], Cherrypop is a management application based on libvirt. It's a decentralized cloud software with nice scaling ability. 1: https://www.redhat.com/archives/libvir-list/2015-September/msg00670.html 2015-09-24 Martin Kletzander Remove redundand assignment I initially added this in order to keep the code more error-prone to following additions, but it seems it's still frowned upon. 2015-09-24 Michal Privoznik qemuDomainDeviceDefPostParse: Drop useless checks Now that virQEMUDriverCreateXMLConf is never called with NULL (after 086f37e97aab) we can safely drop useless check in qemuDomainDeviceDefPostParse as we are guaranteed to be always called with the driver initialized. Therefore checking if driver is NULL makes no sense. Moreover, if we mix it with direct driver dereference. And after that, we are sure that nor @cfg will be NULL, therefore we can drop checks for that too. 2015-09-23 Peter Krempa virsh: Fix job status indicator for 0 length block jobs Although 0 length block jobs aren't entirely useful, the output of virsh blockjob is empty due to the condition that suppresses the output for migration jobs that did not start. Since the only place that actually uses the condition that suppresses the output is in migration, let's move the check there and thus add support for 0 of 0 equaling to 100%. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1196711 2015-09-23 Peter Krempa qemu: Refresh memory size only on fresh starts Qemu unfortunately doesn't update internal state right after migration and so the actual balloon size as returned by 'query-balloon' are invalid for a while after the CPUs are started after migration. If we'd refresh our internal state at this point we would report invalid current memory size until the next balloon event would arrive. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1242940 2015-09-23 Peter Krempa qemu: Align memory module sizes to 2MiB My original implementation was based on a qemu version that still did not have all the checks in place. Using sizes that would align to odd megabyte increments will produce the following error: qemu-kvm: -device pc-dimm,node=0,memdev=memdimm0,id=dimm0: backend memory size must be multiple of 0x200000 qemu-kvm: -device pc-dimm,node=0,memdev=memdimm0,id=dimm0: Device 'pc-dimm' could not be initialized Introduce an alignment retrieval function for memory devices and use it to align the devices separately and modify a test case to verify it. 2015-09-23 Jiri Denemark virsh: Notify users about disconnects After my "client rpc: Report proper error for keepalive disconnections" patch, virsh would no long print a warning when it closes a connection to a daemon after a keepalive timeout. Although the warning virsh # 2015-09-15 10:59:26.729+0000: 642080: info : libvirt version: 1.2.19 2015-09-15 10:59:26.729+0000: 642080: warning : virKeepAliveTimerInternal:143 : No response from client 0x7efdc0a46730 after 1 keepalive messages in 2 seconds was pretty ugly, it was still useful. This patch brings the useful part back while making it much nicer: virsh # error: Disconnected from qemu:///system due to keepalive timeout 2015-09-23 Jiri Denemark client rpc: Process pending data on error Even though we hit an error in client's IO loop, we still want to process any pending data. So instead of reporting the error right away, we can finish the current iteration and report the error once we're done with it. Note that the error is stored in client->error by virNetClientMarkClose so we don't need to worry about it being reset or rewritten by any API we call in the meantime. 2015-09-23 Jiri Denemark client rpc: Report proper error for keepalive disconnections Whenever a connection was closed due to keepalive timeout, we would log a warning but the interrupted API would return rather useless generic error: internal error: received hangup / error event on socket Let's report a proper keepalive timeout error and make sure it is propagated to all pending APIs. The error should be better now: internal error: connection closed due to keepalive timeout Based on an old patch from Martin Kletzander. 2015-09-23 Luyao Huang conf: escape string for disk driver name attribute Just like e92e5ba1, this attribute was missed. 2015-09-23 Martin Kletzander Use VIR_DIV_UP macro where possible 2015-09-23 Luyao Huang Makefile: fix build fail when make rpm Build fail and error like this: CC qemu/libvirt_driver_qemu_impl_la-qemu_command.lo qemu/qemu_capabilities.c:46:27: fatal error: qemu_capspriv.h: No such file or directory #include "qemu_capspriv.h" Add qemu_capspriv.h to source. 2015-09-23 Cole Robinson spec: Fix some warnings with latest rpmbuild $ rpmbuild -ba libvirt.spec warning: Macro expanded in comment on line 5: # If neither fedora nor rhel was defined, try to guess them from %{dist} warning: Macro %enable_autotools defined but not used within scope warning: Macro %client_only defined but not used within scope ... 2015-09-22 Michal Privoznik tests: Avoid use of virQEMUDriverCreateXMLConf(NULL) We use the function to create a virDomainXMLOption object that is required for some functions. However, we don't pass the driver pointer to the object anywhere - rather than pass NULL. This causes trouble later when parsing a domain XML and calling post parse callbacks: Program received signal SIGSEGV, Segmentation fault. 0x000000000043fa3e in qemuDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, opaque=0x0) at qemu/qemu_domain.c:1043 1043 qemuCaps = virQEMUCapsCacheLookup(driver->qemuCapsCache, def->emulator); (gdb) bt #0 0x000000000043fa3e in qemuDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, opaque=0x0) at qemu/qemu_domain.c:1043 #1 0x00007ffff2928bf9 in virDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, xmlopt=0x7c82c0) at conf/domain_conf.c:4269 #2 0x00007ffff294de04 in virDomainDefParseXML (xml=0x7da8c0, root=0x7dab80, ctxt=0x7da980, caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16400 #3 0x00007ffff294e5b5 in virDomainDefParseNode (xml=0x7da8c0, root=0x7dab80, caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16582 #4 0x00007ffff294e424 in virDomainDefParse (xmlStr=0x0, filename=0x7c7ef0 "/home/zippy/work/libvirt/libvirt.git/tests/securityselinuxlabeldata/disks.xml", caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16529 #5 0x00007ffff294e4b2 in virDomainDefParseFile (filename=0x7c7ef0 "/home/zippy/work/libvirt/libvirt.git/tests/securityselinuxlabeldata/disks.xml", caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16553 #6 0x00000000004303ca in testSELinuxLoadDef (testname=0x53c929 "disks") at securityselinuxlabeltest.c:192 #7 0x00000000004309e8 in testSELinuxLabeling (opaque=0x53c929) at securityselinuxlabeltest.c:313 #8 0x0000000000431207 in virtTestRun (title=0x53c92f "Labelling \"disks\"", body=0x430964 , data=0x53c929) at testutils.c:211 #9 0x0000000000430c5d in mymain () at securityselinuxlabeltest.c:373 #10 0x00000000004325c2 in virtTestMain (argc=1, argv=0x7fffffffd7e8, func=0x430b4a ) at testutils.c:863 #11 0x0000000000430deb in main (argc=1, argv=0x7fffffffd7e8) at securityselinuxlabeltest.c:381 2015-09-22 Michal Privoznik qemuTestDriverInit: init the driver lock too Even though usage of the lock is limited to a very few cases, it's still needed. Therefore we should initialize it too. Otherwise we may get some random test failures: ==1204== Conditional jump or move depends on uninitialised value(s) ==1204== at 0xEF7F7CF: pthread_mutex_lock (in /lib64/libpthread-2.20.so) ==1204== by 0x9CA89A5: virMutexLock (virthread.c:89) ==1204== by 0x450B2A: qemuDriverLock (qemu_conf.c:83) ==1204== by 0x45549C: virQEMUDriverGetConfig (qemu_conf.c:869) ==1204== by 0x448E29: qemuDomainDeviceDefPostParse (qemu_domain.c:1240) ==1204== by 0x9CC9B13: virDomainDeviceDefPostParse (domain_conf.c:4224) ==1204== by 0x9CC9B91: virDomainDefPostParseDeviceIterator (domain_conf.c:4251) ==1204== by 0x9CC7843: virDomainDeviceInfoIterateInternal (domain_conf.c:3440) ==1204== by 0x9CC9C25: virDomainDefPostParse (domain_conf.c:4276) ==1204== by 0x9CEEE03: virDomainDefParseXML (domain_conf.c:16400) ==1204== by 0x9CEF5B4: virDomainDefParseNode (domain_conf.c:16582) ==1204== by 0x9CEF423: virDomainDefParse (domain_conf.c:16529) 2015-09-22 John Ferlan Revert "qemu: Fix integer/boolean logic in qemuSetUnprivSGIO" This reverts commit 69b850fe2a19d0c32ae2f209e8d8463df6ead665. This change broke the ability to "clear" or reset unfiltered back to filtered. 2015-09-22 Peter Krempa test: Add test to validate that memory sizes don't get updated on migration 2015-09-22 Peter Krempa qemu: ppc64: Align memory sizes to 256MiB blocks For some machine types ppc64 machines now require that memory sizes are aligned to 256MiB increments (due to the dynamically reconfigurable memory). As now we treat existing configs reasonably in regards to migration, we can round all the sizes unconditionally. The only drawback will be that the memory size of a VM can potentially increase by (256MiB - 1byte) * number_of_NUMA_nodes. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1249006 2015-09-22 Peter Krempa qemu: command: Align memory sizes only on fresh starts When we are starting a qemu process for an incomming migration or snapshot reloading we should not modify the memory sizes in the domain since we could potentially change the guest ABI that was tediously checked before. Additionally the function now updates the initial memory size according to the NUMA node size, which should not happen if we are restoring state. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1252685 2015-09-22 Peter Krempa conf: Don't always recalculate initial memory size from NUMA size totals When implementing memory hotplug I've opted to recalculate the initial memory size (contents of the element) as a sum of the sizes of NUMA nodes when NUMA was enabled. This was based on an assumption that qemu did not allow starting when the NUMA node size total didn't equal to the initial memory size. Unfortunately the check was introduced to qemu just lately. This patch uses the new XML parser flag to decide whether it's safe to update the memory size total from the NUMA cell sizes or not. As an additional improvement we now report an error in case when the size of hotplug memory would exceed the total memory size. The rest of the changes assures that the function is called with correct flags. 2015-09-22 Peter Krempa conf: Pre-calculate initial memory size instead of always calculating it Add 'initial_memory' member to struct virDomainMemtune so that the memory size can be pre-calculated once instead of inferring it always again and again. Separating of the fields will also allow finer granularity of decisions in later patches where it will allow to keep the old initial memory value in cases where we are handling incomming migration from older versions that did not always update the size from NUMA as the code did previously. The change also requires modification of the qemu memory alignment function since at the point where we are modifying the size of NUMA nodes the total size needs to be recalculated too. The refactoring done in this patch also fixes a crash in the hyperv driver that did not properly initialize def->numa and thus virDomainNumaGetMemorySize(def->numa) crashed. In summary this patch should have no functional impact at this point. 2015-09-22 Peter Krempa conf: Rename max_balloon to total_memory The name of the variable was misleading. Rename it and it's setting accessor before other fixes. conf: Split memory related post parse stuff into separate function The post parse func is growing rather large. Since later patches will introduce more logic in the memory post parse code, split it into a separate handler. conf: Add XML parser flag that will allow us to do incompatible updates Add a new parser flag that will mark code paths that parse XML files wich will not be used with existing VM state so that post parse callbacks can possibly do ABI incompatible changes if needed. conf: Document all VIR_DOMAIN_DEF_PARSE_* flags conf: Drop VIR_DOMAIN_DEF_PARSE_CLOCK_ADJUST flag The flag was used only for formatting the XML and once the parser and formatter flags were split in 0ecd6851093945dd5ddc78266c61b577c65394ae it doesn't make sense any more to have it. qemu: Make memory alignment helper more universal Extract the size determination into a separate function and reuse it across the memory device alignment functions. Since later we will need to decide the alignment size according to architecture let's pass def to the functions. conf: Add helper to determine whether memory hotplug is enabled for a vm Add a simple helper so that the code doesn't have to rewrite the same condition multiple times. libxl: vz: Use accessor instead of direct access for max_balloon Commits 45697fe5 and f863ac80 used direct access to the variable instead of the preferred accessor method. 2015-09-22 Pavel Fedin Removed unneeded check Since test suite now correctly creates capabilities cache, the hack is not needed any more. tests: use mockup cache Use the new API in order to correctly add capability sets to the cache before parsing XML files 2015-09-22 Pavel Fedin Implement infrastracture for mocking up QEMU capabilities cache The main purpose of this patch is to introduce test mode to virQEMUCapsCacheLookup(). This is done by adding a global variable, which effectively overrides binary name. This variable is supposed to be set by test suite. The second addition is qemuTestCapsCacheInsert() function which allows the test suite to actually populate the cache. 2015-09-22 Pavel Fedin tests: split out common qemu driver initialization Two utility functions are introduced for proper initialization and cleanup of the driver. 2015-09-22 David Mansfield test driver: don't unlock pool after freeing it Invalid read of size 4 at 0x945CA30: __pthread_mutex_unlock_full (in /lib64/libpthread-2.20.so) by 0x4F0404B: virMutexUnlock (virthread.c:94) by 0x4F7161B: virStoragePoolObjUnlock (storage_conf.c:2603) by 0x4FE0476: testStoragePoolUndefine (test_driver.c:4328) by 0x4FCF086: virStoragePoolUndefine (libvirt-storage.c:656) by 0x15A7F5: cmdPoolUndefine (virsh-pool.c:1721) by 0x12F48D: vshCommandRun (vsh.c:1212) by 0x132AA7: main (virsh.c:943) Address 0xfda56a0 is 16 bytes inside a block of size 104 free'd at 0x4C2BA6C: free (vg_replace_malloc.c:473) by 0x4EA5C96: virFree (viralloc.c:582) by 0x4F70B69: virStoragePoolObjFree (storage_conf.c:412) by 0x4F7167B: virStoragePoolObjRemove (storage_conf.c:437) by 0x4FE0468: testStoragePoolUndefine (test_driver.c:4323) by 0x4FCF086: virStoragePoolUndefine (libvirt-storage.c:656) by 0x15A7F5: cmdPoolUndefine (virsh-pool.c:1721) by 0x12F48D: vshCommandRun (vsh.c:1212) by 0x132AA7: main (virsh.c:943) 2015-09-21 John Ferlan virfile: Use virProcessWait in virDirCreate Rather than inlining the code, use the common API. virfile: Use virProcessWait in virFileUnlink Rather than inlining the code, use the common API. virfile: Use virProcessWait in virFileOpenForked Rather than inlining the code, use the common API 2015-09-21 John Ferlan virfile: Rename virFileUnlink to virFileRemove Similar to commit id '35847860', it's possible to attempt to create a 'netfs' directory in an NFS root-squash environment which will cause the 'vol-delete' command to fail. It's also possible error paths from the 'vol-create' would result in an error to remove a created directory if the permissions were incorrect (and disallowed root access). Thus rename the virFileUnlink to be virFileRemove to match the C API functionality, adjust the code to following using rmdir or unlink depending on the path type, and then use/call it for the VIR_STORAGE_VOL_DIR 2015-09-21 Maxim Nestratov vz: remove error logging from prlsdkUUIDParse As far as not every call of prlsdkUUIDParse assume correct UUID supplied, there is no use to complain about wrong format in it. Otherwise our log is flooded with false error messages. For instance, calling prlsdkUUIDParse from prlsdkEventsHandler works as a filter and in case of uuid absence for event issuer, we simply know that we shouldn't continue further processing. Instead of error logging for all calls we should explicitly take into accaunt where it is called from. 2015-09-21 Michal Privoznik qemuDomainChangeDiskLive: Allow startupPolicy change https://bugzilla.redhat.com/show_bug.cgi?id=1159219 2015-09-18 Michal Privoznik qemuDomainDiskChangeSupported: Fill in missing checks So far this function was not kept in sync with changing virDomainDiskDef. Fill in all the missing checks and reorganize their order so it's easier to track which items are not being checked for. qemu: s/virDomainDiskDiffersSourceOnly/qemuDomainDiskChangeSupported/ I always felt like this function is qemu specific rather than libvirt-wide. Other drivers may act differently on virDomainDef change and in fact may require talking to underlying hypervisor even if something else's than disk->src has changed. I know that the function is still incomplete, but lets break that into two commits that are easier to review. This one is pure code movement. qemuDomainChangeDiskLive: rework slightly Firstly, our coding guidelines suggest using 'cleanup' label instead of 'end'. Then, @ret should be set to value representing success as the last statement before the 'cleanup' label. And while I am at this function, lets enumerate all the possible enum items (virDomainDiskDevice) and avoid using 'default' in switch(). Pooh. Also, nothing bad happens if we look up the disk to change in the domain upfront. In fact, it's going to be helpful later when we want to keep some old values for performing a rollback. qemu_domain: Introduce qemuDomainDiskSourceDiffers This new private API should return true iff sources of two disks differs in sense that qemu should be instructed to change the disk backend. For instance, ejecting a CDROM is such case, or pointing disk into a different ISO location, and so on. qemu: s/qemuDomainChangeDiskMediaLive/qemuDomainChangeDiskLive/ While we currently only allow changing a media in a disk, this is going to change in a while, so the function name would be invalid. Moreover, the old name does not match the pattern laid out by other update functions. 2015-09-18 Michal Privoznik qemuDomainUpdateDeviceConfig: Allow startupPolicy update, yet again https://bugzilla.redhat.com/show_bug.cgi?id=1159219 So, in 11e058ca589808bd I've tried to make UpdateDevice update startupPolicy too. And it worked well until somebody came around and pushed d0dc6c036914da which accidentally removed my contribution. Redo my commit. 2015-09-18 Jiri Denemark qemu: Fix some corner cases in persistent migration When persistently migrating a domain to a destination host where the same domain already exists (i.e., it is persistent and shutdown at the destination), we would happily throw away the original persistent definition without properly freeing it. And when updating the definition fails for some reason we don't properly revert to the original state leaving the domain broken. In addition to fixing these issues, the patch also makes sure the domain definition parsed from a migration cookie is either used or freed. 2015-09-18 Jiri Denemark qemu: Queue events in migration Finish phase ASAP For quite a long time we don't need to postpone queueing events until the end of the function since we no longer have the big driver lock. Let's make the code of qemuMigrationFinish simpler by queuing events at the time we generate them. 2015-09-18 Jiri Denemark qemuDomainEventQueue: Check if event is non-NULL Every single call to qemuDomainEventQueue() uses the following pattern: if (event) qemuDomainEventQueue(driver, event); Let's move the check for valid event to qemuDomainEventQueue and simplify all callers. 2015-09-18 Jiri Denemark qemu: Don't report false errors in migration protocol v2 Finish is the final state in v2 of our migration protocol. If something fails, we have no option to abort the migration and resume the original domain. Non fatal errors (such as failure to start guest CPUs or make the domain persistent) has to be treated as success. Keeping the domain running while reporting the failure was just asking for trouble. qemu: Kill domain when migration finish fails Whenever something fails during incoming migration in Finish phase before we started guest CPUs, we need to kill the domain in addition to reporting the failure. qemu: Don't fail migration on save status failure When we save status XML at the point during migration where we have already started the domain on destination, we can't really go back and abort migration. Thus the only thing we can do is to log a warning and report success. qemu: Simplify qemuMigrationFinish Offline migration is quite special because we don't really need to do anything but make the domain persistent. Let's do it separately from normal migration to avoid cluttering the code with !(flags & VIR_MIGRATE_OFFLINE). qemu: Split qemuMigrationFinish Separate code which makes incoming domain persistent into qemuMigrationPersist. 2015-09-17 Chunyan Liu libxl: fix AttachDeviceConfig on hostdev type After attach-device a with --config, new device doesn't show up in dumpxml and in guest. To fix that, set dev->data.hostdev = NULL after work so that the pointer is not freed, since vmdef has the pointer and still need it. 2015-09-17 Matthias Bolte vmx: Expose datacenter path in domain XML Tool such as libguestfs need the datacenter path to get access to disk images. The ESX driver knows the correct datacenter path, but this information cannot be accessed using libvirt API yet. Also, it cannot be deduced from the connection URI in a robust way. Expose the datacenter path in the domain XML as node similar to the way the node works. The new node is ignored while parsing the domain XML. In contrast to it is output only. 2015-09-16 John Ferlan virfile: Check for existence of dir in virFileDeleteTree Commit id 'f1f68ca33' added code to remove the directory paths for auto-generated sockets, but that code could be called before the paths were created resulting in generating error messages from virFileDeleteTree indicating that the file doesn't exist. Rather than "enforce" all callers to make the non-NULL and existence checks, modify the virFileDeleteTree API to silently ignore NULL on input and non-existent directory trees. 2015-09-16 Michal Privoznik virsh: Teach attach-interface to --print-xml We have the same argument to many other commands that produce an XML based on what user typed. But unfortunately attach-interface was missing it. Maybe nobody had needed it yet. Well, I did just now. 2015-09-16 Andrea Bolognani qemu: Fix using guest architecture as lookup key When looking for a QEMU binary suitable for running ppc64le guests we have to take into account the fact that we use the QEMU target as key for the hash, so direct comparison is not good enough. Factor out the logic from virQEMUCapsFindBinaryForArch() to a new virQEMUCapsFindTarget() function and use that both when looking for QEMU binaries available on the system and when looking up QEMU capabilities later. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1260753 2015-09-16 Jim Fehlig libxl: fix compiler error introduced by commit ba25c214 libxl/libxl_conf.c: In function 'libxlDriverConfigNew': libxl/libxl_conf.c:1560:30: error: 'log_level' may be used uninitialized in this function [-Werror=maybe-uninitialized] libxl: open libxl log stream with libvirtd log_level Instead of a hardcoded DEBUG log level, use the overall daemon log level specified in libvirtd.conf when opening a log stream with libxl. libxl is very verbose when DEBUG log level is set, resulting in huge log files that can potentially fill a disk. Control of libxl verbosity should be placed in the administrator's hands. 2015-09-15 Pavel Fedin Ignore virtio-mmio disks in qemuAssignDevicePCISlots() Fixes the following error when attempting to add a disk with bus='virtio' to a machine which actually supports virtio-mmio (caught with ARM virt): virtio disk cannot have an address of type 'virtio-mmio' The problem has been likely introduced by e8d55172544c1fafe31a9e09346bdebca4f0d6f9. Before that qemuAssignDevicePCISlots() was never called for ARM "virt" machine. 2015-09-15 Michal Privoznik security_selinux: Take @privileged into account https://bugzilla.redhat.com/show_bug.cgi?id=1124841 If running in session mode it may happen that we fail to set correct SELinux label, but the image may still be readable to the qemu process. Take this into account. 2015-09-15 Michal Privoznik virSecurityManager: Track if running as privileged We may want to do some decisions in drivers based on fact if we are running as privileged user or not. Propagate this info there. security_selinux: Replace SELinuxSCSICallbackData with proper struct We have plenty of callbacks in the driver. Some of these callbacks require more than one argument to be passed. For that we currently have a data type (struct) per each callback. Well, so far for only one - SELinuxSCSICallbackData. But lets turn it into more general name so it can be reused in other callbacks too instead of each one introducing a new, duplicate data type. virSecuritySELinuxSetSecurityAllLabel: drop useless virFileIsSharedFSType The check is done in virSecuritySELinuxSetFilecon itself. There's no need to check it again. 2015-09-15 Christian Loehle Minor typo fixes in documentation 2015-09-14 Andrea Bolognani util: Add space before comment end marker This allows the Wikipedia link to be recognized correctly by eg. gnome-terminal's Open Link and Copy Link Address features. 2015-09-14 Martin Kletzander qemu: Allow others to browse /var/lib/libvirt/qemu Commit f1f68ca33433 tried fixing running multiple domains under various users, but if the user can't browse the directory, it's hard for the qemu running under that user to create the monitor socket. The permissions need to be fixed in two places in the spec file due to support for both installations with and without driver modules. Creating a directory with '$(MKDIR_P) -m' shouldn't fail even on systems where autoconf needs to fallback to 'install-sh -d'. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886 2015-09-14 Martin Kletzander qemu: Do not allow others into per-VM subdirectories 2015-09-14 Peter Krempa qemu: hotplug: Properly clean up drive backend if frontend hotplug fails Commit 8125113c added code that should remove the disk backend if the fronted hotplug failed for any reason. The code had a bug though as it used the disk string for unplug rather than the backend alias. Fix the code by pre-creating an alias string and using it instead of the disk string. In cases where qemu does not support QEMU_CAPS_DEVICE, we ignore the unplug of the backend since we can't really create an alias in that case. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1262399 2015-09-12 Cole Robinson qemu: command: Report stderr from qemu-bridge-helper There's a couple reports of things failing in this area (bug 1259070), but it's tough to tell what's going wrong without stderr from qemu-bridge-helper. So let's report stderr in the error message Couple new examples: virbr0 is inactive: internal error: /usr/libexec/qemu-bridge-helper --use-vnet --br=virbr0 --fd=21: failed to communicate with bridge helper: Transport endpoint is not connected stderr=failed to get mtu of bridge `virbr0': No such device bridge isn't on the ACL: internal error: /usr/libexec/qemu-bridge-helper --use-vnet --br=br0 --fd=21: failed to communicate with bridge helper: Transport endpoint is not connected stderr=access denied by acl file 2015-09-12 Daniel P. Berrange xen: fix race in refresh of config cache The xenXMConfigCacheRefresh method scans /etc/xen and loads all config files it finds. It then scans its internal hash table and purges any (previously) loaded config files whose refresh timestamp does not match the timestamp recorded at the start of xenXMConfigCacheRefresh(). There is unfortunately a subtle flaw in this, because if loading the config files takes longer than 1 second, some of the config files will have a refresh timestamp that is 1 or more seconds different (newer) than is checked for. So we immediately purge a bunch of valid config files we just loaded. To avoid this flaw, we must pass the timestamp we record at the start of xenXMConfigCacheRefresh() into the xenXMConfigCacheAddFile() method, instead of letting the latter call time(NULL) again. 2015-09-11 Martin Kletzander tests: Don't use testutils in mock libraries Mock libraries are not built with testutils.c, but there's one which uses VIR_TEST_DEBUG. But because that debug should be an error, if we change it, then it will not only be more semantically correct, but mingw compiler will be happier as well. It also follows suit with all other mock libraries. For few other things, used in this file, need libvirt.la to be added into LIBADD for mingw as well. 2015-09-11 Ian Campbell libxl: don't end job for ephemeal domain on start failure commit 4b53d0d4ac9c "libxl: don't remove persistent domain on start failure" cleans up the vm object and sets it to NULL if the vm is not persistent, however at end job vm (now NULL) is dereferenced via the call to libxlDomainObjEndJob. Avoid this by skipping "endjob" and going straight to "cleanup" in this case. 2015-09-10 Daniel P. Berrange docs: Update devguide.html to point to the new Python dev guide We have a new libvirt-appdev-guide-python which we need to promote to users. Rewrite the existing page to mention it too. Also use the new URL location which is automatically refreshed once a day. 2015-09-10 Andrea Bolognani qemu: Try several network devices when looking for a default Up until now, the default has been rtl8139, but no check was in place to make sure that device was actually available. Now we try rtl8139, e1000 and virtio-net in turn, checking for availability before using any of them: this means we have a much better chance for the guest to be able to boot. 2015-09-10 Andrea Bolognani qemu: Introduce QEMU_CAPS_DEVICE_VIRTIO_NET This capability can be used to detect whether or not the QEMU binary supports the virtio-net-* network device. qemu: Introduce QEMU_CAPS_DEVICE_E1000 This capability can be used to detect whether or not the QEMU binary supports the e1000 network device. qemu: Introduce QEMU_CAPS_DEVICE_RTL8139 This capability can be used to detect whether or not the QEMU binary supports the rtl8139 network device. 2015-09-09 Martin Kletzander qemu: Report error if per-VM directory cannot be created Commit f1f68ca33433 did not report an error if virFileMakePath() returned -1. Well, who would've guessed function with name starting with 'vir' sets an errno instead of reporting an error the libvirt way. Anyway, let's fix it, so the output changes from: $ virsh start arm error: Failed to start domain arm error: An error occurred, but the cause is unknown to: $ virsh start arm error: Failed to start domain arm error: Cannot create directory '/var/lib/libvirt/qemu/domain-arm': Not a directory Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886 2015-09-09 Martin Kletzander Revert "docs: Drop unused rule for internals/%.html.tmp target" This reverts commit e5470dd0e0a5be02cbf18a882cfc676b39d1c1a5. This has been ACK'd by the original author in the original mail thread: https://www.redhat.com/archives/libvir-list/2015-September/msg00310.html The reason to revert this is due to the patch breaking the generation of internal subsites. The original issue still needs to be dealt with, though. 2015-09-09 Peter Krempa qemu: migration: Relax enforcement of memory hotplug support If the current live definition does not have memory hotplug enabled, but the persistent one does libvirt would reject migration if the destination does not support memory hotplug even if the user didn't want to persist the VM at the destination and thus the XML containing the memory hotplug definition would not be used. To fix this corner case the code will check for memory hotplug in the newDef only if VIR_MIGRATE_PERSIST_DEST was used. 2015-09-08 Martin Kletzander docs: Remove last use of double semicolon in Makefile Double semicolons have special meaning in makefiles, but they would have to be combined with other rules witch such separators in order to be used as intended. Since there are no other rules like that, let's clean it up. 2015-09-08 Martin Kletzander util: Add win32 version of virFileUnlink Commit 35847860f65f Added the virFileUnlink function, but failed to add a version for mingw build, causing the following error: Cannot export virFileUnlink: symbol not defined 2015-09-08 Luyao Huang conf: fix crash when parsing a unordered NUMA https://bugzilla.redhat.com/show_bug.cgi?id=1260846 Introduced by 8fedbbdb, if we parse an unordered NUMA cell, will get a segfault. This is because of a check for overlapping @cpus sets we have there. However, since the array to hold guest NUMA cells is allocated upfront and therefore it contains all zeros, an out of order cell will break our assumption that cell IDs have increasing character. At this point we try to access yet NULL bitmap and therefore segfault. 2015-09-08 Erik Skultety admin: Resolve leaked reference to private data Running valgrind on a very simplistic program consisting only of opening and closing admin connection (virAdmConnect{Open,Close}) shows a leak in remoteAdminPrivNew, because the last reference to privateData is not decremented, thus the object won't be disposed. This patch unrefs the privateData object once we closed the active connection to daemon, making further use of this connection useless. ==24577== at 0x4A089C7: calloc (in /usr/lib64/valgrind/vgpreload_***linux.so) ==24577== by 0x4E8835F: virAllocVar (viralloc.c:560) ==24577== by 0x4EDFA5C: virObjectNew (virobject.c:193) ==24577== by 0x4EDFBD4: virObjectLockableNew (virobject.c:219) ==24577== by 0x4C14DAF: remoteAdminPrivNew (libvirt-admin.c:152) ==24577== by 0x4C1537E: virAdmConnectOpen (libvirt-admin.c:308) ==24577== by 0x400BAD: main (listservers.c:39) ==24577== LEAK SUMMARY: ==24577== definitely lost: 80 bytes in 1 blocks ==24577== indirectly lost: 840 bytes in 6 blocks ==24577== possibly lost: 0 bytes in 0 blocks ==24577== still reachable: 12,179 bytes in 199 blocks ==24577== suppressed: 0 bytes in 0 blocks 2015-09-08 Matthias Bolte vmx: Add handling for CDROM devices with SCSI passthru https://bugzilla.redhat.com/show_bug.cgi?id=1172544 vmx: The virVMXParseDisk deviceType can be NULL, add some missing checks 2015-09-07 Jiri Denemark cpu: Introduce IvyBridge CPU model https://bugzilla.redhat.com/show_bug.cgi?id=1254420 2015-09-07 Michal Privoznik virsh: Slightly rework cmdDomblklist Let's move some variables from an inside loop to global function declaration header block. It's going to be easier for next patches. At the same time, order the cleanup calls at the function's end so it's easier to track which variables are freed and which not. .gitignore: Ignore the correct rename example binary In e755186c5c305a9 we tried to introduce an example demonstrating new virDomainRename API. Unfortunately, in the .gitignore we had a different binary listed. It's 'rename' binary which we want git to ignore, not 'test'. 2015-09-07 Martin Kletzander examples: Add missing build data for 'rename' Commit e755186c5c30 added the rename example, but forgot to build some essential files in there as well as add it to the spec file. 2015-09-05 Matthias Bolte vmx: Some whitespace cleanup 2015-09-05 John Ferlan conf: Remove need for a couple of sa_asserts Remove the need for a couple of sa_asserts. util: Avoid Coverity FORWARD_NULL Coverity claims it could be possible to call virDBusTypeStackFree with *stack == NULL and although the two API's that call it don't appear to allow that - I suppose it's better to be safe than sorry virfile: Avoid Coverity IDENTICAL_BRANCHES error In virFileNBDDeviceFindUnused if virFileNBDDeviceIsBusy returns 0, then both branches jumped to cleanup, so just use ignore_value since the function returns NULL or some memory and the caller handles the error. lxc: Avoid Coverity SIZEOF_MISMATCH Commit id '692e9fac7' used virProcessSetNamespaces instead of inlining the similar functionality; however, Coverity notes that the function prototype expects a size_t value and not an enum and complains. So, just typecast the enum as a size_t to avoid the noise. qemu: Check virGetLastError return value for migration finish failure Commit id '2e7cea243' added a check for an error from Finish instead of 'unexpected error'; however, if for some reason there wasn't an error, then virGetLastError could return NULL resulting in the NULL pointer deref to err->domain. 2015-09-05 Martin Kletzander Change name of the domain upon successful rename Add example that renames domain there and back And in the middle it prints out its name to demonstrate changes in later patch(es). 2015-09-04 Jiri Denemark examples: Add example polkit ACL rules Creating ACL rules is not exactly easy and existing examples are pretty simple. This patch adds a somewhat complex example which defines several roles. Admins can do everything, operators can do basic operations on any domain and several groups of users who act as operators but only on a limited set of domains. 2015-09-04 John Ferlan qemu: Need to check for machine.os when using ADDRESS_TYPE_CCW https://bugzilla.redhat.com/show_bug.cgi?id=1258361 When attaching a disk, controller, or rng using an address type ccw or s390, we need to ensure the support is provided by both the machine.os and the emulator capabilities (corollary to unconditional setting when address was not provided for the correct machine.os and emulator. For an inactive guest, an addition followed by a start would cause the startup to fail after qemu_command builds the command line and attempts to start the guest. For an active guest, libvirtd would crash. 2015-09-04 John Ferlan qemu: Introduce qemuDomainMachineIsS390CCW Rather than have different usages of STR function in order to determine whether the domain is s390-ccw or s390-ccw-virtio, make a single API which will check the machine.os prefix. Then use the function. 2015-09-04 Erik Skultety vsh: Make vshInitDebug static There's no reason why debug initialization could not be made completely hidden, just like readline initialization is. The point of the global initializer vshInit is to make initialization of smaller features transparent to the user/caller. virsh: Do not make interactive mode default Currently, we set interactive mode as default possibly reverting the setting after we parse the command line arguments. There's nothing particulary wrong with that, but a call to vshReadlineInit is performed always in the global initializer just because the default mode is interactive. Rather than moving vshReadlineInit call somewhere else (because another client might want to implement interactive mode only), we could make the decision if we're about to run in interactive mode once the command line is parsed. vsh: Introduce vshInitReload Commit a0b6a36f separated vshInitDebug from the original vshInit (before virsh got split and vshInit became virshInit - commit 834c5720) in order to be able to debug command line parsing. After the parsing is finished, debugging is reinitialized to work properly. There might as well be other features that require re-initialization as the command line could specify parameters that override our defaults which had been set prior to calling vshArgvParse. vsh: adjust vshInit signature and remove redundant error label As part of the effort to stay consistent, change the vshInit signature from returning int to returning bool. Moreover, remove the unnecessary error label as there is no cleanup that would make use of it. 2015-09-04 Jim Fehlig libxl: don't overwrite error from virNetSocketNewConnectTCP() Remove redundant error reporting in libxlDomainMigrationPerform(). virNetSocketNewConnectTCP() is perfectly capable of reporting sensible errors. 2015-09-04 Pavel Hrdina domain-conf: escape string for socket attribute Commit d091518b tried to escape all strings in produced XML, but missed this one. 2015-09-03 Laine Stump util: don't use netlink to save/set mac for macvtap+passthrough+802.1Qbh Before libvirt sets the MAC address of the physdev (the physical ethernet device) linked to a macvtap passthrough device, it always saves the previous MAC address to restore when the guest is finished (following a "leave nothing behind" policy). For a long time it accomplished the save/restore with a combination of ioctl(SIOCGIFHWADDR) and ioctl(SIOCSIFHWADDR), but in commit cbfe38c (first in libvirt 1.2.15) this was changed to use netlink RTM_GETLINK and RTM_SETLINK commands sent to the Physical Function (PF) of any device that was detected to be a Virtual Function (VF). We later found out that this caused problems with any devices using the Cisco enic driver (e.g. vmfex cards) because the enic driver hasn't implemented the function that is called to gather the information in the IFLA_VFINFO_LIST attribute of RTM_GETLINK (ndo_get_vf_config() for those keeping score), so we would never get back a useful response. In an ideal world, all drivers would implement all functions, but it turns out that in this case we can work around this omission without any bad side effects - since all macvtap passthrough definitions pointing to a physdev that uses the enic driver *must* have a , and since no other type of ethernet devices use 802.1Qbh, libvirt can change its behavior in this case to use the old-style. ioctl(SIOC[GS]IFHWADDR). That's what this patch does. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1257004 2015-09-03 Laine Stump util: make virNetDev(Replace|Restore)MacAddress public functions These functions were made static as a part of commit cbfe38c since they were no longer called from outside virnetdev.c. We once again need to call them from another file, so this patch makes them once again public. 2015-09-03 Michal Privoznik remoteClientCloseFunc: Don't mangle connection object refcount Well, in 8ad126e6 we tried to fix a memory corruption problem. However, the fix was not as good as it could be. I mean, the commit has one line more than it should. I've noticed this output just recently: # ./run valgrind --leak-check=full --show-reachable=yes ./tools/virsh domblklist gentoo ==17019== Memcheck, a memory error detector ==17019== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==17019== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info ==17019== Command: /home/zippy/work/libvirt/libvirt.git/tools/.libs/virsh domblklist gentoo ==17019== Target Source ------------------------------------------------ fda /var/lib/libvirt/images/fd.img vda /var/lib/libvirt/images/gentoo.qcow2 hdc /home/zippy/tmp/install-amd64-minimal-20150402.iso ==17019== Thread 2: ==17019== Invalid read of size 4 ==17019== at 0x4EFF5B4: virObjectUnref (virobject.c:258) ==17019== by 0x5038CFF: remoteClientCloseFunc (remote_driver.c:552) ==17019== by 0x5069D57: virNetClientCloseLocked (virnetclient.c:685) ==17019== by 0x506C848: virNetClientIncomingEvent (virnetclient.c:1852) ==17019== by 0x5082136: virNetSocketEventHandle (virnetsocket.c:1913) ==17019== by 0x4ECD64E: virEventPollDispatchHandles (vireventpoll.c:509) ==17019== by 0x4ECDE02: virEventPollRunOnce (vireventpoll.c:658) ==17019== by 0x4ECBF00: virEventRunDefaultImpl (virevent.c:308) ==17019== by 0x130386: vshEventLoop (vsh.c:1864) ==17019== by 0x4F1EB07: virThreadHelper (virthread.c:206) ==17019== by 0xA8462D3: start_thread (in /lib64/libpthread-2.20.so) ==17019== by 0xAB441FC: clone (in /lib64/libc-2.20.so) ==17019== Address 0x139023f4 is 4 bytes inside a block of size 240 free'd ==17019== at 0x4C2B1F0: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==17019== by 0x4EA8949: virFree (viralloc.c:582) ==17019== by 0x4EFF6D0: virObjectUnref (virobject.c:273) ==17019== by 0x4FE74D6: virConnectClose (libvirt.c:1390) ==17019== by 0x13342A: virshDeinit (virsh.c:406) ==17019== by 0x134A37: main (virsh.c:950) The problem is, when registering remoteClientCloseFunc(), it's conn->closeCallback which is ref'd. But in the function itself it's conn->closeCallback->conn what is unref'd. This is causing imbalance in reference counting. Moreover, there's no need for the remote driver to increase/decrease conn refcount since it's not used anywhere. It's just merely passed to client registered callback. And for that purpose it's correctly ref'd in virConnectRegisterCloseCallback() and then unref'd in virConnectUnregisterCloseCallback(). 2015-09-03 Michal Privoznik vshInit: Don't leak @histsize_env Caller is responsible for freeing the result of virStringJoin() when no longer needed: ==10701== 1 bytes in 1 blocks are definitely lost in loss record 1 of 806 ==10701== at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==10701== by 0xAADB679: strdup (in /lib64/libc-2.20.so) ==10701== by 0x4F18655: virStrdup (virstring.c:726) ==10701== by 0x4F175AF: virStringJoin (virstring.c:165) ==10701== by 0x131D4D: vshReadlineInit (vsh.c:2572) ==10701== by 0x1322DF: vshInit (vsh.c:2736) ==10701== by 0x1347C1: main (virsh.c:907) 2015-09-02 John Ferlan storage: Handle failure from refreshVol Commit id '155ca616' added the 'refreshVol' API. In an NFS root-squash environment it was possible that if the just created volume from XML wasn't properly created with the right uid/gid and/or mode, then the followup refreshVol will fail to open the volume in order to get the allocation/ capacity values. This would leave the volume still on the server and cause a libvirtd crash because 'voldef' would be in the pool list, but the cleanup code would free it. 2015-09-02 John Ferlan storage: Correct the 'mode' check Commit id '7c2d65dde2' changed the default value of mode to be -1 if not supplied in the XML, which should cause creation of the volume using the default mode of VIR_STORAGE_DEFAULT_VOL_PERM_MODE; however, the check made was whether mode was '0' or not to use default or provided value. This patch fixes the issue to check if the 'mode' was provided in the XML and use that value. 2015-09-02 John Ferlan virfile: Introduce virFileUnlink In an NFS root-squashed environment the 'vol-delete' command will fail to 'unlink' the target volume since it was created under a different uid:gid. This code continues the concepts introduced in virFileOpenForked and virDirCreate[NoFork] with respect to running the unlink command under the uid/gid of the child. Unlike the other two, don't retry on EACCES (that's why we're here doing this now). 2015-09-02 John Ferlan virfile: Add error for root squash change mode failure This will only be seen when debugging, but in order to help determine whether a virFileOpenForceOwnerMode failed during an NFS root-squash volume/file creation, add an error message from the child. 2015-09-02 Jonathan Toppins qemu: add udp interface support Adds a new interface type using UDP sockets, this seems only applicable to QEMU but have edited tree-wide to support the new interface type. The interface type required the addition of a "localaddr" (local address), this then maps into the following xml and qemu call.
    QEMU call: -net socket,udp=127.0.0.1:11112,localaddr=127.0.0.1:22222 Notice the xml "local" entry becomes the "localaddr" for the qemu call. reference: http://lists.gnu.org/archive/html/qemu-devel/2011-11/msg00629.html 2015-09-02 Ján Tomko Post release version bump to 1.2.20 2015-09-02 Daniel Veillard Release of libvirt-1.2.19 * docs/news.html.in libvirt.spec.in: updated for the release * po/*.po*: regenerated 2015-08-31 Michal Privoznik src: Check for symbols ordering in ADMIN_SYM_FILES Like we are checking for the correct order in SYM_FILES, we should do the same for ADMIN_SYM_FILES. src: Cleanup libvirt_admin.syms It's a generated file, so after 'distclean' it should be gone. But it isn't yet. src: Check libvirt_admin.syms for exported symbols We have this check rule in src/Makefile: check-symfile that should check if all symbols we wanted to export are exported. Moreover, if we are not exporting something more. Do the same with libvirt_admin.syms. 2015-08-30 Guido Günther apparmor: Adjust path to domain monitor socket f1f68ca33 moved the monitor socket to a per domain directory. Adjust the path accordingly. 2015-08-29 Laine Stump util: fallback to ioctl(SIOCBRDELBR) if netlink RTM_DELLINK fails commit 09778e09 switched from using ioctl(SIOCBRDELBR) for bridge device deletion to using a netlink RTM_DELLINK message, which is the more modern way to delete a bridge (and also doesn't require the bridge to be ~IFF_UP to succeed). However, although older kernels (e.g. 2.6.32, in RHEL6/CentOS6) support deleting *some* link types with RTM_NEWLINK, they don't support deleting bridges, and there is no compile-time way to figure this out. This patch moves the body of the SIOCBRDELBR version of virNetDevBridgeDelete() into a static function, calls the new function from the original, and also calls the new function from the RTM_DELLINK version if the RTM_DELLINK message generates an EOPNOTSUPP error. Since RTM_DELLINK is done from the subordinate function virNetlinkDelLink, which is also called for other purposes (deleting a macvtap interface), a function pointer called "fallback" has been added to the arglist of virNetlinkDelLink() - if that arg != NULL, the provided function will be called when (and only when) RTM_DELLINK fails with EOPNOTSUPP. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1252780 (part 2) 2015-08-29 Laine Stump util: fallback to ioctl(SIOCBRADDBR) if netlink RTM_NEWLINK fails commit fc7b23db switched from using ioctl(SIOCBRADDBR) for bridge creation to using a netlink RTM_NEWLINK message with IFLA_INFO_KIND = "bridge", which is the more modern way to create a bridge. However, although older kernels (e.g. 2.6.32, in RHEL6/CentOS6) support creating *some* link types with RTM_NEWLINK, they don't support creating bridges, and there is no compile-time way to figure this out (since the "type" isn't an enum, but rather a character string). This patch moves the body of the SIOCBRADDBR version of virNetDevBridgeCreate() into a static function, calls the new function from the original, and also calls the new function from the RTM_NEWLINK version if the RTM_NEWLINK message generates an EOPNOTSUPP error. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1252780 2015-08-28 Jim Fehlig Revert "LXC: show used memory as 0 when domain is not active" This reverts commit 1ce7c1d20cfd5afb26d2dbc88201085d52415d0e, which introduced a significant semantic change to the virDomainGetInfo() API. Additionally, the change was only made to 2 of the 15 virt drivers. Conflicts: src/qemu/qemu_driver.c 2015-08-28 Jim Fehlig libxl: acquire a job when receiving a migrating domain Commit f86ae403 moved acquiring a job from libxlDomainStart() to its callers. One spot missed was in libxlDoMigrateReceive(). Acquire a job in libxlDoMigrateReceive() before calling libxlDomainStart(). libxl: don't attempt to resume domain when suspend fails Failure of libxl_domain_suspend() does not leave the domain in a suspended state, so no need to call libxl_domain_resume(), which btw will fail with "domain not suspended". 2015-08-28 Jim Fehlig libxl: fix ref counting of libxlMigrationDstArgs This patch fixes some flawed logic around ref counting the libxlMigrationDstArgs object. First, when adding sockets to the event loop with virNetSocketAddIOCallback(), the generic virObjectFreeCallback() was registered as a free function, with libxlMigrationDstArgs as its parameter. A reference was also taken on libxlMigrationDstArgs for each successful call to virNetSocketAddIOCallback(). The rational behind this logic was that the libxlMigrationDstArgs object had to out-live the socket objects. But virNetSocketAddIOCallback() already takes a reference on socket objects, ensuring their life until removed from the event loop and unref'ed in virNetSocketEventFree(). We only need to ensure libxlMigrationDstArgs lives until libxlDoMigrateReceive() finishes, which can be done by simply unref'ing libxlMigrationDstArgs at the end of libxlDoMigrateReceive(). The second flaw was unref'ing the sockets in the failure path of libxlMigrateReceive() and at the end of libxlDoMigrateReceive(). As mentioned above, the sockets are already unref'ed by virNetSocketEventFree() when removed from the event loop. Attempting to unref the socket a second time resulted in a libvirtd crash since the socket was previously unref'ed and disposed. 2015-08-27 Michal Privoznik Revert "lxc: ensure setns() syscall is defined" After my previous commit this commit is no longer needed. This reverts commit eff95ac8fce8af47c0948a1c8a654b210633a350. 2015-08-27 Michal Privoznik lxc_container: Turn lxcAttachNS into calling virProcessSetNamespaces Now that virProcessSetNamespaces() does accept FD list in the correct format, we can simply turn lxcAttachNS into calling virProcessSetNamespaces(). libvirt_lxc: Claim success for --help So far, if libvirt_lxc binary (usually to be found under /usr/libexec/) is run with --help, due to a missing line and our usual functions pattern, an 'uknown' error is returned. Yeah, the help is printed out, but we should not claim error. util: Allow virProcessSetNamespaces() to have sparse FD list So far, the virProcessSetNamespaces() takes an array of FDs that it tries to set namespace on. However, in the very next commit this array may be sparse, having some -1's in it. Teach the function to cope with that. 2015-08-27 Michal Privoznik virt-aa-helper: Improve valid_path So, after some movement in virt-aa-helper, I've noticed the virt-aa-helper-test failing. I've ran gdb (it took me a while to realize how to do that) and this showed up immediately: Program received signal SIGSEGV, Segmentation fault. strlen () at ../sysdeps/x86_64/strlen.S:106 106 ../sysdeps/x86_64/strlen.S: No such file or directory. (gdb) bt #0 strlen () at ../sysdeps/x86_64/strlen.S:106 #1 0x0000555555561a13 in array_starts_with (str=0x5555557ce910 "/tmp/tmp.6nI2Fkv0KL/1.img", arr=0x7fffffffd160, size=-1540438016) at security/virt-aa-helper.c:525 #2 0x0000555555561d49 in valid_path (path=0x5555557ce910 "/tmp/tmp.6nI2Fkv0KL/1.img", readonly=false) at security/virt-aa-helper.c:617 #3 0x0000555555562506 in vah_add_path (buf=0x7fffffffd3e0, path=0x5555557cb910 "/tmp/tmp.6nI2Fkv0KL/1.img", perms=0x555555581585 "rw", recursive=false) at security/virt-aa-helper.c:823 #4 0x0000555555562693 in vah_add_file (buf=0x7fffffffd3e0, path=0x5555557cb910 "/tmp/tmp.6nI2Fkv0KL/1.img", perms=0x555555581585 "rw") at security/virt-aa-helper.c:854 #5 0x0000555555562918 in add_file_path (disk=0x5555557d4440, path=0x5555557cb910 "/tmp/tmp.6nI2Fkv0KL/1.img", depth=0, opaque=0x7fffffffd3e0) at security/virt-aa-helper.c:931 #6 0x00007ffff78f18b1 in virDomainDiskDefForeachPath (disk=0x5555557d4440, ignoreOpenFailure=true, iter=0x5555555628a6 , opaque=0x7fffffffd3e0) at conf/domain_conf.c:23286 #7 0x0000555555562b5f in get_files (ctl=0x7fffffffd670) at security/virt-aa-helper.c:982 #8 0x0000555555564100 in vahParseArgv (ctl=0x7fffffffd670, argc=5, argv=0x7fffffffd7e8) at security/virt-aa-helper.c:1277 #9 0x00005555555643d6 in main (argc=5, argv=0x7fffffffd7e8) at security/virt-aa-helper.c:1332 So I've taken look at valid_path() because it is obviously calling array_starts_with() with malformed @size. And here's the result: there are two variables to hold the size of three arrays and their value is recalculated before each call of array_starts_with(). What if we just use three variables, initialize them and do not touch them afterwards? 2015-08-27 John Ferlan lxc: Resolve Coverity RESOURCE_LEAK Commit id 'c27553b6e' added a return -1 in a failure path without the necessary VIR_FREE(stack) 2015-08-27 Luyao Huang qemu: Emit correct audit message for memory hot unplug https://bugzilla.redhat.com/show_bug.cgi?id=1226234#c3 If the qemu monitor fails to remove the memory from the guest for any reason, the auditlog message will incorrectly use the current actual memory (via virDomainDefGetMemoryActual) instead of the value we were attempting to reduce to. The result is the 'new-mem' and 'old-mem' values for the auditlog message would be identical. This patch creates a local 'newmem' which accounts for the current memory size minus the memory which is being removed. NB, for the success case this results in the same value that would be returned by virDomainDefGetMemoryActual without the need to do the math. This follows the existing code which would subtract the size for cur_balloon. 2015-08-27 Luyao Huang qemu: Emit correct audit message for memory hot plug https://bugzilla.redhat.com/show_bug.cgi?id=1226234#c3 Prior to this patch, after successfully hot plugging memory the audit log indicated that the update failed, e.g.: type=VIRT_RESOURCE ... old-mem=1024000 new-mem=1548288 \ exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=pts/2 res=failed This patch will adjust where virDomainAuditMemory is called to ensure the proper 'ret' value is used based on success or failure. Additionally, the audit message should include the size of the memory we were attempting to change to rather than the current actual size. On failure to add, the message showed the same value for old-mem and new-mem. In order to do this, introduce a 'newmem' local which will compute the new size based on the oldmem size plus the size of memory we are about to add. NB: This would be the same as calling the virDomainDefGetMemoryActual again on success, but avoids the overhead of recalculating. Plus cur_balloon is already adjusted by the same value, so this follows that. 2015-08-27 Moshe Levi utils: Remove the logging of errors from virNetDevSendEthtoolIoctl This patch remove the logging of errors of ioctl api and instead let the caller to choose what errors to log 2015-08-27 Laine Stump hostdev: skip ACS check when using VFIO for device assignment The ACS checks are meaningless when using the more modern VFIO driver for device assignment since VFIO has its own more complete and exact checks, but I didn't realize that when I added support for VFIO. This patch eliminates the ACS check when preparing PCI devices for assignment if VFIO is being used. This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1256486 2015-08-26 Daniel P. Berrange lxc: ensure setns() syscall is defined Older versions of glibc don't provide the setns() syscall function wrapper, so we must define it ourselves to prevent build failure on old distros. 2015-08-26 Martin Kletzander Start daemon only after filesystems are mounted When images are on mounted filesystems, there is no guarantee libvirtd will start before they are mounted. Since we want to start after both local and remote filesystems are mounted, we need to add both local-fs and remote-fs as targets that should precede starting libvirtd service. 2015-08-26 Peter Kieser virt-aa-helper: add NVRAM store file for read/write This is a cryptographically signed message in MIME format. Some UEFI firmwares may want to use a non-volatile memory to store some variables. If AppArmor is enabled, and NVRAM store file is set currently virt-aa-helper does not add the NVRAM store file to the template. Add this file for read/write when this functionality is defined in domain XML. 2015-08-26 Sergey Bronnikov Fix link to page for Virtuozzo driver 2015-08-26 ik.nitk lxc: Inherit namespace feature This patch adds feature for lxc containers to inherit namespaces. This is very similar to what lxc-tools or docker provides. Look for "man lxc-start" and you will find that you can pass command args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker networking option in which you can give --net=container:NAME_or_ID as an option for sharing +namespace. >From this patch you can add extra libvirt option to share namespace in following way. The netns option is specific to sharenet. It can be used to inherit from existing network namespace. Co-authored: Daniel P. Berrange 2015-08-26 Martin Kletzander qemu: Label correct per-VM path when starting Commit f1f68ca33433825ce0deed2d96f1990200bc6618 overused mdir_name() event though it was not needed in the latest version, hence labelling directory one level up in the tree and not the one it should. If anyone with SElinux managed to try run a domain with guest agent set up, it's highly possible that they will need to run 'restorecon -F /var/lib/libvirt/qemu/channel/target' to fix what was done. Reported-by: Luyao Huang 2015-08-26 Luyao Huang qemu: Update blkio.weight value after successful set https://bugzilla.redhat.com/show_bug.cgi?id=1253107 Make a call virCgroupGetBlkioWeight to re-read blkio.weight right after it is set in order to keep internal data up-to-date. 2015-08-25 Sergey Bronnikov Rename page about vz driver docs: Rename 'parallels' to 'vz' Parallels driver was renamed to Virtuozzo. Replace old name by new one for libvirt docs and schemas. 2015-08-24 Vasiliy Tolstov Eliminate incorrect and unnecessary check for changed IP address Commit aa2cc7 modified a previously unnecessary but innocuous check for interface IP address during interface update incorrectly, causing all attempted updates (e.g. changing link state) to interfaces of type='ethernet' for QEMU to fail. This patch fixes the issue by completely removing the check for IP address, which is pointless since QEMU doesn't support setting interface IP addresses from the domain interface XML anyway. 2015-08-24 Tomas Meszaros virDomainRename: Extend API documentation 2015-08-24 Luyao Huang qemu: add a check for nodeset in qemuDomainSetNumaParamsLive We will try to set the node to cpuset.mems without check if it is available, since we already have helper to check this. Call virNumaNodesetIsAvailable to check if node is available, then try to change it in the cgroup. 2015-08-24 Guido Günther selinux: fix compile errors Remove unused variable, tag unused parameter and adjust return type. introduced by 3f48345f7ec0c44b8ce2371cab454d2118f830b4 CC security/libvirt_security_manager_la-security_selinux.lo security/security_selinux.c: In function 'virSecuritySELinuxDomainSetDirLabel': security/security_selinux.c:2520:5: error: return makes pointer from integer without a cast [-Werror] security/security_selinux.c:2514:9: error: unused variable 'ret' [-Werror=unused-variable] security/security_selinux.c:2509:59: error: unused parameter 'mgr' [-Werror=unused-parameter] 2015-08-24 Guido Günther storage: only run safezero if allocation is > 0 While a zero allocation in safezero should be fine it isn't when we use posix_fallocate which returns EINVAL on a zero allocation. While we could skip the zero allocation in safezero_posix_fallocate it's an optimization to do it for all allocations. This fixes vm installation via virtinst for me which otherwise aborts like: Starting install... Retrieving file linux... | 5.9 MB 00:01 ... Retrieving file initrd.gz... | 29 MB 00:07 ... ERROR Couldn't create storage volume 'virtinst-linux.sBgds4': 'cannot fill file '/var/lib/libvirt/boot/virtinst-linux.sBgds4': Invalid argument' The error was introduced by e30297b0 as spotted by Chunyan Liu 2015-08-24 intrigeri virt-aa-helper: allow access to /usr/share/ovmf/ We forbid access to /usr/share/, but (at least on Debian-based systems) the Open Virtual Machine Firmware files needed for booting UEFI virtual machines in QEMU live in /usr/share/ovmf/. Therefore, we need to add that directory to the list of read only paths. A similar patch was suggested by Jamie Strandboge on https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1483071. 2015-08-24 Guido Günther virt-aa-helper: Simplify restriction logic First check overrides, then read only files then restricted access itself. This allows us to mark files for read only access whose parents were already restricted for read write. Based on a proposal by Martin Kletzander 2015-08-24 Guido Günther virt-aa-helper: document --probing and --dry-run 2015-08-24 Martin Kletzander tests: Use qemuProcessPrepareMonitorChr in qemuxmlnstest The output of that function was not tested until now. In order to keep the paths in /tmp, the test driver config is "fixed" as well. 2015-08-24 Martin Kletzander qemu: Fix access to auto-generated socket paths We are automatically generating some socket paths for domains, but all those paths end up in a directory that's the same for multiple domains. The problem is that multiple domains can each run with different seclabels (users, selinux contexts, etc.). The idea here is to create a per-domain directory labelled in a way that each domain can access its own unix sockets. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886 2015-08-24 Martin Kletzander security_dac: Add SetDirLabel support security_selinux: Add SetDirLabel support security_stack: Add SetDirLabel support security: Add virSecurityDomainSetDirLabel That function can be used for setting security labels on arbitrary directories. security_dac: Label non-listening sockets SELinux security driver already does that, but DAC driver somehow missed the memo. Let's fix it so it works the same way. security_selinux: Use proper structure to access socket data In virSecuritySELinuxSetSecurityChardevLabel() we are labelling unix socket path, but accessing another structure of the union. This does not pose a problem currently as both paths are at the same offset, but this should be fixed for the future. 2015-08-24 Erik Skultety locking: Remove redundant 'srv' element from virLockDaemon Now that we have virNetDaemon object holding all the data and being capable of referencing multiple servers, having a duplicate reference to a single server stored in virLockDaemon isn't necessary anymore. This patch removes the above described element. test: Replace tabs with spaces in virnetdaemondata json files JSON data that are used to initialize tests in virnetdaemontest should be in a consistent format, i.e. not using tabs for indentation, those should be replaced by spaces. 2015-08-22 Andrea Bolognani tests: Add some compatibility-related cases to the CPU tests 2015-08-22 Andrea Bolognani cpu: Move check for NULL CPU model inside the driver While the check is appropriate for eg. the x86 and generic drivers, there are some valid ppc64 guest configurations where the CPU model is supposed to be NULL. Moving this check from the generic code to the drivers makes it possible to accomodate both use cases. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1251927 2015-08-22 Andrea Bolognani cpu: Better support for ppc64 compatibility modes Not all combinations of host CPU models and compatibility modes are valid, so we need to make sure we don't try to do something that QEMU will reject. Moreover, we need to apply a different logic to guests using host-model and host-passthrough modes when testing them for host compatibility. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1251927 2015-08-22 Andrea Bolognani cpu: Don't update host-model guest CPUs on ppc64 If a guest CPU is defined using the sub-element will contain the compatibility mode to use. That means we can't just copy the host CPU model on cpuUpdate(), otherwise we'll overwrite that information and migration of such guests will fail. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1251927 2015-08-21 Martin Kletzander Add generated libvirt_admin.syms into .gitignore Commit a2c5d16a70a6161449c687be74db2813b362cf5e switched to generating libvirt_admin.syms, but forgot to add the generated file into .gitignore, hence causing tree pollution post-build. 2015-08-21 John Ferlan conf: Check for attach disk usage of iothread=0 Since iothreadid = 0 is invalid, we need to check for it when attempting to add a disk; otherwise, someone would think/believe their attempt to add an IOThread to the disk would succeed. Luckily other code ignored things when ->iothread == 0... 2015-08-20 Guido Günther docs: Drop unused rule for internals/%.html.tmp target We're using the %.html.tmp for all html files now so drop the unused one and rather make sure the needed directory exists. This fixes build failures as described in https://www.redhat.com/archives/libvir-list/2015-August/msg00603.html 2015-08-20 Guido Günther libvirt-admin: Generate symbols file Since we're linking this into libvirtd we need some symbols to be public but not part of the public API so mark them as LIBVIRT_ADMIN_PRIVATE_ as we do with libvirt. Making all other symbols local makes sure we don't accidentally leak unwanted ones. 2015-08-20 Guido Günther daemon: Use $(NULL) for libvird_admin's flags This makes it consistent with the other FLAGS in this file and reduced clutter in the diff when adding new entries. 2015-08-20 Roman Bogorodskiy util: fix build without cgroup Commit 89c509a0 added getters for cgroup block device I/O throttling, however stub versions of these functions have not matching function prototypes that result in compilation fail on platforms not supporting cgroup. Fix build by correcting prototypes of the stubbed functions. Pushing under build-breaker rule. 2015-08-20 Cao jin virconf: correct code formatting virConfWalk: fix the inconsistent name Fix inconsistency between function description and actual parameter name. 2015-08-20 Martin Kletzander qemu: Report better error message when renaming to existing domain name 2015-08-19 Martin Kletzander qemu: Sync BlkioDevice values when setting them in cgroups The problem here is that there are some values that kernel accepts, but does not set them, for example 18446744073709551615 which acts the same way as zero. Let's do the same thing we do with other tuning options and re-read them right after they are set in order to keep our internal structures up-to-date. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165580 2015-08-19 Martin Kletzander lxc: Sync BlkioDevice values when setting them in cgroups The problem here is that there are some values that kernel accepts, but does not set them, for example 18446744073709551615 which acts the same way as zero. Let's do the same thing we do with other tuning options and re-read them right after they are set in order to keep our internal structures up-to-date. util: Add getters for cgroup block device I/O throttling Since now they were not needed, but I sense they will be in a short while. util: Add virCgroupGetBlockDevString This function translates device paths to "major:minor " string, and all virCgroupSetBlkioDevice* functions are modified to use it. It's a cleanup with no functional change. util: Add virStringGetFirstWithPrefix That function takes string list and returns first string in that list that starts with the @prefix parameter with that prefix being skipped as the caller knows what it starts with (also for easier manipulation in future). 2015-08-19 Michal Privoznik qemuDomainRename: Don't leave a domain locked uppon fail Well, yet again one case of 'goto cleanup' while 'goto endjob' was needed. Sorry. 2015-08-19 John Ferlan qemu: Add check for invalid iothread_id in qemuDomainChgIOThread https://bugzilla.redhat.com/show_bug.cgi?id=1251886 Since iothread_id == 0 is an invalid value for QEMU let's point that out specifically. For the IOThreadDel code, the failure would have ended up being a failure to find the IOThread ID; however, for the IOThreadAdd code - an IOThread 0 was added and that isn't good. It seems during many reviews/edits to the code the check for iothread_id = 0 being invalid was lost - it could have originally been in the API code, but requested to be moved - I cannot remember. 2015-08-19 John Ferlan api: Adjust comment for virDomainAddIOThread The comment for the function indicated that iothread_id had to be a positive non-zero value; however, that wasn't checked - that is a value of 0 is/was allowed by the API and was left up to the hypervisor to reject the value. More than likely this nuance was missed during the many "adjustments" to the API in the review phase. 2015-08-19 John Ferlan api: Remove check on iothread_id arg in virDomainPinIOThread Allow 0 as an iothread_id and force the hypervisor to handle. The qemuDomainPinIOThread API will look up the iothread_id of 0 and not find it and message that anyway. 2015-08-19 Luyao Huang qemuDomainAddCgroupForThread: Don't overwrite the error Just like in commit 704cf06, if virCgroup*() fails, the error is already reported. There's no need to overwrite the error with a generic one and possibly hiding the true root cause of the error. 2015-08-19 Cao jin virconf: fix the inconsistent name Fix inconsistency between function description and actual parameter name in virConfGetValue/virConfSetValue. 2015-08-18 Luyao Huang virsh: Reset global error after successfull domain lookup When looking up a domain, we try to look up by ID, UUID and NAME consequently while not really caring which of those lookups succeeds. The problem is that if any of them fails, we dispatch the error from the driver and that means setting both threadlocal and global error. Let's say the last lookup (by NAME) succeeds and resets the threadlocal error as any other API does, however leaving the global error unchanged. If the underlying virsh command does not succeed afterwards, our cleanup routine in vshCommandRun ensures that no libvirt error will be forgotten and that's exactly where this global error comes in incorrectly. # virsh domif-setlink 123 vnet1 up error: interface (target: vnet1) not found error: Domain not found: no domain with matching id 123 This patch also resets the global error which would otherwise cause some minor confusion in reported error messages. https://bugzilla.redhat.com/show_bug.cgi?id=1254152 2015-08-18 Eric Blake build: fix mingw build Ever since commit e44b0269, 64-bit mingw compilation fails with: ../../src/util/virprocess.c: In function 'virProcessGetPids': ../../src/util/virprocess.c:628:50: error: passing argument 4 of 'virStrToLong_i' from incompatible pointer type [-Werror=incompatible-pointer-types] if (virStrToLong_i(ent->d_name, NULL, 10, &tmp_pid) < 0) ^ In file included from ../../src/util/virprocess.c:59:0: ../../src/util/virstring.h:53:5: note: expected 'int *' but argument is of type 'pid_t * {aka long long int *}' int virStrToLong_i(char const *s, ^ cc1: all warnings being treated as errors Although mingw won't be using this function, it does compile the file, and the fix is relatively simple. * src/util/virprocess.c (virProcessGetPids): Don't assume pid_t fits in int. 2015-08-18 Michal Privoznik qemuDomainRename: Explicitly check if domain is renaming to itself It may happen that user (mistakenly) wants to rename a domain to itself. Which is no renaming at all. We should reject that with some meaningful error message. virHashAddEntry: Report error on duplicate key If this function fails, the error message is reported only in some cases (e.g. OOM), but in some it's not (e.g. duplicate key). This fact is painful and we should either not report error at all or report the error in all possible cases. I vote for the latter. Unfortunately, since the key may be an arbitrary value (not necessarily a string) we can't report it in the error message. virHashAddOrUpdateEntry: Turn @new_name into void * In 9190f0b0 we've tried to fix an OOM. And boy, was that fix successful. But back then, the hash table implementation worked strictly over string keys, which is not the case anymore. Hash table have this function keyCopy() which returns void *. Therefore a local variable that is temporarily holding the intermediate return value from that function should be void * too. 2015-08-18 Luyao Huang libvirt-domain: forbid use virDomainRename in readonly connection This function will change the guest name, we shouldn't allow the readonly user do this. virsh: fix always return false in domrename 2015-08-16 John Ferlan qemu: Resolve Coverity UNINIT Coverity complained that 'vm' wasn't initialized before jumping to cleanup: and calling virDomainObjEndAPI if the VIR_STRDUP fails. So I initialized vm = NULL and also moved the VIR_STRDUP closer to usage and used endjob for goto. Lots of other reasons for failures. 2015-08-15 Martin Kletzander protocol: Don't use rename as a variable name That causes shadowing errors on older compilers. 2015-08-15 Moshe Levi Remove static keyword from vshReadline when readline does not exist This patch removes the static keyword from the vshReadline which was introduced in commit 834c5720e4434f0bcc807bb1cf20855af63e24a3. With readline the vshReadline function is not static but when compiling without readline it was defined as static which caused compilation error. 2015-08-14 Erik Skultety tools: Introduce new client generic module vsh In order to share as much virsh' logic as possible with upcomming virt-admin client we need to split virsh logic into virsh specific and client generic features. Since majority of virsh methods should be generic enough to be used by other clients, it's much easier to rename virsh specific data to virshX than doing this vice versa. It moved generic virsh commands (including info and opts structures) to generic module vsh.c. Besides renaming methods and structures, this patch also involves introduction of a client specific control structure being referenced as private data in the original control structure, introduction of a new global vsh Initializer, which currently doesn't do much, but there is a potential for added functionality in the future. Lastly it introduced client hooks which are especially necessary during client connecting phase. 2015-08-14 Tomas Meszaros qemu: Implement virDomainRename Currently supports only renaming inactive domains without snapshots. Introduce new VIR_DOMAIN_EVENT_DEFINED_RENAMED event This should be emitted whenever a domain is renamed. 2015-08-14 Tomas Meszaros domain_conf: Introducde virDomainObjListRenameAddNew() & virDomainObjListRenameRemove() We just need to update the entry in the second hash table. Since commit 8728a56 we have two hash tables for the domain list so that we can do O(1) lookup regardless of looking up by UUID or name. Since with renaming a domain UUID does not change, we only need to update the second hash table, where domains are referenced by their name. We will call both functions from the qemuDomainRename(). 2015-08-14 Tomas Meszaros virsh: Implement "domrename" command This patch implements new virsh command, domrename. Using domrename, it will be possible to rename domain from the virsh shell by calling virRenameDomain API. It takes two arguments, current domain name and new domain name. Example: virsh # list --all Id Name State ---------------------------------------------------- - bar shut off virsh # domrename bar foo Domain successfully renamed virsh # list --all Id Name State ---------------------------------------------------- - foo shut off virsh # 2015-08-14 Tomas Meszaros Introduce virDomainRename API Also, among with this new API new ACL that restricts rename capability is invented too. 2015-08-14 Guido Günther Detect location of qemu-bridge-helper RedHat and Debian based distros use different locations Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790935 2015-08-14 Guido Günther Check if qemu-bridge-helper exists and is executable Otherwise the error is just error: Failed to create domain from test1.xml error: failed to retrieve file descriptor for interface: Transport endpoint is not connected since we don't get a sensible error after the fork. 2015-08-13 John Ferlan conf: Remove 'vmdef' from virDomainHostdevDefParseXML Since it's not used, let's remove it to avoid any future usage. 2015-08-13 Martin Kletzander qemu: Use numad information when getting pin information Pinning information returned for emulatorpin and vcpupin calls is being returned from our data without querying cgroups for some time. However, not all the data were utilized. When automatic placement is used the information is not returned for the calls mentioned above. Since the numad hint in private data is properly saved/restored, we can safely use it to return true information. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1162947 2015-08-13 Martin Kletzander qemu: Keep numad hint after daemon restart The numad hint stored in priv->autoNodeset is information that gets lost during daemon restart. And because we would like to use that information in the future, we also need to save it in the status XML. For the sake of tests, we need to initialize nnumaCell_max to some value, so that the restoration doesn't fail in our test suite. There is no need to fill in the actual numa cell data since the recalculating function virCapabilitiesGetCpusForNodemask() will not fail, it will just skip filling the data in the bitmap which we don't use in tests anyway. conf: Pass private data to Parse function of XML options This needs a reorder of XML option definitions. It might come in handy one day. qemu: Fix segfault when parsing private domain data When parsing private domain data, there are two paths that are flawed. They are both error paths, just from different parts of the function. One of them can call free() on an uninitialized pointer. Initialization to NULL is enough here. The other one is a bit trickier to explain, but as easy as the first one to fix. We create capabilities, parse them and then assign them into the private data pointer inside the domain object. If, however, we get to fail from now on, the error path calls unrefs the capabilities and then, when the domain object is being cleaned, qemuDomainObjPrivateFree() tries to unref them as well. That causes a segfault. Settin the pointer to NULL upon successful addition to the private data is enough. 2015-08-13 John Ferlan conf: Check for hostdev conflicts when assign default disk address https://bugzilla.redhat.com/show_bug.cgi?id=1210587 (completed) When generating the default drive address for a SCSI device, check the generated address to ensure it doesn't conflict with a SCSI address. The address generation algorithm uses the "dev" name in order to determine which controller and unit in order to place the device. Since a SCSI device doesn't require a target device name, its placement on the guest SCSI address "could" conflict. For instance, if a SCSI exists at controller=0 unit=0 and an attempt to hotplug 'sda' into the guest made, there would be a conflict if the is already using /dev/sda. 2015-08-13 John Ferlan conf: Create locals for virDomainDiskDefAssignAddress Create local controller/bus variables to be used by a future patch 2015-08-13 John Ferlan conf: Add SCSI hostdev check for disk drive address already in use https://bugzilla.redhat.com/show_bug.cgi?id=1210587 (partial) If a SCSI subsystem element address is provided, we need to make sure the address provided doesn't conflict with an existing or libvirt generated address for a SCSI element. We can handle this condition in device post processing since we're not generating an address based on some target name - rather it's either generated based on space or provided from the user. If the user provides one that conflicts, then we need to disallow the change. This will fix the issue where the domain XML provided an
    for the , but not the element where the address provided ends up being the same address used for the . A address is generated using it's assigned 'dev' name prior to the check/validation of the address value. 2015-08-13 Frank Schreuder Drive hot-unplug: reliable parsing of HMP results Hot-unplugging a disk from a guest that supports hot-unplugging generates an error in the libvirt log when running QEMU with the "-msg timestamp=on" flag. 2015-08-06 10:48:59.945+0000: 11662: error : qemuMonitorTextDriveDel:2594 : operation failed: deleting drive-virtio-disk4 drive failed: 2015-08-06T10:48:59.945058Z Device 'drive-virtio-disk4' not found This error is caused because the HMP results are getting prefixed with a timestamp. Parsing the output is not reliable with STRPREFIX as the results can be prefixed with a timestamp. Using strstr ensures that parsing the output works whether the results are prefixed or not. Cc: Stefan Hajnoczi Cc: Daniel P. Berrange 2015-08-12 Laine Stump Revert "qemu: Allow to plug virtio-net-pci into PCIe slot" This reverts commit ede34470fde19c0f326cdb0dfca39fa86fd9ec16, which was apparently written based on testing performed before commits 1e15be1 and 9a12b6 were pushed upstream. Once those two patches are in place, commit ede34470 is redundant, and can even cause incorrect/unexpected behavior when auto-assigning addresses for virtio-net devices. 2015-08-12 Michal Privoznik cmdAttachInterface: Fully implement @floor support In my previous commit d7f5c88961b52 I tried to introduce support for inbound.floor. But the code change was incomplete. This is the change needed to fully enable the feature. networkBandwidthGenericChecks: Drop useless check There's a check right at the beginning of the function that shortcuts if the function was called over all NULL arguments. However, this was meant just as a fool-proof check so that we don't crash if function is used in a bad manner. Anyway, it makes Coverity unhappy as it then thinks any of the arguments could be NULL. Well, with the current state of the code it can't. networkBandwidthUpdate: Don't blindly dereference pointers It may happen that an interface don't have any bandwidth set and a new one is to be set. In that case, @ifaceBand will be NULL. This will cause troubles later in the code when deciding what to do. 2015-08-12 Peter Krempa virsh: Refactor parseRateStr to avoid false-positive uninitialized variable Commit 6983d6d2 tried to improve parseRateStr but broke the build instead for compilers that were not able to properly introspect the for loop indexed by the enum resulting into the following error: virsh-domain.c: In function 'parseRateStr': virsh-domain.c:916:13: error: 'field_name' may be used uninitialized in this function [-Werror=maybe-uninitialized] vshError(ctl, _("malformed %s field"), field_name); ^ virsh-domain.c:915:13: error: 'tmp' may be used uninitialized in this function [-Werror=maybe-uninitialized] if (virStrToLong_ullp(token, NULL, 10, tmp) < 0) { ^ Rather than trying to fix the code, refactor the function again by reusing virStringSplit. 2015-08-12 Cole Robinson domain: Fix crash if trying to live update disk If you pass XML to UpdateDevice, and the original device didn't have a block, libvirtd crashes trying to read the original NULL serial string. Use _NULLABLE string comparisons to avoid the crash. A couple other properties needed the change too. 2015-08-12 Laine Stump qemu: fix qemuDomainSupportsPCI() for ARM machines of "virt" machinetype Commit e8d5517 updated the domain post-parse to automatically add pcie-root et al for certain ARM "virt" machinetypes, but didn't update the function qemuDomainSupportsPCI() which is called later on when we are auto-assigning PCI addresses and default settings for the PCI controller and attributes. The result was that PCI addresses weren't assigned, and the controllers didn't have their attribute default values set, leading to an error when the domain was started, e.g.: internal error: autogenerated dmi-to-pci-bridge options not set This patch adds the same check made in the earlier patch to qemuDomainSupportsPCI(), so that PCI address auto-assignment and target/model default values will be set. 2015-08-12 Guido Günther virNetSocketCheckProtocols: handle EAI_NONAME as IPv6 unavailable When running the test suite using "unshare -n" we might have IPv6 but no configured addresses. Due to AI_ADDRCONFIG getaddrinfo then fails with EAI_NONAME which we should then treat as IPv6 unavailable. 2015-08-12 Laine Stump util: don't overwrite stack when getting ethtool gfeatures This fixes the crash described here: https://www.redhat.com/archives/libvir-list/2015-August/msg00162.html In short, we were calling ioctl(SIOCETHTOOL) pointing to a too-short object that was a local on the stack, resulting in the memory past the end of the object being overwritten. This was because the struct used by the ETHTOOL_GFEATURES command of SIOCETHTOOL ends with a 0-length array, but we were telling ethtool that it could use 2 elements on the array. The fix is to allocate the necessary memory with VIR_ALLOC_VAR(), including the extra length needed for a 2 element array at the end. 2015-08-12 Andrea Bolognani cpu: Fix segfault in the ppc64 driver Commit adb865d introduced some changes in ppc64DriverNodeData() that cause libvirtd to crash on startup unless this patch is applied as well. 2015-08-11 Michal Privoznik qemu: Implement VIR_DOMAIN_BANDWIDTH_IN_FLOOR Well, there are just two places that needs adjustment: qemuDomainGetInterfaceParameters - to report the @floor qemuDomainSetInterfaceParameters - now that the function has been fixed, we can allow updating @floor too. 2015-08-11 Michal Privoznik virsh: Implement VIR_DOMAIN_BANDWIDTH_IN_FLOOR We have a function parseRateStr() that parses --inbound and --outbound arguments to both attach-interface and domiftune. Now that we have all virTypedParams macros needed for QoS, lets parse even floor attribute. The extended format for the arguments looks like this then: --inbound average[,peak[,burst[,floor]]] 2015-08-11 Michal Privoznik Introduce VIR_DOMAIN_BANDWIDTH_IN_FLOOR This macro represents the single missing field we don't expose yet within QoS: inbound.floor. virsh: Rework parseRateStr The function is used to parse a tuple delimited by commas into virNetDevBandwidth structure. So far only three out of fore fields are supported: average, peak and burst. The single missing field is floor. Well, the parsing works, but I think we can do better. Especially when we will need to parse floor too in very close future. 2015-08-11 Michal Privoznik qemuDomainSetInterfaceParameters: Use new functions to update bandwidth As sketched in previous commits, imagine the following scenario: virsh # domiftune gentoo vnet0 inbound.average: 100 inbound.peak : 0 inbound.burst : 0 outbound.average: 100 outbound.peak : 0 outbound.burst : 0 virsh # domiftune gentoo vnet0 --inbound 0 virsh # shutdown gentoo Domain gentoo is being shutdown virsh # list --all error: Failed to list domains error: Cannot recv data: Connection reset by peer Program received signal SIGSEGV, Segmentation fault. 0x00007fffe80ea221 in networkUnplugBandwidth (net=0x7fff9400c1a0, iface=0x7fff940ea3e0) at network/bridge_driver.c:4881 4881 net->floor_sum -= ifaceBand->in->floor; This is rather unfortunate. We should not SIGSEGV here. The problem is, that while in the second step the inbound QoS was cleared out, the network part of it was not updated (moreover, we don't report that vnet0 had inbound.floor set). Internal structure therefore still had some fragments left (e.g. class_id). So when qemuProcessStop() started to clean up the environment it got to networkUnplugBandwidth(). Here, class_id is set therefore function assumes that there is an inbound QoS. This actually is a fair assumption to make, there's no need for a special QoS box in network's QoS when there's no QoS to set. Anyway, the problem is not the networkUnplugBandwidth() rather than qemuDomainSetInterfaceParameters() which completely forgot about QoS being disperse (some parts are set directly on interface itself, some on bridge the interface is plugged into). 2015-08-11 Michal Privoznik bridge_driver: Introduce networkBandwidthUpdate So, if a domain vNIC's bandwidth has been successfully set, it's possible that because @floor is set on network's bridge, this part may need updating too. And that's exactly what this function does. While the previous commit introduced a function to check if @floor can be satisfied, this does all the hard work. In general, there may be three, well four possibilities: 1) No change in @floor value (either it remain unset, or its value hasn't changed) 2) The @floor value has changed from a non-zero to a non-zero value 3) New @floor is to be set 4) Old @floor must be cleared out The difference between 2), 3) and 4) is, that while in 2) the QoS tree on the network's bridge already has a special class for the vNIC, in 3) the class must be created from scratch. In 4) it must be removed. Fortunately, we have helpers for all three interesting cases. 2015-08-11 Michal Privoznik bridge_driver: Introduce networkBandwidthChangeAllowed When a domain vNIC's bandwidth is to be changed (at runtime) it is possible that guaranteed minimal bandwidth (@floor) will change too. Well, so far it is, because we still don't have an implementation that allows setting it dynamically, so it's effectively erased on: #virsh domiftune $dom vnet0 --inbound 0 However, that's slightly unfortunate. We do some checks on domain startup to see if @floor can be guaranteed. We ought do the same if QoS is changed at runtime. 2015-08-11 Michal Privoznik virNetDevBandwidthUpdateRate: turn class_id into integer This is no functional change. It's just that later in the series we will need to pass class_id as an integer. virNetDevParseMcast: Avoid magic constant There is no guarantee that an enum start it mapped onto a value of zero. However, we are guaranteed that enum items are consecutive integers. Moreover, it's a pity to define an enum to avoid using magical constants but then using them anyway. 2015-08-11 Martin Kletzander conf: Don't try formating non-existing addresses Commit a6f9af8292b6 added checking for address colisions between starting and ending addresses of forwarding addresses, but forgot that there might be no addresses set at all. 2015-08-11 Andrea Bolognani tests: Add a bunch of cpu test case for ppc64 The test cases cover the cpuCompare(), cpuBaseline() and cpuNodeData() implementation. tests: Re-enable ppc64 cpu tests Now that all the changes have been implemented we can run the test cases once again, after updating them to reflect the new behaviour. 2015-08-11 Andrea Bolognani cpu: Forbid model fallback in the ppc64 driver Unlike what happens on x86, on ppc64 you can't mix and match CPU features to obtain the guest CPU you want regardless of the host CPU, so the concept of model fallback doesn't apply. Make sure CPU definitions emitted by the driver, eg. as output of the cpuBaseline() and cpuUpdate() calls, reflect this fact. 2015-08-11 Andrea Bolognani cpu: Implement backwards compatibility in the ppc64 driver All previously recognized CPU models (POWER7_v2.1, POWER7_v2.3, POWER7+_v2.1 and POWER8_v1.0) are internally converted to the corrisponding generation name so that existing guests don't stop working. cpu: Add POWER8NVL information to CPU map XML This is yet another variation of POWER8. The PVR information comes from arch/powerpc/kernel/cputable.c in the Linux kernel tree. cpu: Parse and use PVR masks in the ppc64 driver Instead of relying on a hard-coded mask value, read it from the CPU map XML and use it when looking up models by PVR. 2015-08-11 Andrea Bolognani cpu: Simplify ppc64 part of CPU map XML Use multiple PVRs per CPU model to reduce the number of models we need to keep track of. Remove specific CPU models (eg. POWER7+_v2.1): the corresponding generic CPU model (eg. POWER7) should be used instead to ensure the guest can be booted on any compatible host. Get rid of all the entries that did not match any of the CPU models supported by QEMU, like power8 and power8e. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1250977 2015-08-11 Andrea Bolognani cpu: Support multiple PVRs in the ppc64 driver This will allow us to perform PVR matching more broadly, eg. consider both POWER8 and POWER8E CPUs to be the same even though they have different PVR values. cpu: Align ppc64 CPU data with x86 Use a typedef instead of the plain struct and heap allocation. This will make it easier to extend the ppc64 specific CPU data later on. 2015-08-11 Andrea Bolognani tests: Temporarily disable ppc64 cpu tests The upcoming commits will make heavy modifications to the ppc64 driver, split so that it's easier to review the changes. Instead of updating the test cases so that they pass, possibly only to update them again with the following commit, disable them for the time being. Another commit will update them all in one go once all required changes are in place. 2015-08-11 Andrea Bolognani cpu: Use ppc64Compute() to implement ppc64DriverCompare() This ensures comparison of two CPU definitions will be consistent regardless of the fact that it is performed using cpuCompare() or cpuGuestData(). The x86 driver uses the same exact code. 2015-08-11 Andrea Bolognani cpu: CPU model names have to match on ppc64 Limitations of the POWER architecture mean that you can't run eg. a POWER7 guest on a POWER8 host when using KVM. This applies to all guests, not just those using VIR_CPU_MATCH_STRICT in the CPU definition; in fact, exact and strict CPU matching are basically the same on ppc64. This means, of course, that hosts using different CPUs have to be considered incompatible as well. Change ppc64Compute(), called by cpuGuestData(), to reflect this fact and update test cases accordingly. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1250977 2015-08-11 Andrea Bolognani cpu: Never skip CPU model name check in ppc64 driver ppc64Compute(), called by cpuNodeData(), is used not only to retrieve the driver-specific data associated to a guest CPU definition, but also to check whether said guest CPU is compatible with the host CPU. If the user is not interested in the CPU data, it's perfectly fine to pass a NULL pointer instead of a return location, and the compatibility data returned should not be affected by this. One of the checks, specifically the one on CPU model name, was however only performed if the return location was non-NULL. 2015-08-11 Andrea Bolognani tests: Improve result handling in cpuTestGuestData() A test is considered successful if the obtained result matches the expected result: if that's not the case, whether because a test that was expected to succeed failed or because a test that was supposed to fail succeeded, then something's not right and we want the user to know about this. On the other hand, if a failure that's unrelated to the bits we're testing occurs, then the user should be notified even if the test was expected to fail. Use different values to tell these two situations apart. Fix a test case that was wrongly expected to fail as well. 2015-08-11 Andrea Bolognani tests: Remove unused file No functional changes. 2015-08-11 Andrea Bolognani cpu: Remove ISA information from CPU map XML The information is not used anywhere in libvirt. No functional changes. 2015-08-11 Andrea Bolognani cpu: Reorder functions in the ppc64 driver Having the functions grouped together this way will avoid further shuffling around down the line. No functional changes. 2015-08-11 Andrea Bolognani cpu: Simplify ppc64ModelFromCPU() 2015-08-11 Andrea Bolognani cpu: Simplify NULL handling in ppc64 driver Use briefer checks, eg. (!model) instead of (model == NULL), and avoid initializing to NULL a pointer that would be assigned in the first line of the function anyway. Also remove a pointless NULL assignment. No functional changes. 2015-08-11 Andrea Bolognani cpu: Mark driver functions in ppc64 driver Use the ppc64Driver prefix for all functions that are used to fill in the cpuDriverPPC64 structure, ie. those that are going to be called by the generic CPU code. This makes it clear which functions are exported and which are implementation details; it also gets rid of the ambiguity that affected the ppc64DataFree() function which, despite what the name suggested, was not related to ppc64DataCopy() and could not be used to release the memory allocated for a virCPUppc64Data* instance. No functional changes. 2015-08-11 Erik Skultety admin: Drop 'internal.h' include from libvirt-admin.h This is a public library, it shouldn't include anything that is internal. Including the library in it's current state to an example application fails the preprocessor phase. 2015-08-11 Laine Stump qemu: fail on attempts to use for non-tap network connections nwfilter uses iptables and ebtables, which only work properly on tap-based network connections (*not* on macvtap, for example), but we just ignore any elements for other types of networks, potentially giving users a false sense of security. This patch checks the network type and fails/logs an error if any domain has a when the connection isn't using a tap device. This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1180011 2015-08-11 Laine Stump network: validate network NAT range This patch modifies virSocketAddrGetRange() to function properly when the containing network/prefix of the address range isn't known, for example in the case of the NAT range of a virtual network (since it is a range of addresses on the *host*, not within the network itself). We then take advantage of this new functionality to validate the NAT range of a virtual network. Extra test cases are also added to verify that virSocketAddrGetRange() works properly in both positive and negative cases when the network pointer is NULL. This is the *real* fix for: https://bugzilla.redhat.com/show_bug.cgi?id=985653 Commits 1e334a and 48e8b9 had earlier been pushed as fixes for that bug, but I had neglected to read the report carefully, so instead of fixing validation for the NAT range, I had fixed validation for the DHCP range. sigh. 2015-08-10 Martin Kletzander qemu: Enable ioeventfd usage for virtio-scsi controllers Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1150484 conf: Add ioeventfd option for controllers This will be used with a virtio-scsi controller later on. 2015-08-10 Michal Privoznik virNetDevBandwidthParseRate: Reject negative values https://bugzilla.redhat.com/show_bug.cgi?id=1022292 The following XML really does not make any sense: There can't be a negative packet rate. Well, so far we haven't assigned any meaning to it. So reject it unless users harm themselves, because otherwise we turn the negative numbers into really big values. 2015-08-10 Cao jin qemuMonitorOpenInternal: remove redundant code There's no need to set mon->fd to a dummy value since it's initialized to proper value just a few lines below. 2015-08-10 Martin Kletzander rpc: Remove keepalive_required option Since its introduction in 2011 (particularly in commit f4324e329275), the option doesn't work. It just effectively disables all incoming connections. That's because the client private data that contain the 'keepalive_supported' boolean, are initialized to zeroes so the bool is false and the only other place where the bool is used is when checking whether the client supports keepalive. Thus, according to the server, no client supports keepalive. Removing this instead of fixing it is better because a) apparently nobody ever tried it since 2011 (4 years without one month) and b) we cannot know whether the client supports keepalive until we get a ping or pong keepalive packet. And that won't happen until after we dispatched the ConnectOpen call. Another two reasons would be c) the keepalive_required was tracked on the server level, but keepalive_supported was in private data of the client as well as the check that was made in the remote layer, thus making all other instances of virNetServer miss this feature unless they all implemented it for themselves and d) we can always add it back in case there is a request and a use-case for it. 2015-08-10 Cao jin fix typo in comments 2015-08-10 Michal Privoznik virDomainCoreDumpWithFormat: Mention enum for @dumpformat So the API takes @dumpformat argument. This is what makes it special when compared to virDomainCoreDump. The argument is there so that users can choose the format of resulting core dump file. And to ease them the choosing process we even have an enum with supported values across all the hypervisors. But we don't mention the enum in the function description anywhere. Fix it! 2015-08-10 Laine Stump network: verify proper address family in updates to and By specifying parentIndex in a call to virNetworkUpdate(), it was possible to direct libvirt to add a dhcp range or static host of a non-matching address family to the element of an . For example, given: you could provide a static host entry with an IPv4 address, and specify that it be added to the 2nd element (index 1): virsh net-update default add ip-dhcp-host --parent-index 1 \ '' This would be happily added with no error (and no concern of any possible future consequences). This patch checks that any dhcp range or host element being added to a network ip's subelement has addresses of the same family as the ip element they are being added to. This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1184736 2015-08-10 Laine Stump qemu: support new pci controller model "pcie-switch-downstream-port" This is backed by the qemu device xio3130-downstream. It can only be connected to a pcie-switch-upstream-port (x3130-upstream) on the upstream side. conf: new pcie-controller model "pcie-switch-downstream-port" This controller can be connected only to a port on a pcie-switch-upstream-port. It provides a single hotpluggable port that will accept any PCI or PCIe device, as well as any device requiring a pcie-*-port (the only current example of such a device is the pcie-switch-upstream-port). 2015-08-10 Laine Stump qemu: add capabilities bit for device xio3130-downstream The downstream ports of an x3130-upstream switch can each have one of these plugged into them (and that is the only place they can be connected). Each xio3130-downstream provides a single PCIe port that can have PCI or PCIe devices hotplugged into it. Apparently an entire set of x3130-upstream + several xio3130-downstreams can be hotplugged as a unit, but it's not clear to me yet how that would be done, since qemu only allows attaching a single device at a time. This device will be used to implement the "pcie-switch-downstream-port" model of pci controller. 2015-08-10 Laine Stump qemu: support new pci controller model "pcie-switch-upstream-port" this is backed by the qemu device x3130-upstream. It can only plug into a pcie-root-port or pcie-switch-downstream-port. conf: new pci controller model "pcie-switch-upstream-port" This controller can be connected only to a pcie-root-port or a pcie-switch-downstream-port (which will be added in a later patch), which is the reason for the new connect type VIR_PCI_CONNECT_TYPE_PCIE_PORT. A pcie-switch-upstream-port provides 32 ports (slot=0 to slot=31) on the downstream side, which can only have pci controllers of model "pcie-switch-downstream-port" plugged into them, which is the reason for the other new connect type VIR_PCI_CONNECT_TYPE_PCIE_SWITCH. 2015-08-10 Laine Stump qemu: add capabilities bit for device x3130-upstream This is the upstream part of a PCIe switch. It connects to a PCIe port (but not PCI) on the upstream side, and can have up to 31 xio3130-downstream controllers (but no other types of devices) connected to its downstream side. This device will be used to implement the "pcie-switch-upstream-port" model of pci controller. 2015-08-10 Laine Stump qemu: support new pci controller model "pcie-root-port" This is backed by the qemu device ioh3420. chassis and port from the subelement are used to store/set the respective qemu device options for the ioh3420. Currently, chassis is set to be the index of the controller, and port is set to "(slot << 3) + function" (per suggestion from Alex Williamson). 2015-08-10 Laine Stump conf: new pci controller model "pcie-root-port" This controller can be connected (at domain startup time only - not hotpluggable) only to a port on the pcie root complex ("pcie-root" in libvirt config), hence the new connect type VIR_PCI_CONNECT_TYPE_PCIE_ROOT. It provides a hotpluggable port that will accept any PCI or PCIe device. New attributes must be added to the controller subelement for this - chassis and port are guest-visible option values that will be set by libvirt with values derived from the controller's index and pci address information. 2015-08-10 Laine Stump qemu: add capabilities bit for device ioh3420 This is a PCIE "root port". It connects only to a port of the integrated pcie.0 bus of a Q35 machine (can't be hotplugged), and provides a single PCIe port that can have PCI or PCIe devices hotplugged into it. This device will be used to implement the "pcie-root-port" model of pci controller. 2015-08-10 Laine Stump qemu: implement subelement/attribute of This uses the new subelement/attribute in two ways: 1) If a "pci-bridge" pci controller has no chassisNr attribute, it will automatically be set to the controller's index as soon as the controller's PCI address is known (during qemuDomainAssignPCIAddresses()). 2) when creating the commandline for a pci-bridge device, chassisNr will be used to set qemu's chassis_nr option (rather than the previous practice of hard-coding it to the controller's index). 2015-08-10 Laine Stump conf: add new subelement with chassisNr attribute to There are some configuration options to some types of pci controllers that are currently automatically derived from other parts of the controller's configuration. For example, in qemu a pci-bridge controller has an option that is called "chassis_nr"; up until now libvirt has always set chassis_nr to the index of the pci-bridge. So this: will always result in: -device pci-bridge,chassis_nr=2,... on the qemu commandline. In the future we may decide there is a better way to derive that option, but even in that case we will need for existing domains to retain the same chassis_nr they were using in the past - that is something that is visible to the guest so it is part of the guest ABI and changing it would lead to problems for migrating guests (or just guests with very picky OSes). The subelement has been added as a place to put the new "chassisNr" attribute that will be filled in by libvirt when it auto-generates the chassisNr; it will be saved in the config, then reused any time the domain is started: The one oddity of all this is that if the controller configuration is changed (for example to change the index or the pci address where the controller is plugged in), the items in will *not* be re-generated, which might lead to conflict. I can't really see any way around this, but fortunately if there is a material conflict qemu will let us know and we will pass that on to the user. 2015-08-10 Laine Stump qemu: implement subelement to This patch provides qemu support for the contents of in for the two existing PCI controller types that need it (i.e. the two controller types that are backed by a device that must be specified on the qemu commandline): 1) pci-bridge - sets name attribute default as "pci-bridge" 2) dmi-to-pci-bridge - sets name attribute default as "i82801b11-bridge". These both match current hardcoded practice. The defaults are set at the end of qemuDomainAssignPCIAddresses(). This can't be done earlier because some of the options that will be autogenerated need full PCI address info for the controller, and because qemuDomainAssignPCIAddresses() might create extra controllers which would need default settings added, and that hasn't yet been done at the time the PostParse callbacks are being run. qemuDomainAssignPCIAddresses() is still called prior to the XML being written to disk, though, so the autogenerated defaults are persistent. qemu capabilities bits aren't checked when the domain is defined, but rather when the commandline is actually created (so the domain can possibly be defined on a host that doesn't yet have support for the given device, or a host different from the one where it will eventually be run). When the commandline is being generated we compare the modelName to known qemu device names implementing the given type of controller, and check the capabilities bit for that device. 2015-08-10 Laine Stump conf: add new subelement with name attribute to This new subelement is used in PCI controllers: the toplevel *attribute* "model" of a controller denotes what kind of PCI controller is being described, e.g. a "dmi-to-pci-bridge", "pci-bridge", or "pci-root". But in the future there will be different implementations of some of those types of PCI controllers, which behave similarly from libvirt's point of view (and so should have the same model), but use a different device in qemu (and present themselves as a different piece of hardware in the guest). In an ideal world we (i.e. "I") would have thought of that back when the pci controllers were added, and used some sort of type/class/model notation (where class was used in the way we are now using model, and model was used for the actual manufacturer's model number of a particular family of PCI controller), but that opportunity is long past, so as an alternative, this patch allows selecting a particular implementation of a pci controller with the "name" attribute of the subelement, e.g.: In this case, "dmi-to-pci-bridge" is the kind of controller (one that has a single PCIe port upstream, and 32 standard PCI ports downstream, which are not hotpluggable), and the qemu device to be used to implement this kind of controller is named "i82801b11-bridge". Implementing the above now will allow us in the future to add a new kind of dmi-to-pci-bridge that doesn't use qemu's i82801b11-bridge device, but instead uses something else (which doesn't yet exist, but qemu people have been discussing it), all without breaking existing configs. (note that for the existing "pci-bridge" type of PCI controller, both the model attribute and name are 'pci-bridge'. This is just a coincidence, since it turns out that in this case the device name in qemu really is a generic 'pci-bridge' rather than being the name of some real-world chip) 2015-08-09 Laine Stump conf: more useful error message when pci function is out of range If a pci address had a function number out of range, the error message would be: Insufficient specification for PCI address which is logged by virDevicePCIAddressParseXML() after virDevicePCIAddressIsValid returns a failure. This patch enhances virDevicePCIAddressIsValid() to optionally report the error itself (since it is the place that decides which part of the address is "invalid"), and uses that feature when calling from virDevicePCIAddressParseXML(), so that the error will be more useful, e.g.: Invalid PCI address function=0x8, must be <= 7 Previously, virDevicePCIAddressIsValid didn't check for the theoretical limits of domain or bus, only for slot or function. While adding log messages, we also correct that ommission. (The RNG for PCI addresses already enforces this limit, which by the way means that we can't add any negative tests for this - as far as I know our domainschematest has no provisions for passing XML that is supposed to fail). Note that virDevicePCIAddressIsValid() can only check against the absolute maximum attribute values for *any* possible PCI controller, not for the actual maximums of the specific controller that this device is attaching to; fortunately there is later more specific validation for guest-side PCI addresses when building the set of assigned PCI addresses. For host-side PCI addresses (e.g. for and for network device pools), we rely on the error that will be logged when it is found that the device doesn't actually exist. This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1004596 2015-08-07 Michal Privoznik virDomainDefParseXML: Check for malicious cpu ids in https://bugzilla.redhat.com/show_bug.cgi?id=1176020 Some users think this is a good idea: 4 It's not. Lets therefore introduce a check and discourage them in doing so. 2015-08-07 Michal Privoznik numa_conf: Introduce virDomainNumaGetMaxCPUID This function should return the greatest CPU number set in /domain/cpu/numa/cell/@cpus. The idea is that we should compare the returned value against /domain/vcpu value. Yes, there exist users who think the following is a good idea: 4 2015-08-07 Peter Krempa qemu: Fix reporting of physical capacity for block devices Qemu reports physical size 0 for block devices. As 15fa84acbb55ebfee6a4 changed the behavior of qemuDomainGetBlockInfo to just query the monitor this created a regression since we didn't report the size correctly any more. This patch adds code to refresh the physical size of a block device by opening it and seeking to the end and uses it both in qemuDomainGetBlockInfo and also in qemuDomainGetStatsOneBlock that was broken since it was introduced in this respect. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1250982 2015-08-06 Shivaprasad G Bhat Allow vfio hotplug of a device to the domain which owns the iommu The commit 7e72de4 didn't consider the hotplug scenarios. The patch addresses the hotplug case whereby if atleast one of the pci function is owned by a guest, the hotplug of other functions/devices in the same iommu group to the same guest goes through successfully. 2015-08-06 Michal Privoznik qemuDomainDefPostParse: Adjust indent While reviewing e8d551725 I've noticed a few unaligned lines. Fix this. bootstrap: Don't require python-config We've split the python bindings a long time ago. However, we are still requiring python-config (as an obfuscation to python-devel). This does not make any sense. The only thing we need is python, not python-devel. 2015-08-06 Pavel Fedin qemu: Allow to plug virtio-net-pci into PCIe slot virtio-net-pci adapter is capable to use irqfd with vhost-net only in MSI-X mode, which appears to be available only on PCIe bus, at least on ARM qemu: Build correct command line for PCI NICs on ARM Legacy -net option works correctly only with embedded device models, which do not require any bus specification. Therefore, we should use -device for PCI hardware 2015-08-06 Pavel Fedin qemu: Add PCI-Express root to ARM virt machine Here we assume that if qemu supports generic PCI host controller, it is a part of virt machine and can be used for adding PCI devices. In qemu this is actually a PCIe bus, so we also declare multibus capability so that 0'th bus is specified to qemu correctly as 'pcie.0' 2015-08-06 Pavel Fedin qemu: Introduce QEMU_CAPS_OBJECT_GPEX This capability specifies that qemu can implement generic PCI host controller. It is often used for virtual environments, including ARM. 2015-08-05 Peter Krempa qemu: Forbid image pre-creation for non-shared storage migration Libvirt doesn't reliably know the location of the backing chain when pre-creating images for non-shared migration. This isn't a problem for full copy, but incremental copy requires the information. Forbid pre-creating the image in cases where incremental migration is required. This limitation can perhaps be lifted once libvirt will fully support loading of backing chain information from the XML. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1249587 2015-08-05 Andrea Bolognani cpu: Indentation changes in the ppc64 driver 2015-08-05 Andrea Bolognani cpu: Rename {powerpc,ppc} => ppc64 (internal symbols) Update the names of the symbols used internally by the driver. No functional changes. 2015-08-05 Andrea Bolognani cpu: Rename {powerpc,ppc} => ppc64 (exported symbols) Only the symbols exported by the driver have been updated; the driver implementation itself still uses the old names internally. No functional changes. 2015-08-05 Andrea Bolognani cpu: Rename {powerpc,ppc} => ppc64 (filesystem) The driver only supports VIR_ARCH_PPC64 and VIR_ARCH_PPC64LE. Just shuffling files around and updating the build system accordingly. No functional changes. 2015-08-05 John Ferlan conf: Resolve Coverity FORWARD_NULL The recent changes to perform SCSI device address checks during the post parse callbacks ran afoul of the Coverity checker since the changes assumed that the 'xmlopt' parameter to virDomainDeviceDefPostParse would be non NULL (commit id 'ca2cf74e87'); however, what was missed is there was an "if (xmlopt &&" check being made, so Coverity believed that it could be possible for a NULL 'xmlopt'. Checking the various calling paths seemingly disproves that. If called from virDomainDeviceDefParse, there were two other possible calls that would end up dereffing, so that path could not be NULL. If called via virDomainDefPostParseDeviceIterator via virDomainDefPostParse there are two callers (virDomainDefParseXML and qemuParseCommandLine) which deref xmlopt either directly or through another call. So I'm removing the check for non-NULL xmlopt. 2015-08-05 Luyao Huang virsh: fix domfsinfo output in quiet mode https://bugzilla.redhat.com/show_bug.cgi?id=1250287 When run domfsinfo in quiet mode, we cannot get any useful information (just get \n), this is because we didn't use vshPrint to print useful information. 2015-08-04 Daniel P. Berrange tests: extend workaround for gnutls private key loading failure In gnutls 3.4.3 there is a regression in the loading of private keys via gnutls_x509_privkey_import. We already have a workaround to deal with failures on older gnutls, but the error code that the new gnutls returns is different. Extend the workaround so that is checks for GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE too. See also gnutls https://bugzilla.redhat.com/show_bug.cgi?id=1250020 2015-08-04 John Ferlan conf: Allow error reporting in virDomainDiskSourceIsBlockType Rather than provide a somewhat generic error message when the API returns false, allow the caller to supply a "report = true" option in order to cause virReportError's to describe which of the 3 paths that can cause failure. Some callers don't care about what caused the failure, they just want to have a true/false - for those, calling with report = false should be sufficient. 2015-08-04 John Ferlan docs: Add Fibre Channel NPIV supported option for volume lun config "Further" clarification (and testing) shows that using a SCSI Fibre Channel NPIV device/lun from a storage pool as a will work. So just add that to the allowable options Related to: https://bugzilla.redhat.com/show_bug.cgi?id=1230179 2015-08-04 Kothapally Madhu Pavan Avoid starting a PowerPC VM with floppy disk PowerPC pseries based VMs do not support a floppy disk controller. This prohibits libvirt from creating qemu command with floppy device. https://bugzilla.redhat.com/show_bug.cgi?id=1180486 2015-08-04 Kothapally Madhu Pavan Caps: Disable floppy disk for PowerPC VM PowerPC pseries based VMs do not support a floppy disk controller. This prohibits libvirt from adding floppy disk for a PowerPC pseries VM. 2015-08-04 John Ferlan conf: Change when virDomainDiskDefAssignAddress is called Rather than calling virDomainDiskDefAssignAddress during the parsing of the XML, moving the setting of disk addresses into the domain/device post processing. Commit id '37588b25' which introduced VIR_DOMAIN_DEF_PARSE_DISK_SOURCE in order to avoid generating the address which wasn't required will not be affected by this as all it cared about was processing the source XML. 2015-08-04 John Ferlan conf: Remove unused param from virDomainHostdevDefParseXML Remove unused xmlopt param 2015-08-04 John Ferlan conf: Change when virDomainHostdevAssignAddress is called Rather than calling virDomainHostdevAssignAddress during the parsing of the XML, move the setting of a default hostdev address to domain/ device post processing. Since the parse code no longer generates an address, we can remove the virDomainDefMaybeAddHostdevSCSIcontroller since the call to virDomainHostdevAssignAddress will attempt to add the controllers that were not already defined in the XML. This patch will also enforce that the address type is type 'drive' when a SCSI subsystem element is provided with an
    . 2015-08-04 John Ferlan conf: Try controller add when searching hostdev bus for unit If virDomainControllerSCSINextUnit failed to find a slot on the current VIR_DOMAIN_CONTROLLER_TYPE_SCSI controller(s), try to add a new controller; otherwise, there may be multiple unit=0 entries for the same "next" controller. 2015-08-04 John Ferlan conf: Add check for host address type while checking in use While searching the hostdevs the drive type can be either *_TYPE_DRIVE or *_TYPE_NONE. If the type is _TYPE_NONE on the first scsi_host, then there is an erroneous "match" that the address already exists. Although this works by chance currently because hostdev's are added one at a time and 'nhostdevs' would be zero, thus returning false for the first hostdev added, a future patch will move the hostdev address assignment into post processing resulting in the bad match. This code is only called by path's expecting either drive or none. 2015-08-04 John Ferlan conf: Add xmlopt to virDomainDeviceDefPostParseInternal Add the xmlopt parameter that was saved during virDomainDefPostParse to the parameters. A future patch will use it. conf: Move hostdev and disk address validations Move the functions above the post processing for upcoming patch conf: Add 'bus' and 'target' to SCSI address conflict checks Modify virDomainDriveAddressIsUsedBy{Disk|Hostdev} and virDomainSCSIDriveAddressIsUsed to take 'bus' and 'target' parameters. Will be used by future patches for more complete address conflict checks conf: Remove extraneous check in virDomainHostdevAssignAddress Since the only way virDomainHostdevAssignAddress can be called is from within virDomainHostdevDefParseXML when hostdev->source.subsys.type is VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI, thus there's no need for redundancy. 2015-08-03 Andrea Bolognani nodeinfo: Fix build failure when KVM headers are not available Compiler error: ../../src/nodeinfo.c: In function 'nodeGetThreadsPerSubcore': ../../src/nodeinfo.c:2393: error: label 'out' defined but not used [-Wunused-label] ../../src/nodeinfo.c:2352: error: unused parameter 'arch' [-Wunused-parameter] 2015-08-03 Martin Kletzander qemu: Remove double unlock for domains The virDomainObjListRemove() function unlocks a domain that it's given due to legacy code. And because of that code, which should be refactored, that last virObjectUnlock() cannot be just removed. So instead, lock it right back for qemu for now. All calls to qemuDomainRemoveInactive() are followed by code that unlocks the domain again, plus the domain should be locked during qemuDomainObjEndJob(), so the right place to lock it is right after virDomainObjListRemove(). The only place where this would cause a problem is the autodestroy callback, so we need to get another reference there and uref+unlock it afterwards. Luckily, returning NULL from that function doesn't mean an error, and only means that it doesn't need to be unlocked anymore. 2015-08-03 Andrea Bolognani tests: Add subcores3 nodeinfo test This makes sure the subcore-unaware CPU counting logic is used whenever the configuration is invalid. tests: Add subcores2 nodeinfo test This makes sure CPUs are counted correctly when some of the cores are completely offline. tests: Add subcores1 nodeinfo test This makes sure CPUs are counted correctly when using the default configuration, that is, all primary threads are online and all secondary threads are offline. 2015-08-03 Shivaprasad G Bhat tests: Prepare for subcore tests The nodeGetThreadsPerSubcore() function is mocked to return 8 for ppc64 tests, which corresponds to the default subcore mode. Update the expected output for the deconfigured-cpus nodeinfo test to account for this change. 2015-08-03 Shivaprasad G Bhat nodeinfo: Fix output on PPC64 KVM hosts The nodeinfo is reporting incorrect number of cpus and incorrect host topology on PPC64 KVM hosts. The KVM hypervisor on PPC64 needs only the primary thread in a core to be online, and the secondaries offlined. While scheduling a guest in, the kvm scheduler wakes up the secondaries to run in guest context. The host scheduling of the guests happen at the core level(as only primary thread is online). The kvm scheduler exploits as many threads of the core as needed by guest. Further, starting POWER8, the processor allows splitting a physical core into multiple subcores with 2 or 4 threads each. Again, only the primary thread in a subcore is online in the host. The KVM-PPC scheduler allows guests to exploit all the offline threads in the subcore, by bringing them online when needed. (Kernel patches on split-core http://www.spinics.net/lists/kvm-ppc/msg09121.html) Recently with dynamic micro-threading changes in ppc-kvm, makes sure to utilize all the offline cpus across guests, and across guests with different cpu topologies. (https://www.mail-archive.com/kvm@vger.kernel.org/msg115978.html) Since the offline cpus are brought online in the guest context, it is safe to count them as online. Nodeinfo today discounts these offline cpus from cpu count/topology calclulation, and the nodeinfo output is not of any help and the host appears overcommited when it is actually not. The patch carefully counts those offline threads whose primary threads are online. The host topology displayed by the nodeinfo is also fixed when the host is in valid kvm state. 2015-08-03 Ossi Herrala rpc: Fix slow volume download (virsh vol-download) Use I/O vector (iovec) instead of one huge memory buffer as suggested in https://bugzilla.redhat.com/show_bug.cgi?id=1026137#c7. This avoids doing memmove() to big buffers and performance doesn't degrade if source (virNetClientStreamQueuePacket()) is faster than sink (virNetClientStreamRecvPacket()). Resolves: http://bugzilla.redhat.com/1026137 2015-08-03 Cao jin There is no virDomainFindBy{ID, Name, UUID} anymore s/virDomainFindBy/virDomainObjListFindBy/ 2015-08-03 Luyao Huang qemu: fix some api cannot work when disable cpuset in conf If cpuset is disabled or not available, it libvirt must not use it. Mainly for actions that do not need it and can use sched_setaffinity() or numa_membind() instead, because they will fail without good reason. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1244664 2015-08-03 Martin Kletzander Post-release version bump to 1.2.19 2015-08-03 Daniel Veillard Fix a trailing space in spec file Release of libvirt-1.2.18 * docs/news.html.in libvirt.spec.in: update for release * po/*.po*: regenerated 2015-07-31 Jiri Denemark qemu: Do not reset labels when migration fails When stopping a domain on the destination host after a failed migration, we need to avoid reseting security labels since the domain is still running on the source host. While we were correctly doing so in some cases, there were still some paths which did this wrong. https://bugzilla.redhat.com/show_bug.cgi?id=1242904 2015-07-31 Jiri Denemark qemu: Properly check for incoming migration job In addition to checking the current asynchronous job qemuMigrationJobIsActive reports an error if the current job does not match the one we asked for. Let's just check the job directly since we are not interested in the error in qemuProcessHandleMonitorEOF. 2015-07-30 Peter Krempa qemu: Reject migration with memory-hotplug if destination doesn't support it If destination libvirt doesn't support memory hotplug since all the support was introduced by adding new elements the destination would attempt to start qemu with an invalid configuration. The worse part is that qemu might hang in such situation. Fix this by sending a required migration feature called 'memory-hotplug' to the destination. If the destination doesn't recognize it it will fail the migration. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1248350 2015-07-30 Cédric Bosdonnat Fix syntax-check: missing "%s" Load nbd module before running qemu-nbd So far qemu-nbd is run even if the nbd kernel module isn't loaded. This leads to errors when the user starts his lxc container while libvirt could easily load the nbd module automatically. 2015-07-29 Erik Skultety qemu: Adjust VM id allocation Our atomic increment (virAtomicIntInc) uses (if available) gcc __sync_add_and_fetch builtin. In qemu driver though, we'd profit more from __sync_fetch_and_add builtin. To keep it simplistic, this patch adjusts qemu driver initialization rather than adding a new atomic increment macro. 2015-07-29 Peter Krempa lxc: Don't accidentaly reset autostart flag in virLXCProcessCleanup virDomainDeleteConfig is meant to delete the persistent config and thus it resets vm->autostart. Copy parts of qemuProcessRemoveDomainStatus to a new helper to avoid using the incorrect function. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1230071 2015-07-27 Daniel P. Berrange remote: fix typo in remoteDomainOpenGraphicsFD The remoteDomainOpenGraphicsFD method was using the wrong RPC arg struct remote_domain_open_graphics_args instead of remote_domain_open_graphics_fd_args. Fortunately both structs had identical contents so there was no functional bug, but to avoid confusing future maintainers, we should fix it. 2015-07-27 Martin Kletzander admin: Tiny cleanups First hunk changes the use of srcdir to top_srcdir so it complies with other rules in the Makefile. Second one removes the need of remote_protocol.h in admin_protocol.h as it was suggested and worked in, but this one line was missed apparently. Last one just removes the 'remote' naming from admin protocol specification, just so it's cleaner. 2015-07-27 Martin Kletzander qemu: Check for iotune_max support properly Commit d506a51aeb2a7a7b0c963f760e32b94376ea7173 meant to check for QEMU_CAPS_DRIVE_IOTUNE_MAX, but checked for QEMU_CAPS_DRIVE_IOTUNE instead. That's clearly visible from the diff, but it got in. Because of that, we were supplying information unknown for QEMU if it wasn't new enough and we couldn't even properly handle the error, leading to "Unexpected error". Also iops_size came at the same time with all the other "_max" options, so check whether we're not setting that either if QEMU_CAPS_DRIVE_IOTUNE_MAX is not supported. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1224053 2015-07-27 Martin Kletzander tests: Finish rename of the long nodeinfo test case Commit 2094d01e2f54e5774c0d0d380e83154b42ea65be forgot to rename two more files. 2015-07-27 Daniel Veillard Renamed deconfigured-cpus to allow make dist Simplest was just to rename that extra long name and move files in git accordingly 2015-07-25 Laine Stump conf: add virDomainControllerDefNew() There are some non-0 default values in virDomainControllerDef (and will soon be more) that are easier to not forget if the remembering is done by a single initializer function (rather than inline code after allocating the obejct with generic VIR_ALLOC(). 2015-07-25 Laine Stump qemu: reorganize loop in qemuDomainAssignPCIAddresses This loop occurs just after we've assured that all devices that require a PCI device have been assigned and all necessary PCI controllers have been added. It is the perfect place to add other potentially auto-generated PCI controller attributes that are dependent on the controller's PCI address (upcoming patch). There is a convenient loop through all controllers at the end of the function, but the patch to add new functionality will be cleaner if we first rearrange that loop a bit. Note that the loop originally was accessing info.addr.pci.bus prior to determining that the pci part of the object was valid. This isn't dangerous in any way, but seemed a bit ugly, so I fixed it. 2015-07-25 Laine Stump conf: pay attention to bus minSlot/maxSlot when autoassigning PCI addresses The function that auto-assigns PCI addresses was written with the hardcoded assumptions that any PCI bus would have slots available starting at 1 and ending at 31. This isn't true for many types of controllers (some have a single slot/port at 0, some have slots/ports from 0 to 31). This patch updates that function to remove the hardcoded assumptions. It will properly find/assign addresses for devices that can only connect to pcie-(root|downstream)-port (which have minSlot/maxSlot of 0/0) or a pcie-switch-upstream-port (0/31). It still will not auto-create a new bus of the proper kind for these connections when one doesn't exist, that task is for another day. 2015-07-24 Chris J Arges tests: add vol-qcow2-zerocapacity test to storagevolxml2argvtest Add a testcase for the previous change to ensure zero capacity volumes can be defined without a backing store. storage: allow zero capacity with non-backing file to be created In commit 155ca616e, a change was introduced that no longer allowed defining volumes via XML with a capacity of '0'. Because we check for info.size_arg to be non-zero, this use-case fails. This patch allows info.size_arg to be zero if no backing store is specified. 2015-07-24 John Ferlan nodeinfo: Check for SYSFS_INFINIBAND_DIR before open Commit id 'ac3ed2085' causes 'virsh nodedev-list --cap net' to fail on any system without SYSFS_INFINIBAND_DIR (/sys/class/infiniband). Rather than assume it's there and fail on the attempt to open the non-existent directory, check if it's there - if not, return success and move on. Also fix caller to check < 0 upon return. As reported by Suren Hajyan from run of unit tests 2015-07-24 Cao jin fix typo in qemu_monitor 2015-07-24 Martin Kletzander Revert "qemu: Use heads parameter for QXL driver" This reverts commit 7b401c3bdacdf8367a0070e625d73eafb802045d. Until libvirt is able to differentiate whether heads='1' is just a leftover from previous libvirt or whether that's added by user on purpose and also whether the domain was started with the support for qxl's max_outputs, we cannot incorporate this patch into the tree due to compatibility reasons. 2015-07-24 Luyao Huang test: introduce a function in test driver to check get vcpupin info As there is a regression in use vcpupin get info, introduce a new function to test the virsh client. 2015-07-24 Laine Stump conf: reorganize virNetworkDHCPDefParseXML This makes the range and static host array management in virNetworkDHCPDefParseXML() more similar to what is done in virNetworkDefUpdateIPDHCPRange() and virNetworkDefUpdateIPDHCPHost() - they use VIR_APPEND_ELEMENT rather than a combination of VIR_REALLOC_N() and separate incrementing of the array size. The one functional change here is that a memory leak of the contents of the last (unsuccessful) virNetworkDHCPHostDef was previously leaked in certain failure conditions, but it is now properly cleaned up. 2015-07-23 Andrea Bolognani nodeinfo: Check for errors when reading core_id 2015-07-23 Roman Bogorodskiy docs: bhyve: document clock configuration 2015-07-23 Roman Bogorodskiy bhyve: add UTC clock support Bhyve as of r279225 (FreeBSD -CURRENT) or r284894 (FreeBSD 10-STABLE) supports using UTC time offset via the '-u' argument to bhyve(8). By default it's still using localtime. Make the bhyve driver use UTC clock if it's requested by specifying in domain XML and if the bhyve(8) binary supports the '-u' flag. 2015-07-22 Roman Bogorodskiy netdev: fix build on FreeBSD Commit ac3ed20 breaks build on FreeBSD with: CC util/libvirt_util_la-virnetdev.lo util/virnetdev.c:2967:1: error: unused function 'virNetDevRDMAFeature' [-Werror,-Wunused-function] virNetDevRDMAFeature(const char *ifname, ^ So hide virNetDevRDMAFeature function under the #ifdef 'SIOCETHTOOL' and 'HAVE_STRUCT_IFREQ' section. Pushed under the build breaker rule. 2015-07-22 Daniel P. Berrange configure: clarify rationale for checking pkcheck We don't need pkcheck binary, but we must detect it in order to see if we're preferring polkit-1 over polkit-0 when both are installed. We should also check $with_dbus to see if we have dbus-devel available, as that's required to talk to polkit-1. 2015-07-22 Luyao Huang qemu: fix the error cover issue in SetMemoryParameters https://bugzilla.redhat.com/show_bug.cgi?id=1245476 We won't return the errno after commit 0d7f45ae, and the more clearly error will be set in the code in vircgroup*. Also We will always report error "Operation not permitted", because the return is -1. 2015-07-22 Andrea Bolognani nodeinfo: Calculate present and online CPUs only once Move the calls to the respective functions from virNodeParseNode(), which is executed once for every NUMA node, to linuxNodeInfoCPUPopulate(), which is executed just once per host. 2015-07-22 Andrea Bolognani nodeinfo: Use a bitmap to keep track of node CPUs Keep track of what CPUs belong to the current node while walking through the sysfs node entry, so we don't need to do it a second time immediately afterwards. This also allows us to loop through all CPUs that are part of a node in guaranteed ascending order, which is something that is required for some upcoming changes. 2015-07-22 Andrea Bolognani nodeinfo: Use nodeGetOnlineCPUBitmap() when parsing node No need to look up the online status of each CPU separately when we can get all the information in one go. 2015-07-22 Andrea Bolognani nodeinfo: Phase out cpu_set_t usage Swap out all instances of cpu_set_t and replace them with virBitmap, which some of the code was already using anyway. The changes are pretty mechanical, with one notable exception: an assumption has been added on the max value we can run into while reading either socket_it or core_id. While this specific assumption was not in place before, we were using cpu_set_t improperly by not making sure not to set any bit past CPU_SETSIZE or explicitly allocating bigger bitmaps; in fact the default size of a cpu_set_t, 1024, is way too low to run our testsuite, which includes core_id values in the 2000s. 2015-07-22 Andrea Bolognani nodeinfo: Rename nodeGetCPUBitmap() to nodeGetOnlineCPUBitmap() The new name makes it clear that the returned bitmap contains the information about which CPUs are online, not eg. which CPUs are present. No behavioral change. 2015-07-22 Andrea Bolognani nodeinfo: Remove out parameter from nodeGetCPUBitmap() Not all users of this API will need the size of the returned bitmap; those who do can simply call virBitmapSize() themselves. 2015-07-22 Andrea Bolognani nodeinfo: Add old kernel compatibility to nodeGetPresentCPUBitmap() If the cpu/present file is not available, we assume that the kernel is too old to support non-consecutive CPU ids and return a bitmap with all the bits set to represent this fact. This assumption is already exploited in nodeGetCPUCount(). This means users of this API can expect the information to always be available unless an error has occurred, and no longer need to treat the NULL return value as a special case. The error message has been updated as well. 2015-07-22 Andrea Bolognani nodeinfo: Rename linuxParseCPUmax() to linuxParseCPUCount() The original name was confusing because the function returns the number of CPUs, not the maximum CPU id. The comment above the function has been updated to reflect this. No behavioral changes. 2015-07-22 Andrea Bolognani nodeinfo: Introduce linuxGetCPUOnlinePath() nodeinfo: Introduce linuxGetCPUGlobalPath() This is just a more generic version of linuxGetCPUPresentPath(), which is now implemented by calling the new function appropriately. 2015-07-22 Andrea Bolognani nodeinfo: Fix nodeGetCPUBitmap()'s fallback code path During the recent refactoring/cleanups, a bug has been introduced that caused all CPUs to be reported as online unless the sysfs cpu/present file was available. This commit fixes the fallback code path by building the directory path passed to virNodeGetCpuValue() correctly. 2015-07-22 Andrea Bolognani nodeinfo: Add nodeGetPresentCPUBitmap() to libvirt_private.syms 2015-07-22 Andrea Bolognani tests: Restore links in deconfigured-cpus nodeinfo test When cleaning up the data (taken from a running system) for inclusion I went a little too far and deleted a bunch of links that should have been left alone. The test worked despite this because it was going through a fallback code path. A few other files are affected as well: again, the data is taken from a running system, so even thought we would probably be okay if we just added the links, aligning everything is definitely safer. 2015-07-22 Peter Krempa cgroup: Drop resource partition from virSystemdMakeScopeName The scope name, even according to our docs is "machine-$DRIVER\x2d$VMNAME.scope" virSystemdMakeScopeName would use the resource partition name instead of "machine-" if it was specified thus creating invalid scope paths. This makes libvirt drop cgroups for a VM that uses custom resource partition upon reconnecting since the detected scope name would not match the expected name generated by virSystemdMakeScopeName. The error is exposed by the following log entry: debug : virCgroupValidateMachineGroup:302 : Name 'machine-qemu\x2dtestvm.scope' for controller 'cpu' does not match 'testvm', 'testvm.libvirt-qemu' or 'machine-test-qemu\x2dtestvm.scope' for a "/machine/test" resource and "testvm" vm. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1238570 2015-07-22 Cole Robinson spec: Fix polkit dep on F23 As of fedora polkit-0.113-2, polkit-devel only pulls in polkit-libs, not full polkit, but we need the latter for pkcheck otherwise our configure test fails. 2015-07-21 Peter Krempa virsh: Refactor block job waiting in cmdBlockCopy Similarly to the refactor of cmdBlockCommit in a previous commit this does the same change for cmdBlockCopy. virsh: Refactor block job waiting in cmdBlockCommit Reuse the vshBlockJobWait infrastructure to refactor cmdBlockCommit to use the common code. This additionally fixes a bug when working with new qemus, where when doing an active commit with --pivot the pivoting would fail, since qemu reaches 100% completion but the job doesn't switch to synchronized phase right away. 2015-07-21 Peter Krempa virsh: Refactor block job waiting in cmdBlockPull Introduce helper function that will provide logic for waiting for block job completion so the 3 open coded places can be unified and improved. This patch introduces the whole logic and uses it to fix cmdBlockJobPull. The vshBlockJobWait function provides common logic for block job waiting that should be robust enough to work across all previous versions of libvirt. Since virsh allows passing user-provided strings as paths of block devices we can't reliably use block job events for detection of block job states so the function contains a great deal of fallback logic. 2015-07-21 Peter Krempa qemu: Update state of block job to READY only if it actually is ready Few parts of the code looked at the current progress of and assumed that a two phase blockjob is in the _READY state as soon as the progress reached 100% (info.cur == info.end). In current versions of qemu this assumption is invalid and qemu exposes a new flag 'ready' in the query-block-jobs output that is set to true if the job is actually finished. This patch adds internal data handling for reading the 'ready' flag and acting appropriately as long as the flag is present. While this still doesn't fix the virsh client problem with two phase block jobs and the --pivot option, it at least improves the error message: $ virsh blockcommit --wait --verbose vm vda --base vda[1] --active --pivot Block commit: [100 %]error: failed to pivot job for disk vda error: internal error: unable to execute QEMU command 'block-job-complete': The active block job for device 'drive-virtio-disk0' cannot be completed to $ virsh blockcommit --wait --verbose VM vda --base vda[1] --active --pivot Block commit: [100 %]error: failed to pivot job for disk vda error: block copy still active: disk 'vda' not ready for pivot yet 2015-07-21 Peter Krempa virsh: Refactor argument handling in cmdBlockPull Put all argument parsing together and refactor the argument checking code. virsh: Refactor argument handling in cmdBlockCopy Put all argument parsing together and refactor the argument checking code. virsh: Refactor argument checking in cmdBlockCommit Use the VSH_EXCLUSIVE_OPTIONS to exclude combinations of --pivot and --keep-overlay and refactor the enforcing of the --wait option and other flags that imply --wait. virsh: Kill blockJobImpl by moving the final impl into cmdBlockCommit Final cleanup to get rid of the hub function. virsh: Split out block pull implementation from blockJobImpl virsh: block job: separate abort from blockJobImpl virsh: blockjob: Split out vshBlockJobSetSpeed from blockJobImpl virsh: cmdBlockJob: Switch to declarative flag interlocking Use the VSH_EXCLUSIVE_OPTIONS_VAR to interlock incompatible options. Since a variable named 'abort' would conflict with older compilers use VSH_EXCLUSIVE_OPTIONS for the --abort option. virsh: blockjob: Extract block job info code into a separate function cmdBlockJob will be converted to a hub that will call into the individual executor functions. 2015-07-21 Moshe Levi nodedev: add RDMA and tx-udp_tnl-segmentation NIC capabilities Adding functionality to libvirt that will allow it query the interface for the availability of RDMA and tx-udp_tnl-segmentation Offloading NIC capabilities Here is an example of the feature XML definition: net_eth4_90_e2_ba_5e_a5_45 /sys/devices/pci0000:00/0000:00:03.0/0000:08:00.1/net/eth4 pci_0000_08_00_1 eth4
    90:e2:ba:5e:a5:45
     2015-07-20 Roman Bogorodskiy nodeinfo: fix build on FreeBSD Currently, build fails on FreeBSD with: CC libvirt_driver_la-nodeinfo.lo nodeinfo.c:1941:56: error: use of undeclared identifier 'SYSFS_SYSTEM_PATH' const char *prefix = sysfs_prefix ? sysfs_prefix : SYSFS_SYSTEM_PATH; ^ 1 error generated. This is caused by commit b97b3048 that added sysfs_prefix to nodeCapsInitNUMA and used SYSFS_CPU_PATH. Fix it by unconditionally defining SYSFS_CPU_PATH instead of defining it under #ifdef __linux__. 2015-07-20 Martin Kletzander qemu: Reject updating unsupported disk information If one calls update-device with information that is not updatable, libvirt reports success even though no data were updated. The example used in the bug linked below uses updating device with which, in my opinion, is a valid thing to request from user's perspective. Mainly since we properly error out if user wants to update such data on a network device for example. And since there are many things that might happen (update-device on disk basically knows just how to change removable media), check for what's changing and moreover, since the function might be usable in other drivers (updating only disk path is a valid possibility) let's abstract it for any two disks. We can't possibly check for everything since for many fields our code does not properly differentiate between default and unspecified values. Even though this could be changed, I don't feel like it's worth the complexity so it's not the aim of this patch. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1007228 2015-07-20 Martin Kletzander Escape left brace as new perl suggests After upgrade to perl-5.22.0, it started complaining about one of our scripts. The thing is that even though it works, it wants all curly brackets escaped properly. The change is not functional, it merely gets rid of the following error: Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/^enum { <-- HERE / at -e line 3. There is one more error like this that I'm getting, but it is because of GNU automake bug #21001: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=21001 2015-07-20 Frediano Ziglio qemu: Use heads parameter for QXL driver Allows to specify maximum number of head to QXL driver. Actually can be a compatiblity problem as heads in the XML configuration was set by default to '1'. 2015-07-17 Christophe Fergeau storage: Fix pool building when directory already exists Currently, when trying to virsh pool-define/virsh pool-build a new 'dir' pool, if the target directory already exists, virsh pool-build/virStoragePoolBuild will error out. This is a change of behaviour compared to eg libvirt 1.2.13 This is caused by the wrong type being used for the dir_create_flags variable in virStorageBackendFileSystemBuild , it's defined as a bool but is used as a flag bit field so should be unsigned int (this matches the type virDirCreate expects for this variable). This should fix https://bugzilla.gnome.org/show_bug.cgi?id=752417 (GNOME Boxes) and https://bugzilla.redhat.com/show_bug.cgi?id=1244080 (downstream virt-manager). 2015-07-17 Daniel P. Berrange rpc: ensure daemon is spawn even if dead socket exists The auto-spawn code would originally attempt to spawn the daemon for both ENOENT and ECONNREFUSED errors from connect(). The various refactorings eventually lost this so we only spawn the daemon on ENOENT. The result is if the daemon exits uncleanly, so that the socket is left in the filesystem, we will never be able to auto-spawn the daemon again. 2015-07-17 Michal Privoznik viraccessperm.h: Fix some typos Like s/authoriation/authorization/ and s/requries/requires/ 2015-07-17 Martin Kletzander docs: Document how libvirt handles companion controllers The information on companion controllers we give in our documentation is rather sparse. For example, it looks like any controller can be used as a companion one. Also, when using ich9-uhci2, for example, we are able to set some sensible defaults, but it might get confusing for the user as we don't do that for all controller models. https://bugzilla.redhat.com/show_bug.cgi?id=1069590 2015-07-17 John Ferlan rbd: Return error from rbd_create for message processing Resolving an error reporting bug introduced by commit id '761491e' which just took the return of virStorageBackendRBDCreateImage and used it as the basis for the message generated. This would generate EPERM regardless of error seen. 2015-07-17 Wido den Hollander rbd: Use RBD format 2 by default when creating images. We used to look at the librbd code version and depending on that we would invoke rbd_create3() or rbd_create(). Since librbd version 0.67.9 we can however tell RBD that it should create rbd format 2 images even if we invoke rbd_create(). The less options we pass to librbd, the more we can lean on the sane defaults it uses. For rbd_create3() we had things like the stripe count and unit hardcoded in libvirt and that might cause problems down the road. 2015-07-16 Martin Kletzander virsh: Don't output node frequency if unknown Commit ed8155eafbff5c5ca0bdfe84a8388f58b718c2f9 documented that mhz field in virNodeInfo might be 0 if the frequency is unknown. Modify virsh to know about that. 2015-07-15 Boris Fiuczynski qemu: Test for virtio-9p-ccw support This patch adds a test for the qemu command line generation. Reviewed-by: Jason J. Herne Reviewed-by: Stefan Zimmermann 2015-07-15 Boris Fiuczynski qemu: Make virtio-9p-ccw the default for s390-ccw-virtio machines For s390-ccw-virtio machines the default bus type is set to ccw. Specifing an address element allows to override the default. Reviewed-by: Jason J. Herne Reviewed-by: Stefan Zimmermann 2015-07-15 Boris Fiuczynski qemu: Support for virtio-9p-ccw Adding the recently in qemu added 9pfs support for virtio-ccw. Reviewed-by: Jason J. Herne Reviewed-by: Stefan Zimmermann 2015-07-15 Michal Privoznik daemonRunStateInit: Fix a typo on a comment s/priviledged/privileged/ virsh: Teach cmdFreepages to work with lxc driver Some drivers don't expose available huge page sizes in the capabilities XML. For instance, LXC driver is one of those. This has a downside that when virsh is trying to get aggregated info on free pages per all NUMA nodes, it fails. The problem is that the virNodeGetFreePages() API expects caller to pass an array of page sizes he is interested in. In virsh, this array is filled from the capabilities from '/capabilities/host/cpu/pages' XPath. As said, in LXC there's no such XPath and therefore virsh fails currently. But hey, we can fallback: the page sizes are exposed under '/capabilities/host/topology/cells/cell/pages'. The page size can be collected from there, and voilà the command works again. But now we must make sure that there are no duplicates in the array passed to the public API. Otherwise we won't get as beautiful output as we are getting now. 2015-07-15 Michal Privoznik cmdVcpuPin: Remove dead code There's this condition: flags & VIR_DOMAIN_AFFECT_CURRENT && virDomainIsActive(dom) which can never be true since VIR_DOMAIN_AFFECT_CURRENT has hardcoded value of zero. Therefore virDomainIsActive() is a dead code. However, the condition could make sense if it is rewritten as the following: !(flags & VIR_DOMAIN_AFFECT_CONFIG) && virDomainIsActive(dom) 2015-07-15 Michal Privoznik qemuMigrationRun: Don't leak @fd If we are migrating to an UNIX socket, we accept() a connection from qemu and use that FD to set up a tunnel. However, the FD is not closed as often as it should be. 2015-07-15 Cédric Bosdonnat lxc: wait for nbd device to be up to get its PIDs The nbd device pid file doesn't appear immediately after starting qemu-nbd: adding a small loop to wait for it before getting it's processes PIDs. Fix qemu-nbd cleanup crashes The virLXCControllerAppendNBDPids function didn't properly initialize pids and npids. In case of failure it was crashing when freeing those. 2015-07-15 Andrea Bolognani nodeinfo: Formatting changes nodeinfo: Make sysfs_prefix usage more consistent Make sure sysfs_prefix, when present, is always the first argument to a function; don't use a different name to refer to it; check whether it is NULL, and hence SYSFS_SYSTEM_PATH should be used, only when using it directly and not just passing it down to another function; always pass down the same value we've been passed when calling another function. 2015-07-14 Peter Krempa qemu: process: Improve update of maximum balloon state at startup In commit 641a145d73fdc3dd9350fd57b3d3247abf101c05 I've added code that resets the balloon memory value to full size prior to resuming the vCPUs since the size certainly was not reduced at that point. Since qemuProcessStart is used also in code paths with already booted up guests (migration, save/restore) the assumption is not entirely true since the guest might already been running before. This patch adds a function that queries the monitor rather than using the full size since a balloon event would not be reissued in case we are recovering a saved migration state. Additionally the new function is used also when reconnecting to a VM after libvirtd restart since we might have missed a few balloon events while libvirtd was not running. 2015-07-14 Michal Privoznik qemuDomainSetNumaParamsLive: Check for NUMA mode more wisely https://bugzilla.redhat.com/show_bug.cgi?id=1232663 In one of my previous ptaches (bcd9a564) I've tried to fix the problem that we blindly assumed strict NUMA mode for guests. This led to several problems like us pinning a domain onto a nodeset via libnuma among with CGroups. Once the nodeset was changed by user, well, it did not result in desired effect. See the original commit for more info. But, the commit I wrote had a bug: when NUMA parameters are changed on a running domain we require domain to be strictly pinned onto a nodeset. Due to a typo a condition was mis-evaluated. 2015-07-14 Martin Kletzander network: Add another collision check into networkCheckRouteCollision The comment above that function says: "This function can be a lot more exhaustive, ...", so let's be. Check for collisions between routes in the system and static routes being added explicitly from the element of the network XML. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1094205 2015-07-14 Martin Kletzander conf: Add getter for network routes Add virNetworkDefGetRouteByIndex() similarly to virNetworkDefGetIpByIndex(), but for routes. 2015-07-14 Andrea Bolognani tests: Add nodeinfo test for non-present CPUs Some of the possible CPUs in a system might not be present, eg. they might be defective or might have been deconfigured from the ASM console in a Power system. Due to this fact, Linux keeps track of what CPUs are possible and what are present separately. This test uses the data from a system where not all the possible CPUs are present to make sure libvirt handles this situation correctly. 2015-07-14 Kothapally Madhu Pavan nodeinfo: fix to parse present cpus rather than possible cpus This patch resolves a situation where a core is defective and is not in the present mask during boot. Optionally a host can have empty sockets could be brought online if the socket is added. In this case the present mask contains the cpu's that are actually there in the sockets even though they might be offline for some reason. This patch excludes the cpu's that are offline because the socket is defective/empty by checking the present mask before reading the cpu directory. Otherwise, the nodeinfo on such hosts always displays wrong output which includes the defective/empty sockets as set of offline cpu's. 2015-07-14 John Ferlan nodeinfo: Add sysfs_prefix to nodeGetMemoryStats Add the sysfs_prefix argument to the call to allow for setting the path for tests to something other than SYSFS_SYSTEM_PATH. 2015-07-14 John Ferlan nodeinfo: Add sysfs_prefix to nodeCapsInitNUMA Add the sysfs_prefix argument to the call to allow for setting the path for tests to something other than SYSFS_CPU_PATH which is a derivative of SYSFS_SYSTEM_PATH Use cpupath for nodeCapsInitNUMAFake and remove SYSFS_CPU_PATH 2015-07-14 John Ferlan nodeinfo: Add sysfs_prefix to nodeGetInfo Add the sysfs_prefix argument to the call to allow for setting the path for tests to something other than SYSFS_SYSTEM_PATH. nodeinfo: Add sysfs_prefix to nodeGetCPUMap Add the sysfs_prefix argument to the call to allow for setting the path for tests to something other than SYSFS_SYSTEM_PATH. nodeinfo: Add sysfs_prefix to nodeGetCPUBitmap Add the sysfs_prefix argument to the call to allow for setting the path for tests to something other than SYSFS_SYSTEM_PATH. nodeinfo: Add sysfs_prefix to nodeGetPresentCPUBitmap Add the sysfs_prefix argument to the call to allow for setting the path for tests to something other than SYSFS_SYSTEM_PATH. nodeinfo: Add sysfs_prefix to nodeGetCPUCount Add the sysfs_prefix argument to the call to allow for setting the path for tests to something other than SYSFS_SYSTEM_PATH. 2015-07-14 John Ferlan nodeinfo: Introduce local linuxGetCPUPresentPath The API will print the path to the /cpu/present file using the sysfs_prefix. NB: This is setup for future patches which will allow local/test sysfs paths. 2015-07-14 Michal Privoznik virt-driver-vz: Require parallels-7.0.22 at least With the latest patch to the vz driver (7d73ca06cefe) I was getting some compilation errors. It turned out, my installation of the parallels SDK was not as fresh as it could be. Parallels installed in my system were missing the PRL_USE_VNET_NAME_FOR_BRIDGE_NAME symbol which simply was not introduced at the time I was installing the SDK. The symbol was introduced in 86e62a5d which was then part of the 7.0.22 release. Require that version at least therefore. configure: Move Virtuozzo checks to a specific module Eventually, every driver will be moved to a special module. But for today the winner is Virtuozzo driver. 2015-07-13 Michal Privoznik qemuProcessHandleMigrationStatus: Update migration status more frequently After Jirka's migration patches libvirt is listening on migration events from qemu instead of actively polling on the monitor. There is, however, a little regression (introduced in 6d2edb6a42d0d41). The problem is, the current status of migration job is updated in qemuProcessHandleMigrationStatus if and only if migration job was started. But eventually every asynchronous job may result in migration. Therefore, since this job is not strictly a migration job, internal state was not updated and later checks failed: virsh # save fedora22 /tmp/fedora22_ble.save error: Failed to save domain fedora22 to /tmp/fedora22_ble.save error: operation failed: domain save job: is not active 2015-07-11 Jim Fehlig libxl: set dom0 state to running Commit 45697fe5 added dom0 to driver->domains, but missed setting its state to 'running' $ virsh list Id Name State ---------------------------------------------------- 0 Domain-0 shut off 2015-07-10 Dmitry Guryanov vz: fix cleanup of nets of bridged type We create a virtual network of special type, which has the same name as bridge name to create bridged network adapter in vz. So when we delete such an adapter we have to remove corresponding virtual network. So let's rename prlsdkDelNet to prlsdkCleanupBridgedNet and don't check for return value. 2015-07-10 Jiri Denemark qemu: Use error from Finish instead of "unexpectedly failed" When QEMU exits on destination during migration, the source reports either success (if the failure happened at the very end) or unhelpful "unexpectedly failed" error message. However, the Finish API called on the destination may report a real error so let's use it instead of the generic one. 2015-07-10 Jiri Denemark qemu: Don't report false error from MigrateFinish virDomainMigrateFinish* APIs were unfortunately designed to return the pointer to the domain on destination and NULL on error. This looks OK in normal cases but the same API is also called when we know migration failed and thus we expect Finish to return NULL even if it actually did all it was supposed to do without any error. The call is defined to return nonnull domain pointer over RPC, which means returning NULL will always result in an error being send. If this was not in fact an error, the API itself wouldn't set anything to the thread local virError, which makes the RPC layer come up with it's own "Library function returned error but did not set virError" error. This is quite confusing and also hard to detect by the caller. This patch adds a special error code which can be used to check that Finish successfully aborted migration. 2015-07-10 Jiri Denemark qemu: Remember incoming migration errors If QEMU fails during incoming migration, the domain disappears including a possibly useful error message read from QEMU log file. Let's remember the error in virQEMUDriver so that Finish can report more than just "no such domain". Introduce virErrorCopyNew A helper function for copying error objects. Introduce virHashAtomic This is a self-locking wrapper around virHashTable. Only a limited set of APIs are implemented now (the ones which are used in the following patch) as more can be added on demand. cpu: Add support for MPX and AVX512 Intel features Corresponding QEMU commits: MPX 79e9ebebbf2a00c46fcedb6dc7dd5e12bbd30216 AVX512 9aecd6f8aef653cea58932f06a2740299dbe5fd3 2015-07-10 Cédric Bosdonnat virt-aa-helper: add DomainGuest to mockup caps With commit 3f9868a virt-aa-helper stopped working due to missing DomainGuest in the caps. The test with -c without arch also needs to be removed since the new capabilities code uses the host arch when none is provided. 2015-07-10 Cédric Bosdonnat virt-aa-helper: rename ctl->hvm to ctl->os ctl->hvm contains os.type string value, change the name to reflect it. Get more libvirt errors from virt-aa-helper Initializing libvirt log in virt-aa-helper and getting it to output libvirt log to stderr. This will help debugging problems happening in libvirt functions called from within virt-aa-helper virt-aa-helper: fix rules for paths with trailing slash Rules generated for a path like '/' were having '//' which isn't correct for apparmor. Make virt-aa-helper smarter to avoid these. 2015-07-10 Martin Kletzander rpc: Rework timerActive logic in daemon Daemon used false logic for determining whether there were any clients. When the timer was inactive, it was activated if at least one of the servers did not have clients. So the bool was being flipped there and back all the time in case there was one client, for example. Initially introduced by fa1420736882. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1240283 2015-07-10 Martin Kletzander rpc: Add virNetDaemonHasClients So callers don't have to iterate over each server. 2015-07-10 Peter Krempa qemu: Check duplicate WWNs also for hotplugged disks In commit 714b38cb232bcbbd7487af4c058fa6d0999b3326 I tried to avoid having two disks with the same WWN in a VM. I forgot to check the hotplug paths though which make it possible bypass that check. Reinforce the fix by checking the wwn when attaching the disk. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1208009 2015-07-10 Prerna Saxena Fix cloning of raw, sparse volumes When virsh vol-clone is attempted on a raw file where capacity > allocation, the resulting cloned volume has a size that matches the virtual-size of the parent; in place of matching its actual, disk size. This patch fixes the cloned disk to have same _allocated_size_ as the parent file from which it was cloned. Ref: http://www.redhat.com/archives/libvir-list/2015-May/msg00050.html Also fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1130739 2015-07-10 Ján Tomko Rewrite allocation tracking when cloning volumes Instead of storing the remaining bytes, store the position of the first unallocated byte. This will allow changing the amount of bytes copied by virStorageBackendCopyToFD without changing the safezero call. No functional impact. 2015-07-10 Jiri Denemark qemu: Drop LFs at the end of error from QEMU log Libvirt's error messages do not end with a LF. However, when reading the error from QEMU log, we would read the LF from the log and keep it in the message. qemu: Log all arguments of qemuProcessStart qemu: Wait for migration events on domain condition Since we already support the MIGRATION event, we just need to make sure the domain condition is signalled whenever a p2p connection drops or the domain is paused due to IO error and we can avoid waking up every 50 ms to check whether something happened. qemu: Update migration state according to MIGRATION event We don't need to call query-migrate every 50ms when we get the current migration state via MIGRATION event. qemuDomainGetJobStatsInternal: Support migration events When QEMU supports migration events the qemuDomainJobInfo structure will no longer be updated with migration statistics. We have to enter a job and explicitly ask QEMU every time virDomainGetJob{Info,Stats} is called. qemu: Enable migration events on QMP monitor Even if QEMU supports migration events it doesn't send them by default. We have to enable them by calling migrate-set-capabilities. Let's enable migration events everytime we can and clear QEMU_CAPS_MIGRATION_EVENT in case migrate-set-capabilities does not support events. qemu_monitor: Wire up MIGRATION event Thanks to Juan's work QEMU finally emits an event whenever migration state changes. 2015-07-10 Guido Günther qemu: don't use initialized ret in qemuRemoveSharedDevice This fixes CC qemu/libvirt_driver_qemu_impl_la-qemu_conf.lo qemu/qemu_conf.c: In function 'qemuRemoveSharedDevice': qemu/qemu_conf.c:1384:9: error: 'ret' may be used uninitialized in this function [-Werror=maybe-uninitialized] 2015-07-10 Pavel Hrdina qemu_hotplug: try harder to eject media Some guests lock the tray and QEMU eject command will simply fail to eject the media. But the guest OS can handle this attempt to eject the media and can unlock the tray and open it. In this case, we should try again to actually eject the media. If the first attempt fails to detect a tray_open we will fail with error, from monitor. If we receive that event, we know, that the guest properly reacted to the eject request, unlocked the tray and opened it. In this case, we need to run the command again to actually eject the media from the device. The reason to call it again is, that QEMU doesn't wait for the guest to react and report an error, that the tray is locked. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1147471 2015-07-10 Pavel Hrdina monitor: detect that eject fails because the tray is locked Modify the eject monitor functions to parse the return code and detect, whether the error contains "is locked" to report this type of failure to upper layers. virDomainObjSignal: drop this function There are multiple consumers for the domain condition and we should always wake them all. virCondWaitUntil: add another return value We should distinguish between success and timeout, to let the user handle those two events differently. 2015-07-09 Luyao Huang qemu: report error for non-existing disk in blockjobinfo Before: # virsh blockjob r7 vdc error: An error occurred, but the cause is unknown After: # virsh blockjob r7 vdc error: Disk 'vdc' not found in the domain Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1241355 2015-07-09 John Ferlan conf: Don't allow duplicated target names regardless of bus https://bugzilla.redhat.com/show_bug.cgi?id=1142631 Commit id 'e0e290552' added a check to determine if the same bus had the same target value. It seems that's not quite good enough as the check should check the target name value regardless of bus type. Also added a DO_TEST_DIFFERENT to exhibit the issue 2015-07-09 Erik Skultety storage: Revert volume obj list updating after volume creation (4749d82a) This patch reverts commit 4749d82a which tried to tweak the logic in volume creation. We did realloc and update our object list before we executed volume building within a specific storage backend. If that failed, we had to update (again) our object list to the original state as it was before the build and delete the volume from the pool (even though it didn't exist - this truly depends on the backend). I misunderstood the base idea to be able to poll the status of the volume creation using vol-info. After commit 4749d82a this wasn't possible anymore, although no BZ has been reported yet. Commit 4749d82a also claimed to fix https://bugzilla.redhat.com/show_bug.cgi?id=1223177, but commit c8be606b of the same series as 4749d82ad (which was more of a refactor than a fix) fixes the same issue so the revert should be pretty straightforward. Further more, BZ https://bugzilla.redhat.com/show_bug.cgi?id=1241454 can be fixed with this revert. 2015-07-09 John Ferlan qemu: Fix integer/boolean logic in qemuSetUnprivSGIO Setting of 'val' is a boolean expression, so handle it that way and adjust the check/return logic to be clearer qemu: Refactor qemuSetUnprivSGIO return values Set to ret = -1 and prove otherwise, like usual qemu: Inline qemuGetHostdevPath Since a future patch will need the device path generated when adding a shared host device, remove the qemuAddSharedHostdev and inline the two calls into qemuAddSharedHostdev and qemuRemoveSharedHostdev qemu: Refactor qemuCheckSharedDisk to create qemuCheckUnprivSGIO Split out the current function in order to share the code with hostdev in a future patch. Failure to match the expected sgio value against what is stored will cause an error which the caller would need to handle since only the caller has the disk (or eventually hostdev) specific data in order to uniquely identify the disk in an error message. 2015-07-09 Jim Fehlig libxl: rework setting the state of virDomainObj Set the state of virDomainObj in the functions that actually change the domain state, instead of the generic libxlDomainCleanup function. This approach gives functions calling libxlDomainCleanup more flexibility wrt when and how they change virDomainObj state via virDomainObjSetState. The prior approach of calling virDomainObjSetState in libxlDomainCleanup resulted in the following incorrect coding pattern in the various functions that change domain state libxlDomain call libxl function to do state transition emit lifecycle event libxlDomainCleanup virDomainObjSetState Once simple manifestation of this bug is seeing a domain running in virt-manager after selecting the shutdown button, even after the domain has long shutdown. 2015-07-09 Jim Fehlig libxl: support dom0 In Xen, dom0 is really just another domain that supports ballooning, adding/removing devices, changing vcpu configuration, etc. This patch adds support to the libxl driver for managing dom0. Note that the legacy xend driver has long supported managing dom0. Operations that are not supported on dom0 are filtered in libvirt where a sensible error is reported. Errors from libxl are not always helpful. E.g., attempting a save on dom0 results in 2015-06-23 15:25:05 MDT libxl: debug: libxl_dom.c:1570:libxl__toolstack_save: domain=0 toolstack data size=8 2015-06-23 15:25:05 MDT libxl: debug: libxl.c:979:do_libxl_domain_suspend: ao 0x7f7e68000b70: inprogress: poller=0x7f7e68000930, flags=i 2015-06-23 15:25:05 MDT libxl-save-helper: debug: starting save: Success 2015-06-23 15:25:05 MDT xc: detail: xc_domain_save_suse: starting save of domid 0 2015-06-23 15:25:05 MDT xc: error: Couldn't map live_shinfo (3 = No such process): Internal error 2015-06-23 15:25:05 MDT xc: detail: Save exit of domid 0 with errno=3 2015-06-23 15:25:05 MDT libxl-save-helper: debug: complete r=1: No such process 2015-06-23 15:25:05 MDT libxl: error: libxl_dom.c:1876:libxl__xc_domain_save_done: saving domain: domain did not respond to suspend request: No such process 2015-06-23 15:25:05 MDT libxl: error: libxl_dom.c:2033:remus_teardown_done: Remus: failed to teardown device for guest with domid 0, rc -8 2015-07-09 John Ferlan qemu: Introduce qemuGetHostdevPath Introduce a convenience function to handle formulating the hostdev path 2015-07-09 John Ferlan qemu: Introduce qemuIsSharedHostdev Add a single boolean function to handle whether the hostdev is shared or not. Use the new function for the qemu{Add|Remove}SharedHostdev calls as well as qemuSetUnprivSGIO. NB: This third usage fixes a possible bug where if this feature is enabled at some time in the future and the shareable flag wasn't set, the sgio would have been erroneously set. 2015-07-09 John Ferlan docs: Clarify unprivileged sgio feature Update the descriptions for disk and hostdev sgio in order to indicate not all hypervisors and OS's support this feature 2015-07-08 Luyao Huang qemu: report error when shmem has an invalid address If user passes an invalid address for shared memory device to qemu, neither libvirt nor qemu will report an error, but qemu will auto assign a pci address to the shared memory device. conf: use virDomainChrSourceDef to save server path As the backend of shmem server is a unix type chr device, save it in virDomainChrSourceDef, so we can reuse the existing code for chr device. 2015-07-08 Luyao Huang qemu: Refactor creation of shared memory device commandline Rename qemuBuildShmemDevCmd to qemuBuildShmemDevStr and change the return type so that it can be reused in the device hotplug code later. And split the chardev creation part in a new function qemuBuildShmemBackendStr for reuse in the device hotplug code later. 2015-07-08 Luyao Huang qemu: Assign IDs for shared memory devices qemu: Auto assign pci addresses for shared memory devices Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165029 2015-07-08 Maxim Nestratov vz: use PRL_USE_VNET_NAME_FOR_BRIDGE_NAME It is better not to assume that newly created network should be connected to a bridge with same name, but specify it explicitly by PRL_USE_VNET_NAME_FOR_BRIDGE_NAME flag. 2015-07-08 Ján Tomko Explicitly format the isa-fdc controller for newer q35 machines Since QEMU commit ea96bc6 [1]: i386: drop FDC in pc-q35-2.4+ if neither it nor floppy drives are wanted the floppy controller is no longer implicit. Specify it explicitly on the command line if the machine type version is 2.4 or later. Note that libvirt's floppy drives do not result in QEMU implying the controller, because libvirt uses if=none instead of if=floppy. https://bugzilla.redhat.com/show_bug.cgi?id=1227880 [1] http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ea96bc6 2015-07-08 Ján Tomko Separate isa-fdc options generation For the implicit controller, we set them via -global. Separating them will allow reuse for explicit fdc controller as well. No functional impact apart from one extra allocation. 2015-07-08 Pavel Fedin Add support for portable-rpcgen from portablexdr library This allows to build libvirt under MinGW Remove explicit enum from protocol structures Explicit 'enum' keyword does not work with portablexdr-rpcgeb, causing its parser to fail. Fix method is borrowed from virnetprotocol.x 2015-07-08 Serge Hallyn virt-aa-helper: add unix channels for nserials as well Commit 03d7462d added it for channels, but it is also needed for serials. Add it for serials, parallels, and consoles as well. This solves https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1015154 2015-07-08 Erik Skultety storage: Fix regression in storagePoolUpdateAllState Commit 2a31c5f0 introduced support for storage pool state XMLs, however it also introduced a regression: if (!virstoragePoolObjIsActive(pool)) { virStoragePoolObjUnlock(pool); continue; } The idea behind this was that since we've got state XMLs and the pool wasn't marked as active by autostart routine (if the autostart flag had been set earlier), the pool is inactive and we can leave it be and continue with other pools. However, filesystem type pools like fs,dir, possibly netfs are supposed to be active if the filesystem is mounted on the host. And this is exactly where the regression occurs, e.g. pool type 'dir' which has been previously destroyed and marked as !autostart gets filtered out by the condition above. The resolution should be simply to remove the condition completely, all pools will get their 'active' flag updated by check callback and if they do not support such callback, the logic doesn't change and such pools will be inactive by default (e.g. RBD, even if a state XML exists). Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1238610 2015-07-08 Peter Krempa util: bitmap: Don't alloc overly large binary bitmaps Optimize the virBitmap to array-of-char bitmap conversion by skipping trailing zero bytes. This also fixes a regression when requesting iothread information from a live VM since after commit 825df8c3158cfaf5f398418471f10f4ff3c3515a the bitmap returned from virProcessGetAffinity is too big to be formatted properly via RPC. A user would get the following error: error: Unable to get domain IOThreads information error: Unable to encode message payload Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1238589 2015-07-08 Peter Krempa vz: Use virBitmapToDataBuf instead of virBitmapToData in vzDomainGetVcpus vz: Remove dead code from vzDomainGetVcpus 'maxcpu' and 'vcpus' are set but not used after that 2015-07-08 Luyao Huang qemu: move the guest status check before agent config and status check When use setvcpus command with --guest option to a offline vm, we will get error: # virsh setvcpus test3 1 --guest error: Guest agent is not responding: QEMU guest agent is not connected However guest is not running, agent status could not be connected. In this case, report domain is not running will be better than agent is not connected. Move the guest status check more early to output error to point out guest status is not right. Also from the logic, a running vm is a basic requirement to use agent, we cannot use agent if vm is not running. 2015-07-08 Luyao Huang qemu: remove deadcode in qemuDomain{HelperGetVcpus|GetIOThreadsLive} We set @hostcpus variable but not use it. 2015-07-07 Mikhail Feoktistov vz: assign static IPs and default gateways for network adapter We support only one IPv4 and one IPv6 default gateway. If static IPs are not present in instance config, then we switch on DHCP for this adapter. PrlVmDevNet_SetAutoApply to makes necessary settings within guest OS In linux case it creates network startup scripts /etc/sysconfig/network-scripts/ifcfg-ethN and fills it with necessary parameters. 2015-07-06 Dmitry Guryanov vz: fix building capabilities There should be at least one domain for each guest in cababilities. And in current code we don't add domain for this guest for example. if ((guest = virCapabilitiesAddGuest(caps, VIR_DOMAIN_OSTYPE_HVM, VIR_ARCH_X86_64, "vz", NULL, 0, NULL)) == NULL) Anyway, with two virt types it looks a litte messy, so let's move adding guest and domain to a separate function. 2015-07-03 Pavel Hrdina qemu_driver: live/config checks cleanup 2015-07-03 Daniel Veillard better patch for the XSS search issue Since the query string could be output when displaying the results too Avoid XSS vulnerability on the search engine Raised by https://www.xssposed.org/incidents/69566/ Need to escape the user provided query before displaying it back 2015-07-02 Nikolay Shirokovskiy vz: fix SDK event dispatching Current version of SDK event dispatcing is incorrect. For most VM events (add, delete etc) issuer type is PIE_DISPATCHER. Actually analyzing issuer type doesn't have any benifints so this patch get rid of it. All dispatching is done only on event type. 2015-07-02 John Ferlan util: Avoid Coverity FORWARD_NULL Avoid a false positive since Coverity find a path in virResizeN which could return 0 prior to the allocation of memory and thus flags a possible NULL dereference. Instead allocate the output buffer based on 'nparams' and only fill it partially if need be - shouldn't be too much a waste of space. Quicker than multiple VIR_RESIZE_N calls or two loops of STREQ's sandwiched around a single VIR_ALLOC_N using 'n' matches from a first loop to generate the 'n' addresses to return 2015-07-02 Luyao Huang virsh: report error if vcpu number exceed the guest maxvcpu number Commit id '81dd81e' caused a regression when attempting to print a specific vcpuid that is out of the range of the maximum vcpus for the guest, such as: $ virsh vcpupin $dom 1000 VCPU: CPU Affinity ---------------------------------- $ Rather than just recover the old message, let's adjust the message based on what would be displayed for a similar failure in the set path, such as: $ virsh vcpupin $dom 1000 error: vcpu 1000 is out of range of persistent cpu count 2 $ virsh vcpupin $dom 1000 --live error: vcpu 1000 is out of range of live cpu count 2 $ 2015-07-02 Michal Dubiel virt-aa-helper: Fix permissions for vhost-user socket files QEMU working in vhost-user mode communicates with the other end (i.e. some virtual router application) via unix domain sockets. This requires that permissions for the socket files are correctly written into /etc/apparmor.d/libvirt/libvirt-UUID.files. 2015-07-02 Michal Privoznik Post-release version bump to 1.2.18 2015-07-02 Jiri Denemark cpu_map.xml: Expand Opteron_G4 CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand Opteron_G2 CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand Opteron_G1 CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand Broadwell-noTSX CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand Haswell-noTSX CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand SandyBridge CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand Westmere CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand Nehalem CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand Penryn CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand Conroe CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand kvm64 CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand cpu64-rhel5 CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand kvm32 CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand qemu32 CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand n270 CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand coreduo CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand pentiumpro CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand pentium2 CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand pentium CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Expand 486 CPU model Inheritance among CPU model is cool but it makes reviewing CPU model definitions and comparing them to CPU models from QEMU rather hard and unpleasant. Let's define all CPU models from scratch. cpu_map.xml: Sort features in x86 CPU models Sorted feature list is easier to review or compare. 2015-07-02 Daniel Veillard Release of libvirt-1.2.17 * docs/news.html.in libvirt.spec.in: updated for the release * po/*po*: regenerated 2015-07-02 John Ferlan phyp: Resolve Coverity FORWARD_NULL Commit id 'cd490086' added a VIR_FORCE_CLOSE of the 'sock', but it was after the VIR_FREE() of phyp_driver, resulting in a possible/likely NULL dereference. util: Resolve Coverity FORWARD_NULL Convert virPCIDriverDir to return the buffer allocated (or not) and make the appropriate check in the caller. util: Resolve Coverity FORWARD_NULL Convert virPCIDriverFile to return the buffer allocated (or not) and make the appropriate check in the caller. util: Resolve Coverity FORWARD_NULL Convert virPCIFile to return the buffer allocated (or not) and make the appropriate check in the caller. 2015-07-01 Michal Privoznik lxc: Don't pass a local variable address randomly So, recently I was testing the LXC driver. You know, startup some domains. But to my surprise, I was not able to start a single one: virsh # start --console test error: Reconnected to the hypervisor error: Failed to start domain test error: internal error: guest failed to start: unexpected exit status 125 So I've start digging. It turns out, that in virExec(), when I printed out the @cmd, I got strange values: *(cmd->outfdptr) was certainly not valid FD number: it has random value of several millions. This obviously made prepareStdFd(childout, STDOUT_FILENO) fail (line 611). But outfdptr is set in virCommandSetOutputFD(). The only place within LXC driver where the function is called is in virLXCProcessBuildControllerCmd(). If you take a closer look at the function it looks like this: static virCommandPtr virLXCProcessBuildControllerCmd(virLXCDriverPtr driver, .. int logfd, const char *pidfile) { ... virCommandSetOutputFD(cmd, &logfd); virCommandSetErrorFD(cmd, &logfd); ... } Yes, you guessed it. @logfd is passed into the function by value. However, in the function we try to get its address (an address of a local variable) which is no longer valid once function is finished and stack is cleaned. Therefore when cmd->outfdptr is evaluated at any point after this function, we may get a random number, depending on what's currently on the stack. Of course, this may work sometimes too - it depends on the compiler how it arranges the code, when the stack is wiped out. In order to fix this, lets pass a pointer to @logfd instead of figuring out (wrong) its value in a function. The bug was introduced in e1de5521. 2015-07-01 John Ferlan qemu: Resolve Coverity DEADCODE Commit id 'f967e7a6' didn't place the closing parentheses quite right causing DEADCODE errors since the rc setting/comparison was wrong. 2015-07-01 Peter Krempa conf: qemu: Taint VMs using custom device tree blob Using a custom device tree image may cause unexpected behavior in architectures that use this approach to detect platform devices. Since usually the device tree is generated by qemu and thus it's not normally used let's taint VMs using it to make it obvious as a possible source of problems. 2015-07-01 Peter Krempa qemu: Audit memory size with memory hotplug operations The memory device hot(un)plug was missing calls to the auditing code. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1226234 2015-07-01 Peter Krempa conf: audit: Audit physical memory size rather than balloon request Since the balloon driver does not guarantee that it returns memory to the host, using the value in the audit message is not a good idea. This patch removes auditing from updating the balloon size and reports the total physical size at startup. 2015-07-01 Jiri Denemark qemu: Avoid using ".(null)" in UNIX socket path The code which generates paths for UNIX socket blindly used target name without checking if it was set. Thus for the following device XML we would generate "/var/lib/libvirt/qemu/channel/target/NAME.(null)" path which works but is not really correct. Let's not use the ".target_name" suffix at all if target name is not set. https://bugzilla.redhat.com/show_bug.cgi?id=1226854 2015-07-01 Peter Krempa qemu: agent: Don't automatically disable CPU0 via guest agent While CPU0 was made unpluggable in Linux a while ago it's not desirable to unplug it since some parts of the kernel (suspend-to-ram) still depend on it. This patch fixes the vCPU selection code in libvirt so that it will not be disabled. 2015-07-01 Luyao Huang qemu: End job even if exiting monitor after OpenGraphics(FD) fails 2015-07-01 Ján Tomko qemu: properly free addresses on non-serial chardev unplug The target type comparison in qemuDomainDetachChrDevice used the VIR_DOMAIN_CHR_SERIAL_TARGET_TYPE enum, so virtio-serial addresses were not freed properly for channel devices. Call qemuDomainReleaseDeviceAddress uncoditionally and decide based on the address type instead of the target/device types. 2015-07-01 Luyao Huang qemu: fix address allocation on chardev attach Also check the device type when deciding what type the address should be. Commit 9807c47 (aiming to fix another error in address allocation) only checked the target type, but its value is different for different device types. This resulted in an error when trying to attach a channel with target type 'virtio': error: Failed to attach device from channel-file.xml error: internal error: virtio serial device has invalid address type Make the logic for releasing the address dependent only on * the address type * whether it was allocated earlier to avoid copying the device and target type checks. https://bugzilla.redhat.com/show_bug.cgi?id=1230039 2015-07-01 Jim Fehlig libxl: Set def->vcpus after successfully modifying live vcpu count def->vcpus was never updated after successfully changing the live vcpu count of a domain. Subsequent queries for vcpu info would return incorrect results. E.g.: virsh vcpucount test maximum config 4 maximum live 4 current config 4 current live 4 virsh setvcpus test 2 virsh vcpucount test maximum config 4 maximum live 4 current config 4 current live 4 After patch, live current config is reported correctly: virsh vcpucount test maximum config 4 maximum live 4 current config 4 current live 2 While fixing this, noticed that the live config was not saved to cfg->stateDir via virDomainSaveStatus. Save the live config and change error handling of virDomainSave{Config,Status} to log a message via VIR_WARN, instead of failing the entire DomainSetVcpusFlags operation. 2015-07-01 Jim Fehlig libxl: honor domainGetXMLDesc() --inactive flag The libxl driver always uses virDomainObj->def when formatting the domain XML description. Use virDomainObj->newDef when --inactive flag is set. libxl: don't remove persistent domain on start failure libxlDomainCreateXML() would remove a persistent domain if libxlDomainStart() failed. Check if domain is persistent before removing. libxl: don't overwrite domain state from statedir config When restarting libvirtd and reconnecting to running domains, libxlReconnectDomain() would unconditionally set the domain state to VIR_DOMAIN_RUNNING, overwriting the state maintained in $statedir/.xml. A domain in a paused state would have the state changed to running, even though it was actually in a paused state. 2015-06-30 John Ferlan qemu: Add missing on_crash lifecycle type https://bugzilla.redhat.com/show_bug.cgi?id=1201760 When the domain "coredump-destroy" is set, the domain wasn't being destroyed, rather it was being rebooted. Add VIR_DOMAIN_LIFECYCLE_CRASH_COREDUMP_DESTROY to the list of on_crash types that cause "-no-reboot" to be added to the qemu command line. 2015-06-30 John Ferlan Use the correct symbol for 'onCrash' Although defined the same way, fortunately there hadn't been any deviation. Ensure any assignments to onCrash use VIR_DOMAIN_LIFECYCLE_CRASH_* defs and not VIR_DOMAIN_LIFECYCLE_* defs 2015-06-30 John Ferlan mpath: Don't allow more than one mpath pool at a time https://bugzilla.redhat.com/show_bug.cgi?id=1232606 Since an mpath pool contains all the Multipath devices on a host, allowing more than one defined on a host at a time should be disallowed under the policy of disallowing duplicate source pools for the host. Adjust to docs to clarify the Multipath target path value usage for both the storage driver (only 1 pool per host) and formatstorage references (ignore the target element in favor of the default target mapping of /dev/mapper). 2015-06-30 John Ferlan mpath: Update path in CheckPool function https://bugzilla.redhat.com/show_bug.cgi?id=1230664 Per the devmapper docs, use "/dev/mapper" or "/dev/dm-n" in order to determine if a device is under control of DM Multipath. So add "/dev/mapper" to the virFileExists, leaving the "/dev/mpath" as a "legacy" option since it appears for a while it was the preferred mechanism, but is no longer maintained 2015-06-30 John Ferlan conf: Validate disk lun using correct types https://bugzilla.redhat.com/show_bug.cgi?id=1201143 The formatdomain.html description for device 'lun' indicates that it must be either a type 'block' or type 'network' with protocol 'iscsi'; however, we did not make that check until domain startup. This caused issues for virt-manager which had an unexpected failure at run time rather config time. This patch adds a check in post part disk device checking for the specific and supported lun types as well as adjusting the test failure to be for parse config rather than run time. 2015-06-30 Prerna Saxena Storage: Introduce shadow vol for refresh while the main vol builds. Libvirt periodically refreshes all volumes in a storage pool, including the volumes being cloned. While cloning a storage volume from parent, we drop pool locks. Subsequent volume refresh sometimes changes allocation for an ongoing copy, and leads to corrupt images. Fix: Introduce a shadow volume that isolates the volume object under refresh from the base which has a copy ongoing. 2015-06-30 Peter Krempa conf: storage: Fix duplicate check for gluster pools The pool name has to be the same too to warrant rejecting a pool definition as duplicate. This regression was introduced in commit 2184ade3a0546b915252cb3b6a5dc88e9a8d2ccf. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1236438 2015-06-30 Peter Krempa qemu: event: Clean up VNC monitor handling Get rid of spice specific stuff from the handler func and save a few lines by reflowing the conditions. 2015-06-30 Peter Krempa qemu: event: Properly handle spice events Spice events have mostly similar information present in the event JSON but they differ in the name of the element containing the port. The JSON event also provides connection ID which might be useful in the future. This patch splits up the event parser code into two functions and the SPICE reimplements the event parsing with correct names and drops the VNC only stuff. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1236585 2015-06-30 Peter Krempa Revert "Introduce QEMU_CAPS_ARM_VIRT_PCI" The capability was not used up to the feature freeze. This reverts commit 7f3515b4bb677d0ead1887547efc844e4761268a. 2015-06-30 Peter Krempa qemu: Close the agent connection only on agent channel events processSerialChangedEvent processes events for all channels. Commit 2af51483 broke all agent interaction if a channel other than the agent closes since it did not check that the event actually originated from the guest agent channel. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1236924 Fixes up: https://bugzilla.redhat.com/show_bug.cgi?id=890648 2015-06-30 John Ferlan storage: Set correct vol->type at VolCreate https://bugzilla.redhat.com/show_bug.cgi?id=1227664 If the requested format type for the new entry in the file system pool is a 'dir', then be sure to set the vol->type correctly as would be done when the pool is refreshed. 2015-06-30 Andrea Bolognani Fix typo incomaptible -> incompatible 2015-06-30 Jiri Denemark qemu: Fix assignment of the default spicevmc channel name Make sure we only assign the default spicevmc channel name to spicevmc virtio channels. Caused by commits 3269ee65 and 1133ee2b, which moved the assignment from XML parsing code to QEMU but failed to keep the logic. https://bugzilla.redhat.com/show_bug.cgi?id=1179680 2015-06-29 Jiri Denemark qemuxml2argv: Remove Haswell CPU from unrelated tests Proper Haswell CPU model handling is tested in several qemuxml2argv-cpu-* which are run in a special environment. Let's remove the CPU model from other tests to make them less fragile. 2015-06-28 Martin Kletzander Revert "Change livbirt version to 1.3.0 for the next release" This reverts commit 9a8d916e89173890d7f7ce538b1ab781192b8440. Also some changes that were introduced after that commit are fixed to use 1.2.17 instead of 1.3.0 2015-06-28 Martin Kletzander Temporarily disable admin API Don't listen on the admin socket in the daemon and comment out the admin devel files out of specfile. Library is still being compiled and installed in order to link easily without any disturbing modifications to the daemon code. 2015-06-28 Martin Kletzander spec: Remove admin package specification Its only file must be included in the daemon package anyway, since the daemon is linked with the admin library and so then it's just an empty package until we have virt-admin binary which we can decide later on whether to just move it to clients or create a new package for it. 2015-06-27 John Ferlan qemu: Resolve Coverity RESOURCE_LEAK Commit id '15fa84acb' added the alias fetch, but forgot to free it. 2015-06-27 John Ferlan docs: Clarification for when allowed to use 'lun' for "volume" While re-reading what I wrote for commit id '785a8940e', I realized I needed to clarify that being able to present as a 'lun', the mode property for the pool source element needed to be "host" (or empty) and not "direct". It was described correctly later in the mode host description, but this just ensures it's not missed here as well. 2015-06-27 Laine Stump docs: document when pcie-root/dmi-to-pci-bridge support was added Also move the mention of version numbers for the various PCI controller models up to the end of the sentence where they are first given, to avoid confusion. 2015-06-27 Laine Stump qemu: ignore assumptions about hotplug requirement when address is from config Certain PCI buses don't support hotplug, and when automatically assigning PCI addresses for devices, libvirt is very conservative in its assumptions about whether or not a device will need to be hotplugged/unplugged in the future. But if the user manually assigns an address, they likely are aware of any hotplug requirements of the device (or at least they should be). In short, after this patch, automatically PCI address assignment will assume that the device must be plugged in to a hot-pluggable slot, but manually assignment can place the device in any bus that is compatible, regardless of whether or not it supports hotplug. If the user makes a mistake and plugs the device into a bus that doesn't support hotplug, then later tries to do a hot-unplug, qemu will give an appropriate error. (in the future we may want to add a "hotpluggable" attribute to all devices, with default being "yes" for autoassign, and "no" for manual assign). 2015-06-27 Laine Stump qemu: always permit PCI devices to be manually assigned to a PCIe bus When support for the pcie-root and dmi-to-pci-bridge buses on a Q35 machinetype was added, I was concerned that even though qemu at the time allowed plugging a PCI device into a PCIe port, that it might not be supported in the future. To prevent painful backtracking in the possible future where this happened, I disallowed such connections except in a few specific cases requested by qemu developers (indicated in the code with the flag VIR_PCI_CONNECT_TYPE_EITHER_IF_CONFIG). Now that a couple years have passed, there is a clear message from qemu that there is no danger in allowing PCI devices to be plugged into PCIe ports. This patch eliminates VIR_PCI_CONNECT_TYPE_EITHER_IF_CONFIG and changes the code to always allow PCI->PCIe or PCIe->PCI connection *when the PCI address is specified in the config. (For newly added devices that haven't yet been given a PCI address, the auto-placement still prefers using the correct type of bus). 2015-06-27 Laine Stump qemu: refactor qemuBuildControllerDevStr to eliminate future duplicate code The PCI case of the switch statement in this function contains another switch statement with a case for each model. Currently every model except pci-root and pcie-root has a check for index > 0 (since only those two can have index==0), and the function should never be called for those two anyway. If we move the check for !pci[e]-root to the top of the pci case, then we can move the check for index > 0 out of the individual model cases. This will save repeating that check for the three new controller models about to be added. 2015-06-26 Peter Krempa test: qemu: Make sure that wr_highest_offset_valid gets set properly Remove one instance of the field being present so that the code that sets that flag can be tested. qemu: monitor: Remove qemuMonitorGetBlockExtent Now that qemuMonitorGetAllBlockStatsInfo collects also wr_highest_offset the whole function can be killed. qemu: Refactor qemuDomainGetBlockInfo Change the code so that it queries the monitor when the VM is alive. 2015-06-26 Peter Krempa qemu: monitor: Open-code retrieval of wr_highest_offset Instead of using qemuMonitorJSONDevGetBlockExtent (which I plan to remove later) extract the data in place. Additionally add a flag that will be set when the wr_highest_offset was extracted correctly so that callers can act according to that. The test case addition should help make sure that everything works. 2015-06-26 Peter Krempa qemu: monitor: Fix indentation in qemuMonitorJSONGetOneBlockStatsInfo internal: Introduce virCheckNonEmptyStringArgGoto and reuse it The helper makes sure that strings passed to APIs are non-NULL and non-empty. This allows to drop some inlined checks where it does not make sense. 2015-06-26 Peter Krempa vz: Fix build after recent commit Function prlsdkGetStatsParam was missing a prototype or the static keyword. I went with static since it built successfully. Pushed as a build breaker fix. 2015-06-26 Nikolay Shirokovskiy vz: add memory statistics Implemented counters: VIR_DOMAIN_MEMORY_STAT_SWAP_IN VIR_DOMAIN_MEMORY_STAT_SWAP_OUT VIR_DOMAIN_MEMORY_STAT_MINOR_FAULT VIR_DOMAIN_MEMORY_STAT_MAJOR_FAULT VIR_DOMAIN_MEMORY_STAT_AVAILABLE VIR_DOMAIN_MEMORY_STAT_ACTUAL_BALLOON VIR_DOMAIN_MEMORY_STAT_UNUSED Comments. 1. Use vzDomObjFromDomainRef/virDomainObjEndAPI pair to get domain object as we use prlsdkGetStatsParam. See previous statistics comments. 2. Balloon statistics is not applicable to containers. Fault statistics for containers not provided in PCS6 yet. 2015-06-26 Nikolay Shirokovskiy vz: add vcpu statistics Comments. Replace vzDomObjFromDomain/virObjectUnlock pair to vzDomObjFromDomainRef/virDomainObjEndAPI as we use prlsdkGetStatsParam. See previous statistics comments. 2015-06-26 Nikolay Shirokovskiy vz: cleanup, make in par net device lookup functions Make net device lookup by mac return sdk handle instead of quite ephemeral enumeration index. After this change there is no need anymore in special function of removing device by enumeration index. 2015-06-26 Nikolay Shirokovskiy vz: add net dev statistiscs Populate counters SDK currenly supports: rx_bytes rx_packets tx_bytes tx_packets Comments. Use vzDomObjFromDomainRef/virDomainObjEndAPI pair to get domain object as we use prlsdkGetStatsParam that can release domain object lock and thus we need a reference in case domain is deleated meanwhile. 2015-06-26 Michal Privoznik docs: Don't keep temporary files around In my previous fix (1310b1358) I've tried to solve an ordering issue. Well, while it worked it has a side effect of keeping a temporary file around. My patch was buggy in that sense. Solve this by properly marking the dependency without any side effect. vz_utils: Reformat Honour our formatting style. Adjust indentation so it matches the rest of our code. vz_storage: Reformat Honour our formatting style. Adjust indentation so it matches the rest of our code. vz_sdk: Reformat Honour our formatting style. Adjust indentation so it matches the rest of our code. vz_network: Reformat Honour our formatting style. Adjust indentation so it matches the rest of our code. vz_driver: Reformat Honour our formatting style. Adjust indentation so it matches the rest of our code. 2015-06-26 Michal Privoznik qemuBuildMemoryBackendStr: Honour passed @pagesize So far the argument has not much meaning and was practically ignored. This is not good since when doing memory hotplug, the size of desired hugepage backing is passed in that argument. Taking closer look at the tests I'm fixing reveals the bug. For instance, while the following is in the test: 1-3 4096 524287 0
    the generated commandline corresponding to this XML was: -object memory-backend-ram,id=memdimm0,size=536870912,\ host-nodes=1-3,policy=bind Have you noticed? Yes, memory-backend-ram! Nothing can be further away from the right answer. The hugepage backing is requested in the XML and we happily ignore it. This is just not right. It's memory-backend-file which should have been used: -object memory-backend-file,id=memdimm0,prealloc=yes,\ mem-path=/dev/hugepages4M/libvirt/qemu,size=536870912,\ host-nodes=1-3,policy=bind The problem is, that @pagesize passed to qemuBuildMemoryBackendStr (where this part of commandline is built) was ignored. The hugepage to back memory was searched only and only by NUMA nodes pinning. This works only for regular guest NUMA nodes. Then, I'm changing the hugepages size in the test XMLs too. This is simply because in the test suite we create dummy mount points just for 2M and 1G hugepages. And in the test 4M was requested. I'm sticking to 2M, but 1G should just work too. 2015-06-26 Michal Privoznik qemuBuildMemoryBackendStr: Fix hugepages lookup process https://bugzilla.redhat.com/show_bug.cgi?id=1196644 This function constructs the backend (host facing) part of the memory device. At the beginning, the configured hugepages are searched to find the best match for given guest NUMA node. Configured hugepages can have a @nodeset attribute to specify on which guest NUMA nodes should be the hugepages backing used. There is, however, one 'corner case'. Users may just tell 'use hugepages to back all the nodes'. In other words: Our code fails in this case. Well, since there's no @nodeset (nor any child element to ) we fail to lookup the default hugepage size to use. 2015-06-26 Luyao Huang conf: Format scheduler priority when it is zero https://bugzilla.redhat.com/show_bug.cgi?id=1235116 According to our XML definition, zero is as valid as any other value. Mainly because it should be kernel-agnostic. 2015-06-25 Peter Krempa test: Refactor testNodeGetCPUMap Drop locking of the driver since it is not accessed and simplify the code flow. 2015-06-25 Peter Krempa test: Refactor vcpu pinning and vcpu info retrieval Drop internal data structures and use the proper fields in virDomainDef. This allows to greatly simplify the code and allows to remove the private data structure that was holding just redundant data. This patch also fixes the bogous output where we'd report that a fresh VM without vCPU pinning would not run on all vcpus. 2015-06-25 Peter Krempa test: Refactor testDomainSetVcpusFlags Remove the bogus flag check and refactor the code by using virDomainObjGetDefs instead of virDomainObjGetPersistentDef. test: Refactor test driver domain object retrieval Reuse testDomObjFromDomain to retrieve domain objects in the rest of the test driver instead of open-coding it in every API. 2015-06-25 Peter Krempa test: Drop locked access to testDriver->domains Only self-locking APIs are used and the pointer is immutable so there's no need to lock the driver to access the domain list. This patch removes locking partially for everything that will not be converted to testDomObjFromDomain in the next patch. 2015-06-25 Peter Krempa test: Finalize removal of locking from driver->eventState Don't lock the driver when registering event callbacks. test: Refactor test driver event sending Make testObjectEventQueue tolerant to NULL @event and move it so that it does not require a prototype. Additionally we are now able to remove locking when accessing driver->eventState, since it's using self-locking APIs and the pointer is immutable. test: Use atomic access to @nextDomID in struct virTestDriver test: Annotate few fields of testDriver structure Some of the fields are either immutable or self locking, so make a note of that for future reference. test: Drop unused attribute @path from testDriver struct It's filled and then freed, but not used anywhere else. test: Extract common parts of test driver data allocation test: Extract code to free testDriver into testDriverFree Avoid reimplementing it 3 times. test: turn 'defaultConn' into a pointer test: Drop useless forward declaration test: Rename testConn to testDriver 2015-06-25 Luyao Huang qemu: Avoid removing persistent config if migration fails When migration fails in qemuMigrationPrepareAny, we unconditionally call qemuDomainRemoveInactive, which should only be called for transient domains. The check for !vm->persistent was accidentally removed by commit 540c339. 2015-06-25 Michal Privoznik vz: Adapt to driver rename In the e6d180f07fb06 commit the parallels driver was renamed to vz. However, there was a commit merged later, which was sent to the list before the rename. The other commit is 6de12b026b73. Fix all the missing renames. 2015-06-25 Eric Blake json: enhance parser test We already enable the parser option to detect invalid UTF-8, but didn't test it. Also, JSON states that behavior of an object with a duplicated key is undefined; we chose to reject it, but were not testing it. With the enhanced tests in place, we can simplify yajl2 initialization by relying on parser defaults being sane. * src/util/virjson.c (virJSONValueFromString): Simplify. * tests/jsontest.c (mymain): Test more bad usage. 2015-06-25 Eric Blake json: even stricter trailing garbage detection Since older yajl ignores trailing garbage, a client can cause problems by intentionally ending the wrapper array early. Since we already track nesting, it's not too much harder to reject invalid nesting pops. * src/util/virjson. (_virJSONParser): Add field. (virJSONValueFromString): Set witness. (virJSONParserHandleEndArray): Use it to catch abuse. * tests/jsontest.c (mymain): Test it. 2015-06-25 Eric Blake json: reject trailing garbage Yajl 2 has a nice feature that it can be configured whether to allow multiple JSON objects parsed from a single stream, defaulting to off. And yajl 1.0.12 at least provided a way to tell if all input bytes were parsed, or if trailing bytes remained after a valid JSON object was parsed. But we target RHEL 6 yajl 1.0.7, which has neither of these. So fake it by always parsing '[...]' instead, so that trailing garbage either trips up the array parse, or is easily detected when unwrapping the result. * src/util/virjson.c (virJSONValueFromString): With older json, wrap text to avoid trailing garbage. * tests/jsontest.c (mymain): Add tests for this. 2015-06-25 Eric Blake json: reject javascript comments We have been allowing javascript style comments in JSON ever since commit 9428f2c (v0.7.5), but qemu doesn't send them, and they are not strict JSON. Reject them for now; if we can later prove that it is worthwhile, we can reinstate it at that point (or even make it conditional, by adding a bool parameter to the libvirt entry point). * src/util/virjson.c (virJSONValueFromString): Don't enable comment parsing. * tests/jsontest.c (mymain): Test it. 2015-06-25 Eric Blake json: cope with older yajl semantics Commit ceb496e5 fails on RHEL 6, with yajl 1.0.7, because that version of yajl returns yajl_status_insufficient_data when the parser is waiting for the rest of a token (this enum value was dropped in yajl 2, so we have to wrap it). It also exposes a problem where older yajl silently ignores trailing garbage after a successful parse, so this patch works around that by changing the testsuite. Another more invasive patch can add tighter semantics to json parsing, but this is sufficient for a minimal clean backport. While touching this, fix up our error message cleanup. Yajl documents that error messages produced by yajl_get_error() MUST be cleaned with yajl_free_error(); this is certainly true if we were to pass non-NULL allocator callbacks during yajl_alloc(), but probably harmless in our usage of passing NULL. But better safe than sorry. * src/util/virjson.c (virJSONValueFromString): Allow different error code. Use canonical cleanup of error message. (VIR_YAJL_STATUS_OK): New helper macro. * tests/jsontest.c (mymain): Wrap text to avoid difference in trailing garbage handling 2015-06-25 Dmitry Guryanov vz: fix syntax-check errors Remove braces around single-statement blocks in vz_sdk.c 2015-06-24 Mikhail Feoktistov vz: implementation of attach/detach network devices In this patch we add VIR_DOMAIN_DEVICE_NET handlers implementation for domainAttachDevice and domainDetachDevice callbacks. As soon as we don't support this operation for hypervisor type domains, we implement this functionality for containers only. In detach procedure we find network device by MAC address. Because PrlVmDevNet_GetMacAddress() returns MAC as a UTF-8 encoded null-terminated string, we use memcmp() to compare it. Also we remove corresponding virtual network by prlsdkDelNetAdapter call. 2015-06-24 Boris Fiuczynski Test for the new watchdog model diag288 Adding a test for the new watchdog model diag288. 2015-06-24 Boris Fiuczynski Support for the new watchdog model diag288 This patch provides support for the new watchdog model "diag288". Reviewed-by: Daniel Hansel Reviewed-by: Stefan Zimmermann Reviewed-by: Tony Krowiak 2015-06-24 Boris Fiuczynski Test for the new watchdog action inject-nmi Adding a test for the new watchdog action "inject-nmi". 2015-06-24 Boris Fiuczynski Support for a new watchdog action inject-nmi This patch provides support for a new watchdog action "inject-nmi" which allows to define an inject of a non-maskable interrupt into a guest. Reviewed-by: Daniel Hansel Reviewed-by: Stefan Zimmermann Reviewed-by: Tony Krowiak 2015-06-24 John Ferlan scsi: Force error for SCSI pools on virStorageBackendSCSIFindLUs failure Related to : https://bugzilla.redhat.com/show_bug.cgi?id=1171933 Rather than ignore the return status from virStorageBackendSCSIFindLUs, cause a failure to start the pool if a -1 is returned. Issue was noted during testing of the bz for iscsi that 'scsi' and 'fc' pools don't fail. 2015-06-24 Michal Privoznik vircapstest: Properly report error for failed tests There are two macros used in the test: CAPSCOMP and CAPS_EXPECT_ERR. Both run a test case and if a failure occurred, they set the @ret variable to a value of -1 to indicate an error. Well, that's what they should do. Due to a typo, they set the variable to a positive one effectively masking any failed test. Then, we have couple of tests failing. Fix them too. 2015-06-24 John Ferlan conf: Adjust invalid secrettype setting during parse Commit id '1feaccf0' attempted to handle an empty secrettype value; however, it made a mistake by processing the secretType as if it was the original secrettype string. The 'secretType' is actually whether 'usage' or 'uuid' was used. Thus adjust part of the change to make the same check for def->src->type != VIR_STORAGE_TYPE_VOLUME before setting auth_secret_usage from the secrettype field. Luckily the aforementioned commits misdeed would be overwritten by the call to virStorageTranslateDiskSourcePool 2015-06-24 Luyao Huang conf: improve the way we format blkiotune and cputune Just refactor existing code to use a child buf instead of check all element before format and . This will avoid the more and more bigger element check during we introduce new elements in and in the future. 2015-06-24 Martin Kletzander docs: Fix trivial copy-paste error 2015-06-24 Luyao Huang Improve some errors for openconsole/channel Functions like virDomainOpenConsole() and virDomainOpenChannel() accept NULL as a dev_name parameter. Try using alias for the error message if dev_name is not specified. Before: error: internal error: character device is not using a PTY After: error: internal error: character device serial0 is not using a PTY 2015-06-24 Peter Krempa conf: Enforce scheduler name when parsing XML We require the scheduler name attribute in the schemas but the code would actually be fine when it was omitted. Make it mandatory. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1234729 2015-06-23 Michal Privoznik docs: Properly mark acl.html dependencies The acl.html file includes aclperms.htmlinc which is generated. However, acl.html is generated too from acl.html.tmp. And in fact, this is the place where the aclperms file is needed. Fix the dependency in Makefile. 2015-06-23 John Ferlan storage: Force setting of disk format type Commit id '832a9256' adjusted the code to recognize when the default type of "unknown" was provided as the format type and to use "dos" if found. Since the pool is built with "dos" and it could cause some confusion when formatting the XML after building by seeing "unknown" in the output, let's just adjust the pool's setting to "dos" so that subsequent formats will see the value. docs: Adjust Disk storage rng Currently the grammar uses "none" for a "valid" Disk Storage Pool format type; however, virStoragePoolFormatDisk uses "unknown" so virt-xml-validate will fail to validate when "unknown" is found 2015-06-23 Martin Kletzander admin: Fix mingw build by reordering includes By trying to lead the way of clean includes, I sorted the lines alphabetically and that is a problem for mingw builds with gnulib. As 'configmake.h' defines DATADIR and 'datatypes.h' transitively includes 'winsock.h' that uses 'DATADIR' as a name for a struct, it's enough to reorder those. Even though this might be worked around in gnulib later on, this fixes the build for now. 2015-06-23 Eric Farman docs: Correct typos in scsi hostdev and address elements The type='scsi' parameter of an address element is ignored if placed within a hostdev section, and rejected by the XML schema used by virt-xml-validate. Remove it from the doc, and correct a typo in the remaining address arguments. Reviewed-by: Matthew Rosato Reviewed-by: Stefan Zimmermann Reviewed-by: Boris Fiuczynski 2015-06-23 Eric Farman docs: Fix XML schema handling of LUN address in hostdev tag Defining a domain with a SCSI disk attached via a hostdev tag and a source address unit value longer than two digits causes an error when editing the domain with virsh edit, even if no changes are made to the domain definition. The error suggests invalid XML, somewhere: # virsh edit lmb_guest error: XML document failed to validate against schema: Unable to validate doc against /usr/local/share/libvirt/schemas/domain.rng Extra element devices in interleave Element domain failed to validate content The virt-xml-validate tool fails with a similar error: # virt-xml-validate lmb_guest.xml Relax-NG validity error : Extra element devices in interleave lmb_guest.xml:17: element devices: Relax-NG validity error : Element domain failed to validate content lmb_guest.xml fails to validate The hostdev tag requires a source address to be specified, which includes bus, target, and unit address attributes. According to the SCSI Architecture Model spec (section 4.9 of SAM-2), a LUN address is 64 bits and thus could be up to 20 decimal digits long. Unfortunately, the XML schema limits this string to just two digits. Similarly, the target field can be up to 32 bits in length, which would be 10 decimal digits. # lsscsi -xx [0:0:19:0x4022401100000000] disk IBM 2107900 3.44 /dev/sda # lsscsi [0:0:19:1074872354]disk IBM 2107900 3.44 /dev/sda # cat lmb_guest.xml lmb_guest 1024 ...trimmed...
    ...trimmed... Since the reference unit and target fields are used in several places in the XML schema, create a separate one specific for SCSI Logical Units that will permit the greater length. This permits both the validation utility and the virsh edit command to succeed when a hostdev tag is included. Reviewed-by: Matthew Rosato Reviewed-by: Stefan Zimmermann Reviewed-by: Boris Fiuczynski 2015-06-23 Eric Farman Convert SCSI logical unit from unsigned int to unsigned long long The SCSI Architecture Model defines a logical unit address as 64-bits in length, so change the field accordingly so that the entire value could be stored. Print SCSI address attributes bus, target, unit as unsigned integer The address elements are all unsigned integers, so we should use the appropriate print directive when printing it. Read SCSI address attributes bus, target, unit as positive integer The SCSI address element attributes bus, target, and unit are expected to be positive values, so make sure no one provides a negative value since the value is stored as an unsigned. 2015-06-23 Eric Blake qemu: simplify json parsing Rather than grabbing an arbitrary JSON value and then checking if it has the right type, we might as well request the correct type to begin with. * src/qemu/qemu_monitor_json.c (qemuMonitorJSONIOProcessEvent) (qemuMonitorJSONCommandWithFd, qemuMonitorJSONHandleGraphics) (qemuMonitorJSONGetStatus, qemuMonitorJSONExtractCPUInfo) (qemuMonitorJSONGetVirtType, qemuMonitorJSONGetBalloonInfo) (qemuMonitorJSONGetMemoryStats) (qemuMonitorJSONDevGetBlockExtent) (qemuMonitorJSONGetOneBlockStatsInfo) (qemuMonitorJSONGetAllBlockStatsInfo) (qemuMonitorJSONBlockStatsUpdateCapacityOne) (qemuMonitorJSONBlockStatsUpdateCapacity) (qemuMonitorJSONGetBlockExtent) (qemuMonitorJSONGetMigrationStatusReply) (qemuMonitorJSONGetDumpGuestMemoryCapability) (qemuMonitorJSONAddFd, qemuMonitorJSONQueryRxFilterParse) (qemuMonitorJSONExtractChardevInfo) (qemuMonitorJSONDiskNameLookupOne) (qemuMonitorJSONDiskNameLookup) (qemuMonitorJSONGetAllBlockJobInfo) (qemuMonitorJSONBlockIoThrottleInfo, qemuMonitorJSONGetVersion) (qemuMonitorJSONGetMachines, qemuMonitorJSONGetCPUDefinitions) (qemuMonitorJSONGetCommands, qemuMonitorJSONGetEvents) (qemuMonitorJSONGetKVMState, qemuMonitorJSONGetObjectTypes) (qemuMonitorJSONGetObjectListPaths) (qemuMonitorJSONGetObjectProps, qemuMonitorJSONGetTargetArch) (qemuMonitorJSONGetMigrationCapabilities) (qemuMonitorJSONGetStringArray, qemuMonitorJSONAttachCharDev) (qemuMonitorJSONGetCPUx86Data, qemuMonitorJSONGetIOThreads) (qemuMonitorJSONGetMemoryDeviceInfo): Use shorter idioms. 2015-06-23 Eric Blake json: make it easier to type-check when getting from object While working in qemu_monitor_json, I repeatedly found myself getting a value then checking if it was an object. Add some wrappers to make this task easier. * src/util/virjson.c (virJSONValueObjectGetByType) (virJSONValueObjectGetObject, virJSONValueObjectGetArray): New functions. (virJSONValueObjectGetString, virJSONValueObjectGetNumberInt) (virJSONValueObjectGetNumberUint) (virJSONValueObjectGetNumberLong) (virJSONValueObjectGetNumberUlong) (virJSONValueObjectGetNumberDouble) (virJSONValueObjectGetBoolean): Simplify. (virJSONValueIsNull): Change return type. * src/util/virjson.h: Reflect changes. * src/libvirt_private.syms (virjson.h): Export them. * tests/jsontest.c (testJSONLookup): New test. 2015-06-23 Eric Blake json: fully parse input string I was adding a JSON test, and was shocked to find out our parser treated the input string of "1" as invalid JSON. It turns out that YAJL specifically documents that it buffers input, and that if the last input read could be a prefix to a longer token, then you have to explicitly tell the parser that the buffer has ended before that token will be processed. It doesn't help that yajl 2 renamed the function from what it was in yajl 1. * src/util/virjson.c (virJSONValueFromString): Complete parse, in case buffer ends in possible token prefix. * tests/jsontest.c (mymain): Expose the problem. 2015-06-22 Peter Krempa test: Switch to reference counting with testDomObjFromDomain Retrieve domain objects with reference and release them with virDomainObjEndAPI. test: Reuse virDomainObjGetOneDef in testDomainGetVcpusFlags The test driver copies the domain definition correctly so we can reuse the helper. 2015-06-22 Peter Krempa virsh: blockcopy: Report error if the copy job fails When the block job would fail while watching it using the "--wait" option for blockcopy, virsh would rather unhelpfully report: $ virsh blockcopy vm hdc /tmp/raw.img --granularity 4096 --verbose --wait Now in mirroring phase Add a special case when the block job vanishes while waiting for it to finish to improve the message: $ virsh blockcopy vm hdc /tmp/raw.img --granularity 8192 --verbose --wait error: Block Copy unexpectedly failed 2015-06-22 Michal Privoznik virQEMUCapsComputeCmdFlags: Indent correctly There's a small formatting problem in the function. One line is not correctly indented. Fix this. 2015-06-22 Peter Krempa qemu: caps: Fix syntax-check failure in version based capabilities A single-line 'if' body should not be encased in curly braces. Our syntax-check enforces it. Introduced in 7f3515b4bb677d0ead1887547efc844 2015-06-22 Pavel Fedin Introduce QEMU_CAPS_ARM_VIRT_PCI This capability specifies that "virt" machine on ARM has PCI controller. Enabled when version is at least 2.3.0. 2015-06-20 Ian Campbell libxl: avoid freeing an uninitialised bitmap If vm->def->cputune.nvcpupin is 0 in libxlDomainSetVcpuAffinities (as seems to be the case on arm) then the VIR_FREE after cleanup: would be operating on an uninitialised pointer in map.map. Fix this by using libxl_bitmap_init and libxl_bitmap_dispose in the appropriate places (like VIR_FREE, libxl_bitmap_dispose is also idempotent, so there is no double free on exit from the loop). libxl_bitmap_dispose is slightly preferable since it also sets map.size back to 0, avoiding a potential source of confusion. This fixes the crashes we've been seeing in the Xen automated tests on ARM. I had a glance at the handful of other users of libxl_bitmap and none of them looked to have a similar issue. 2015-06-19 Vasiliy Tolstov update sheepdog client] update sheepdog client path Nnever sheepdog versions have dog client binary while old have collie. Check them both. 2015-06-19 Jiri Denemark qemu: cancel drive mirrors when p2p connection breaks When a connection to the destination host during a p2p migration drops, we know we will have to cancel the migration; it doesn't make sense to waste resources by trying to finish the migration. We already do so after sending "migrate" command to QEMU and we should do it while waiting for drive mirrors to become ready too. qemu: Refactor qemuMigrationWaitForCompletion Checking status of all part of migration and aborting it when something failed is a complex thing which makes the waiting loop hard to read. This patch moves all the checks into a separate function similarly to what was done for drive mirror loops. qemu: Don't pass redundant job name around Instead of passing current job name to several functions which already know what the current job is we can generate the name where we actually need to use it. qemu: Refactor qemuMigrationUpdateJobStatus Once we start waiting for migration events instead of polling query-migrate, priv->job.current will not be regularly updated anymore because we will get the current status directly from the events. Thus virDomainGetJob{Info,Stats} will have to query QEMU, but they can't just blindly update priv->job.current structure. This patch introduces qemuMigrationFetchJobStatus which just fills in a caller supplied structure and makes qemuMigrationUpdateJobStatus a tiny wrapper around it. qemu: Refactor qemuDomainGetJob{Info,Stats} Move common parts of qemuDomainGetJobInfo and qemuDomainGetJobStats into a separate API (qemuDomainGetJobStatsInternal). qemu: Do not poll for spice migration status QEMU_CAPS_SEAMLESS_MIGRATION capability says QEMU supports SPICE_MIGRATE_COMPLETED event. Thus we can just drop all code which polls query-spice and replace it with waiting for the event. qemu_monitor: Wire up SPICE_MIGRATE_COMPLETED event qemu: Use domain condition for asyncAbort To avoid polling for asyncAbort flag changes. qemu: Cancel disk mirrors after libvirtd restart When libvirtd is restarted during migration, we properly cancel the ongoing migration (unless it managed to almost finished before the restart). But if we were also migrating storage using NBD, we would completely forget about the running disk mirrors. qemu: Refactor qemuMonitorBlockJobInfo "query-block-jobs" QMP command returns all running block jobs at once, while qemuMonitorBlockJobInfo would only report one. This is not very nice in case we need to check several block jobs. This patch refactors the monitor code to always parse all block jobs and store them in a hash. qemu: Make qemuMigrationCancelDriveMirror usable without async job We don't have an async job when reconnecting to existing domains after libvirtd restart. Pass domain object to private data formatter/parser So that they can format private data (e.g., disk private data) stored elsewhere in the domain object. 2015-06-19 Jiri Denemark qemu: Don't mess with disk->mirrorState This patch reverts commit 76c61cdca20c106960af033e5d0f5da70177af0f. VIR_DOMAIN_DISK_MIRROR_STATE_ABORT says we asked for a block job to be aborted rather than saying it was aborted. Let's just use VIR_DOMAIN_DISK_MIRROR_STATE_NONE consistently whenever a block job finishes since no caller depends on VIR_DOMAIN_DISK_MIRROR_STATE_ABORT (anymore) to check whether a block job failed or it was cancelled. 2015-06-19 Jiri Denemark qemu: Abort migration early if disk mirror failed Abort migration as soon as we detect that some of the disk mirrors failed. There's no sense in trying to finish memory migration first. 2015-06-19 Jiri Denemark qemu: Cancel storage migration in parallel Instead of cancelling disk mirrors sequentially, let's just call block-job-cancel for all migrating disks and then wait until all disappear. In case we cancel disk mirrors at the end of successful migration we also need to check all block jobs completed successfully. Otherwise we have to abort the migration. 2015-06-19 Jiri Denemark qemu: Use domain condition for synchronous block jobs By switching block jobs to use domain conditions, we can drop some pretty complicated code in NBD storage migration. 2015-06-19 Jiri Denemark qemu: Properly report failed migration Because we are polling we may detect some errors after we asked QEMU for migration status even though they occurred before. If this happens and QEMU reports migration completed successfully, we would happily report the migration succeeded even though we should have cancelled it because of the other error. In practise it is not a big issue now but it will become a much bigger issue once the check for storage migration status is moved inside the loop in qemuMigrationWaitForCompletion. 2015-06-19 Jiri Denemark qemu: Introduce qemuBlockJobUpdate The wrapper is useful for calling qemuBlockJobEventProcess with the event details stored in disk's privateData, which is the most likely usage of qemuBlockJobEventProcess. conf: Introduce per-domain condition variable Complex jobs, such as migration, need to monitor several events at once, which is impossible when each of the event uses its own condition variable. This patch adds a single condition variable to each domain object. This variable can be used instead of the other event specific conditions. 2015-06-19 Michal Privoznik virNetServerServiceClose: Don't leak sockets Well, if a server is being destructed, all underlying services and their sockets should disappear with it. But due to bug in our implementation this is not the case. Yes, we are closing the sockets, but that's not enough. We must also: 1) Unregister them from the event loop 2) Unref the service for each socket The last step is needed, because each socket callback holds a reference to the service object. Since in the first step we are unregistering the callbacks, they no longer need the reference. 2015-06-19 Michal Privoznik virNetSocket: Fix @watch corner case Although highly unlikely, nobody says that virEventAddHandle() can't return 0 as a handle to socket callback. It can't happen with our default implementation since all watches will have value 1 or greater, but users can register their own callback functions (which can re-use unused watch IDs for instance). If this is the case, weird things may happen. Also, there's a little bug I'm fixing too, upon virNetSocketRemoveIOCallback(), the variable holding callback ID was not reset. Therefore calling AddIOCallback() once again would fail. Not that we are doing it right now, but we might. 2015-06-19 Michal Privoznik virNetSocketRemoveIOCallback: Be explicit about unref When going through the code I've notice that virNetSocketAddIOCallback() increases the reference counter of @socket. However, its counter part RemoveIOCallback does not. It took me a while to realize this disproportion. The AddIOCallback registers our own callback which eventually calls the desired callback and then unref the @sock. Yeah, a bit complicated but it works. So, lets note this hard learned fact in a comment in RemoveIOCallback(). daemonSetupNetworking: Don't leak services When setting up the daemon networking, new services are created. These services then have sockets to listen on. Once created, the service objects are added to corresponding server object. However, during that process, server increases reference counter of the service object. So, at the end of the function, we should decrease it again. This way the service objects will have only 1 reference, but that's okay since servers are the only objects having a reference. 2015-06-19 Peter Krempa lib: setvcpus: Remove bogus flag check Since VIR_DOMAIN_AFFECT_CURRENT is 0 the flag check does not make sense as masking @flags with 0 will always equal to false. 2015-06-18 John Ferlan scsi: Adjust return status from getBlockDevice https://bugzilla.redhat.com/show_bug.cgi?id=1224233 Currently it's not possible to determine the difference between a fatal memory allocation or failure to open/read the directory error with a perhaps less fatal, I didn't find the "block" device in the directory (which may be a disk entry without a block device). In the case of the latter, we shouldn't cause failure to continue searching in the caller (virStorageBackendSCSIFindLUs), rather we should allow trying reading the next directory entry. 2015-06-18 Pavel Boldin virsh: selective block device migration Add `virsh migrate' option `--migrate-disks' that allows CLI user to explicitly specify block devices to migrate. 2015-06-18 Pavel Boldin qemu: migration: selective block device migration https://bugzilla.redhat.com/show_bug.cgi?id=1203032 Implement a `migrate_disks' parameters for the QEMU driver. This multi- value parameter can be used to explicitly specify what block devices are to be migrated using the NBD server. Tunnelled migration using NBD is to be done. 2015-06-18 Pavel Boldin util: add virTypedParamsAddStringList The `virTypedParamsAddStringList' function provides interface to add a NULL-terminated array of string values as a multi-value to the params. 2015-06-18 Pavel Boldin util: virTypedParams{Filter,GetStringList} Add multikey API: * virTypedParamsFilter that filters all the parameters with specified name. * virTypedParamsGetStringList that returns a list with all the values for specified name and string type. 2015-06-18 Pavel Boldin util: multi-value parameters in virTypedParamsAdd* Allow multi-value parameters to be build using virTypedParamsAdd* functions by removing check for duplicates. 2015-06-18 Pavel Boldin util: multi-value virTypedParameter The `virTypedParamsValidate' function now can be instructed to allow multiple entries for some of the keys. For this flag the type with the `VIR_TYPED_PARAM_MULTIPLE' flag. Add unit tests for this new behaviour. 2015-06-18 Michal Privoznik qemuMigrationDriveMirror: Force raw format for NBD When playing with disk migration lately, I've noticed this warning in domain logs: WARNING: Image format was not specified for 'nbd://masina:49153/drive-virtio-disk0' and probing guessed raw. Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted. Specify the 'raw' format explicitly to remove the restrictions. So I started digging into qemu source code to see what has triggered the warning. I'd expect qemu to know formats of guest's disks since we tell them on command line. This lead me to qmp_drive_mirror() where the following can be found: if (!has_format) { format = mode == NEW_IMAGE_MODE_EXISTING ? NULL : bs->drv->format_name; } So, format is automatically initialized from the disk iff mode != "existing". Unfortunately, in migration we are tied to use this mode (NBD doesn't support creating new images). Therefore the only way to avoid this warning is to pass format. The discussion on the mail-list [1] resulted in the code that always forces NBD export as "raw" format. [1] https://www.redhat.com/archives/libvir-list/2015-June/msg00153.html 2015-06-18 Michal Privoznik qemuMigrationBeginPhase: Fix function header indentation This function is returning a string (domain XML). Since d3ce7363 when it was first introduced, it was indented incorrectly: static char *qemuMigrationBeginPhase(..) 2015-06-18 Michal Privoznik virDomainDiskGetSource: Mark passed disk as 'const' The disk is not changed anywhere in the function. Mark this fact in the function header too. 2015-06-18 Peter Krempa qemu: Fix double space in error message in qemuDomainGetVcpusFlags 2015-06-18 Peter Krempa qemu: Jump to correct label in qemuDomainPinIOThread If virDomainObjGetDefs used in qemuDomainPinIOThread would fail the code would jump to the 'cleanup' label after acquiring the job, thus the VM would be locked forever. Introduced in commit cac6d639. 2015-06-18 Peter Krempa conf: Move vcpu info parsing code into a separate function qemu: 'privileged' flag is not really configuration The privileged flag will not change while the configuration might change. Make the 'privileged' flag member of the driver again and mark it immutable. Should that ever change add an accessor that will group reads of the state. qemu: Reuse virDomainObjGetDefs in qemuDomainGetMemoryParameters Simplify the code by restructuring control flow and reusing the better helper. qemu: Refactor qemuDomainGetMemoryParameters Replace the for loops with case inside with temp variables and a macro. qemu: Refactor qemuDomainSetNumaParameters Use virDomainObjGetDefs and sanitize the control flow. qemu: Simplify qemuDomainSetInterfaceParameters by using virDomainObjGetDefs qemu: Simplify qemuDomainGetVcpusFlags by using virDomainObjGetOneDef virDomainObjGetOneDef is simpler to use than virDomainObjGetDefs qemu: Simplify qemuDomainGetEmulatorPinInfo by using virDomainObjGetOneDef virDomainObjGetOneDef is simpler to use than virDomainObjGetDefs qemu: Simplify qemuDomainGetVcpuPinInfo by using virDomainObjGetOneDef virDomainObjGetOneDef is simpler to use than virDomainObjGetDefs qemu: Simplify qemuDomainGetNumaParameters by using virDomainObjGetOneDef qemu: Simplify qemuDomainGetInterfaceParameters by using virDomainObjGetOneDef conf: Introduce helper to help getting correct def for getter functions virDomainObjGetOneDef will help to retrieve the correct definition pointer from @vm in cases where VIR_DOMAIN_AFFECT_LIVE and VIR_DOMAIN_AFFECT_CONFIG are mutually exclusive. The function simply returns the correct pointer. This similarly to virDomainObjGetDefs will greatly simplify the code. 2015-06-18 Peter Krempa conf: Fix virDomainObjGetDefs when getting persistent config on a live vm If @flags contains only VIR_DOMAIN_AFFECT_CONFIG and @vm is active, the function would return the active config rather than the persistent one that it should return. This happened due to the fact that virDomainObjGetDefs was checking the updated flags which may not contain VIR_DOMAIN_AFFECT_LIVE if it is not requested even if @vm is active. Additionally the function would not take the flags into account when setting the pointers which was later used to determine whether the code needs to update the given configuration. The mistake was caught by the virt-test suite. 2015-06-18 James Cowgill qemu: implement address for isa-serial I needed to specify the iobase address for certain exotic mips configurations. 2015-06-18 Luyao Huang qemu: Add a check for slot and base dimm address conflicts When hotplugging a memory device, there wasn't a check to determine if there is a conflict with the address space being used by the to be added memory device and any existing device which is disallowed by qemu. This patch adds a check to ensure the new device address doesn't conflict with any existing device. 2015-06-18 Peter Krempa daemon: Add the admin service to the admin server only if it was allocated If the admin service is disabled it would not be allocated, but the NULL pointer still would be added to the admin server. Since virNetServerAddService would dereference it, the daemon would crash. Move the service registration into the block that allocates it. 2015-06-18 Peter Krempa rpc: Actually increase reference count on @srv in virNetDaemonAddServer VIR_APPEND_ELEMENT would clear @srv to NULL after it successfully inserted it thus the reference count could not be increased afterwards. Switch to VIR_APPEND_ELEMENT_COPY. This fixes crash after terminating the daemon. 2015-06-18 Mikhail Feoktistov parallels: Fix false error messages in libvirt log There was many errors in libvirt.log caused by prlsdkDelNet function because job variable was always initialized as PRL_INVALID_HANDLE In this patch job variable gets return value of PrlSrv_DeleteVirtualNetwork function() parallels: Fix initialization of buflen variable in each loop iteration We need to initialize buflen every time when we get network adapter's friendly name because we call PrlVmDev_GetFriendlyName in a loop 2015-06-18 Ján Tomko remove redundant condition If the address type is SPAPRVIO, it will match the != NONE condition. 2015-06-18 Michal Privoznik virSysinfo: Introduce SMBIOS type 2 support https://bugzilla.redhat.com/show_bug.cgi?id=1220527 This type of information defines attributes of a system baseboard. With one exception: board type is yet not implemented in qemu so it's not introduced here either. 2015-06-18 Jiri Denemark qemu: Report all supported machine types in capabilities Some machine types are only reported as canonical names for other machine types, which make it a bit harder to find what machine types are supported by a specific QEMU binary. Ideally, one would just use /capabilities/guest/arch[@name='...']/machine/text() XPath to get a list of all supported machine types, but it doesn't work right now. For example, we report pc in guest capabilities, but the corresponding pc-i440fx-2.3 is missing. This is a result of QMP probing. With "-machine ?" parsing QEMU sends us two lines: pc Standard PC (i440FX + PIIX, 1996) (alias of pc-i440fx-2.3) pc-i440fx-2.3 Standard PC (i440FX + PIIX, 1996) (default) while query-machines QMP command reports both in the same entry: {"name": "pc-i440fx-2.3", "is-default": true, "cpu-max": 255, "alias": "pc"} Let's make sure we always report separate for both the canonical name and its alias and using the canonical name as the default machine type (i.e., inserting it before its alias) in case is-default is true. https://bugzilla.redhat.com/show_bug.cgi?id=1229666 2015-06-18 Michal Privoznik tests: Sort EXTRA_DIST in the Makefile We tend to keep the folders in the EXTRA_DIST sorted alphabetically. However, we've failed sometimes and the list is not ordered anymore. Reorder it back. daemon: Don't just include admin RPC So, it's a little paradox that we use the file twice. Firstly to build libvirt-admin.la (a client side of the Admin API), then once again to build the server side. Well, the problem is, this does not play nicely with the distclean since the file is generated. So while it's removed in the src/ the distclean running in daemon/ will not find the file and fail. The file is needed because it contains the RPC wrappers. So let's leave the client code as is and from the daemon/ just link the client library. The linker will find desired symbols and use them. 2015-06-18 Laine Stump nodedev: update netdev feature bits before each dumpxml As with several other attributes of devices (link status, sriov VF list, IOMMU group list), the detdev feature bits aren't automatically updated in the nodedev driver's cache when they change. In order to get a properly up-to-date list when getting the XML of a device, we must reget them in update-caps prior to each dumpxml. This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1232880 2015-06-17 Michal Privoznik libvirt.spec: Don't expect virt-admin in libvirt-admin yet While Martin introduced the binary (and its manpage) in commit 4e7ccf87133 it was pushed by mistake. Therefore it was reverted in 220393bfb043. The problem is, the original commit was not quite right as the binary was added into the spec file in a different commit: 55e0c840af. So as long as the binary does not exist, we must remove it from the spec file too. tests: Follow virnetserver to virnetdaemon transition In a4746114582 the virnetserver test was renamed to virnetdaemon. Moreover, as the test relies on some data stored under virnetserverdata/ the folder was renamed too. But this was not reflected in the Makefile. Therefore when building outside of the repository, the data folder was not distributed and test failed. daemon: Distribute admin_server.h The Admin API consists of a few files on daemon side. Notably daemon/admin_server.{ch}. While they are both on the repo, only the .c file is mentioned in Makefile. Therefore, .h is not distributed and 'make rpm' fails. 2015-06-17 Maxim Nestratov parallels: substitute parallels with vz spec file and Makefile Since we have changed the name of the driver to vz, let's reference it as vz everywhere. parallels: rename all parallels files and driver directory to vz This patch moves all src/parallels/parallels* files to vz/vz* and fixes build accordingly. No functional changes. parallels: substitute parallels with vz in strings Here we stop referencing vz driver by different names in error messages. 'parallels driver', 'Parallels Cloud Server', 'Parallels driver' all become just 'vz driver'. No functional changes. Only renaming and a bit of rewording. parallels: change parallels prefixes to vz This patch changes all parallels/vz driver structure and function prefixes from parallels to vz. No functional changes. 2015-06-17 Michal Privoznik daemon/Makefile: Add forgotten dependency In latest patches we added Admin API. However, the Makefile in daemon was missing one dependency: admin_server.c is including generated file admin_dispatch.h. However, this dependency was not explicitly marked in the Makefile therefore the build happened to fail on some occasions. 2015-06-16 Erik Skultety virfile: virDirCreate: Insert blank lines to assure slightly better readability 2015-06-16 Erik Skultety util: virfile: Fix 'unknown cause' error if NFS mount point creation fails This happens if user requires creation of a directory with specified UID/GID permissions. To accomplish this, we use fork approach and set particular UID/GID permissions in child process. However, child process doesn't have a valid descriptor to a logfile (this is prohibited explicitly) and since parent process doesn't handle negative exit codes from child in any way, 'uknown cause' error is returned to the user. Commit 92d9114e tweaked the way we handle child errors when using fork approach to set specific permissions (features originally introduced by 98f6f381). The same logic should be used to create directories with specified permissions as well. https://bugzilla.redhat.com/show_bug.cgi?id=1230137 2015-06-16 Erik Skultety util: virDirCreate: Child now exits with positive errno-code Previous patch of this series proposed a fix to virDirCreate, so that parent process reports an error if child process failed its task. However our logic still permits the child to exit with negative errno followed by a check of the status on the parent side using WEXITSTATUS which, being POSIX compliant, takes the lower 8 bits of the exit code and returns is to the caller. However, by taking 8 bits from a negative exit code (two's complement) the status value we read and append to stream is '2^8 - abs(original exit code)' which doesn't quite reflect the real cause when compared to the meaning of errno values. 2015-06-16 Eric W. Biederman lxc: set nosuid+nodev+noexec flags on /proc/sys mount Future kernels will mandate the use of nosuid+nodev+noexec flags when mounting the /proc/sys filesystem. Unconditionally add them now since they don't harm things regardless and could mitigate future security attacks. 2015-06-16 John Ferlan util: Fix Coverity RESOURCE_LEAK Commit id 'e44b0269c9' in advertently checked !dir before calling closedir 2015-06-16 Martin Kletzander lxc: Rename daemon to dmn On older systems it shadows global declaration of daemon() function. netserver: Remove duplicate forward declaration Commit fa14207368820b264123ba8429927b62258f996e added forward declaration of virNetServerPtr into virnetserver.h even though we are keeping these in virnetserverprogram.h due to older compilers having problems with duplicate ones. 2015-06-16 Martin Kletzander Revert "rpc: Add virNetServerGetNClients" This reverts commit 6bda9f8aa2cd07a3defda571c7d61401fd66c226. I mistakenly pushed it along with the Admin API series. 2015-06-16 Martin Kletzander Revert "admin: Add virAdmHello function" This reverts commit 5792fabb7b712749147e9d03348c798dc1943651. I mistakenly pushed it along with the Admin API series. 2015-06-16 Martin Kletzander Revert "Example virt-admin" This reverts commit 4e7ccf87133ac59f68bdd0b4897178fa9e2feefd. I mistakenly pushed it along with the Admin API series. 2015-06-16 Martin Kletzander Change livbirt version to 1.3.0 for the next release Since the background for Admin API is merged upstream, we are bumping the minor release version as discussed previously Example virt-admin You had only one job. That's what you can say about this example binary. In future, parts of virsh that are usable for this binary should be split into separate shell-utils and virt-admin should gain all the cool features of virsh without too much code addition. 2015-06-16 Martin Kletzander admin: Add virAdmHello function Just one of the simplest functions that returns string "Clients: X" where X is the number of connected clients to daemon's first subserver (the original one), so it can be tested using virsh, ipython, etc. The subserver is gathered by incrementing its reference counter (similarly to getting qemu capabilities), so there is no deadlock with admin subserver in this API. Here you can see how functions should be named in the client (virAdm*) and server (adm*). There is also a parameter @flags that must be 0, which helps testing proper error propagation into the client. 2015-06-16 Martin Kletzander rpc: Add virNetServerGetNClients This function accesses the number of connected clients while properly locking the server it returns the data about. Add support for admin API in libvirt daemon For this to pe properly separated from other protocols used by the server, there is second server added which allows access to the whole virNetDaemon to its clients. Add configuration options for permissions on daemon's admin socket This is not going to be very widely used, but for some corner cases and easier (unsafe) debugging, it might be nice. Add XML files with admin API specification No online docs are build from it since it doesn't really fit into our document structure and new page will need to be created for it, but this is at least a heads-up commit for easier parsing in order to build some documentation (or python bindings) later on. 2015-06-16 Martin Kletzander Add libvirt-admin library Initial scratch of the admin library. It has its own virAdmConnectPtr that inherits from virAbstractConnectPtr and thus trivially supports error reporting. There's pkg-config file added and spec-file adjusted as well. Since the library should be "minimalistic" and not depend on any other library, the list of files is especially crafted for it. Most of them could've been put to it's own sub-libraries that would be LIBADD'd to libvirt_util, libvirt_net_rpc and libvirt_setuid_rpc_client to minimize the number of object files being built, but that's a refactoring that isn't the orginal aim of this commit. 2015-06-16 Martin Kletzander Add admin error domain Just the addition of VIR_FROM_ADMIN to the enum of error domains. Build client headers for admin protocol Add admin protocol For now there are only CONNECT_OPEN and CONNECT_CLOSE procedures. Teach gendispatch how to handle admin dispatching files Since this is just a new option for gendispatch, it looks more like a cleanup. The only differences handled by it are connect pointers, private pointers and API naming customs. tests: Adapt virnetservertest to daemon refactor Rename the test to virnetdaemontest and use virNetDaemon objects instead of virNetServer inside. Move daemon-related parts of virNetServer to virNetDaemon This allows to have more servers in one daemon which helps isolating some resources. 2015-06-16 Cédric Bosdonnat lxc: properly clean up qemu-nbd Add the qemu-nbd tasks to the container cgroup to make sure those will be killed when the container is stopped. In order to reliably get the qemu-nbd tasks PIDs, we use /sys/devices/virtual/block//pid as qemu-nbd is daemonizing itself. Add virProcessGetPids to get all tasks of a process This function gets all the PIDs listed in /proc/PID/task. This will be needed at least to move all qmeu-nbd tasks to the container cgroup. 2015-06-16 John Ferlan storage: Generate correct parameters for CIFS https://bugzilla.redhat.com/show_bug.cgi?id=1186969 When generating the path to the dir for a CIFS/Samba driver, the code would generate a source path for the mount using "%s:%s" while the mount.cifs expects to see "//%s/%s". So check for the cifsfs and format the source path appropriately. Additionally, since there is no means to authenticate, the mount needs a "-o guest" on the command line in order to anonymously mount the Samba directory. 2015-06-16 John Ferlan storage: Adjust command arglist for gluster In order for the glusterfs boolean to be set, the pool->def->type must be VIR_STORAGE_POOL_NETFS, thus the check within virCommandNewArgList whether pool->def->type is VIR_STORAGE_POOL_FS will never be true, so remove it 2015-06-16 John Ferlan storage: Fix the schema and add tests for cifs pool Commit id '887dd362' added support for a netfs pool format type 'cifs' and 'gluster' in order to add rng support for Samba and glusterfs netfs pools. Originally, the CIFS type support was added as part of commit id '61fb6979'. Eventually commit id 'b325be12' fixed the gluster rng definition to match expectations. As it turns out the CIFS rng needed a similar change since the directory path is not an absDirPath, rather just a dirPath will be required. 2015-06-16 Guido Günther configure: Remove check for pkcheck_supports_uid We're using Polkit's DBus API so no need to check wether this feature is supported. We don't use the result or the path to the pkcheck program anywhere. 2015-06-15 Martin Kletzander tests: Use libvirt properly with initialization and error dispatching We were using "complicated" error printing in virnetservertest even though we could've just dispatched the error. Also add some good practices that might come in handy (the code may fail without proper initialization and event loop). Generate JSON with mDNS entries only when built --with-avahi One string was already used only if that condition was true, second one is added now. Both are used in a nicer way. rpc: Fix possible crash when MDNSAddEntry fails If virNetServerMDNSAddEntry() fails when adding a service to a server, it doesn't decrease the number of services. Hence access to their members segfaults (e.g. when free()-ing the sruct). build: Remove unnecessarily repeated rules for syms -> def Suggested-by: Michal Prívozník 2015-06-15 Boris Fiuczynski qemu: monitor: Add memory balloon support for virtio-ccw The search for the memory balloon driver object is extended by a second known name "virtio-balloon-ccw" in support for virtio-ccw. Reviewed-by: Daniel Hansel Reviewed-by: Eric Farman Reviewed-by: Stefan Zimmermann 2015-06-15 Ján Tomko man: clarify usage of virsh blockcopy with --xml The --xml option is mandatory if an XML description is used. Otherwise the third parameter is treated as the destination. https://bugzilla.redhat.com/show_bug.cgi?id=1206406#c3 2015-06-15 Peter Krempa qemu: emulatorpin: Don't reset pinning when pinning to all cpus Similarly to a02a161bb8a6caf0db4dd446ed1cdf53d97b40 remove the default pinning assumption from emulatorpin. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1227180 2015-06-15 Michal Privoznik getOldStyleBlockDevice: Adjust formatting Instead of initializing return value to zero (success) and overwriting it on every failure just before the control jumps onto 'out' label, let's initialize to an error value and set to zero only when we are sure about the success. Just follow the pattern we have in the rest of the code. getNewStyleBlockDevice: Adjust formatting Instead of initializing return value to zero (success) and overwriting it on every failure just before the control jumps onto 'out' label, let's initialize to an error value and set to zero only when we are sure about the success. Just follow the pattern we have in the rest of the code. 2015-06-15 John Ferlan storage: Disallow wiping an extended disk partition https://bugzilla.redhat.com/show_bug.cgi?id=1225694 Check if the disk partition to be wiped is the extended partition, if so then disallow it. Do this via changing the wipeVol backend to check the volume before passing to the common virStorageBackendVolWipeLocal 2015-06-15 Ján Tomko qemu caps: spell queue 2015-06-15 John Ferlan qemu: Do not support 'serial' scsi-block 'lun' devices https://bugzilla.redhat.com/show_bug.cgi?id=1021480 Seems the property has been deprecated for qemu, although seemingly ignored. This patch enforces from a libvirt perspective that a scsi-block 'lun' device should not provide the 'serial' property. 2015-06-15 John Ferlan storage: Need to set secrettype for direct iscsi disk volume https://bugzilla.redhat.com/show_bug.cgi?id=1200206 Commit id '1b4eaa61' added the ability to have a mode='direct' for an iscsi disk volume. It relied on virStorageTranslateDiskSourcePool in order to copy any disk source pool authentication information to the direct disk volume, but it neglected to also copy the 'secrettype' field which ends up being used in the domain volume formatting code. Adding a secrettype for this case will allow for proper formatting later and allow disk snapshotting to work properly Additionally libvirtd restart processing would fail to find the domain since the translation processing code is run after domain xml processing, so handle the the case where the authdef could have an empty secrettype field when processing the auth and additionally ignore performing the actual and expected auth secret type checks for a DISK_VOLUME since that data will be reassembled later during translation processing of the running domain. 2015-06-15 Michal Privoznik virCapabilitiesDomainDataLookup: Produce saner error message During a review, I've noticed this error message that was eventually produced when I was trying to define a domain: error: invalid argument: could not find capabilities for arch=mips64el domaintype=(null) Look at the (null). Why is it there? Well, during XML parsing, we try to look up the default emulator for given OS type and possibly virt type too. And this is the problem, because if we don't want to look up by virt type, a -1 is passed to note this fact. Later, the code handles -1 just right. Except for error message. When it is constructed (in a very fabulous way I must say), the value is compared to zero, not -1. And since we don't have any translation from -1 to a virt type string, we just print (null). 2015-06-13 Anthony PERARD libxl: Add timestamp to the libxl driver log. 2015-06-13 zhang bo qemu: update netdevs of the same mac addrs correctly If a guest has multiple network devices with the same MAC address, when we online update the second device, libvirtd always updates the first one. commit def31e4c forgot to fix the online updating scenario. We need to use virDomainNetFindIdx() to find the correct network device. 2015-06-13 John Ferlan scsi: Need to translate disk source pool in config attach path https://bugzilla.redhat.com/show_bug.cgi?id=1228007 When attaching a scsi volume lun via the attach-device --config or --persistent options, there was no translation of the source pool like there was for the live path, thus the attempt to modify the config would fail since not enough was known about the disk. 2015-06-12 Michal Privoznik virsysinfo: s/system/sysdef/ A variable can't be named system, obviously. Well, it can if the compiler is new enough to distinguish a variable named system and a function call system(). And some older systems, don't have wise compiler. CC util/libvirt_util_la-virsysinfo.lo cc1: warnings being treated as errors ../../src/util/virsysinfo.c: In function 'virSysinfoParseSystem': ../../src/util/virsysinfo.c:649: error: declaration of 'system' shadows a global declaration [-Wshadow] /usr/include/stdlib.h:717: error: shadowed declaration is here [-Wshadow] make[3]: *** [util/libvirt_util_la-virsysinfo.lo] Error 1 2015-06-12 Michal Privoznik cmdNetworkList: Introduce --name, --uuid, --table When reviewing some network patches, I've noticed we don't have those switches to the 'net-list' command. We should. They are merely copied over from 'list' command. cmdNetworkList: switch to FILTER Instead of sticking to old code pattern use the one laid out by cmdList. Use FILTER() macro instead of series of boolean variables. qemuBuildDriveStr: s/virBufferEscapeString/virBufferAsprintf/ We are using it to print a value that can't be NULL and does not need any escaping anyway. virQEMUCapsArch: openrisc vs or32 With a few exceptions, we assume that qemu binary for given architecture has form of qemu-system-$arch. Well, openrisc is yet another exception. It's binary is called qemu-system-or32. virSysinfoDef: Exempt SYSTEM variables Move all the system_* fields into a separate struct. Not only this simplifies the code a bit it also helps us to identify whether BIOS info is present. We don't have to check all the four variables for being not-NULL, but we can just check the pointer to the struct. virSysinfoDef: Exempt BIOS variables Move all the bios_* fields into a separate struct. Not only this simplifies the code a bit it also helps us to identify whether BIOS info is present. We don't have to check all the four variables for being not-NULL, but we can just check the pointer to the struct. tests: Distribute virnetserverdata Fairly recently we've introduced virnetservertest. This test has some input data stored under tests/virnetserverdata which unfortunately was not distributed among with the test. Therefore 'make distcheck' failed. Fix this by adding the directory into EXTRA_DIST. 2015-06-11 James Cowgill schema: use arch list from basictypes for os arch attribute I see no reason to duplicate this list of architectures. This also allows more guest architectures to be used with libvirt (like the mips64el qemu machine I am trying to run). 2015-06-11 Martin Kletzander util: add virJSONValueCopy Faster version of virJSONValueFromString(virJSONValueToString()). 2015-06-11 Maxime Leroy qemu: add multiqueue vhost-user support This patch adds the support of queues attribute of the driver element for vhost-user interface type. Example: Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1207692 2015-06-11 Martin Kletzander qemu: Add capability for vhost-user multiqueue The support for this was added in QEMU with commit 830d70db692e374b55555f4407f96a1ceefdcc97. Unfortunately we have to do another ugly version-based capability check. The other option would be not to check for the capability at all and leave that to qemu as it's done with multiqueue tap devices. 2015-06-11 Maxime Leroy docs: Clarify that attribute name is not used for vhostuser 2015-06-11 Martin Kletzander conf: Ignore multiqueue with one queue. Multi != One. And indeed, libvirt behaves the same way for queues='1' as without such setting. Let's make it clear in the XML. 2015-06-11 Peter Krempa util: Make virProcessGetAffinity more readable and fix coverity warning Store the cpu count in an intermediate variable and reuse it rather than caluclating the index. Additionally add a coverity silencing comment. 2015-06-11 Jiri Denemark apibuild: Generate macro/@string attribute If a macro has a string value, the @string attribute will contain the value. Otherwise @string attribute will be missing. For example, the following macro definition from libvirt-domain.h: /** * VIR_MIGRATE_PARAM_URI: * ... */ # define VIR_MIGRATE_PARAM_URI "migrate_uri" will result in https://bugzilla.redhat.com/show_bug.cgi?id=1229199 2015-06-11 Jiri Denemark apibuild: Fix indentation 2015-06-11 Daniel P. Berrange rpc: add testing of RPC JSON (de)serialization The virNetServer class has the ability to serialize its state to a JSON file, and then re-load that data after an in-place execve() call to re-connect to active file handles. This data format is critical ABI that must have compatibility across releases, so it should be tested... rpc: add API for checking IPv4/6 availability The socket test suite has a function for checking if IPv4 or IPv6 are available, and returning a free socket. The first bit of that will be needed in another test, so pull that logic out into a separate helper method. rpc: allow selection of TCP address family By default, getaddrinfo() will return addresses for both IPv4 and IPv6 if both protocols are enabled, and so the RPC code will listen/connect to both protocols too. There may be cases where it is desirable to restrict this to just one of the two protocols, so add an 'int family' parameter to all the TCP related APIs. 2015-06-11 Eric Blake maint: document use of zanata for translations Based on recent list questions on how to contribute a translation fix. 2015-06-10 Michal Privoznik virNumaSetPagePoolSize: Produce friendlier error message https://bugzilla.redhat.com/show_bug.cgi?id=1224587 The function takes two important arguments (among many others): @node and @page_size. From these two a path under /sys is constructed. The path is then used to read and write the desired size of huge pages pool. However, if the path does not exists due to either @node or @page_size having nonexistent value (e.g. there's no such NUMA node or no page size like -2), an cryptic error message is produced: virsh # allocpages --pagesize 2049 --pagecount 8 --cellno -2 error: Failed to open file '/sys/devices/system/node/node-2/hugepages/hugepages-2049kB/nr_hugepages': No such file or directory Add two more checks to catch this and therefore produce much more friendlier error messages. 2015-06-10 John Ferlan logical: Fix typo in error message 2015-06-10 Shivaprasad G Bhat network: escape quotes for dsmasq conf contents dnsmasq conf file contents needs to have quotes escaped for it to work. Because of this, the network-create/start for a network with quotes in the name fails. The patch escapes strings for the entries that go into the conf file. conf: fix domaincommon.rng to accept network name with quotes The network name is currently of type "deviceName" but it should be "text" as name is defined in the network.rng. 2015-06-09 Dmitry Guryanov parallels: fix formatting errors in parallels driver This patch fixes several formatting errors, which I missed before pushing previous patches. Mostly because of missing cppi package. 2015-06-09 Maxim Nestratov parallels: treat block devices as disks for containers We are going to add block devices as disks for containers not as filesystems. parallels: report SATA bus type for container block devices disks As we can add disks based on block devices to containers and bus type doesn't have any meaning here, let us report always SATA for them. parallels: process '/' mount point correctly for containers Since we are going to add block devices as root disks we have to specify root mount point for boot block devices. But we shouldn't do this if a filesystem disk with such target mount point already exists. parallels: add isCt parameter to prlsdkGetDiskInfo and prlsdkAddDisk 2015-06-09 Nikolay Shirokovskiy parallels: add block device statistics to driver Statistics provided through PCS SDK. As we have only async interface in SDK we need to be subscribed to statistics in order to get it. Trivial solution on every stat request to subscribe, wait event and then unsubscribe will lead to significant delays in case of a number of successive requests, as the event will be delivered on next PCS server notify cycle. On the other hand we don't want to keep unnesessary subscribtion. So we take an hibrid solution to subcsribe on first request and then keep a subscription while requests are active. We populate cache of statistics on subscribtion events and use this cache to serve libvirts requests. * Cache details. Cache is just handle to last arrived event, we call this cache as if this handle is valid it is used to serve synchronous statistics requests. We use number of successive events count to detect that user lost interest to statistics. We reset this count to 0 on every request. If more than PARALLELS_STATISTICS_DROP_COUNT successive events arrive we unsubscribe. Special value of -1 of this counter is used to differentiate between subscribed/unsubscribed state to protect from delayed events. Values of PARALLELS_STATISTICS_DROP_COUNT and PARALLELS_STATISTICS_TIMEOUT are just drop-ins, choosen without special consideration. * Thread safety issues Use parallelsDomObjFromDomainRef in parallelsDomainBlockStats as we could wait on domain lock down on stack in prlsdkGetStatsParam and if we won't keep reference we could get dangling pointer on return from wait. 2015-06-09 Peter Krempa virsh: change-media: Fix behavior with --update without a source Docs state that it should behave like eject. Currently the code does not do that. This is a regression since f4b5f53027da4fed2250628e11bac4019. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1229592 2015-06-09 Andrea Bolognani qemu: Capitalize "storage" in qemuDomainAttachUSBMassStorageDevice() 2015-06-09 Cole Robinson qemu: caps: Advertise arm 32-on-64 KVM option We need to use qemu-system-aarch64 to run armv7l KVM VMs on an aarch64 host. qemu: caps: qemu-system-aarch64 supports armv7l And it always has, so advertise it similarly to i686 2015-06-09 Cole Robinson qemu: command: Support arm 32-on-64 KVM with -cpu aarch64=off qemu 2.3.0 added the -cpu host,aarch64=off option, which allows using qemu-system-aarch64 KVM to run armv7l VMs. Add a capabilities check for it, wire it up in qemu_command, and test the command line generation. 2015-06-09 Nikolay Shirokovskiy parallels: return only success from PCS event handler 2 reasons to to this. 1. PCS SDK really don't care of handler return value. 2. It hard to imagine how notifier can handle subscriber failures. Even if there are some situations we probably will use some special error codes and not just throw error codes we get from SDK itself. parallels: simplify event types discrimination Use issuer type instead of event type to group vm related events. This saves us from explicit enumeration of all vm event types in prlsdkHandleVmEvent. 2015-06-08 Michal Privoznik utiltest: Use int8_t instead of char. Not every architecture out there has 'char' signed by default. For instance, my arm box has it unsigned by default: $ gcc -dM -E - < /dev/null | grep __CHAR_UNSIGNED__ #define __CHAR_UNSIGNED__ 1 Therefore, after 65c61e50 the test if failing for me. Problem is, we are trying to assign couple of negative values into char assuming some will overflow and some don't. That can't be the case if 'char' is unsigned by default. Lets use more explicit types instead: int8_t and uint8_t where is no ambiguity. 2015-06-08 Roman Bogorodskiy util: process: fix build on FreeBSD Commit 825df8c3 refactored virProcess{Set,Get}Affinity routines, however broke BSD implementation because of the incorrect variable name. Fix build by using a proper variable name. Pushing as trivial and build break fix. 2015-06-08 Peter Krempa util: Properly return error from virGetUserID and virGetGroupID stubs The stubs for the two functions that are compiled on platforms that don't have HAVE_GETPWUID_R and friends defined do not return error but report an error message. The calling code then assumes that the @uid or @gid arguments were filled, which is not the case in the stubs. 2015-06-05 Ján Tomko Turn qemuMonitorFindBalloonObjectPath into a void function We were effectively ignoring its errors anyway. Do not access the domain definition in qemuMonitorFindBalloonObjectPath The monitor code does not hold the virDomainObjPtr lock and should not access the defitinion. Only call SetMemoryStatsPeriod for virtio memballoon Check for balloon model in qemuDomainSetMemoryStatsPeriod There's no point in calling the monitor if there is no balloon. Only call qemuMonitorGetMemoryStats for virtio memballoon There is nothing to get from the monitor for model='none'. Invert the condition in qemuDomainMemoryStats It only makes sense if qemuMonitorGetMemoryStats is called, but the following patch will make that call conditional. Add endjob label to qemuDomainMemoryStats Reduce the indentation level. Remove path argument from qemuMonitorJSONFindLinkPath All the callers use "/" anyway. 2015-06-05 Ján Tomko Introduce qemuMonitorJSONFindLinkPath When traversing through the QOM tree, we're looking for a link to a device, e.g.: link Introduce a helper that will format the link name at the start, instead of doing it every time while recursing through the tree. 2015-06-05 Ján Tomko Move qemuMonitorFindObjectPath to qemu_monitor_json This function is specific to the JSON monitor. 2015-06-05 Daniel P. Berrange rpc: Fix reference counting around virNetSocketAddIOCallback Ref service passed as a parameter to the callback. And don't unref the socket that is part of the service being passed at another point in code. rpc: Don't use unrelated value as privateData of client Append privateData of the client only if there are any, otherwise the previous value (socket data) will get there again. rpc: Make virNetServerAddClient function dynamic As opposed to 'static'; by exporting it (privately). 2015-06-05 Martin Kletzander mdns: Set error when failing due to missing avahi When building without avahi support, we used VIR_DEBUG() to note that to the user. However, functions that fail because of that (return NULL/-1) did not set the error message. This was the only file that forgot to do such thing. 2015-06-05 John Ferlan storage: Add check for valid FS types in checkPool callback https://bugzilla.redhat.com/show_bug.cgi?id=1181087 The virStorageBackendFileSystemIsMounted is called from three source paths checkPool, startPool, and stopPool. Both start and stop validate the FS fields before calling *IsMounted; however the check path there is no call. This could lead the code into returning a true in "isActive" if for some reason the target path for the pool was mounted. The assumption being that if it was mounted, then we believe we started/mounted it. It's also of note that commit id '81165294' added an error message for the start/mount path regarding that the target is already mounted so fail the start. That check was adjusted by commit id '13fde7ce' to only message if actually mounted. At one time this led to the libvirtd restart autostart code to declare that the pool was active even though the startPool would inhibit startup and the stopPool would inhibit shutdown. The autostart path changed as of commit id '2a31c5f0' as part of the keep storage pools started between libvirtd restarts. This patch adds the same check made prior to start/mount and stop/unmount to ensure we have a valid configuration before attempting to see if the target is already mounted to declare "isActive" or not. Finding an improper configuration will now cause an error at checkPool, which should make it so we can no longer be left in a situation where the pool was started and we have no way to stop it. 2015-06-05 John Ferlan storage: FS backend adjust error message on error path https://bugzilla.redhat.com/show_bug.cgi?id=1181087 Currently the assumption on the error message is that there are no source device paths defined when the number of devices check fails, but in reality the XML could have had none or it could have had more than the value supported. Adjust the error message accordingly to make it clearer what the error really is. 2015-06-05 John Ferlan storage: Refactor storage pool type checks Refactor the code for both startPool (*Mount) and stopPool (*Unmount) code paths by introducing virStorageBackendFileSystemIsValid. storage: Remove extraneous @conn from function comments Over time the parameters changed, but the comment wasn't updated 2015-06-05 Eric Blake remote: fix odd comma operator Commit 1882c0bd accidentally used ',' instead of ';'; oddly enough, the result was still syntactically valid (yes, C is a fun language). But it made me do a double take; it's better to use idiomatic syntax. * daemon/remote.c (remoteRelayDomainEventDeviceAdded): Fix harmless typo. 2015-06-04 Peter Krempa qemu: Update balloon info only if job is allowed In qemuDomainUpdateCurrentMemorySize I misplaced the actual update of the balloon size to a place where it may not be initialized. Move it a few lines above. 2015-06-04 Peter Krempa conf: Fix mistakes in pointer usage in virDomainObjGetDefs Coverity rightfully determined that in commit 3d021381c71221e563182f03 I made a mistake in the first check if @persDef is not NULL is dereferencing it rather than checking. Additionally if the vm is online the code would set @liveDef twice rather than modifying @persDef. Fix both mistakes. 2015-06-04 Martin Kletzander qemu: Check for qemu capability when calling virDomainGetBlockIoTune() When getting block device I/O tuning data there is no check for whether QEMU supports such options and the call fails on qemuMonitorGetBlockIoThrottle() when getting the particular throttle data. So try reporting a better error when blkdeviotune is not supported. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1224053 2015-06-04 Peter Krempa qemu: Refactor qemuDomainSetVcpusFlags by reusing virDomainObjGetDefs qemu: Refactor qemuDomainGetEmulatorPinInfo by reusing virDomainObjGetDefs qemu: Refactor qemuDomainPinEmulator by reusing virDomainObjGetDefs qemu: Refactor qemuDomainGetVcpuPinInfo by reusing virDomainObjGetDefs qemu: Refactor qemuDomainPinVcpuFlags by reusing virDomainObjGetDefs qemu: Refactor qemuDomainSetBlkioParameters by reusing virDomainObjGetDefs qemu: Refactor qemuDomainChgIOThread by reusing virDomainObjGetDefs qemu: Refactor qemuDomainPinIOThread by reusing virDomainObjGetDefs qemu: Refactor qemuDomainGetIOThreadInfo by reusing virDomainObjGetDefs qemu: Refactor qemuDomainGetVcpusFlags by reusing virDomainObjGetDefs qemu: Refactor qemuDomainSetMemoryStatsPeriod by reusing virDomainObjGetDefs qemu: Refactor qemuDomainSetMemoryFlags by reusing virDomainObjGetDefs 2015-06-04 Peter Krempa conf: Add new helpers to resolve virDomainModificationImpact to domain defs virDomainLiveConfigHelperMethod that is used for this job now does modify the flags but still requires the callers to extract the correct definition objects. In addition coverity and other static analyzers are usually unhappy as they don't grasp the fact that @flags are upadted according to the correct def to be present. To work this issue around and simplify the calling chain let's add a new helper that will work only on drivers that always copy the persistent def to a transient at start of a vm. This will allow to drop a few arguments. The new function syntax will also fill two definition pointers rather than modifying the @flags parameter. 2015-06-04 Peter Krempa libxl: Don't remove vcpu pin definition in libxlDomainCleanup The vCPU pinning definition gets removed when the domain definition is being freed later. If there is no next configuration it would remove the configured pinning. 2015-06-04 Peter Krempa Revert "cputune: Support cputune for xend driver" This reverts commit 01692bb167f7ab81213921ba1116d46a4651ef0e. Quoting the original commit message: "Not sure if it's the correct way to add cputune xml for xend driver..." It is not. The defition created that is converted from the internal xend structures would also be leaked since it isn't used any more. Revert the commit since it does not make sense to keep the info internally. 2015-06-04 Peter Krempa qemu: libxl: vcpupin: Don't reset pinning when pinning to all pcpus In the pre-NUMA ages pinning a vCPU to all pCPUs was eaqual to deleting the pinning info. Now it does not entirely work that way. Pinning a vCPU to all pCPUs might be a desired operation. Additionally removal of the pinning will result into using the default pinning information at the next boot which might be different from all vcpus. This patch removes the false assumption that we should remove the pinning after pinning to all vCPUs and tweaks the documentation for virsh. A later patch will implement a new flag for the virDomainPinVcpuFlags API that will allow to remove the pinning in a sane way. 2015-06-04 Peter Krempa lib: virDomainPinIOThread: Remove spurious overflow check Internal structures use unsigned int, so there's no need for this legacy check that was copied from the vCPU pinning api. conf: Store cpu count as unsigned int While we probably won't see machines with more than 65536 cpus for a while lets store the cpu count as an integer so that we can avoid quite a lot of overflow checks in our code. qemu: Refactor qemuDomainGetInfo Since the returned structure uses "unsigned long" for memory sizes add a few overflow checks to notify the user in case we are not able to represent given values. qemu: Add helper to update domain balloon size and refactor usage places When qemu does not support the balloon event the current memory size needs to be queried. Since there are two places that implement the same logic, split it out into a function and reuse. 2015-06-04 Peter Krempa qemu: process: Update current balloon state to maximum on vm startup After libvirt issues the balloon resize command, the current balloon size needs to be changed to the maximum memory size since the vCPUs were not started and thus the balloon driver could not return the memory. Since GetXMLDesc and other APIs return the balloon size without updating it in case they are not able to obtain the job and the memory balloon does not support the asynchronous event the sizing might be incorrect. 2015-06-04 Ján Tomko Always add 'console' matching the 'serial' device We have been formatting the first serial device also as a console device, but only if there were no other consoles. If there is a device present in the XML, but no serial , or if there isn't any at all but the domain definition hasn't gone through a parse->format->parse round-trip, the device would not be formatted. Change the code to always add the stub device for the first serial device. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1089914 2015-06-04 Ján Tomko maint: remove incorrect apostrophes from 'its' docs: php: remove reference to Red Hat Also remove the redudant apostrophe from "it's". 2015-06-04 Shivaprasad G Bhat check if console/channel PTY is null before attempting to open Console/channel devices have their pty devices assigned when the emulator is actually started. If time is spent in guest preparation, someone attempts to open the console/channel, the libvirt crashes in virChrdevLockFilePath(). The patch attempts to fix the crash by adding a check before attempting to open. 2015-06-04 Lubomir Rintel virnetdev: fix moving of 802.11 phys There was a couple of problems with the style fixes applied to the original patch: 1.) virFileReadAllQuiet comparison was incorrectly parenthesized when moved into a condition, causing the len to be set to the result of comparison. This, together with the removed underflow check would underflow the phy buffer. 2.) The logic was broken. Failure to call "ip" would abort the function, thus the "iw" branch would never be reached. This aims to fix the issues and work around possible style complains :) 2015-06-03 Peter Krempa util: process: Refactor and fix virProcessSetAffinity Refactor the function to return the bitmap instead of an integer and the inner workings so that they make more sense. This patch also fixes possible segfault on old systems that was introduced by commit: commit f1a43a8e4139b028257ef4ed05a81cfb5f8a8741 Author: Hu Tao Date: Fri Sep 14 15:46:59 2012 +0800 use virBitmap to store cpu affinity info 2015-06-03 Martin Kletzander util: Clear output broadcast address before filling it in Since commit 55ace7c4789c8a7408139460f4b639cee00e5125, the sockettest fails without VIR_TEST_DEBUG set. The problem is found by test number 42 (co-incidence?), which tests range '192.168.122.1' - '192.168.122.255' in network '192.168.122.0/24'. That is supposed to fail because the end address is equal to the broadcast address. When comparing these two in 'virSocketAddrEqual(end, &broadcast)', there is a check for sin_addr as well as for sin_port. That port, however, is different when we do not enable test debugging. With the testing enabled, the port is 0 (correctly initialized), but without that it has a random number there. And that's because the structure is not initialized anywhere. By zeroing the structure before filling in the info, we make sure we return only the address and not any information that was not requested. And the test work once again. 2015-06-03 Jiri Denemark virsh: Fix Ctrl-C behavior when watching a job When watching a job (save, managedsave, dump, migrate) virsh spawns a thread to call the appropriate API and waits for the result while watching for interruption signals (SIGINT, Ctrl-C on the terminal). Whenever such signal is caught, virsh calls virDomainAbortJob, stops waiting for the job, and returns the result of virDomainAbortJob. This is wrong because the job might have finished in the meantime or it might have been cancelled by someone else and virsh would just report the failure to abort the job. However, we are not interested in the virDomainAbortJob's result at all, we need to keep waiting for the main job to finish and report its result instead. https://bugzilla.redhat.com/show_bug.cgi?id=1131755 2015-06-03 Peter Krempa qemu: process: Refactor setup of memory ballooning Since the monitor code now supports ullongs when setting balloon size, drop the legacy code with overflow checking. Additionally the comment mentioning that the job is treated as a sync job does not make sense any more since the monitor is entered asynchronously. 2015-06-03 Peter Krempa qemu: monitor: Make qemuMonitorSetBalloon operate on unsinged long long monitor: Move documentation for qemuMonitorGetBalloonInfo Document the top level function rather than both bottom level ones. It makes looking the docs up quicker. util: Add macro to overflow check integer assignments Add a macro that will allow to simplify overflow checks and make them more universal in case data types change. libxl: Refactor libxlDomainGetVcpuPinInfo Reuse the approach in qemuDomainGetVcpuPinInfo. libxl: Unbreak vcpu pinning Libxl's vcpu pinning would work only if the vcpu array was ordered and was not sparse. Remove the condition and iterate the pinning array properly. libxl: Reuse virBitmapToData in libxlDomainSetVcpuAffinities qemu: Refactor qemuDomainHelperGetVcpus by reusing virBitmapToDataBuf Get rid of the unnecessary allocation and copying of the bitmap and clean up some unnecesary temporary variables. qemu: Reuse virBitmapToDataBuf in qemuDomainGetEmulatorPinInfo qemu: Use virBitmapToDataBuf in qemuDomainGetVcpuPinInfo Reuse the function so that we can get rid of a lot of temporary allocations. util: bitmap: Add virBitmapToDataBuf that does not allocate the buffer Since some functions can be optimized by reusing the buffers that they already have instead of allocating and copying new ones, lets split virBitmapToData to two functions where one only converts the data and the second one is a wrapper that allocates the buffer if necessary. conf: Move pinning information definition closer to the usage place 2015-06-03 Peter Krempa conf: Refactor emulatorpin handling Store the emulator pinning cpu mask as a pure virBitmap rather than the virDomainPinDef since it stores only the bitmap and refactor qemuDomainPinEmulator to do the same operations in a much saner way. As a side effect virDomainEmulatorPinAdd and virDomainEmulatorPinDel can be removed since they don't add any value. 2015-06-03 Peter Krempa qemu: Fix possible crash in qemuProcessSetVcpuAffinities In case when is not specified, the vcpupin array is not guaranteed to be allocated to def->vcpus. This would cause a crash for TCG since it does not report thread IDs for vCPUs. 2015-06-03 Maxim Nestratov parallels: set virtType depending on driver name We remember driver name in a new field 'drivername' within private parallels connection structure. When a new domain is defined we use this name to set corresponding virtType. We set VIR_DOMAIN_VIRT_VZ for 'vz' driver and VIR_DOMAIN_VIRT_PARALLELS for 'Parallels'. parallels: recommend to connect to vz:///system when connection fails Though parallels:///system is still accepted we will encourage users to use vz:///system instead. parallels: increment the number of connection drivers We need to do this because we have just added a vz driver. parallels: add a new vz connection driver and hypervisor structures We add this connection driver just as an exact copy with different name to keep backward compatibility. Vz stands for Virtuozzo, which is a new name of Parallels Cloud Server. parallels: accept vz as a driver uri and name If 'parallels:///system' uri is specified then connection is made to 'Parallels' driver and domain type will be VIR_DOMAIN_VIRT_PARALLELS. In case of 'vz:///system' connection is established to 'vz' driver and domain type will be VIR_DOMAIN_VIRT_VZ. parallels: add new guest capabilities assigned to vz driver parallels: use newly introduced VIR_DOMAIN_VIRT_VZ As soon as we keep backward compatibility we treat this constant as synonym to VIR_DOMAIN_VIRT_PARALLELS. parallels: introduce vz driver constant and string This new name and constant will be used as substitutions for parallels driver one. 2015-06-03 Luyao Huang qemu: Do not release device address on successful RNG attach Commit id '980b265d' neglected to check for a successful status when deciding whether to release the device address for the RNG attach thus the address would be released even though the device was added. qemu: Need to return status of RNG device removal Commit id '862473fa' neglected to return the status from the qemuDomainRemoveRNGDevice call in qemuDomainRemoveDevice causing the function to always fail when receiving an RNG device unplug event. Additionally the domain status/state would not be updated in the processDeviceDeletedEvent path. audit: Audit number of iothreads at domain startup If the domain has IOThreads defined, then audit the number started at domain startup time. 2015-06-03 Eric Blake build: silence ar warnings on rawhide Newer binutils 'ar' has added an option 'D' for deterministic builds, and at least on rawhide, this option is enabled by default. But it conflicts with the 'u' optimization where the linker only modifies libraries based on file timestamps, but can result in different library ordering based on which files were touched last. Thus, it results in some noisy compilation, for every CCLD line: CCLD libvirt_driver_qemu_impl.la ar: `u' modifier ignored since `D' is the default (see `U') Upstream automake has decided that defaulting ARFLAGS to 'cru' is no longer beneficial, and that switching the default to 'cr' will both silence the noise and not penalize modern build systems. https://lists.gnu.org/archive/html/automake-patches/2015-06/msg00000.html But rather than wait for newer automake to propagate to all systems that already have newer binutils, we might as well just use the new default ourselves, even on older platforms. * configure.ac: Default AR[_]FLAGS to 'cr', not 'cru'. 2015-06-03 Laine Stump util: report all address range errors in virSocketAddrGetRange() There are now many more reasons that virSocketAddrGetRange() could fail, so it is much more informative to report the error there instead of in the caller. (one of the two callers was previously assuming success, which is almost surely safe based on the parsing that has already happened to the config by that time, but it still is nicer to account for an error "just in case") Part of fix for: https://bugzilla.redhat.com/show_bug.cgi?id=985653 2015-06-03 Laine Stump network: cleanup range loop in networkDnsmasqConfContents This loop had automatic variable definitions mixed with code. This patch moves the definitions to the top of the function and puts cleanup for them at the bottom. No functional change. Part of fix for: https://bugzilla.redhat.com/show_bug.cgi?id=985653 2015-06-03 Laine Stump network: validate DHCP ranges are completely within defined network virSocketAddrGetRange() has been updated to take the network address and prefix, and now checks that both the start and end of the range are within that network, thus validating that the entire range of addresses is in the network. For IPv4, it also checks that ranges to not start with the "network address" of the subnet, nor end with the broadcast address of the subnet (this check doesn't apply to IPv6, since IPv6 doesn't have a broadcast or network address) Negative tests have been added to the network update and socket tests to verify that bad ranges properly generate an error. This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=985653 2015-06-03 Laine Stump test: fix IP address range failure test This was revealed when I made a cut-paste mistake in an upgrade to virSocketAddrGetRange(), leading to failure to check for the end address being outside of the defined network, but a negative test case that should have caught the error instead returned success. The problem was that testRange in sockettest.c was written so that when it expected a failure, even an "unexpected success" would be considered as an "expected failure" because of the way the check in testRange was done. testRange had this: if (gotsize < 0 || gotsize != size) { return pass ? -1 : 0; } else { return pass ? 0 : -1; } but all the tests that expected a failure give "-1" as the expected size. So in a case where we expect a failure, we would have pass == false and size == -1. If virSocketAddrGetRange() was incorrectly *successful* (returned some positive number), then "gotsize != size" would be, e.g. "276 != -1", so we would take the if clause and, since pass == false, we would return 0 (success i.e. expected failure). The solution is that in the case where we expect failure, we should just ignore size - virSocketAddrGetRange() must return -1 in order for us to report "expected failure == success". Part of fix for: https://bugzilla.redhat.com/show_bug.cgi?id=985653 2015-06-02 Ján Tomko Simplify virNodeCountThreadSiblings Use a for loop instead of while. Do not opencode c_isxdigit and virHexToBin. 2015-06-02 Ján Tomko Report errors in virNodeCountThreadSiblings Use virFileReadAll which reports an error when the file is larger than the specified maximum. https://bugzilla.redhat.com/show_bug.cgi?id=1207849 2015-06-02 Andrea Bolognani virsh: Move error messages inside vshCommandOpt*() functions 2015-06-02 Andrea Bolognani virsh: Pass vshControl to all vshCommandOpt*() calls This will allow us to use vshError() to report errors from inside vshCommandOpt*(), instead of replicating the same logic and error messages all over the place. We also have more context inside the vshCommandOpt*() functions, for example the actual value used on the command line, which means we can produce more detailed error messages. vshCommandOptBool() is the exception here, because it's explicitly designed not to report any error. 2015-06-02 Andrea Bolognani virsh: Make vshCommandOptScaledInt() use vshCommandOpt() This aligns it to the other vshCommandOpt*() functions. 2015-06-02 Andrea Bolognani virsh: Improve vshCommandOptTimeoutToMs() Use vshCommandOptUInt() instead of parsing the value as a signed integer and checking whether it's positive afterwards. Improve comments as well. 2015-06-02 Andrea Bolognani virsh: Use standard error messages in vshCommandOptTimeoutToMs() I missed this in the first time around, thanks Michal for noticing. tests: Add a bunch of new tests to virsh-optparse The new tests deal with numeric options of three kinds: regular, scaled and timeouts. For each, both valid and invalid inputs are provided, hopefully covering all cases: this should allow us to avoid regressions when changing the relevant code in virsh. 2015-06-02 Erik Skultety storage: RBD: do not return error when deleting non-existent volume RBD API returns negative value of errno, in that case we can silently ignore if RBD tries to delete a non-existent volume, just like FS backend does. 2015-06-02 Erik Skultety storage: Don't update volume objs list before we successfully create one We do update pool volume object list before we actually create any volume. If buildVol fails, we then try to delete the volume in the storage as well as remove it from our structures. The problem is, that any backend that supports both buildVol and deleteVol would fail in this case which is completely unnecessary. This patch causes the update to take place after we know a volume has been created successfully, thus no removal in case of a buildVol failure is necessary. https://bugzilla.redhat.com/show_bug.cgi?id=1223177 2015-06-02 Erik Skultety nwfilter: Fix sscanf off-by-one error in virNWFilterSnoopLeaseFileLoad We allocate 16 bytes for IPv4 address and 55 bytes for interface key, therefore we should read up to 15/54 bytes and let the last byte reserved for terminating null byte in sscanf. https://bugzilla.redhat.com/show_bug.cgi?id=1226400 2015-06-02 Peter Krempa util: process: @pid in virProcessSetAffinity's BSD impl is not unused 2015-06-02 Eric Blake maint: update to latest gnulib Incorporates fixes for cross-compiling to mingw on rawhide, where gcc 5.1 changes detection of how to properly determine PRIdMAX. Also picks up some improvements for compilation on Mac OS X. * .gnulib: Update to latest, for at least mingw. 2015-06-02 Jim Fehlig spec: fixes for recently introduced libxl conf files Commit 198cc1d3 introduced libxl-lockd and libxl-sanlock config files but forgot to add them to the spec file. Follow-up commit 62b18d98 added the files to daemon-driver-libxl, but missed adding them to the daemon package when configuring libvirt --without-driver-modules. In addition, commit 62b18d98 added libxl-sanlock to daemon-driver-libxl, but it should be included in lock-sanlock when libvirt is configured --with-sanlock. 2015-06-01 Roman Bogorodskiy libxl: load on FreeBSD The libxl tries to check if it's running in dom0 by parsing /proc/xen/capabilities and if that fails it doesn't load. There's no procfs interface in Xen on FreeBSD, so this check always fails. In addition to checking procfs, check if /dev/xen/xenstored, that's enough to check if we're running in dom0 in FreeBSD case. 2015-06-01 Ján Tomko virsh: make negative values with vol-resize more convenient When shrinking a volume by a certain size, instead of typing vol-resize volume 1G --delta --shrink we allow the convience of specifying a negative value: vol-resize volume -1G --delta --shrink getting the same results with one more character. A negative value only makes sense as a delta. Imply the --delta parameter if the value is negative. Still require --shrink, because the operation is potentially destructive. 2015-06-01 Andrea Bolognani qemu: Automatically add element for pSeries guests. The guest firmware provides the same functionality as the pvpanic device, and the relevant element should always be present in the domain XML to reflect this fact, so add it after parsing the definition if it wasn't there already. 2015-06-01 Andrea Bolognani qemu: Allow panic device for pSeries guests The guest firmware provides the same functionality as the pvpanic device, which is not available in QEMU on pSeries, so the domain XML should be allowed to contain the element. On the other hand, unlike the pvpanic device, the guest firmware can't be configured, so report an error if an address has been provided in the XML. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1182388 2015-06-01 Andrea Bolognani qemu: Improve error message for missing QEMU_CAPS_DEVICE_PANIC. 2015-06-01 John Ferlan virsh: Fix printing of XML for pool-create-as https://bugzilla.redhat.com/show_bug.cgi?id=1224088 commit id 'bd00e00e' neglected to add the new adapter source options into the if condition that allowed printing the XML fields. The doesn't require other options in order to be complete. 2015-06-01 Daniel P. Berrange Post-release version bump to 1.2.17 2015-06-01 Daniel Veillard Release of libvirt-1.2.16 - docs/news.html.in libvirt.spec.in: update for the release - po/*.po*: regenerate 2015-05-29 Ján Tomko Allocate priv->vioserialaddrs unconditionally When attempting to hotplug a virtio-serial console to a domain that had no virtio-serial controllers (not even those that are added by libvirt when some devices need them) at daemon startup, report a user-friendly error: error: Failed to attach device from console.xml error: internal error: no virtio-serial controllers are available instead of crashing the daemon: Process terminating with default action of signal 11 (SIGSEGV): dumping core Access not within mapped region at address 0x8 at 0x531028F: virDomainVirtioSerialAddrNext (domain_addr.c:916) by 0x531028F: virDomainVirtioSerialAddrAssign (domain_addr.c:1029) by 0x1CBF68: qemuDomainAttachChrDevice (qemu_hotplug.c:1565) by 0x1BCD5E: qemuDomainAttachDeviceLive (qemu_driver.c:7997) by 0x1BCD5E: qemuDomainAttachDeviceFlags (qemu_driver.c:8743) Introduced in v1.2.14-30-g5903378. 2015-05-29 Ján Tomko Properly free the xmlDocPtr when loading pool state Use xmlFreeDoc instead of plain xmlFree. 4 bytes in 1 blocks are definitely lost in loss record 9 of 1,084 at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x70730D6: xmlStrndup (in /usr/lib64/libxml2.so.2.9.2) by 0x701E3DC: xmlNewDoc (in /usr/lib64/libxml2.so.2.9.2) by 0x70C39F8: xmlSAX2StartDocument (in /usr/lib64/libxml2.so.2.9.2) by 0x7017245: xmlParseDocument (in /usr/lib64/libxml2.so.2.9.2) by 0x7017606: xmlDoRead (in /usr/lib64/libxml2.so.2.9.2) by 0x5309DAD: virXMLParseHelper (virxml.c:742) by 0x5367584: virStoragePoolLoadState (storage_conf.c:1863) 2015-05-29 Jim Fehlig libxl: support QXL video device libxl recently gained support for QXL video device. Support it in the libxl driver too. libxl: support SPICE graphics for HVM domains libxl: change reservedVNCPorts to reservedGraphicsPorts A later change will use the PortAllocator for SPICE too. 2015-05-29 Jim Fehlig libxl: populate build_info vfb in separate function For HVM domains, vfb info must be populated in the libxl_domain_build_info struct. Currently this is done in the libxlMakeVfbList function, but IMO it would be cleaner to populate the build_info vfb in a separate libxlMakeBuildInfoVfb function. libxlMakeVfbList would then handle only vfb devices, simiar to the other libxlMakeList functions. A future patch will extend libxlMakeBuildInfoVfb to support SPICE. 2015-05-29 John Ferlan storage: Fix problem with disk backend pool allocation calculation https://bugzilla.redhat.com/show_bug.cgi?id=1224018 The disk pool recalculates the pool allocation, capacity, and available values each time through processing a newly created disk partition. This created an issue with the allocation setting since the code used is shared with the refresh path. Each path calls virStorageBackendDiskReadPartitions which initializes the pool values and then processes the partition table from the 'libvirt_parthelper' utility output with the only difference being create passes a specific volume to be processed while refresh pass a NULL indicating to process all volumes. That passed volume is check during the virStorageBackendDiskMakeVol call to see if the current partition described by the volume key already exists. If it exists, then no adjustments are made to the allocation and the next entry in the output is checked. For the create path this resulted in only the most recently created partition size would be accounted for in the 'allocation' setting. This patch thus checks whether the incoming volume is NULL before clearing the pool allocation value. 2015-05-29 John Ferlan storage: Don't adjust pool alloc/avail values for disk backend Commit id '2ac0e647' for https://bugzilla.redhat.com/show_bug.cgi?id=1206521 was meant to be a generic check for the CreateVol, CreateVolFrom, and DeleteVol paths to check if the storage backend's changed the pool's view of allocation or available values. Unfortunately as it turns out this caused a side effect when the disk backend created an extended partition there would be no actual storage removed from the pool, thus the changes would not find any change in allocation or available and incorrectly update the pool values using the size of the extended partition. A subsequent refresh of the pool would reset the values appropriately. This patch modifies those checks in order to specifically not update the pool allocation and available for only the disk backend rather than be generic before and after checks. 2015-05-29 John Ferlan Revert "storage: Don't duplicate efforts of backend driver" This reverts commit 2ac0e647bdd33d93a374e7ef3eadf2a253c7bf79. 2015-05-29 Laine Stump debug: assure NULLSTR() around all %s args in debug at top of public APIs There are also a couple that were very uninformatively just logging the value of the pointer rather than the string itself: * the "name" arg to virNodeDeviceLookupByName() * wwnn and wwpn args to virNodeDeviceLookupSCSIHostByWWN() All char*'s that make sense should now have their contents logged rather than the pointer, and all %s args should now be inside NULLSTR(). 2015-05-29 Laine Stump node_device: more informative error log when device isn't found In a couple of cases, the node device driver (and the test node device driver which likely copied it) was only logging "Node device not found" when it couldn't find the requested device. This patch changes those cases to log the name (and in the case when it's relevant, the wwnn and wwpn) as well. 2015-05-28 Kothapally Madhu Pavan virsh: Fix to list online cpus using virsh capabilities Virsh capabilities will list offline cpus as online when libvirt is compiled with numactl option disabled. This fix will list correct set of online cpus. 2015-05-28 Ján Tomko Fix the event name in vshEventTrayChangePrint https://bugzilla.redhat.com/show_bug.cgi?id=1206114#c5 Reported by: zhenfeng wang 2015-05-28 Ján Tomko Fix shrinking volumes with the delta flag This never worked. In 0.9.10 when this API was introduced, it was intended that the SHRINK flag combined with DELTA would shrink the volume by the specified capacity (to avoid passing negative numbers). See commit 055bbf4. When the SHRINK flag was finally implemented for the first backend in 1.2.13 (commit aa9aa6a), it was only implemented for the absolute values and with the delta flag the volume is always extended, regardless of the SHRINK flag. Treat the SHRINK flag as a minus sign when used together with DELTA, to allow shrinking volumes as was documented in the API since 0.9.10. https://bugzilla.redhat.com/show_bug.cgi?id=1220213 2015-05-28 Ján Tomko Simplify allocation check in storageVolResize Since shrinking a volume below existing allocation is not allowed, it is not possible for a successful resize with VOL_RESIZE_ALLOCATE to increase the pool's available value. Even with the SHRINK flag it is possible to extend the current allocation or even the capacity. Remove the overflow when computing delta with this flag and do the check even if the flag was specified. https://bugzilla.redhat.com/show_bug.cgi?id=1073305 2015-05-28 Maxim Nestratov parallels: suppress console output from parallels SDK It is necessary to have unpolluted screen when connecting to parallels driver via virsh. Otherwise a lot of unexpected output one will get on the console. 2015-05-28 Lubomir Rintel interface: don't error out if a bond has no interfaces It's not a problem at all and causes virt-manager to break down. Note: netcf 0.2.8 and earlier generates invalid XML for a bond with no interfaces anyway, so in that case this error in libvirt is never reached since we fail earlier. 2015-05-27 Andrea Bolognani qemu: Limit rtc-reset-reinjection requirement to x86 only. The QMP command, like the interrupt reinjection logic it's connected to, is only implemented in QEMU when TARGET_I386 is defined, so checking for its availability on any other architecture is pointless. On the other hand, when we're on x86, we shouldn still make sure that rtc-reset-reinjection is available and refuse to set the time otherwise. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1211938 2015-05-27 Martin Kletzander storage_fs: Create directory with UID if needed The code already exists there, it just modified different flags. I just noticed this when looking at the code. This patch is better to view with bigger context or '-W'. 2015-05-27 Zhang Bo util: make it more robust to calculate timeout value When we change system clock to years ago, a certain CPU may use up 100% cputime. The reason is that in function virEventPollCalculateTimeout(), we assign the unsigned long long result to an INT variable, *timeout = then - now; // timeout is INT, and then/now are long long if (*timeout < 0) *timeout = 0; there's a chance that variable @then minus variable @now may be a very large number that overflows INT value expression, then *timeout will be negative and be assigned to 0. Next the 'poll' in function virEventPollRunOnce() will get into an 'endless' while loop there. thus, the cpu that virEventPollRunOnce() thread runs on will go up to 100%. Although as we discussed before in https://www.redhat.com/archives/libvir-list/2015-May/msg00400.html it should be prohibited to set-time while other applications are running, but it does seems to have no harm to make the codes more robust. 2015-05-27 Roman Bogorodskiy zfs: fix storagepoolxml2xml test Commit 7c2d65d dropped setting default mode. Update zfs tests accordingly. 2015-05-27 Peter Krempa qemu: Fix compilation error when enum variable size differs from 'int' Since commit bcd9a564b631aa virDomainNumatuneGetMode returns the value via a pointer rather than in the return value. The change triggered problems with platforms where the compiler decides to use a data type of size different than integer at the point where we typecast it. Work around the issue by using an intermediate variable of the correct type that gets casted back by the default typecasting rules. 2015-05-27 Luyao Huang util: improve the sysinfo element XML format If the ends up not formatting any sub-elements, then rather than formatting as: Just format it more cleanly as: 2015-05-27 Luyao Huang conf: Avoid formatting empty redirfilter element If the redirfilter has no usbdev sub-elements, then do not format anything rather than formatting an empty pair of elements: 2015-05-27 Eric Blake maint: update to latest gnulib Time to update to new gnulib before a release. gcc 5.1 introduced a new -Wformat-signedness, and new gnulib now turns it on by default. However, it is still rather lame at the moment, because it warns for enums, even though there is no way to control the signeness of an enum which does not use any members that are negative or larger than INT_MAX, and even though such an enum would always print the same for both %d and %u: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66249 In file included from ../../src/util/virarch.c:26:0: ../../src/util/virarch.c: In function 'virArchFromHost': ../../src/util/virarch.c:180:15: error: format '%d' expects argument of type 'int', but argument 9 has type 'unsigned int' [-Werror=format=] VIR_DEBUG("Mapped %s to %d (%s)", So this patch turns off the new warning as part of enabling all other new gcc 5.1 warnings that gnulib now enables. * .gnulib: Update to latest, in part for gcc 5.1 interaction. * m4/virt-compile-warnings.m4: Ignore -Wformat-signedness, for now. 2015-05-26 John Ferlan qemu: Add libvirt version check to refresh capabilities algorithm Rather than an algorithm based solely on libvirtd ctime to refresh the capabilities add the element of the libvirt build version into the equation. Since that version wouldn't be there prior to this code being run - don't fail on reading the capabilities if not found. In this case, the cache will always be rebuilt when a new libvirt version is installed. 2015-05-26 John Ferlan qemu: Force capabilities cache refresh if libvirtd date is different https://bugzilla.redhat.com/show_bug.cgi?id=1195882 Original commit id 'cbde3589' indicates that the cache file would be discarded if either the QEMU binary or libvirtd 'ctime' changes; however, the code only discarded if the QEMU binary time didn't match or if the new libvirtd ctime was later than what created the cache file. Since many factors come into play with 'ctime' adjustments (including perhaps turning back the hands of time), change the logic to also force a refresh if the ctime of libvirt is different than what's in the cache. 2015-05-26 Daniel P. Berrange docs: update github project name The github project was renamed from libvirtproject to libvirt 2015-05-26 John Ferlan qemu: Resolve Coverity RESOURCE_LEAK Recent changes to the -M/--machine processing code in qemuParseCommandLine caused Coverity to determine there was a possible resource leak with how the 'list' is managed. Rather than try to add virStringFreeList calls everywhere - just promote list to the top of the variables and free it within the error processing code. Also required a couple of other tweaks in order to avoid double free's. 2015-05-26 John Ferlan conf: Resolve Coverity NEGATIVE_RETURNS Commit id '73eda710' added virDomainKeyWrapDefParseXML which uses virXPathNodeSet, but does not handle a -1 return thus causing a possible loop condition exit problem later when the return value is used. Change the logic to return the value from virXPathNodeSet if <= 0 2015-05-26 Cole Robinson storage: fs: Only force directory permissions if required Only set directory permissions at pool build time, if: - User explicitly requested a mode via the XML - The directory needs to be created - We need to do the crazy NFS root-squash workaround This allows qemu:///session to call build on an existing directory like /tmp. 2015-05-26 Cole Robinson conf: storage: Don't emit empty block 2015-05-26 Cole Robinson storage: conf: Don't set any default in the XML The XML parser sets a default if none is explicitly passed in. This is then used at pool/vol creation time, and unconditionally reported in the XML. The problem with this approach is that it's impossible for other code to determine if the user explicitly requested a storage mode. There are some cases where we want to make this distinction, but we currently can't. Handle parsing like we handle /: if no value is passed in, set it to -1, and adjust the internal consumers to handle it. 2015-05-26 Cole Robinson docs: formatstorage: Update docs - Don't redocument the permissions fields for backingstore, just point to the volume docs. - Clarify that owner/group are inherited from the parent directory at volume create/pool build time. - Clarify that fields report runtime values too 2015-05-26 Maxim Nestratov parallels: fix possible crash in case of errors in prlsdkLoadDomain Cleanup code in prlsdkLoadDomain doesn't take into account the fact if private domain structure along with freeing function is assigned or not. In case it is, we shouldn't call it manually because virDomainObjListRemove calls it and frees pdom. Also, allocated def structure should be freed only if it's not assigned to domain. Otherwise it will be called twice: one time by virDomainObjListRemove and the second by prlsdkLoadDomain itself. parallels: move up updating parameter in prlsdkLoadDomain It is better to get all necessary parameters and check them on newly created configuration before actually creating a domain with them or applying them to an existing domain. 2015-05-25 Pavel Hrdina virsh: reject negative values for scaled integer Some virsh commands have a size parameter, which is handled as scaled integer. We don't have any *feature* that would allow to use '-1' as maximum size, so it's safe to reject any negative values for those commands. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1159171 2015-05-25 Michal Privoznik docs: Document new RO repo mirrors In the upstream discussion on creating a github mirror [1], it turned out that there are some read-only mirrors of our repository. Lets advertise them on our downloads page. But do it wisely and discourage people in sending a pull requests on GitHub. 1: https://www.redhat.com/archives/libvir-list/2015-May/msg00775.html 2015-05-24 John Ferlan network: Resolve Coverity FORWARD_NULL To silence Coverity just add a 'p &&' in front of the check in networkFindUnusedBridgeName after the strchr() call. Even though we know it's not possible to have strchr return NULL since the only way into the function is if there is a '%' in def->bridge or it's NULL. 2015-05-24 John Ferlan conf: Resolve Coverity FORWARD_NULL Even though it's been pointed out they are false positives: http://www.redhat.com/archives/libvir-list/2015-May/msg00301.html and http://www.redhat.com/archives/libvir-list/2015-May/msg00302.html these still show up as Coverity issues. In order to silence Coverity add an 'sa_assert' prior to check failure. 2015-05-24 John Ferlan storage: Resolve Coverity FORWARD_NULL Coverity points out it's possible for one of the virCommand{Output|Error}* API's to have not allocated 'output' and/or 'error' in which case the strstr comparison will cause a NULL deref 2015-05-24 Roman Bogorodskiy zfs: fix storagepoolxml2xml test Commit c4d27bd dropped output of owner/group -1. Update zfs tests accordingly. 2015-05-24 Roman Bogorodskiy bhyve: fix build with gcc48 Build with gcc 4.8 fails with: bhyve/bhyve_monitor.c: In function 'bhyveMonitorIO': bhyve/bhyve_monitor.c:51:18: error: missing initializer for field 'tv_sec' of 'const struct timespec' [-Werror=missing-field-initializers] const struct timespec zerowait = {}; Explicitly initialize zerowait to fix the build. 2015-05-24 Pavel Fedin Add missing XDR_FLAGS Fixes build problems on x86_64-cygwin host for aarch64 target: CC lxc/libvirt_driver_lxc_impl_la-lxc_monitor_protocol.lo In file included from lxc/lxc_monitor_protocol.c:7:0: lxc/lxc_monitor_protocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory CC rpc/libvirt_setuid_rpc_client_la-virnetmessage.lo In file included from rpc/virnetmessage.h:24:0, from rpc/virnetmessage.c:26: rpc/virnetprotocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory CC lxc/libvirt_lxc-lxc_monitor_protocol.o In file included from lxc/lxc_monitor_protocol.c:7:0: lxc/lxc_monitor_protocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory 2015-05-22 Laine Stump util: better error message after failure to initialize firewall backend If the firewalld backend wasn't available and libvirt decides to try setting up a "direct" backend, it checks for the presence of iptables, ip6tables, and ebtables. If they are not found, a message like this is logged: error : virFirewallValidateBackend:193 : direct firewall backend requested, but /usr/sbin/ip6tables is not available: No such file or directory But then at a later time if an attempt is made to use the virFirewall API, failure will be indicated with: error : virFirewallApply:936 : out of memory This patch changes virFirewallApply to first check if a firewall backend hadn't been successfully setup, and logs a slightly more informative message in that case: error : virFirewallApply:940 : internal error: Failed to initialize a valid firewall backend This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1223876 2015-05-22 Laine Stump interface: allow multiple IPv4 addresses + dhcp on a single interface As of netcf-0.2.8, netcf supports configuring multipl IPv4 addresses, as well as simultaneously configuring dhcp and static IPv4 addresses, on a single interface. This patch updates libvirt's interface.rng to allow such configurations. This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1223688 2015-05-22 Laine Stump netdev: fail when setting up an SRIOV VF if PF is offline If an SRIOV PF is offline, the kernel won't complain if you set the mac address and vlan tag for a VF via this PF, and it will even let you assign the VF to a guest using PCI device assignment or macvtap passthrough. But in this case (the PF isn't online), the device won't be usable in the guest. Silently setting the PF online would solve the connectivity problem, but as pointed out by Dan Berrange, when an interface is set online with no associated config, the kernel will by default turn on IPv6 autoconf, which could create unexpected security problems for the host. For this reason, this patch instead logs an error and fails the operation. This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=893738 Originally filed against RHEL6, but present in every version of libvirt until today. 2015-05-22 Cole Robinson storage: conf: Don't output owner/group -1 -1 is just an internal placeholder and is meaningless to output in the XML. 2015-05-22 Maxim Nestratov node_device: fix libvirt build if WITH_HAL is defined commit ffc40b63b50ecb changed uniond _virNodeDevCapData into a typedef named virNodeDevCapData with a struct that contains the union as well as a type enum. This change necessitated changing every reference to "caps->type" into "caps->data.type", but the author of that patch failed to test a build "WITH_HAL". This patch fixes the one place in the hal backend that needed changing. 2015-05-22 Michal Privoznik sysinfo: Fix reports on ARM Due to a kernel commit (b4b8f770e), cpuinfo format has changed on ARMs. Firstly, 'Processor: ...' may not be reported, it's replaced by 'model name: ...'. Secondly, the "Processor" string may occur in CPU name, e.g. 'ARMv7 Processor rev 5 (v7l)'. Therefore, we must firstly look for 'model name' and then for 'Processor' if not found. Moreover, lines in the cpuinfo file are shuffled, so we better not manipulate the pointer to start of internal buffer as we may lost some info. 2015-05-21 Michal Privoznik qemuDomainDetachChrDevice: Fix chardev hot-unplug Not every chardev is plugged onto virtio-serial bus. However, the code introduced in 89e991a2aa36b04 assumes that. Incorrectly. With previous patches we have three options where a chardev can be plugged: virtio-serial, USB and PCI. This commit fixes the detach part. However, since we are not auto allocating USB addresses yet, I'm just marking the place where appropriate code should go. qemuDomainAttachChrDevice: Fix chardev hotplug Not every chardev is plugged onto virtio-serial bus. However, the code introduced in 89e991a2aa36b04 assumes that. Incorrectly. With previous patches we have three options where a chardev can be plugged: virtio-serial, USB and PCI. This commit fixes the attach part. However, since we are not auto allocating USB addresses yet, I'm just marking the place where appropriate code should go. 2015-05-21 Michal Privoznik qemu: Implement pci-serial https://bugzilla.redhat.com/show_bug.cgi?id=998813 Implementation is pretty straight-forward. Of course, not all qemus out there supports the device, so new capability is introduced and checked prior each use of the device. 2015-05-21 Michal Privoznik Introduce pci-serial https://bugzilla.redhat.com/show_bug.cgi?id=998813 Like usb-serial, the pci-serial device allows a serial device to be attached to PCI bus. An example XML looks like this:
    2015-05-21 Peter Krempa util: Avoid shadow of 'ulong' in virMemoryMaxValue Old compilers whine: src/util/virutil.c: In function 'virMemoryMaxValue': src/util/virutil.c:2612: error: declaration of 'ulong' shadows a global declaration [-Wshadow] /usr/include/sys/types.h:151: error: shadowed declaration is here [-Wshadow] s/ulong/capped/ to work around the problem 2015-05-21 Ján Tomko qemu: wire up virDomainSetUserPassword Base-64 encode the password and pass it to the guest agent via the 'guest-set-user-password' command. https://bugzilla.redhat.com/show_bug.cgi?id=1174177 2015-05-21 Ján Tomko virsh: add set-user-password command Expose the virDomainSetUserPassword API in virsh: virsh set-user-password dom user 123456 2015-05-21 Ján Tomko Introduce virDomainSetUserPassword API For setting passwords of users inside the domain. With the VIR_DOMAIN_PASSWORD_ENCRYPTED flag set, the password is assumed to be already encrypted by the method required by the guest OS. https://bugzilla.redhat.com/show_bug.cgi?id=1174177 2015-05-21 Jiri Denemark threadpool: Switch to detached threads Using joinable threads does not help anything, but it can lead to memory leaks. When a worker thread exits, it decreases nWorkers or nPrioWorkers and once both nWorkers and nPrioWorkers are zero (i.e., the last worker is gone), quit_cond is signaled. When freeing the pool we first tell all threads to die and then we are waiting for both nWorkers and nPrioWorkers to become zero. At this point we already know all threads are gone. So the only reason for calling virThreadJoin of all workers is to free the memory allocated for joinable threads. If we avoid allocating this memory, we don't need to take care of freeing it. Moreover, any memory associated with a worker thread which died before we asked it to die (e.g., because virCondWait failed in the thread) would be lost anyway since virThreadPoolFree calls virThreadJoin only for threads which were running at the time virThreadPoolFree was called. 2015-05-21 Jiri Denemark Use virDomainDiskByName where appropriate Most virDomainDiskIndexByName callers do not care about the index; what they really want is a disk def pointer. Add wrappers for virDomainDiskIndexBy* Sometimes the only thing we need is the pointer to virDomainDiskDef and having to call virDomainDiskIndexBy* APIs, storing the disk index, and looking it up in the disks array is ugly. After this patch, we can just call virDomainDiskBy* and get the pointer in one step. 2015-05-21 Erik Skultety qemu: Log error if domain uses security driver which is not loaded When starting a domain, if a domain specifies security drivers we do not have loaded, we fail. However we don't check for this during reconnect, so any operation relying on security driver functionality would fail. If someone e.g. starts a domain with selinux driver loaded, then they change the security driver to 'none' in config, restart the daemon and call dump/save/.., QEMU will return an error. As we shouldn't kill the domain, we should at least log an error to let the user know that domain reconnect wasn't completely clean. https://bugzilla.redhat.com/show_bug.cgi?id=1183893 2015-05-21 Luyao Huang conf: Restore the XML parser context in virDomainMemoryDefParseXML After parsing the memory device XML the function would not restore the XML parser context causing invalid XPath starting point for the rest of the elements. This is a regression since 3e4230d2. The test case addition uses the element that is currently unused by qemu, but parsed after the memory device definition and formatted always. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1223631 2015-05-20 Peter Krempa conf: Catch memory size overflow earlier virDomainParseMemory parses the size and then rounds up while converting it to kibibytes. Since the number is limit-checked before the rounding it's possible to use a number that would be correctly parsed the first time, but not the second time. For numbers not limited to 32 bit systems the magic is 9223372036854775807 bytes. That number then can't be parsed back in kibibytes. To solve the issue add a second overflow check for the few values that would cause the problem. Since virDomainParseMemory is used in config parsing, this avoids vanishing VMs. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1221504 2015-05-20 Michal Privoznik virDomainNumatuneGetMode: Report if numatune was defined So far, we are not reporting if numatune was even defined. The value of zero is blindly returned (which maps onto VIR_DOMAIN_NUMATUNE_MEM_STRICT). Unfortunately, we are making decisions based on this value. Instead, we should not only return the correct value, but report to the caller if the value is valid at all. For better viewing of this patch use '-w'. 2015-05-20 John Ferlan Taint domains using cdrom-passthrough https://bugzilla.redhat.com/show_bug.cgi?id=976387 For a domain configured using the host cdrom, we should taint the domain due to problems encountered when the host and guest try to control the tray. 2015-05-20 Cole Robinson virfile: virDirCreate: Drop redundant FORCE_PERMS flag The only two virDirCreate callers already use it virfile: virDirCreate: Fix ALLOW_EXIST conditional I screwed this up in the previous (post 1.2.16) commits 2015-05-19 Martin Kletzander qemu: Fix numatune nodeset reporting Since af2a1f0587d88656f2c14265a63fbc11ecbd924e, qemuDomainGetNumaParameters() returns invalid value for a running guest. The problem is that it is getting the information from cgroups, but the parent cgroup is being left alone since the mentioned commit. Since the running guest's XML is in sync with cgroups, there is no need to look into cgroups (unless someone changes the configuration behind libvirt's back). Returning the info from the definition fixes a bug and is also a cleanup. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1221047 2015-05-19 Jim Fehlig xenconfig: fix spice mousemode and copypaste From xl.cfg950 man page: spiceagent_mouse=BOOLEAN Whether SPICE agent is used for client mouse mode. The default is true (1) (turn on) spicevdagent=BOOLEAN Enables spice vdagent. The Spice vdagent is an optional component for enhancing user experience and performing guest-oriented management tasks. Its features includes: client mouse mode (no need to grab mouse by client, no mouse lag), automatic adjustment of screen resolution, copy and paste (text and image) between client and domU. It also requires vdagent service installed on domU o.s. to work. The default is 0. spice_clipboard_sharing=BOOLEAN Enables Spice clipboard sharing (copy/paste). It requires spicevdagent enabled. The default is false (0). So if spiceagent_mouse is enabled (client mouse mode) or spice_clipboard_sharing is enabled, spicevdagent must be enabled. Along with this change, s/spicedvagent/spicevdagent, set spiceagent_mouse correctly, and add a test for these spice features. 2015-05-19 Jim Fehlig xenconfig: fix spicepasswd handling The logic related to spicedisable_ticketing and spicepasswd was inverted. As per man xl.cfg(5), 'spicedisable_ticketing = 1' means no passwd is required. On the other hand, a passwd is required if 'spicedisable_ticketing = 0'. Fix the logic and produce and error if 'spicedisable_ticketing = 0' but spicepasswd is not provided. Also fix the spice cfg test file. xenconfig: format spice listenAddr when formating ports Move formating of spice listenAddr to the section of code where spice ports are formatted. It is more logical to format address and ports together. Account for the change in spice cfg test file by moving 'spicehost'. xenconfig: use local variable for graphics def 'graphics->' is a bit easier to read and type, and makes for shorter lines than 'def->graphics[0]->'. 2015-05-18 Laine Stump node_device: replace duplicated code in hal and udev backends Both the hal and udev drivers call virPCI*() functions to the the SRIOV VF/PF info about PCI devices, and the UDEV backend calls virPCI*() to get IOMMU group info. Since there is now a single function call in node_device_linux_sysfs.c to do all of this, replace all that code in the two backends with calls to nodeDeviceSysfsGetPCIRelatedDevCaps(). Note that this results in the HAL driver (probably) unnecessarily calling virPCIDevieAddressGetIOMMUGroupNum(), but in the case that the host doesn't support IOMMU groups, that function turns into a NOP (it returns -2, which causes the caller to skip the call to virPCIDeviceAddressGetIOMMUGroupAddresses()). So in the worst case it is a few extra cycles spent, and in the best case a mythical platform that supported IOMMU groups but used HAL rather than UDEV would gain proper reporting of IOMMU group info. 2015-05-18 Laine Stump node_device: update sriov/iommu info before dumpxml of a device Because reloading a PF driver with a different number of VFs doesn't result in any sort of event sent from udev to the libvirt node_device driver, libvirt's cache of that info can be out of date when a request arrives for the info about a device. To fix this, we refresh that data at the time of the dumpxml request, similar to what is already done for netdev link info and SCSI host capabilities. Since the same is true for iommu group information (for example, some other device in the same iommu group could have been detached from the host), we also create a function to update the iommu group info from sysfs, and a common function that does both. (a later patch will call this common function from the udev and hal backends). This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=981546 2015-05-18 Laine Stump node_device: new functions to get sriov/iommu info from sysfs The udev and hal drivers both already call the same functions as these new functions added to node_device_linux_sysfs.c, but 1) we need to call them from node_device_driver.c, and 2) it would be nice to eliminate the duplicated code from the hal and udev backends. node device: prepare node_device_linux_sysfs.c to add more functions This file contains only a single function, detect_scsi_host_caps(), which is declared in node_device_driver.h and called from both the hal and udev backends. Other things common to the hal and udev drivers can be placed in that file though. As a prelude to adding further functions, this patch renames the existing function to something closer in line with other internal libvirt function names (nodeDeviceSysfsGetSCSIHostCaps()), and puts the declarations into a separate .h file. nodedev: change if-else if in update_caps to switch Makes it nicer as update bits are added for different cap types. 2015-05-18 Laine Stump conf: make virNodeDevCapData an official type For some reason a union (_virNodeDevCapData) that had only been declared inside the toplevel struct virNodeDevCapsDef was being used as an argument to functions all over the place. Since it was only a union, the "type" attribute wasn't necessarily sent with it. While this works, it just seems wrong. This patch creates a toplevel typedef for virNodeDevCapData and virNodeDevCapDataPtr, making it a struct that has the type attribute as a member, along with an anonymous union of everything that used to be in union _virNodeDevCapData. This way we only have to change the following: s/union _virNodeDevCapData */virNodeDevCapDataPtr / and s/caps->type/caps->data.type/ This will make me feel less guilty when adding functions that need a pointer to one of these. 2015-05-18 Andrea Bolognani virsh: Improve handling of send-process-signal --pid. Use vshCommandOptLongLong() instead of retrieving the value as a string and converting it to a number manually. virsh: Fix dommemstat --period option type. The option didn't have VSH_OT_INT type even thought it's expected to be numeric, as shown by the fact that vshCommandOptInt() is later used to retrieve its value. 2015-05-18 Andrea Bolognani virsh: Improve error message on integer value parsing failure. Replace more than 30 ad-hoc error messages with a single, generic one that contains the name of the option being processed and some hints to help the user understand what could have gone wrong. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1207043 2015-05-18 Tony Krowiak libvirt: tests: test protected key mgmt ops support Test the support for enabling/disabling CPACF protected key management operations for a guest. Reviewed-by: Boris Fiuczynski 2015-05-18 Tony Krowiak libvirt: qemu: enable/disable protected key management ops Introduces two new -machine option parameters to the QEMU command to enable/disable the CPACF protected key management operations for a guest: aes-key-wrap='on|off' dea-key-wrap='on|off' The QEMU code maps the corresponding domain configuration elements to the QEMU -machine option parameters to create the QEMU command: --> aes-key-wrap=on --> aes-key-wrap=off --> dea-key-wrap=on --> dea-key-wrap=off Reviewed-by: Boris Fiuczynski 2015-05-18 Tony Krowiak libvirt: Introduce protected key mgmt ops Two new domain configuration XML elements are added to enable/disable the protected key management operations for a guest: ... ... Reviewed-by: Boris Fiuczynski 2015-05-16 Jim Fehlig libxl: provide impl for nodeGetSecurityModel Currently, the libxl driver does not support any security drivers. When the qemu driver has no security driver configued, nodeGetSecurityModel succeeds but returns an empty virSecurityModel object. Do the same in the libxl driver instead of reporting this function is not supported by the connection driver: virNodeGetSecurityModel 2015-05-16 Laine Stump qemu: log error when domain has an unsupported IDE controller We have previously effectively ignored all elements in a domain definition. On the i440fx-based machinetypes there is an IDE controller that is included in the chipset and can't be removed (which is the ide controller with index='0'>), so it makes sense to ignore that one controller. However, if an i440fx domain definition has a 2nd controller, nothing catches this error (unless you also have a disk attached to it, in which case qemu will complain that you're trying to use the ide controller named "ide1", which doesn't exist), and if any other type of domain has even a single controller defined, it will be incorrectly ignored. Ignoring a bogus controller definition isn't such a big problem, as long as an error is logged when any disk is attached to that non-existent controller. But in the case of q35-based machinetypes, the hardcoded id ("alias" in libvirt terms) of its builtin SATA controller is "ide", which happens to be the same id as the builtin IDE controller on i440fx machinetypes. So libvirt creates a commandline believing that it is connecting the disk to the builtin (but actually nonexistent) IDE controller, qemu thinks that libvirt wanted that disk connected to the builtin SATA controller, and everybody is happy. Until you try to connect a 2nd disk to the IDE controller. Then qemu will complain that you're trying to set unit=1 on a controller that requires unit=0 (SATA controllers are organized differently than IDE controllers). After this patch, if a domain has an IDE controller defined for a machinetype that has no IDE controllers, libvirt will log an error about the controller itself as it is building the qemu commandline (rather than a (possible) error from qemu about disks attached to that controller). This is done by adding IDE to the list of controller types that are handled in the loop that creates controller command strings in qemuBuildCommandline() (previously it would *always* skip IDE controllers). Then qemuBuildControllerDevStr() is modified to log an appropriate error in the case of IDE controllers. In the future, if we add support for extra IDE controllers (piix3-ide and/or piix4-ide) we can just add it into the IDE case in qemuBuildControllerDevStr(). For now, nobody seems anxious to add extra support for an aging and very slow controller, when there are so many better options available. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1176071 (Fedora) 2015-05-16 Laine Stump qemu: clean up qemuBuildCommandline loop that builds controller args Reorganize the loop that builds controller args to remove unnecessary duplicated code and superfluous else clauses. No functional change. 2015-05-16 Laine Stump qemu: remove test for allowing ide controller in s390, rename usb tests Back in 2013, commit 877bc089 added in some tests that made sure no error was generated on a domain definition that had an automatically added usb controller if that domain didn't have a PCI bus to attach the usb controller to. This was done because, at that time, libvirt was automatically adding a usb controller to *any* domain definition that didn't have one. Along with permitting the controller, two s390-specific tests were added to ensure this behavior was maintained - one with and another (called "s390-piix-controllers") that had both usb and ide controllers, but nothing attached to them. Then in February of this year, commit 09ab9dcc eliminated the annoying auto-adding of a usb device for s390 and s390x machines, stating: "Since s390 does not support usb the default creation of a usb controller for a domain should not occur." Although, as verified here, the s390 doesn't support usb, and usb controllers aren't currently added to s390 domain definitions automatically, there are likely still some domain definitions in the wild that have a usb controller (which was added *by libvirt*, not by the user), so we will keep the tests verifying that behavior for now. But this patch changes the names of the tests to reflect that they don't actually contain a valid s390 config; this way future developers won't propagate the incorrect idea that an s390 virtual machine can have a USB (or IDE) bus. In the case of the IDE controller, though, libvirt has never automatically added an IDE controller unless a user added an IDE disk (which itself would have caused an error), and we specifically *do* want to begin generating an error when someone tries to add an IDE controller to a domain that can't support one. For that reason, while renaming the sz390-piix-controllers patch, this patch removes the from it (otherwise the upcoming patch would break make check) 2015-05-16 Laine Stump qemu: use controller alias when constructing device/controller args This makes sure that that the commandlines generated for devices and controller devices are all using the alias that has been set in the controller's object as the id of the controller, rather than hardcoding a printf (or worse, encoding exceptions to the standard ${controller}${index} into the logic) Since this "fixes" the controller name used for the sata controller, the commandline arg for the sata controller in the sata test case had to be adjusted to be "sata0" instead of "ahci0". All other tests remain unchanged, verifying that the patch causes no other functional change. Because the function that finds a controller alias based on a device def requires a pointer to the full domainDef in order to get the list of controllers, the arglist of a few functions had to have this added. 2015-05-16 Laine Stump qemu: fix exceptions in qemuAssignDeviceControllerAlias There are a few extra exceptions that weren't being accounted for when creating the alias for a controller. This resulted in 1) incorrect status XML, and 2) exceptions/printfs of what *should* have been directly available in the controller alias when constructing device commandline arguments: 1) The primary (and only) IDE controller on a 440FX machinetype is hardcoded to be "ide" in qemu. 2) The primary SATA controller on a 440FX machinetype is also hardcoded to be "ide" in qemu. 3) On machinetypes that don't support multiple PCI buses, the PCI bus is hardcoded in qemu to have the name "pci". 4) The first usb master controller is "usb", all others are the normal "usb%d". (note that usb controllers that are not a "master" will have the same index, and thus alias, as the master). We needed to pass in the full domainDef and qemuCaps in order to properly make the decisions about these exceptions. 2015-05-16 Laine Stump conf: utility to return alias of a controller based on type/index Because there are multiple potential reasons for an error, this function logs any errors before returning NULL (since the caller won't have the information needed to determine which was the reason for failure). 2015-05-15 Jiri Denemark qemu: Don't give up on first error in qemuMigrationCancelDriverMirror When cancelling drive mirror, always try to do that for all disks even if it fails for some of them. Report the first error we saw. qemu: Keep track of what disks are being migrated Instead of redoing the same filtering over and over everytime we need to walk through all disks which are being migrated. Move QEMU-only fields from virDomainDiskDef into privateData Rename virDomainHasBlockjob as qemuDomainHasBlockjob And move it to qemu_domain.[ch] because this API is QEMU-only. Add privateData to virDomainDiskDef 2015-05-14 Ján Tomko reject out of range memory in SetMemory APIs The APIs take the memory value in KiB and we store it in KiB internally, but we cannot parse the whole ULONG_MAX range on 64-bit systems, because virDomainParseScaledValue needs to fit the value in bytes in an unsigned long long. https://bugzilla.redhat.com/show_bug.cgi?id=1176739 2015-05-14 Martin Kletzander Some alignment fixes in lxc_controller and jsontest Again, a clean-up for which we don't have proper syntax-check. gendispatch: Don't generate long lines We don't allow it in normal code, why would it need to be in the generated one. IT also splits the line in perl code so it's readable. virnetserver: Remove unnecessary double space Since we don't have syntax-check for this, it has to be checked manually. Let's hope this is the only place it happened. rpc: Don't mix max_clients and max_workers in PostExecRestart This only affected the servers that re-exec themselves, which is only virtlockd and it didn't do any mess, so this is mostly a clenaup. 2015-05-14 John Ferlan qemu: Clear autofil fill flag when pinning iothread https://bugzilla.redhat.com/show_bug.cgi?id=1218577 Treat pinning an IOThread via API as if someone added an IOThread to ensure the iothreadid doesn't cause the guest to disappear 2015-05-14 John Ferlan conf: Expose iothreadids when delete non sequential iothreadids Since 'autofill'd iothreadid entries are not written during XML format processing, it is possible that if an iothreadid in the middle of an autofilled list would then change it's id on a subsequent restart. Thus during the iothreadid deletion, if we determine the delete is not the "last" thread, then clear the autofill bit for all iothreadid's following the one being deleted (either the first or one in the middle). This way, iothreadid's will be printed/saved. 2015-05-14 Luyao Huang virsh: Report an error when cpulist parsing fails When parsing a cpulist, the virBitmapParse is used. On an invalid bitmap an error is reported, but the error gets cleared immediately by subsequent public APIs call, e.g. virDomainFree(). Moreover, we don't check whether bitmap fits into maximal CPU ID on the host. Therefore the following examples failed without any error: # virsh vcpupin test3 1 aaa # virsh vcpupin test3 1 1000 2015-05-13 Nikolay Shirokovskiy parallels: remove connection wide wait timeout We have a lot of passing arguments code just to pass connection object cause it holds jobTimeout. Taking into account that right now this value is defined at compile time let's just get rid of it and make arguments list more clear in many places. In case we later need some runtime configurable timeout value we can provide this value through arguments function already operate such as a parallels domain object etc as this timeouts are operation( and thus object) specific in practice. 2015-05-13 zhang bo qemuMigrationPrepareAny: Drop useless variable @now As of eeb008dbfcf31 the variable is not used anymore. Drop it. 2015-05-13 Andrea Bolognani maint: Ignore Vim swap files This removes some noise when you're working on the repository and also have a bunch of source files open in Vim in another terminal. 2015-05-13 Martin Kletzander Fix build --without-network In order not to bring in any link dependencies, bridge driver doesn't use the usual stubs as other conditionally-built code does. However, having the function as a macro imposes a problem with possibly unused variables if just defined as "0". This was worked around by using (dom=dom, iface=iface, 0) which should act like a 0 if used in a condition. However, gcc still bugs about that, so I came up with another way how to fix that. Using static inline functions in the header won't collide with anything, it fixes the bug and does one thing that the macro didn't do. It checks whenther passed variables are pointers of compatible type. It has only one downside, and that is that we need to either a) define it with ATTRIBUTE_UNUSED, which needs an exception in cfg.mk or b) do something like ignore_value(variable); in the function body. I went with the first variant. 2015-05-13 Ján Tomko Assign virtio-serial addresses after coldplugging a device Otherwise we might allow coldplugging a device that uses an address that is already occupied, creating an unstartable domain. https://bugzilla.redhat.com/show_bug.cgi?id=1220195 2015-05-13 Pavel Hrdina qemu: vnc: error out for invalid port number In the XML we have the vnc port number, but QEMU takes on command line a vnc screen number, it's port-5900. We should fail with error message that only ports in range [5900,65535] are valid. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1164966 2015-05-13 Michal Privoznik virSysinfoParseProcessor: Drop useless check for NULL VIR_STRDUP plays nicely with NULLs. Theres no need to guard its call with check for non-NULL. 2015-05-13 Jim Fehlig libxl: support VNC passwd While implementing support for SPICE, I noticed VNC passwd was never copied to libxl_device_vfb's vnc.passwd field. 2015-05-13 John Ferlan conf: Remove source host name check for iSCSI https://bugzilla.redhat.com/show_bug.cgi?id=1171984 https://bugzilla.redhat.com/show_bug.cgi?id=1188463 Remove the check for the source host name for iSCSI source XML processing declaring duplicate sources when the source device path and if present the initiator of a proposed storage pool matches an existing storage pool. The backend iSCSI storage driver uses 'iscsiadm --mode session' to query available iscsid target sessions. The output displayed is the IP address and the IQN (target path) of known targets. The displayed IP address is a resolved address based on the session --login. Additionally, iscsid keeps track of the various ways to define the host name (IPv4 Address, IPv6 Address, /etc/hosts, etc.) for that IQN (see output of an 'iscsiadm --mode node'). If an incoming IQN matches and the host name provided by libvirt is resolved to the existing IQN, then iscsid will "reuse" the session. Although libvirt could do the same name resolution, if there is a difference, iscsid could still declare two seemingly different sources to be the same and not create a new session which means libvirt now has two storage pools looking at the same source. Thus to avoid any strange host name resolution issues, just rely on iscsid for that and do not allow multiple pools on the same host to use the same device path (IQN). 2015-05-13 John Ferlan conf: Adjust duplicate source host port check Only perform the port number check if the incoming definition actually provides it. Since the port number is optional we could erroneously pass a duplicate source host check since some storage pool backends which fill in the default port number (e.g., iSCSI and sheepdog) for the started pool. 2015-05-12 Luyao Huang qemu: fix double free when RNG cold-plug fails https://bugzilla.redhat.com/show_bug.cgi?id=1220809 When cold-plugging an RNG device but something fails in qemuDomainAssignAddresses, we will double free the RNG device. Once a device is plugged into the domain, we should set the device pointer to NULL to fix this issue. ... 5 0x00007fb7d180ac8a in virFree at util/viralloc.c:582 6 0x00007fb7d1895cdd in virDomainRNGDefFree at conf/domain_conf.c:19786 7 0x00007fb7d1895d99 in virDomainDeviceDefFree at conf/domain_conf.c:2022 8 0x00007fb7b92b8baf in qemuDomainAttachDeviceFlags at qemu/qemu_driver.c:8785 9 0x00007fb7d190c5d7 in virDomainAttachDeviceFlags at libvirt-domain.c:8488 10 0x00007fb7d23af9d2 in remoteDispatchDomainAttachDeviceFlags at remote_dispatch.h:2842 ... 2015-05-12 Peter Krempa daemon: Suppress logging of VIR_ERR_NO_DOMAIN_METADATA Similarly to other error codes that notify the user that the object does not exist lower the priority of VIR_ERR_NO_DOMAIN_METADATA to VIR_LOG_DEBUG when writing the log entry. 2015-05-12 Pavel Hrdina conf_capabilities: fix wrong indentation 2015-05-12 Pavel Hrdina XML: escape strings where we should do it There is a lot of places, were it's pretty easy for user to enter some characters that we need to escape to create a valid XML description. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1197580 2015-05-12 Richard W.M. Jones Document that virNodeGetInfo can return mhz == 0. On the s/390x architecture, libvirt may already return 0 in the node_info->mhz field (see src/nodeinfo.c:linuxNodeInfoCPUPopulate). We may also want to return this on aarch64 in future, because calculating the proper value requires SMBIOS, which is not available on non-server-class systems (specifically on systems which don't adhere to the SBSA standard). Therefore this change documents the existing behaviour and provides a valid path for aarch64. Bug-URL: https://bugzilla.redhat.com/1206353 2015-05-12 Michal Privoznik libvirt-guests: Initialize SYNC_TIME https://bugzilla.redhat.com/show_bug.cgi?id=1191227 Since 0fa15b19 we have this variable SYNC_TIME which allows users to synchronize time on domain resume. However, despite what documentation says, it's by default on because it's never initialized. Fix this by setting it to zero at the beginning of the libvirt-guests script. 2015-05-12 Laine Stump qemu: eliminate duplicated code in qemuBuildDriveDevStr() The code to add device type to the commandline was identical for lsi and other models of SCSI controllers, but was duplicated (with the exception of a minor ordering difference of the if-else clauses) for the two cases. This patch replaces those two with a single instance of the code just before the if(). qemu: use qemuDomainMachineIsI440FX() in appropriate place This patch makes qemuValideDevicePCISlotsChipsets() more consistent in appearance by replacing several clauses of an if with the equivalent call to qemuDomainMachineIsI440FX. The if was checking exactly the same items, just in a slightly different order. 2015-05-12 Roman Bogorodskiy maint: extend PIE support check GCC installed from FreeBSD ports doesn't support building PIE executables and fails with: /usr/local/bin/ld: /usr/lib/crt1.o: relocation R_X86_64_32 against `_DYNAMIC' can not be used when making a shared object; recompile with -fPIC /usr/lib/crt1.o: error adding symbols: Bad value collect2: error: ld returned 1 exit status However, the configure check for '-fPIC -DPIC' doesn't catch that. In order to catch this case, add '-pie' to CFLAGS in m4/virt-compile-pie.m4 so it could detect lack of PIE support on configure time and don't fail the build. 2015-05-12 Roman Bogorodskiy bhyve: fix bhyvexml2argvtest build with gcc gcc5 reports an error like this: bhyvexml2argvtest.c: In function 'testCompareXMLToArgvFiles': bhyvexml2argvtest.c:24:18: error: variable 'vm' set but not used [-Werror=unused-but-set-variable] virDomainObj vm; ^ cc1: all warnings being treated as errors Fix by dropping this variable. 2015-05-11 Luyao Huang conf: Report error for unknown shmem ioeventfd value https://bugzilla.redhat.com/show_bug.cgi?id=1220265 Passing the return value to an enum directly is not safe. Fix this by comparing the true integer result of virTristateSwitchTypeFromString(). 2015-05-11 Ján Tomko Ignore bridge template names with multiple printf conversions For some reason, we allow a bridge name with %d in it, which we replace with an unsigned integer to form a bridge name that does not yet exist on the host. Do not blindly pass it to virAsprintf if it's not the only conversion, to prevent crashing on input like: test Ignore any template strings that do not have exactly one %d conversion, like we do in various drivers before calling virNetDevTapCreateInBridgePort. 2015-05-11 Peter Krempa qemu: Fix balloon size handling with memory hot(un)plug Since libvirt doesn't call to update the new balloon size in qemu add code that will handle tweaking of the size of the current balloon statistic until qemu reports the new size using the event. conf: Fix up balloon size after removing a memory device from def To avoid having the ballooned memory size larger than the actual physical memory size, truncate the ballooned size if it overflows. conf: Always truncate balloon size to maximum memory size Specifying a balloon size more than the memory size of a guest isn't something that should be rejected when parsing the XML. Truncate the size to the maximum memory size. 2015-05-11 Peter Krempa qemu: Convert qemuConnectGetAllDomainStats to use new helpers Use the new domain list collection helpers to avoid going through virDomainPtrs. This additionally implements filter capability when called through the api that accepts domain list filters. 2015-05-11 Peter Krempa conf: Add helper to convert list of virDomains to a list of virDomainObjs Add virDomainObjListConvert that will take a list of virDomains, apply filters and return a list of virDomainObjs. 2015-05-11 Peter Krempa conf: Refactor domain list collection critical section Until now the virDomainListAllDomains API would lock the domain list and then every single domain object to access and filter it. This would potentially allow a unresponsive VM to block the whole daemon if a *listAllDomains call would get stuck. To avoid this problem this patch collects a list of referenced domain objects first from the list and then unlocks it right away. The expensive operation requiring locking of the domain object is executed after the list lock is dropped. While a single blocked domain will still lock up a listAllDomains call, the domain list won't be held locked and thus other APIs won't be blocked. Additionally this patch also fixes the lookup code, where we'd ignore the vm->removing flag and thus potentially return domain objects that would be deleted very soon so calling any API wouldn't make sense. As other clients also could benefit from operating on a list of domain objects rather than the public domain descriptors a new intermediate API - virDomainObjListCollect - is introduced by this patch. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1181074 2015-05-11 Peter Krempa conf: Rename virDomainObjListFilter type to virDomainObjListACLFilter The passed function is meant to filter domains according to ACL match. conf: Extract code to filter domain list into a separate function Separate the code to simplify future refactors. 2015-05-11 Peter Krempa util: Make the virDomainListFree helper more universal Extend it to a universal helper used for clearing lists of any objects. Note that the argument type is specifically void * to allow implicit typecasting. Additionally add a helper that works on non-NULL terminated arrays once we know the length. 2015-05-08 Cole Robinson caps: Fix regression defaulting to host arch My commit 747761a79 (v1.2.15 only) dropped this bit of logic when filling in a default arch in the XML: - /* First try to find one matching host arch */ - for (i = 0; i < caps->nguests; i++) { - if (caps->guests[i]->ostype == ostype) { - for (j = 0; j < caps->guests[i]->arch.ndomains; j++) { - if (caps->guests[i]->arch.domains[j]->type == domain && - caps->guests[i]->arch.id == caps->host.arch) - return caps->guests[i]->arch.id; - } - } - } That attempt to match host.arch is important, otherwise we end up defaulting to i686 on x86_64 host for KVM, which is not intended. Duplicate it in the centralized CapsLookup function. Additionally add some testcases that would have caught this. https://bugzilla.redhat.com/show_bug.cgi?id=1219191 2015-05-07 Cole Robinson tests: Remove redundant aarch64 tests My commit 7b9de914 added some aarch64 CPU test cases. I wanted to test two different code paths but inadvertently added two of the same test cases. The second code path (using host) isn't easily exercised via the qemu tests anyways, I'll need to look elsewhere. Regardless, remove the redundant tests for now 2015-05-07 Michal Privoznik processSerialChangedEvent: Close agent monitor early https://bugzilla.redhat.com/show_bug.cgi?id=890648 So, imagine you've issued an API that involves guest agent. For instance, you want to query guest's IP addresses. So the API acquires QUERY_JOB, locks the guest agent and issues the agent command. However, for some reason, guest agent replies to initial ping correctly, but then crashes tragically while executing real command (in this case guest-network-get-interfaces). Since initial ping went well, libvirt thinks guest agent is accessible and awaits reply to the real command. But it will never come. What will is a monitor event. Our handler (processSerialChangedEvent) will try to acquire MODIFY_JOB, which will fail obviously because the other thread that's executing the API already holds a job. So the event handler exits early, and the QUERY_JOB is never released nor ended. The way how to solve this is to put flag somewhere in the monitor internals. The flag is called @running and agent commands are issued iff the flag is set. The flag itself is set when we connect to the agent socket. And unset whenever we see DISCONNECT event from the agent. Moreover, we must wake up all the threads waiting for the agent. This is done by signalizing the condition they're waiting on. 2015-05-07 Michal Privoznik qemuDomainShutdownFlags: check for domain activeness prior to guest presence Running shutdown with mode agent on a shutoff domain gives cryptic error message: virsh # shutdown --mode agent gentoo error: Failed to shutdown domain gentoo error: Guest agent is not responding: QEMU guest agent is not connected After this patch, the error is more clear: virsh # shutdown --mode agent gentoo error: Failed to shutdown domain gentoo error: Requested operation is not valid: domain is not running Reported-by: Martin Kletzander 2015-05-07 Lubomir Rintel lxc: don't up the veth interfaces unless explicitly asked to Upping an interface for no reason and not configuring it is a cardinal sin. With the default addrgenmode if eui64 it sticks a link-local address to the interface. That is not good, as NetworkManager would see an address configured, assume the interface is already configured and won't touch it iself and the interface might stay unconfigured until the end of the days. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1124721 2015-05-06 Boris Fiuczynski qemu: multiqueue for ccw devices Allow ccw devices to be used with multiqueues. ccw provides a one to one relation of fds to queues and does not support the vectors option. Reviewed-by: Matthew Rosato Reviewed-by: Daniel Hansel Reviewed-by: Cornelia Huck 2015-05-06 John Ferlan qemu: Resolve Coverity FORWARD_NULL Coverity points out that qemuMonitorGetAllBlockStatsInfo could return a -1 and thus not fill in 'stats' (leaving it NULL). Then the call to qemuMonitorBlockStatsUpdateCapacity will dereference it. qemu: Resolve Coverity FORWARD_NULL Coverity complains over the [n]values pairing in virQEMUCapsFreeStringList and rather than make a bunch if "if values" checks prior to calling, by just adding the values check inside the free function we avoid the chance that somehow nvalues is > 0, while values == NULL qemu: Resolve Coverity FORWARD_NULL Coverity points out it was possible to have a zero return from qemuBuildRNGBackendProps thus not filling in 'props' and then causing a NULL dereference on the next call. xen: Resolve Coverity FORWARD_NULL Coverity found that xenXMConfigCacheAddFile has an error path in which no error message and a -1 was not returned which could have resulted in a NULL dereference in a VIR_DEBUG statement and of course an erroneous 0 value returned! 2015-05-06 John Ferlan qemu: Resolve Coverity FORWARD_NULL Coverity notes that ->ifname is used after the VIR_FREE done in the code path after the call to virNetDevMacVLanDeleteWithVPortProfile by a call to virNetDevOpenvswitchRemovePort. Since the ->ifname will be VIR_FREE()'d eventually in virDomainNetDefFree just remove the extraneous VIR_FREE here. When originally added, the Openvswitch code wasn't present and checks were made for non NULL prior to use. 2015-05-06 John Ferlan qemu: Resolve Coverity IDENTICAL_BRANCHES Coverity complains that in the error paths both the < 0 condition and the success path after the qemuDomainObjExitMonitor failure will end up going to cleanup. So just use ignore_value in this error path to resolve the complaint. vbox: Resolve Coverity RESOURCE_LEAK If the virStringSearch() returns a 0 (zero), then each of the uses of the call will just jump to cleanup forgetting to free the returned empty list. Expand the scope a bit of each use and free at cleanup. libxl: Resolve Coverity RESOURCE_LEAK The returned socks from virNetSocketNewListenTCP needs to be VIR_FREE'd as well as seach of the Close/Unref on all the socks[i] that is already done 2015-05-05 Jim Fehlig libxl: support soundhw for hvm domains The xend driver and the parsing/formating code in src/xenconfig have long supported soundhw. Add support in the libxl driver too. libxl: add logrotate config file Add logrotate config for log files in /var/log/libvirt/libxl. 2015-05-05 Luyao Huang docs: fix a small xml error in docs 2015-05-05 Luyao Huang conf: Add the cpu duplicate use check for vm numa settings https://bugzilla.redhat.com/show_bug.cgi?id=1176020 We had a check for the vcpu count total number in before, however this check is not good enough. There are some examples: 1. one of cpu id is out of maxvcpus, can set success(cpu count = 5 < 10): 10 2. use the same cpu in 2 cell, can set success(cpu count = 8 < 10): 10 3. use the same cpu in 2 cell, cannot set success(cpu count = 11 > 10): 10 Add a check for numa cpus, check if duplicate use one cpu in more than one cell. 2015-05-05 Michal Privoznik qemu: Implement GIC The only version that's supported in QEMU is version 2, currently. Fortunately, it is enabled by aarch64 automatically, so there's nothing for us that needs to be put onto command line. Introduce GIC feature Some platforms, like aarch64, don't have APIC but GIC. So there's no reason to have feature turned on. However, we are still missing feature. This commit introduces the feature to XML parser and formatter, adds documentation and updates RNG schema. 2015-05-05 Jiri Denemark qemu: Properly rename persistent def after migration When migrating a domain while changing its name and using VIR_MIGRATE_PERSIST_DEST flag, libvirt would fail to properly change the name in the persistent definition. The inconsistency results in weird behavior when dumping domain XML, destroying the domain, restarting libvirtd and likely in several other situations. Since the new name is already stored in vm->def->name, we just need to make sure the persistent definition uses this new name too. https://bugzilla.redhat.com/show_bug.cgi?id=1076354 2015-05-05 Cole Robinson polkit: Allow password-less access for 'libvirt' group Many users, who admin their own machines, want to be able to access system libvirtd via tools like virt-manager without having to enter a root password. Just google 'virt-manager without password' and you'll find many hits. I've read at least 5 blog posts over the years describing slightly different ways of achieving this goal. Let's finally add official support for this. Install a polkit-1 rules file granting password-less auth for any user in the new 'libvirt' group. Create the group on RPM install https://bugzilla.redhat.com/show_bug.cgi?id=957300 2015-05-05 Cole Robinson storage: fs: Don't try to chown directory unless user requested Currently we try to chown any directory passed to virDirCreate, even if the user didn't request any explicit owner/group via the pool/vol XML. This causes issues with qemu:///session: try to build a pool of a root owned directory like /tmp, and it fails trying to chown the directory to the session user. Instead it should just leave things as they are, unless the user requests changing permissions via the pool XML. Similarly this is annoying if creating a storage pool via system libvirtd of an existing directory in user $HOME, it's now owned by root. The virDirCreate function is pretty convoluted, since it needs to fork off in certain specific cases. Try to document that, to make it clear where exactly we are changing behavior. 2015-05-05 Cole Robinson storage: fs: Don't attempt directory creation if it already exists The current code attempts to handle this, but it only catches mkdir failing with EEXIST. However if say trying to build /tmp for an unprivileged qemu:///session, mkdir will fail with EPERM. Rather than catch any errors, just don't attempt mkdir if the directory already exists. 2015-05-05 Cole Robinson storage: fs: Fill in permissions on pool refresh This means pool XML actually reports accurate user/group/mode/label. This uses UpdateVolTargetInfoFD in a bit of a hackish way, but it works 2015-05-05 Cole Robinson storage: fs: Don't overwrite virDirCreate error virDirCreate will give us fine grained details about what actually failed. 2015-05-04 Jiri Denemark virsh: Don't check migrate parameters Just pass anything a user specified to the appropriate API. It's the API or libvirtd that should be responsible for checking its parameters. https://bugzilla.redhat.com/show_bug.cgi?id=1066375 https://bugzilla.redhat.com/show_bug.cgi?id=1073233 2015-05-04 Jiri Denemark qemu: Forbid unsupported parameters for tunnelled migration Neither migrate URI nor lister address make any sense for tunnelled migration. https://bugzilla.redhat.com/show_bug.cgi?id=1066375 https://bugzilla.redhat.com/show_bug.cgi?id=1073233 2015-05-04 Andrea Bolognani tests: Fix grammar in comments. Replace all occurrences of "stream write to differences to" with "stream to write differences to". 2015-05-04 Marc-André Lureau tests: add machine vmport qemu test Check that the vmport feature is correctly used in qemu commande line. qemu: add machine vmport argument Fill qemu command line vmport argument as required. qemu: add virQEMUCapsSupportsVmport The vmport machine argument works with pc machine kind, not with xen for example. qemu: move qemuDomainMachineIs{I440FX,Q35} Move common functions being used by the following virQEMUCapsSupportsVmport commit. qemu: add QEMU_CAPS_MACHINE_VMPORT_OPT Set the capability based on qmp query, or qemu version. The qmp query includes vmport with 2.2, but no longer with 2.3. It lists only non-machine specific capabilities, so check the qemu version too until a machine-specific query is supported. domain/conf: add VIR_DOMAIN_FEATURE_VMPORT 2015-05-04 Marc-André Lureau docs: add domain vmport feature A new feature that can be turned on or off. The QEMU machine vmport option allows to set the VMWare IO port emulation. This emulation is useful for absolute pointer input when the guest has vmware input drivers, and is enabled by default for kvm. However it is unnecessary for Spice-enabled VM, since the agent already handles absolute pointer and multi-monitors. Furthermore, it prevents Spice from switching to relative input since the regular ps/2 pointer driver is replaced by the vmware driver. It is thus advised to disable vmport when using a Spice VM. This will permit the Spice client to switch from absolute to relative pointer, as it may be required for certain games or applications. 2015-05-04 Jiri Denemark Bump version to 1.2.16 for new dev cycle 2015-05-04 Luyao Huang qemu: fix the vm deadlock when deleting a nonexistent iothread https://bugzilla.redhat.com/show_bug.cgi?id=1218145 Jump to endjob instead of cleanup to fix this deadlock. 2015-05-04 Luyao Huang tools: fix the wrong check when use virsh setvcpus --maximum The --maximum option wasn't properly parsed and the equivalent flag wasn't set. Fix this bug and also rewrite the way we check this option by using new macro. The new approach is that --maximum requires --config, no other combination is allowed, because they don't make sense. The new error will be: # virsh setvcpus test --maximum 10 error: Option --config is required by option --maximum Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1204033 2015-05-04 Pavel Hrdina virsh: introduce new macros to help check flag requirements qemu: use new macros for setvcpus to check flags and cleanup the code Now that we have macros for exclusive flags and flag requirements we can use them to cleanup the code for setvcpus and error out for all wrong flag combination. use new macro helpers to check flag requirements use new macro helpers to check exclusive flags internal: introduce macro helpers to check flag requirements Similar to VIR_EXLUSIVE_FLAGS, it will error out if flag requirement is not met. internal: introduce macro helpers to reject exclusive flags Inspired by commit 7e437ee7 that introduced similar macros for virsh commands so we don't have to repeat the same code all over. 2015-05-04 Daniel Veillard Release of libvirt-1.2.15 - docs/news.html.in libvirt.spec.in: update for the release - po/*.po*: regenerated 2015-05-01 John Ferlan qemu: Fix bus and lun checks when scsi-disk.channel not present Found by Laine and discussed a bit on internal IRC. Commit id c56fe7f1d6 added support for creating a command line to support scsi-disk.channel. Series was here: http://www.redhat.com/archives/libvir-list/2012-February/msg01052.html Which pointed to a design proposal here: http://permalink.gmane.org/gmane.comp.emulators.libvirt/50428 Which states (in part): Libvirt should check for the QEMU "scsi-disk.channel" property. If it is unavailable, QEMU will only support channel=lun=0 and 0<=target<=7. However, the check added was ensuring that bus != lun *and* bus != 0. So if bus == lun and both were non zero, we'd never make the second check. Changing this to an *or* check fixes the check, but still is less readable than the just checking each for 0 2015-05-01 Pavel Hrdina main: add new generated files to .gitignore This means new libxl-lockd.conf and libxl-sanlock.conf 2015-04-30 Pavel Hrdina rpm-build: update %files section for libxl Recent commit 198cc1d3 introduced integration of lockd and sanlock into libxl, but forget to update libvirt.spec.in to also list new files distributed via package. 2015-04-30 Peter Krempa qemu: blockjob: Call qemuDomainSupportsBlockJobs only on online VMs Since the qemu capabilities are not initialized for offline VMs the caller might get suboptimal error message: $ virsh blockjob VM PATH --bandwidth 1 error: unsupported configuration: block jobs not supported with this QEMU binary Move the checks after we make sure that the VM is alive. 2015-04-30 Jiri Denemark qemu: Check address type for USB disks Only USB addresses are allowed for USB disks. Report an error if another address is configured. https://bugzilla.redhat.com/show_bug.cgi?id=1043436 2015-04-30 Jiri Denemark cpu: Honor vendor_id override in host-model https://bugzilla.redhat.com/show_bug.cgi?id=858147 2015-04-30 Ján Tomko iscsi: do not fail to stop a stopped pool Just as we allow stopping filesystem pools when they were unmounted externally, do not fail to stop an iscsi pool when someone else closed the session externally. Reported at: https://bugzilla.redhat.com/show_bug.cgi?id=1171984 2015-04-30 Jim Fehlig libxl: provide integration with lock manager Provide integration with libvirt's lock manager in the libxl driver. 2015-04-29 Cole Robinson domain: conf: Drop unused OSTYPE_AIX The phyp driver stuffed it into a DomainDefPtr during its attachdevice routine, but the value is never advertised via capabilities so it should be safe to drop. Have the phyp driver use OSTYPE_LINUX, which is what it advertises via capabilities. 2015-04-29 Michael Chapman qemu: migration: use sync block job helpers In qemuMigrationDriveMirror we can start all disk mirrors in parallel. We wait until they are all ready, or one of them aborts. In qemuMigrationCancelDriveMirror, we wait until all mirrors are properly stopped. This is necessary to ensure that destination VM is fully in sync with the (paused) source VM. If a drive mirror can not be cancelled, then the destination is not in a consistent state. In this case it is not safe to continue with the migration. 2015-04-29 Michael Chapman qemuDomainBlockJobAbort: use sync block job helpers The !modern code path needs to call qemuBlockJobEventProcess directly. the modern code path will call it via qemuBlockJobSyncWait. qemuProcessStop: wake up pending sync block jobs Other threads may be blocked in qemuBlockJobSyncWait. Ensure that they're woken up when the domain is stopped. 2015-04-29 Michael Chapman qemuBlockJobSync*: introduce sync block job helpers qemuBlockJobSyncBegin and qemuBlockJobSyncEnd delimit a region of code where block job events are processed "synchronously". qemuBlockJobSyncWait and qemuBlockJobSyncWaitWithTimeout wait for an event generated by a block job. The Wait* functions may be called multiple times while the synchronous block job is active. Any pending block job event will be processed by only when Wait* or End is called. disk->blockJobStatus is reset by these functions, so if it is needed a pointer to a virConnectDomainEventBlockJobStatus variable should be passed as the last argument. It is safe to pass NULL if you do not care about the block job status. All functions assume the VM object is locked. The Wait* functions will unlock the object for as long as they are waiting. They will return -1 and report an error if the domain exits before an event is received. Typical use is as follows: virQEMUDriverPtr driver; virDomainObjPtr vm; /* locked */ virDomainDiskDefPtr disk; virConnectDomainEventBlockJobStatus status; qemuBlockJobSyncBegin(disk); ... start block job ... if (qemuBlockJobSyncWait(driver, vm, disk, &status) < 0) { /* domain died while waiting for event */ ret = -1; goto error; } ... possibly start other block jobs or wait for further events ... qemuBlockJobSyncEnd(driver, vm, disk, NULL); To perform other tasks periodically while waiting for an event: virQEMUDriverPtr driver; virDomainObjPtr vm; /* locked */ virDomainDiskDefPtr disk; virConnectDomainEventBlockJobStatus status; unsigned long long timeout = 500 * 1000ull; /* milliseconds */ qemuBlockJobSyncBegin(disk); ... start block job ... do { ... do other task ... if (qemuBlockJobSyncWaitWithTimeout(driver, vm, disk, timeout, &status) < 0) { /* domain died while waiting for event */ ret = -1; goto error; } } while (status == -1); qemuBlockJobSyncEnd(driver, vm, disk, NULL); 2015-04-29 Michael Chapman qemuBlockJobEventProcess: move to new source file We will want to use synchronous block jobs from qemu_migration as well, so split this function out into a new source file. 2015-04-29 Peter Krempa qemu: Validate available slot count for memory devices While qemu would reject the configuration we can check whether it makes sense to plug the device upfront. qemu: command: Validate that memory devices slot ID is in range slot id, if specified, has to be less than the slots count. 2015-04-29 Peter Krempa qemu: conf: Reject memory device if it would exceed configured max size If the added memory device would exceed the maximum memory size, reject it. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1216046 2015-04-29 Peter Krempa qemu: blockCopy: Allow reuse of raw image for shallow block copy The documentation states that for shallow block copy the image has to have the same guest visible content as backing file of the current image if the file is being reused. This condition can be achieved also with a raw file (or a qcow without a backing file) so remove the condition that would disallow it. (This patch additionally fixes crash described in https://bugzilla.redhat.com/show_bug.cgi?id=1215569 ) 2015-04-29 Maxim Nestratov parallels: implement domainDetachDevice and domainDetachDeviceFlags New functions utilize previosly added prlsdkDelDisk and prlsdkGetDiskIndex 2015-04-28 Maxim Nestratov parallels: add prlsdkDelDisk and prlsdkGetDiskIndex functions 2015-04-28 Martin Kletzander Fix building virnetserverclientmock with MinGW 2015-04-28 Zhang Bo tests: free ChardevInfo correctly in qemumonitorjsontest The free callback should be qemuMonitorChardevInfoFree rather than just 'free' when virHashCreate'ing the chardevInfo hash. ==29959== 24 bytes in 2 blocks are definitely lost in loss record 19 of 53 ==29959== at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==29959== by 0xB95C679: strdup (in /lib64/libc-2.20.so) ==29959== by 0x63C6546: virStrdup (virstring.c:709) ==29959== by 0x4805ED: qemuMonitorJSONExtractChardevInfo (qemu_monitor_json.c:3429) ==29959== by 0x4807A5: qemuMonitorJSONGetChardevInfo (qemu_monitor_json.c:3479) ==29959== by 0x434AEC: testQemuMonitorJSONqemuMonitorJSONGetChardevInfo (qemumonitorjsontest.c:1824) ==29959== by 0x436F2F: virtTestRun (testutils.c:211) ==29959== by 0x436932: mymain (qemumonitorjsontest.c:2404) ==29959== by 0x4382EA: virtTestMain (testutils.c:863) ==29959== by 0x436B27: main (qemumonitorjsontest.c:2423) 2015-04-28 Zhang Bo qemu: make qemuMonitorChardevInfoFree non-static It would be used in qemumonitorjsontest, thus we make it non-static. 2015-04-28 Cole Robinson storage: fs: Ignore volumes that fail to open with EACCESS/EPERM Trying to use qemu:///session to create a storage pool pointing at /tmp will usually fail with something like: $ virsh pool-start tmp error: Failed to start pool tmp error: cannot open volume '/tmp/systemd-private-c38cf0418d7a4734a66a8175996c384f-colord.service-kEyiTA': Permission denied If any volume in an FS pool can't be opened by the daemon, the refresh fails, and the pool can't be used. This causes pain for virt-install/virt-manager though. Imaging a user downloads a disk image to /tmp. virt-manager wants to import /tmp as a storage pool, so we can detect what disk format it is, and set the XML correctly. However this case will likely fail as explained above. Change the logic here to skip volumes that fail to open. This could conceivably cause user complaints along the lines of 'why doesn't libvirt show $ROOT-OWNED-VOLUME-FOO', but figuring that currently the pool won't even startup, I don't think there are any current users that care about that case. https://bugzilla.redhat.com/show_bug.cgi?id=1103308 2015-04-28 Cole Robinson storage: If driver startup state syncing fails, delete statefile If you end up with a state file for a pool that no longer starts up or refreshes correctly, the state file is never removed and adds noise to the logs everytime libvirtd is started. If the initial state syncing fails, delete the statefile. 2015-04-28 Cole Robinson storage: Break out storageDriverLoadPoolState Will simplify a future patch 2015-04-28 Cole Robinson storage: Don't leave stale state file if pool startup fails After pool startup we call refreshPool(). If that fails, we leave a stale pool state file hanging around. Hit this trying to create a pool with qemu:///session containing root owned files. 2015-04-28 Cole Robinson storage: Fix autostart dir for qemu:///session 2015-04-28 John Ferlan qemu: Remove need for qemuMonitorIOThreadInfoFree Replace with just VIR_FREE. qemu: qemuProcessDetectIOThreadPIDs invert checks If we received zero iothreads from the monitor, but were perhaps expecting to receive something, then the code was skipping the check to ensure what's in the monitor matches our expectations. So invert the checks to check that what we get back matches expectations and then check there are zero iothreads returned. 2015-04-28 John Ferlan qemu: Remove need for qemuDomainParseIOThreadAlias Rather than have a separate routine to parse the alias of an iothread returned from qemu in order to get the iothread_id value, parse the alias when returning and just return the iothread_id in qemuMonitorIOThreadInfoPtr This set of patches removes the function, changes the "char *name" to "unsigned int" and handles all the fallout. 2015-04-28 John Ferlan conf: Resolve some Coverity errors Resolve some Coverity errors with IOThread changes 2015-04-28 Roman Bogorodskiy conf: explicitly initialize 'cpumask' variable Build with clang fails with: CC conf/libvirt_conf_la-domain_conf.lo conf/domain_conf.c:13377:9: error: variable 'cpumask' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized] if (!(tmp = virXMLPropString(node, "cpuset"))) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ and many other similar errors regarding the 'cpuset' variable. Fix by explicitly initializing it with NULL. 2015-04-28 Laine Stump network: check newDef for used bridge names in addition to def If someone has updated a network to change its bridge name, but the network is still active (so that bridge name hasn't taken effect yet), we still want to disallow another network from taking that new name. network: check for bridge name conflict with existing devices Since some people use the same naming convention as libvirt for bridge devices they create outside the context of libvirt, it is much nicer if we check for those devices when looking for a bridge device name to auto-assign to a new network. 2015-04-28 Laine Stump network: move auto-assign of bridge name from XML parser to net driver We already check that any auto-assigned bridge device name for a virtual network (e.g. "virbr1") doesn't conflict with the bridge name for any existing libvirt network (via virNetworkSetBridgeName() in conf/network_conf.c). We also want to check that the name doesn't conflict with any bridge device created on the host system outside the control of libvirt (history: possibly due to the ploriferation of references to libvirt's bridge devices in HOWTO documents all around the web, it is not uncommon for an admin to manually create a bridge in their host's system network config and name it "virbrX"). To add such a check to virNetworkBridgeInUse() (which is called by virNetworkSetBridgeName()) we would have to call virNetDevExists() (from util/virnetdev.c); this function calls ioctl(SIOCGIFFLAGS), which everyone on the mailing list agreed should not be done from an XML parsing function in the conf directory. To remedy that problem, this patch removes virNetworkSetBridgeName() from conf/network_conf.c and puts an identically functioning networkBridgeNameValidate() in network/bridge_driver.c (because it's reasonable for the bridge driver to call virNetDevExists(), although we don't do that yet because I wanted this patch to have as close to 0 effect on function as possible). There are a couple of inevitable changes though: 1) We no longer check the bridge name during virNetworkLoadConfig(). Close examination of the code shows that this wasn't necessary anyway - the only *correct* way to get XML into the config files is via networkDefine(), and networkDefine() will always call networkValidate(), which previously called virNetworkSetBridgeName() (and now calls networkBridgeNameValidate()). This means that the only way the bridge name can be unset during virNetworkLoadConfig() is if someone edited the config file on disk by hand (which we explicitly prohibit). 2) Just on the off chance that somebody *has* edited the file by hand, rather than crashing when they try to start their malformed network, a check for non-NULL bridge name has been added to networkStartNetworkVirtual(). (For those wondering why I don't instead call networkValidateBridgeName() there to set a bridge name if one wasn't present - the problem is that during networkStartNetworkVirtual(), the lock for the network being started has already been acquired, but the lock for the network list itself *has not* (because we aren't adding/removing a network). But virNetworkBridgeInuse() iterates through *all* networks (including this one) and locks each network as it is checked for a duplicate entry; it is necessary to lock each network even before checking if it is the designated "skip" network because otherwise some other thread might acquire the list lock and delete the very entry we're examining. In the end, permitting a setting of the bridge name during network start would require that we lock the entire network list during any networkStartNetwork(), which eliminates a *lot* of parallelism that we've worked so hard to achieve (it can make a huge difference during libvirtd startup). So rather than try to adjust for someone playing against the rules, I choose to instead give them the error they deserve.) 3) virNetworkAllocateBridge() (now removed) would leak any "template" string set as the bridge name. Its replacement networkFindUnusedBridgeName() doesn't leak the template string - it is properly freed. 2015-04-28 Laine Stump test: Fix actual vs. expected in virtTestCompareFiles Commit ca329299 added a utility function virtTestCompareFiles() to eliminate repetitive code in several test programs. It unfortunately calls virtTestDifference() with the arguments in the wrong order - strcontent is the "actual" output gathered by the test rig, while filecontent is the "expected", and virtTestDifference() wants expected (filecontent) followed by actual (strcontent), but virtTestCompareFiles() does the opposite, which can make the output a bit confusing when there is a failure. 2015-04-28 John Ferlan qemu: Resolve Coverity DEADCODE Coverity notes that the switch() used to check 'connected' values has two DEADCODE paths (_DEFAULT & _LAST). Since 'connected' is a boolean it can only be one or the other (CONNECTED or DISCONNECTED), so it just seems pointless to use a switch to get "all" values. Convert to if-else 2015-04-28 John Ferlan virsh: Add iothreadadd and iothreaddel commands https://bugzilla.redhat.com/show_bug.cgi?id=1161617 Add command to allow adding and removing IOThreads from the domain including the configuration and live domain. $ virsh iothreadadd --help NAME iothreadadd - add an IOThread to the guest domain SYNOPSIS iothreadadd [--config] [--live] [--current] DESCRIPTION Add an IOThread to the guest domain. OPTIONS [--domain] domain name, id or uuid [--id] iothread for the new IOThread --config affect next boot --live affect running domain --current affect current domain $ virsh iothreaddel --help NAME iothreaddel - delete an IOThread from the guest domain SYNOPSIS iothreaddel [--config] [--live] [--current] DESCRIPTION Delete an IOThread from the guest domain. OPTIONS [--domain] domain name, id or uuid [--id] iothread_id for the IOThread to delete --config affect next boot --live affect running domain --current affect current domain Assuming a running $dom with multiple IOThreads assigned and that that the $dom has disks assigned to IOThread 1 and IOThread 2: $ virsh iothreadinfo $dom IOThread ID CPU Affinity --------------------------------------------------- 1 2 2 3 3 0-1 $ virsh iothreadadd $dom 1 error: invalid argument: an IOThread is already using iothread_id '1' in iothreadpids $ virsh iothreadadd $dom 1 --config error: invalid argument: an IOThread is already using iothread_id '1' in persistent iothreadids $ virsh iothreadadd $dom 4 $ virsh iothreadinfo $dom IOThread ID CPU Affinity --------------------------------------------------- 1 2 2 3 3 0-1 4 0-3 $ virsh iothreadinfo $dom --config IOThread ID CPU Affinity --------------------------------------------------- 1 2 2 3 3 0-1 $ virsh iothreadadd $dom 4 --config $ virsh iothreadinfo $dom --config IOThread ID CPU Affinity --------------------------------------------------- 1 2 2 3 3 0-1 4 0-3 Assuming the same original configuration $ virsh iothreaddel $dom 1 error: invalid argument: cannot remove IOThread 1 since it is being used by disk 'vde' $ virsh iothreaddel $dom 3 $ virsh iothreadinfo $dom IOThread ID CPU Affinity --------------------------------------------------- 1 2 2 3 $ virsh iothreadinfo $dom --config IOThread ID CPU Affinity --------------------------------------------------- 1 2 2 3 3 0-1 2015-04-28 John Ferlan qemu: Add support to Add/Delete IOThreads Add qemuDomainAddIOThread and qemuDomainDelIOThread in order to add or remove an IOThread to/from the host either for live or config optoins The implementation for the 'live' option will use the iothreadpids list in order to make decision, while the 'config' option will use the iothreadids list. Additionally, for deletion each may have to adjust the iothreadpin list. IOThreads are implemented by qmp objects, the code makes use of the existing qemuMonitorAddObject or qemuMonitorDelObject APIs. 2015-04-28 John Ferlan domain: Introduce virDomainIOThreadSchedDelId We're about to allow IOThreads to be deleted, but an iothreadid may be included in some domain thread sched, so add a new API to allow removing an iothread from some entry. Then during the writing of the threadsched data and an additional check to determine whether the bitmap is all clear before writing it out. 2015-04-28 John Ferlan remote: Add support for AddIOThread and DelIOThread Add remote support for the add/delete IOThread API's Implement virDomainAddIOThread and virDomainDelIOThread Add libvirt API's to manage adding and deleting IOThreads to/from the domain conf: Adjust the iothreadsched expectations With iothreadid's allowing any 'id' value for an iothread_id, the iothreadsched code needs a slight adjustment to allow for "any" unsigned int value in order to create the bitmap of ids that will have scheduler adjustments. Adjusted the doc description as well. 2015-04-28 John Ferlan Move iothreadspin information into iothreadids Remove the iothreadspin array from cputune and replace with a cpumask to be stored in the iothreadids list. Adjust the test output because our printing goes in order of the iothreadids list now. 2015-04-28 John Ferlan conf: Move virDomainPinIsDuplicate and make static Since it's only ever referenced in domain_conf.c, make the function static, but also will need to move it to somewhere before it's referenced rather than forward referencing it. 2015-04-28 John Ferlan qemu: Use domain iothreadids to IOThread's 'thread_id' Add 'thread_id' to the virDomainIOThreadIDDef as a means to store the 'thread_id' as returned from the live qemu monitor data. Remove the iothreadpids list from _qemuDomainObjPrivate and replace with the new iothreadids 'thread_id' element. Rather than use the default numbering scheme of 1..number of iothreads defined for the domain, use the iothreadid's list for the iothread_id Since iothreadids list keeps track of the iothread_id's, these are now used in place of the many places where a for loop would "know" that the ID was "+ 1" from the array element. The new tests ensure usage of the values for an exact number of iothreads and the usage of a smaller number of values than iothreads that exist (and usage of the default numbering scheme). 2015-04-28 John Ferlan conf: Add new domain XML element 'iothreadids' Adding a new XML element 'iothreadids' in order to allow defining specific IOThread ID's rather than relying on the algorithm to assign IOThread ID's starting at 1 and incrementing to iothreads count. This will allow future patches to be able to add new IOThreads by a specific iothread_id and of course delete any exisiting IOThread. Each iothreadids element will have 'n' children elements which will have attribute "id". The "id" will allow for definition of any "valid" (eg > 0) iothread_id value. On input, if any 's are provided, they will be marked so that we only print out what we read in. On input, if no are provided, the PostParse code will self generate a list of ID's starting at 1 and going to the number of iothreads defined for the domain (just like the current algorithm numbering scheme). A future patch will rework the existing algorithm to make use of the iothreadids list. On output, only print out the if they were read in. 2015-04-27 Martin Kletzander Cleanup parameters for mock libraries All the libraries use same parameters when building, why not have it in one place at the begining of the Makefile. This will also ensure no new mock library will have a problem with missing e.g. MINGW_EXTRA_LDFLAGS. 2015-04-27 Michal Privoznik Cleanup srcdir usage In a lot places we use path like this: $(srcdir)/../src/.... when in fact it can be: $(top_srcdir)/src/ 2015-04-27 zhang bo util: fix memleak in virStorageSourceClear snapshot and configFile are not freed, free them. 2015-04-27 Pavel Fedin Add missing linker flags for MinGW build This fix should completely close https://bugzilla.redhat.com/show_bug.cgi?id=1214605 2015-04-27 John Ferlan storage: Resolve Coverity UNINIT commit id '1e13eff4' didn't init found when changed from a bool to an int in virStoragePoolFCRefreshThread and Coverity... 2015-04-27 Michal Privoznik openvz: Drop useless domain lookup The lookup is just for check whether a domain we are about to add does not already exists. Well, the virDomainObjListAdd() function does that for us already so there's no need to duplicate the check. 2015-04-27 Martin Kletzander Fix check for return value of qemuDomainAgentAvailable() Commit dcbb243bbc3470431d15cec4c5bb96d2de89a88b used the return value of the function as int even though it returns bool. 2015-04-27 Zhang Bo conf: fix memleak in virDomainHostdevDefClear use virNetworkRouteDefFree() instead of VIR_FREE to free routes, otherwise the element 'family' would not be freed. conf: fix memleak in virDomainNetIpParseXML use cleanup instead of error, so that the allocated strings could also get freed when there's no error. qemu: fix memleak in virCapabilitiesDomainDataLookup virBufferContentAndReset() doesn't free buf contents, we should use virBufferFreeAndReset() to get buf freed. qemu: fix memleaks in qemuBuildCommandLine free boot_opts_str and boot_order_str both in normal and error paths. util: fix memleak in virFindSCSIHostByPCI free buf in cleanup. tests: fix some memleaks in tests 2015-04-27 Jiri Denemark qemu: Fix comment for timeDelta 2015-04-27 zhang bo Fix typo in comment about memory binding rather then -> rather than 2015-04-26 Peter Krempa qemu: Connect to guest agent after channel hotplug If a user hot-attaches the guest agent channel libvirt would ignore it until the restart of libvirtd or shutdown/destroy and start of the VM itself. This patch adds code that opens or closes the guest agent connection according to the state of the guest agent channel according to connect/disconnect events. To allow opening the channel from the event handler qemuConnectAgent needed to be exported. 2015-04-26 Peter Krempa qemu: agent: Differentiate errors when the agent channel was hotplugged When the guest agent channel gets hotplugged to a VM, libvirt would still report that "QEMU guest agent is not configured" rather than stating that the connection was not established yet. Currently the code won't be able to connect to the agent after hotplug but that will change in a later patch. As the qemuFindAgentConfig() helper is quite helpful in this case move it to a more usable place and export it. 2015-04-26 Peter Krempa qemu: Reuse qemuDomainAgentAvailable in qemuDomainInterfaceAddresses qemu: Fix domain object leak in qemuDomainInterfaceAddresses The API didn't use virDomainObjEndAPI to release the domain object thus it leaked a reference to it. qemu: agent: Reuse virJSONValueObjectCreateVArgs in qemuAgentMakeCommand Since the code is now separated into the common helper, we can reuse it instead of maintaining two copies. 2015-04-25 Olaf Hering libxl: remove duplicate check for pci subsystem type Both attach and detach functions get called only if the type matches. Cc: Jim Fehlig 2015-04-25 Olaf Hering libxl: use pci init and dispose functions Rearrange code so that the local variable is always initialized and disposed. Cc: Jim Fehlig 2015-04-25 Jim Fehlig libxl: initialize sdl.opengl defbool in libxlMakeVfb Commit bf32462b missed initializing sdl.opengl. Without the initialization, libvirtd will be terminated by an assert from libxl: Assertion `!libxl_defbool_is_default(db)' failed. Reported-by: Olaf Hering 2015-04-25 Olaf Hering libxl: initialize vfb defbools in libxlMakeVfb If the domU configu has sdl enabled libvirtd crashes: libvirtd[5158]: libvirtd: libxl.c:343: libxl_defbool_val: Assertion `!libxl_defbool_is_default(db)' failed. Initialize the relevant defbool variables in libxl_device_vfb. Cc: Jim Fehlig 2015-04-25 Maxim Nestratov parallels: fix crash in prlsdkAddNet in case of CT definition Since net->model is not defined for containers we shouldn't touch it. In case network adapter model is defined, a warning about ignoring it is shown. 2015-04-25 John Ferlan virhostdev: Fix comments for virHostdevReAttachPCIDevices Pushed previous patch (commit id 'd45dadae6') too quickly... The patch just updates the patch from Laine's suggestions. 2015-04-25 Roman Bogorodskiy bhyve: fix build in tests Commit ca32929 caused build errors in bhyvexml2argvtest.c because of some undefined variables. Pushing under the build breaker rule. 2015-04-25 Huanle Han hostdev: fix net config restore error Fix for such a case: 1. Domain A and B xml contain the same SRIOV net hostdev( with same pci address). 2. virsh start A (Successfully, and configure the SRIOV net with custom mac) 3. virsh start B (Fail because of the hostdev used by domain A or other reason.) In step 3, 'virHostdevNetConfigRestore' is called for the hostdev which is still used by domain A. It makes the mac/vlan of the SRIOV net change. Code Change in this fix: 1. As the pci used by other domain have been removed from 'pcidevs' in previous loop, we only restore the nic config for the hostdev still in 'pcidevs'(used by this domain) 2. update the comments to make it more clear 2015-04-25 Huanle Han hostdev: Create virHostdevIsPCINetDevice Refactor some code to create a static function virHostdevIsPCINetDevice which will detect whether the hostdev is a pci net device or not. 2015-04-24 Cole Robinson qemu: Build nvram directory at driver startup Similar to what was done for the channel socket in the previous commit. 2015-04-24 Cole Robinson qemu: Build channel autosocket directory at driver startup Rather than depend on the RPM to put it in place, since this doesn't cover the qemu:///session case. Currently auto allocated socket path is completely busted with qemu:///session https://bugzilla.redhat.com/show_bug.cgi?id=1105274 And because we chown the directory at driver startup now, this also fixes autosocket startup failures when using user/group=root https://bugzilla.redhat.com/show_bug.cgi?id=1044561 https://bugzilla.redhat.com/show_bug.cgi?id=1146886 2015-04-24 Cole Robinson qemu: chown autoDumpPath on driver startup Not sure if this is required, but it makes things consistent with the rest of the directories. qemu: conf: Clarify paths that are relative to libDir Rather than duplicate libDir for each new path tests: qemu: Couple aarch64 CPU tests - Make sure aarch64 host-passthrough works correctly - Make sure libvirt doesn't choke on cpu model=host, which is what virt-install/virt-manager were incorrectly specifying up until recently. 2015-04-24 Jiri Denemark migration: Usable time statistics without requiring NTP virDomainGetJobStats is able to report statistics of a completed migration, however to get usable downtime and total time statistics both hosts have to keep synchronized time. To provide at least some estimation of the times even when NTP daemons are not running on both hosts we can just ignore the time needed to transfer a migration cookie to the destination host. The result will be also inaccurate but a bit more predictable. The total/down time will just be at least what we report. https://bugzilla.redhat.com/show_bug.cgi?id=1213434 2015-04-24 Jiri Denemark Fix memory leak in virNetSocketNewConnectUNIX ==26726== by 0x673CD67: __vasprintf_chk (vasprintf_chk.c:80) ==26726== by 0x5673605: UnknownInlinedFun (stdio2.h:210) ==26726== by 0x5673605: virVasprintfInternal (virstring.c:476) ==26726== by 0x56736EE: virAsprintfInternal (virstring.c:497) ==26726== by 0x5680C37: virGetUserRuntimeDirectory (virutil.c:866) ==26726== by 0x5783A89: virNetSocketNewConnectUNIX (virnetsocket.c:572) ==26726== by 0x57751AF: virNetClientNewUNIX (virnetclient.c:344) ==26726== by 0x57689B3: doRemoteOpen (remote_driver.c:895) ==26726== by 0x5769F8E: remoteConnectOpen (remote_driver.c:1195) ==26726== by 0x57092DF: do_open (libvirt.c:1189) ==26726== by 0x570A7BF: virConnectOpenAuth (libvirt.c:1341) https://bugzilla.redhat.com/show_bug.cgi?id=1215042 2015-04-24 Pavel Hrdina build: add pragma directive to fix build on some gcc Commit 1268820a removed obsolete index() function and replaced it by strchr. Few versions of gcc has a bug and reports a warning about strchr: ../../src/util/virstring.c:1006: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op] 2015-04-24 Michal Privoznik uml: s/virDomainObjListFindByID/virDomainObjListFindByUUID/ ListFindByID() still requires to step through items in the hash table (in the worst case scenario through all of them), lock each one and compare whether we've found what we're looking for. This is suboptimal as locking a domain object means we need to wait for the current API running over the object to finish. Unfortunately, we can't drop the function completely because we have this public API virDomainLookupByID which we can't drop. 2015-04-24 Michal Privoznik virDomainObjList: Introduce yet another hash table This hash table will contain the same data as already existing one. The only difference is that while the first table uses domain uuid as key, the new table uses domain name. This will allow much faster (and lockless) lookups by domain name. virDomainObjListFindByName: Return referenced object Every domain that grabs a domain object to work over should reference it to make sure it won't disappear meanwhile. Introduce virDomainObjEndAPI This is basically turning qemuDomObjEndAPI into a more general function. Other drivers which gets a reference to domain objects may benefit from this function too. virDomainObjListNew: Use virObjectFreeHashData There's no point in duplicating virObjectFreeHashData() in a separate function. virDomainObjListAddLocked: s/false/NULL/ for @oldDef It's a pointer after all. We should initialize it to NULL instead of false. 2015-04-24 Dmitry Guryanov parallels: implement .domainGetMaxMemory Since we haven't implemented balloon parameters tuning we can just return amount of memory in this function. 2015-04-24 Cédric Bosdonnat Apparmor: allow reading block-rbd.so Allow access to vendor and device file for PCI device passthrough For some devices, the $PCIDIR/vendor and $PCIDIR/device need to be read. Iterate over them to get them as well in the the generated apparmor profile. 2015-04-24 Peter Krempa qemu: cgroup: Fix priorities when setting emulatorpin Use the custom emulator pin setting with the highest priority same as with vcpupin. 2015-04-24 Cole Robinson tests: Add VIR_TEST_REGENERATE_OUTPUT If this enviroment variable is set, the virTestCompareToFile helper will overwrite the file content we are comparing against, if the file doesn't exist or it doesn't match the expected input. This is useful when adding new test cases, or making changes that generate a lot of output churn. 2015-04-24 Cole Robinson tests: Add virtTestCompareToFile Replaces a common pattern used in many test files tests: Use *DefParseFile more tests: Add VIR_TEST_DEBUG and VIR_TEST_VERBOSE To remove a bunch of TestGetDebug()/TestGetVerbose() checks 2015-04-23 Eric Blake build: avoid obsolete index() Commit 2a530a3e5 is not portable to mingw, which intentionally avoids declaring the obsolete index(). See also: https://bugzilla.redhat.com/show_bug.cgi?id=1214605 * src/util/virstring.c (virStringStripControlChars): Use strchr. 2015-04-23 Maxim Nestratov parallels: fix IS_CT macro CT stands for containers, i.e. def->os.type should be compared with VIR_DOMAIN_OSTYPE_EXE rather than VIR_DOMAIN_OSTYPE_HVM 2015-04-23 Michal Privoznik parallels_sdk: Utilize parallelsDomObjFromDomain() Instead of each API copying the same lines of code, lets use the generic function designed just for that purpose. parallels_driver: Utilize parallelsDomObjFromDomain() Instead of each API copying the same lines of code, lets use the generic function designed just for that purpose. At the same time, drop useless connection object locking in some functions. parallels: Introduce parallelsDomObjFromDomain() This function is practically copied over from qemu driver. Its only purpose in life is to lookup a domain object and print an error if no object is found. struct _parallelsConn: Mark @domains as immutable pointer The pointer does not change throughout the while life of a parallels connection. Mark it as such. 2015-04-23 Daniel P. Berrange rng: fix port number range validation The PortNumber data type is declared to derive from 'short'. Unfortunately this is an signed type, so validates the range [-32,768, 32,767] which excludes valid port numbers between 32767 and 65535. We can't use 'unsignedShort', since we need -1 to be a valid port number too. This change is to use 'int' and set an explicit max boundary instead of relying on the data types' built-in max. One of the existing tests is changed to use a high port number to validate the schema. https://bugzilla.redhat.com/show_bug.cgi?id=1214664 2015-04-23 zhang bo qemu: Don't fail to reboot domains with unresponsive agent just as what b8e25c35d7f80a2fadc0e51e95318e39db3d1687 did, we fall back to the ACPI method when the guest agent is unresponsive in qemuDomainReboot(). 2015-04-23 Roman Bogorodskiy bhyve: fix build in tests Commit 835cf84 dropped expectedVirtTypes argument for virDomainDefParse*() functions, however bhyve tests still try to pass that to virDomainDefParseFile(), therefore build fails. Fix build by fixing virDomainDefParseFile() usage. 2015-04-23 Cole Robinson spec: Point fedora --with-loader-nvram at nightly firmware repo Fedora doesn't ship OVMF/AAVMF builds in its repos due to licensing issues, so the recommended way to consume these bits is via Gerd's nightly repo: https://www.kraxel.org/repos Let's teach fedora builds about the loader/nvram pairs these packages installed, so users don't need to edit qemu.conf to get virt-manager UEFI support. 2015-04-23 Cole Robinson configure: Report --with-loader-nvram value in summary 2015-04-23 Jim Fehlig locking: relax PID requirement Some hypervisors like Xen do not have PIDs associated with domains. Relax the requirement for PID != 0 in the locking code so it can be used by hypervisors that do not represent domains as a process running on the host. 2015-04-23 Cole Robinson spec: Fix libxl build with driver modules configure: Fix --loader-nvram typo 2015-04-22 Maxim Nestratov parallels: don't forget to unlock domain after successful virDomainObjListFindByUUID call Also a typo is fixed (s/detached/attached/) Signed-off-by: Maxim Nestratov mnestratov@parallels.com 2015-04-22 Roman Bogorodskiy vircommand: fix polling in virCommandProcessIO When running on FreeBSD, there's a bug in virCommandProcessIO polling that is triggered by the commandtest. A test that triggers EPIPE in commandtest (named "test20") hungs forever on FreeBSD. Apparently, this happens because FreeBSD sets POLLHUP flag on revents when stdin in closed. And as the current implementation only checks for POLLOUT and POLLERR, it ends up looping forever inside virCommandProcessIO and not trying to do one more write() that would trigger EPIPE. To fix that check for the POLLHUP flag along with POLLOUT and POLLERR. 2015-04-22 Peter Krempa util: storage: Improve error message when requesting image above 'start' When a user would specify a backing chain index that is above the start point libvirt would report a rather unhelpful error: invalid argument: could not find backing store 1 in chain for 'sub/link2' This patch adds an explicit check that the index is below start point in the backing store and reports the following error if not: invalid argument: requested backing store index 1 is above 'sub/../qcow2' in chain for 'sub/link2' Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1177062 2015-04-22 Peter Krempa util: storage: Add hint to error message that indexed access was used util: storage: Fix possible crash when source path is NULL Some storage protocols allow to have the @path field in struct virStorageSource set to NULL. Add NULLSTR() wrappers to handle this possibility until I finish the storage source error formatter. util: command: Deduplicate code in virCommandNewArgList virCommandNewArgList can use virCommandNewVAList. qemu: migration: Refactor hostdev validation in migration check The hostdev check can error out right away. 2015-04-22 Roman Bogorodskiy util: fix build on non-Linux Build fails on non-Linux systems with this error: CC util/libvirt_util_la-virnetdev.lo util/virnetdev.c:364:1: error: unused function 'virNetDevReplaceMacAddress' [-Werror,-Wunused-function] virNetDevReplaceMacAddress(const char *linkdev, ^ util/virnetdev.c:406:1: error: unused function 'virNetDevRestoreMacAddress' [-Werror,-Wunused-function] virNetDevRestoreMacAddress(const char *linkdev, ^ 2 errors generated. The virNetDev{Restore,Replace}MacAddress() functions are only used by VF-related routines that are available on Linux only. So move these functions under the same #ifdef. 2015-04-22 Michal Privoznik processNicRxFilterChangedEvent: Take appropriate actions for NET_TYPE_NETWORK too Because packets going through the egress from a bridge (where our bandwidth limiting takes place) have no information about which interface they came from, the QoS rules that we create instead use the source MAC address of the packets to make their decisions about which QDisc the packet should be in. One flaw in this is that when a guest changed the MAC address it used, packets from the guest would no longer be put into the correct QDisc, but would instead be put in an "unprivileged" class, resulting in the bandwidth "floor" (minimum guaranteed) being no longer honored. Now that libvirt has infrastructure to capture and respond to RX_FILTER_CHANGE events from qemu (sent whenever a guest interface modifies its MAC address, among other things), we can notice when a guest MAC address changes, and update the QoS rules accordingly, so that bandwidth floor is honored even after a guest MAC address change. 2015-04-22 Michal Privoznik virDomainActualNetDefContentsFormat: Format class_id only for status XML In one of my previous patches (b68a56bcfe) I made class_id to format more frequently. Well, now it's formatting way too frequent - even for regular active XML. Users don't need to see it, so lets format it only for the status XML where it's really needed. 2015-04-22 Luyao Huang qemu: Fix issues with maxMemory in qemuDomainSetMemoryFlags() qemuDomainSetMemoryFlags() would allow to set the initial memory greater than the field. While the configuration would not work as memory hotplug requires NUMA to be enabled and the qemuDomainSetMemoryFlags() API does not work on NUMA guests this just fixes a corner case. The fix is still worth though as it allows to induce an invalid configuration and make the VM vanish on libvirt restart. Additionally this tweaks error message to be more accurate. 2015-04-22 Jim Fehlig libxl: Introduce configuration file for libxl driver Introduce libxl.conf configuration file, adding the 'autoballoon' setting as the first knob for controlling the libxl driver. 2015-04-22 Laine Stump qemu: set macvtap physdevs online when macvtap is set online A further fix for: https://bugzilla.redhat.com/show_bug.cgi?id=1113474 Since there is no possibility that any type of macvtap will work if the parent physdev it's attached to is offline, we should bring the physdev online at the same time as the macvtap. When taking the macvtap offline, it's also necessary to take the physdev offline for macvtap passthrough mode (because the physdev has the same MAC address as the macvtap device, so could potentially cause problems with misdirected packets during migration, as outlined in commits 829770 and 879c13). We can't set the physdev offline for other macvtap modes 1) because there may be other macvtap devices attached to the same physdev (and/or the host itself may be using the device) in the other modes whereas passthrough mode is exclusive to one macvtap at a time, and 2) there's no practical reason to do so anyway. 2015-04-22 Laine Stump util: set MAC address for VF via netlink message to PF+VF# when possible Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1113474 When we set the MAC address of a network device as a part of setting up macvtap "passthrough" mode (where the domain has an emulated netdev connected to a host macvtap device that has exclusive use of the physical device, and sets the device MAC address to match its own, i.e. " "), we use ioctl(SIOCSIFHWADDR) giving it the name of that device. This is true even if it is an SRIOV Virtual Function (VF). But, when we are setting the MAC address / vlan ID of a VF in preparation for "hostdev network" passthrough (this is where we set the MAC address and vlan id of the VF after detaching the host net driver and before assigning the device to the domain with PCI passthrough, i.e. "", we do the setting via a netlink RTM_SETLINK message for that VF's Physical Function (PF), telling it the VF# we want to change. This sets an "administratively changed MAC" flag for that VF in the PF's driver, and from that point on (until the PF driver is reloaded, *not* merely the VF driver) that VF's MAC address can't be changed using ioctl(SIOCSIFHWADDR) - the only way to change it is via the PF with RTM_SETLINK. This means that if a VF is used for hostdev passthrough, it will have the admin flag set, and future attempts to use that VF for macvtap passthrough will fail. The solution to this problem is to check if the device being used for macvtap passthrough is actually a VF; if so, we use the netlink RTM_SETLINK message to the PF to set the VF's mac address instead of ioctl(SIOCSIFHWADDR) directly to the VF; if not, behavior does not change from previously. There are three pieces to making this work: 1) virNetDevMacVLan(Create|Delete)WithVPortProfile() now call virNetDev(Replace|Restore)NetConfig() rather than virNetDev(Replace|Restore)MacAddress() (simply passing -1 for VF# and vlanid). 2) virNetDev(Replace|Restore)NetConfig() check to see if the device is a VF. If so, they find the PF's name and VF#, allowing them to call virNetDev(Replace|Restore)VfConfig(). 3) To prevent mixups when detaching a macvtap passthrough device that had been attached while running an older version of libvirt, virNetDevRestoreVfConfig() is potentially given the preserved name of the VF, and if the proper statefile for a VF can't be found in the stateDir (${stateDir}/${pfname}_vf${vfid}), virNetDevRestoreMacAddress() is called instead (which will look in the file named ${stateDir}/${vfname}). This problem has existed in every version of libvirt that has both macvtap passthrough and interface type='hostdev'. Fortunately people seem to use one or the other though, so it hasn't caused any real world problem reports. 2015-04-21 Cole Robinson qemu: Always refresh capabilities if no found - Remove all qemu emulators - Restart libvirtd - Install qemu emulators - Call 'virsh version' -> errors The only thing that will force the qemu driver to refresh it's cached capablities info is an explict API call to GetCapabilities. However in the case when the initial caps lookup at driver connect didn't find a single qemu emulator to poll, the driver is effectively useless and really can't do anything until it's populated some qemu capabilities info. With the above steps, the user would have to either know about the magic refresh capabilities call, or restart libvirtd to pick up the changes. Instead, this patch changes things so that every time a part of th driver requests access to capabilities info, check to see if we've previously seen any emulators. If not, force a refresh. In the case of 'still no emulators found', this is still very quick, so I can't think of a downside. https://bugzilla.redhat.com/show_bug.cgi?id=1000116 2015-04-21 Roman Bogorodskiy vircapstest: fix build without LXC, QEMU or XEN When building without lxc support enabled, build fails with: CLD vircapstest vircapstest.o: In function `test_virCapsDomainDataLookupLXC': vircapstest.c:(.text+0x9ef): undefined reference to `testLXCCapsInit' Fix that by hiding LXC tests under appropriate #ifdef. Same applies for QEMU and XEN. 2015-04-21 John Ferlan scsi: Adjust return values from processLU https://bugzilla.redhat.com/show_bug.cgi?id=1171933 Adjust the processLU error returns to be a bit more logical. Currently, the calling code cannot determine the difference between a non disk/lun volume and a processed/found disk/lun. It can also not differentiate between perhaps real/fatal error and one that won't necessarily stop the code from finding other volumes. After this patch virStorageBackendSCSIFindLUsInternal will stop processing as soon as a "fatal" message occurs rather than continuting processing for no apparent reason. It will also only set the *found value when at least one of the processLU's was successful. With the failed return, if the reason for the stop was that the pool target path did not exist, was /dev, was /dev/, or did not start with /dev, then iSCSI pool startup and refresh will fail. 2015-04-21 John Ferlan scsi: Change return values for virStorageBackendSCSIFindLUs Rather than passing/returning a pointer to a boolean to indicate that perhaps we should try again - adjust the return of the call to return the count of LU's found during processing, then let the caller decide what to do with that value. 2015-04-21 John Ferlan scsi: Adjust return value for virStorageBackendSCSINewLun Use virStorageBackendPoolUseDevPath API to determine whether creation of stable target path is possible for the volume. This will differentiate a failed virStorageBackendStablePath which won't need to be fatal. Thus, we'll add a -2 return value to differentiate that the failure was a result of either the inability to find the symlink for the device or failure to open the target path directory 2015-04-21 John Ferlan storage: Fix check for stable path check Fix the if (!STRPREFIX(path, "/dev")) to be if (!STRPREFIX(path, "/dev/")) to ensure a path such as "/device" isn't declared stable. storage: Split out the stable path check For virStorageBackendStablePath, in order to make decisions in other code split out the checks regarding whether the pool's target is empty, using /dev, using /dev/, or doesn't start with /dev 2015-04-21 Richard W.M. Jones xend: Remove a couple of unused function prototypes. Commit 70f446631f142ae92b4d4eb349fcf11408171556 (from 2008) introduced some functions for testing whether xend was returning correct sound models. Those functions have long gone, but the function prototypes remain. This commit removes the unused prototypes. 2015-04-21 Michal Privoznik domtop: Properly free cpu status So, in the example the cpu stats are collected within a function called do_top. At the beginning of the function we ask the daemon for how much vCPUs can we get stats, and how many stats for a vCPU can we get. This is because it's how our API works - users are required to preallocate a chunk of memory for the results. Now, at the end, we try to free the allocated array, but we are not doing it correctly. There's this virTypedParamsFree() function which gets a pointer to the array and the length of the array. However, if there was an error in getting vCPU stats we pass a negative number instead of the originally computed value. This flaw results in SIGSEGV: libvirt: QEMU Driver error : Requested operation is not valid: domain is not running ERROR do_top:333 : Unable to get cpu stats ==29201== Invalid read of size 4 ==29201== at 0x4F1DF8B: virTypedParamsClear (virtypedparam.c:1145) ==29201== by 0x4F1DFEB: virTypedParamsFree (virtypedparam.c:1165) ==29201== by 0x4023C3: do_top (domtop.c:349) ==29201== by 0x40260B: main (domtop.c:386) ==29201== Address 0x131cd7c0 is 16 bytes after a block of size 768 alloc'd ==29201== at 0x4C2C070: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==29201== by 0x401FF1: do_top (domtop.c:295) ==29201== by 0x40260B: main (domtop.c:386) 2015-04-21 Cole Robinson domain: conf: Drop expectedVirtTypes This needs to specified in way too many places for a simple validation check. The ostype/arch/virttype validation checks later in DomainDefParseXML should catch most of the cases that this was covering. caps: Use DomainDataLookup to replace GuestDefault* This revealed that GuestDefaultEmulator was a bit buggy, capable of returning an emulator that didn't match the passed domain type. Fix up the test suite input to continue to pass. domain: conf: Use CapabilitiesDomainDataLookup for caps validation The strange logic here is just to duplicate the previous behavior, which parts of the test suite are currently relying on. domain: conf: Do ostype/arch/machine parsing earlier Just move this code to where we parse virtType. Lots of things depend on os.type values so it should be handled early like virtType. 2015-04-21 Cole Robinson caps: Add virCapabilitiesDomainDataLookup This is a helper function to look up all capabilities data for all the OS bits that are relevant to . This is - os type - arch - domain type - emulator - machine type This will be used to replace several functions in later commits. 2015-04-21 Cole Robinson caps: Convert to use VIR_DOMAIN_VIRT internally domain: Convert os.type to VIR_DOMAIN_OSTYPE enum caps: Switch AddGuest to take VIR_DOMAIN_OSTYPE value Rather than an opencoded string. This should be a no-op caps: Use an enum internally for ostype value But the internal API stays the same, and we just convert the value as needed. Not useful yet, but this is the beginning step of using an enum for ostype throughout the code. 2015-04-21 Cole Robinson domain: conf: Don't validate VM ostype/arch at daemon startup When parsing XML, we validate the passed ostype + arch combo against the detected hypervisor capabilities. This has led to the following problem: - Define x86 qemu guest - qemu is inadvertently removed from the host - libvirtd is restarted. fails to parse VM config since arch is removed - 'virsh list --all' is now empty, user is wondering where their VMs went Add a new internal flag VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS. Use it when loading VM and snapshot configs from disk. https://bugzilla.redhat.com/show_bug.cgi?id=1043572 2015-04-21 Cole Robinson domain: conf: Better errors on bad os values If no was specified: before: unknown OS type no OS type after : xml error: an os must be specified If an is specified that's not in our capabiliities data: before: unknown OS type: $type after : unsupported configuration: no support found for os '$type' VIR_ERR_OS_TYPE is now unused (as it should be frankly) so drop its strings as well to save our translators some effort. 2015-04-21 Nikolay Shirokovskiy parallels: make device addressing consistent In Parallels we do not support device name hints aka option and full-fledged device disk device addressing through
    and have only one index instead. In this situation to be consistent we can only take one-to-one mapping from some reasonable subset of full address. Values outside this subset are invalid to create Parallels VMs. Reasonable mapping is default one defined in virDomainDiskDefAssignAddress. 2015-04-21 Nikolay Shirokovskiy parallels: fix return status for parallelsConnectOpen We should return VIR_DRV_OPEN_ERROR in case if we handle scheme in query but some error occur. Previously we sometimes return VIR_DRV_OPEN_DECLINE. 2015-04-20 Luyao Huang lxc: fix starting a domain with non-strict numa memory mode # virsh -c lxc:/// start helloworld error: Failed to start domain helloworld error: internal error: guest failed to start: Unknown failure in libvirt_lxc startup Return success when there are no cpuset.mems to be set, instead of failing without setting an error. 2015-04-20 Luyao Huang lxc: fix starting a domain with a cpuset but no numatune # virsh -c lxc:/// start helloworld error: Failed to start domain helloworld error: internal error: guest failed to start: Invalid value '1-3' for 'cpuset.mems': Invalid argument Free the cpu mask to avoid reusing it as a mem mask in virCgroupSetCpusetMems if virDomainNumatuneMaybeFormatNodeset does not set a mask. 2015-04-20 Erik Skultety rng: Move sgio attr definition to a separate block it might be worth having sgio attribute defined in a separate block the same way as rawio attribute. 2015-04-20 Erik Skultety rng: Forbid to validate mismatched 'device' and 'type' attributes According to docs, using 'lun' as a value for device attribute is only valid with disk types 'block' and 'network'. However current RNG schema also allows a combination type='file' device='lun' which results in a successfull xml validation, but fails at qemuBuildCommandLine. Besides fixing the RNG schema, this patch also adds a qemuxml2argvtest for this case. https://bugzilla.redhat.com/show_bug.cgi?id=1210669 2015-04-20 Cédric Bosdonnat Apparmor: removed duplicate nscd rules 2015-04-17 Michal Privoznik domcaps: Check for architecture more wisely https://bugzilla.redhat.com/show_bug.cgi?id=1209948 So we have this bug. The virConnectGetDomainCapabilities() API performs a couple of checks before it produces any result. One of the checks is if the architecture requested by user can be run by the binary (again user provided). However, the check is pretty dumb. It merely compares if the default binary architecture matches the one provided by user. However, a qemu binary can run multiple architectures. For instance: qemu-system-ppc64 can run: ppc, ppcle, ppc64, ppc64le and ppcemb. The default is ppc64, so if user requested something else, like ppc64le, the check would have failed without obvious reason. 2015-04-17 Martin Kletzander schema: Allow multiple machines for VMs and unite architectures Use the same pattern for all machine types on all archs and same archs for hvm and exe types. 2015-04-17 zhang bo qemuDomainShutdownFlags: Set fakeReboot more frequently When a qemu domain is to be rebooted, from outside, at libvirt level it looks like regular shutdown. To really restart the domain, libvirt needs to issue reset command on the monitor once SHUTDOWN event appeared. So, in order to differentiate bare shutdown and reboot libvirt uses a variable within domain private data. It's called fakeReboot. When the reboot API is called, the variable is set, but when the shutdown API is called it must be cleared out. But it was not for every possible case. So if user called virDomainReboot(), and there was no ACPI daemon running inside the guest (so guest didn't initiated shutdown sequence) and then virDomainShutdown(mode=agent) was called bad thing happened. We remembered the fakeReboot and instead of shutting the domain down, we just rebooted it. 2015-04-17 Michal Privoznik Introduce virNetDevBandwidthUpdateFilter This is a simple wrapper around virNetDevBandwidthManipulateFilter() that will update the desired filter on an interface (usually a network bridge) with a new MAC address. Although, the MAC address in question usually refers to some other interface - the one that the filter is constructed for. Yeah, hard to parse. Thing is, our NATed network has a bridge where some part of QoS takes place. And vNICs from guests are plugged into the bridge. However, if a guest decides to change the MAC of its vNIC, the corresponding qemu process emits an event which we can use to update the QoS configuration based on the new MAC address.. However, our QoS hierarchy is currently not notified, therefore it falls apart. This function (when called in response to the aforementioned event) will update our QoS hierarchy and duct tape it together again. virnetdevbandwidth.c: Separate tc filter creation to a function Not only this simplifies the code a bit, it prepares the environment for upcoming patches. The new virNetDevBandwidthManipulateFilter() function is capable of both removing a filter and adding a new one. At the same time! Yeah, this is not currently used anywhere but look at the next commit where you'll see it. virNetDevBandwidthSet: Add priority to filter Currently, when constructing traffic shaping rules, the ingress filter is created without any priority specified on the command line. This makes kernel to make up one. While this works, it simplifies things a bit if we provide the filter priority. In this case, since it's the root filter lets give it the highest priority of number 1. virDomainActualNetDefContentsFormat: Format class_id more frequently After a360912179 the formatting of virDomainActualNetDefPtr was changed a bit. However, during the function rewrite, iface's class_id is not formatted as frequently as it could be. In fact, after rewrite it's formatted only for iface of type VIR_DOMAIN_NET_TYPE_DIRECT where it makes no sense and is unused. While where needed (_TYPE_NETWORK) is not formatted at all. This makes the daemon forget it upon daemon restart resulting in bad behaviour. 2015-04-17 Michal Privoznik nwfilter: Partly initialize driver even for non-privileged users https://bugzilla.redhat.com/show_bug.cgi?id=1211436 This reverts commit b7829f959b33c6e32422222a9ed745c0da7dc696. The previous fix was not correct. Like everywhere else, a driver is a global variable allocated in stateInitialize function (or something similar for stateless drivers). Later, when a driver API is called, it's possible that the global variable is accessed and dereferenced. Now, some drivers require root privileges because they undertake some actions reserved only for the system admin (e.g. manipulating host firewall). And here's the trouble, the NWFilter state initializer exited too early when finding out it's running unprivileged, leaving the global NWFilter driver variable uninitialized. Any subsequent API call that tried to lock the driver resulted in dereferencing the driver and thus crash. On the other hand, in order to not resurrect the bug the original commit was fixing, Let's forbid the nwfilter define in session mode. Conflicts: src/nwfilter/nwfilter_driver.c: Context. Code changed a bit since 2013. 2015-04-17 Michal Privoznik virNetSocketNewConnectUNIX: Don't unlink(NULL) There is a possibility that we jump onto error label with @lockpath still initialized to NULL. Here, the @lockpath should be unlink()-ed, but passing there a NULL is not a good idea. Don't do that. In fact, we should call unlink() only if we created the lock file successfully. Reported-by: John Ferlan 2015-04-17 Lubomir Rintel lxc: move wireless PHYs to a network namespace The 802.11 interfaces can not be moved by themselves, their Phy has to move too. If there are other interfaces, they have to move too -- hopefully it's not too confusing. This is a less-invasive alternative to defining a new hostdev type for PHYs. 2015-04-17 Jim Fehlig libxl: drop virDomainObj lock when destroying a domain A destroy operation can take considerable time on large memory domains due to scrubbing the domain's memory. Unlock the virDomainObj while libxl_domain_destroy is executing. Implement libxlDomainDestroyInternal wrapper to handle unlocking, calling destroy, and locking. Change all callers of libxl_domain_destroy to use the wrapper. 2015-04-17 Jim Fehlig libxl: acquire a job when destroying a domain A job should be acquired at the beginning of a domain destroy operation, not at the end when cleaning up the domain. Fix two occurrences of this late job acquisition in the libxl driver. Doing so renders libxlDomainCleanupJob unused, so it is removed. libxl: Move job acquisition in libxlDomainStart to callers Let callers of libxlDomainStart decide when it is appropriate to acquire a job on the associated virDomainObj. libxl: support HVM direct kernel boot Add support for HVM direct kernel boot in libxl. Also add a test to verify domXML <-> native conversions. 2015-04-17 Jim Fehlig xenconfig: don't use "kernel" for hvmloader In xl config, hvmloader is implied for hvm guests. It is not specified with the "kernel" option like xm config. The "kernel" option, along with "ramdisk" and "extra", is used for HVM direct kernel boot. Instead of using "kernel" option to populate virDomainDef object's os.loader->path, use hvmloader discovered when gathering capabilities. This change required fixing initialization of capabilities in the test utils and removing 'kernel = "/usr/lib/xen/boot/hvmloader"' from the test config files. 2015-04-17 Jim Fehlig xenconfig: move parsing/formating to config-specific files xl and xm differ a bit in how configuration is represented. E.g. xl config supports via its "bios" setting. Move the xenParseOS and xenFormatOS functions from xen_common.c and copy to xen_xl.c and xen_xm.c so they can be customized for xm vs xl config. An unfortunate fallout is reordering of entries in the test config files. 2015-04-17 Jim Fehlig xenconfig: remove redunant parsing of device_model device_model is parsed in xenParseOS(), then later in xenParseConfigCommon(). is not part of , so makes sense to remove the parsing in xenParseOS(). xenconfig: export xenConfigCopyString Export xenConfigCopyString for use outside of xen_common.c 2015-04-17 Pavel Hrdina virbuffer: fix build on rhel-6 On rhel-6 is broken gcc that reports this warning: util/virbuffer.c:500: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op] Move the pragma directive before function virBufferEscapeString because since commit aeb5262e this function uses 'strchr' too. 2015-04-17 John Ferlan storage: Refactor virStorageBackendSCSINewLun Invert the logical of retval and clean up code paths, especially goto's 2015-04-16 Michael Chapman virCondWaitUntil: calculate timespec correctly ts.tv_nsec was off by a factor of 1000, making timeouts less than a second in the future often expiring immediately. 2015-04-16 Peter Krempa qemu: monitor: Refactor and fix monitor checking Among all the monitor APIs some where checking if mon is NULL and some were not. Since it's possible to have mon equal to NULL in case a second call is attempted once entered the monitor. This requires that every single API checks for the monitor. This patch adds a macro that helps checking the state of the monitor and either refactors existing checking code to use the macro or adds it in case it was missing. 2015-04-16 Jiri Denemark daemon: Prefix sysctl configuration filename with a number Apparently, files in /usr/lib/sysctl.d are usually prefixed with numbers for easier ordering. Let's be consistent with this. I chose 60 for libvirtd so that it goes after 50-default.conf. https://bugzilla.redhat.com/show_bug.cgi?id=1084876 2015-04-16 Peter Krempa qemu: bulk stats: Ignore errors from missing/inaccessible disks Rather than erroring out make the best attempt to retrieve other data if disks are inaccessible or missing. The failure will still be logged though. Since the bulk stats API is called on multiple domains an error like this makes the API unusable. This regression was introduced by commit 596a13713420e01b20ce3dc3fdbe06d073682675 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1209394 2015-04-16 Michal Privoznik RNG schema: allow plain @floor to The element to has several attributes from which two are mandatory. Well, from two at least one has to be present: @average or @floor or both. Instead of inventing crazy RNG schema, let's make all the attributes optional there and rely on our parsing code to correctly handle the situation. virNetDevBandwidthPlug: Update function description The comment is describing arguments passed to the function. However, there's no @ifmac argument. In 955af4d4 it was replaced with @ifmac_ptr. Unfortunately, the comment wasn't updated. 2015-04-16 Eric Blake tests: fix build on old 32-bit platforms gcc 4.1.2 (hello RHEL 5) on 32-bit platforms complains: vircgrouptest.c: In function 'testCgroupGetPercpuStats': vircgrouptest.c:627: warning: integer constant is too large for 'long' type vircgrouptest.c:628: warning: this decimal constant is unsigned only in ISO C90 vircgrouptest.c:634: warning: integer constant is too large for 'long' type vircgrouptest.c:635: warning: this decimal constant is unsigned only in ISO C90 vircgrouptest.c:636: warning: this decimal constant is unsigned only in ISO C90 vircgrouptest.c:644: warning: integer constant is too large for 'long' type * tests/vircgrouptest.c (testCgroupGetPercpuStats): Use ULL suffix. 2015-04-16 Ján Tomko Strip control codes in virBufferEscapeString These cannot be represented in XML. We have been stripping them, but only if the string had characters that needed escaping: <>"'& Extend the strcspn check to include control codes, and strip them even if we don't do any escaping. https://bugzilla.redhat.com/show_bug.cgi?id=1184131 https://bugzilla.redhat.com/show_bug.cgi?id=1066564 2015-04-16 Ján Tomko Ignore storage volumes with control codes in their names To prevent generating invalid XML. https://bugzilla.redhat.com/show_bug.cgi?id=1066564 2015-04-16 Ján Tomko Strip control characters from sysfs attributes Including them in the XML makes them unparsable. https://bugzilla.redhat.com/show_bug.cgi?id=1184131 2015-04-16 Ján Tomko Add functions dealing with control characters in strings Add virStringHasControlChars that checks if the string has any control characters other than \t\r\n, and virStringStripControlChars that removes them in-place. tests: rename testStripIPv6BracketsData to testStripData For reuse with other Strip* functions. 2015-04-15 Ján Tomko Add an example for EVENT_ID_DEVICE_ADDED Emit VIR_DOMAIN_EVENT_ID_DEVICE_ADDED in the QEMU driver Only for devices that have an alias. 2015-04-15 Ján Tomko Add VIR_DOMAIN_EVENT_ID_DEVICE_ADDED event The counterpart to VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED. https://bugzilla.redhat.com/show_bug.cgi?id=1206114 2015-04-15 Michal Privoznik Cleanup "/sys/class/net" usage Throughout the code, we have several places need to construct a path somewhere in /sys/class/net/... They are not consistent and nearly each code piece invents its own way how to do it. So unify this by: 1) use virNetDevSysfsFile() wherever possible 2) At least use common macro SYSFS_NET_DIR declared in virnetdev.h at the rest of places which can't go with 1) 2015-04-15 Michal Privoznik tests: Add virnetdevtestdata to EXTRA_DIST In one of my previous commits (49ed6cff9) I've introduced a test among with some files stored under virnetdevtestdata folder. While this works perfectly within a git tree, the folder was not getting into .tar.gz and therefore the dist-check would fail. 2015-04-15 John Ferlan tests: Resolve Coverity RESOURCE_LEAK Commit id 'b77ce18a2' added a new bitmap, but neglected to virBitmapFree it 2015-04-15 Eric Blake virsh: fix regression in 'virsh event' by domain Commit a0670ae caused a regression in 'virsh event' and 'virsh qemu-monitor-event' - if a user tries to filter the command to a specific domain, an error message is printed: $ virsh event dom --loop error: internal error: virsh qemu-monitor-event: no domain VSH_OT_DATA option and then the command continues as though no domain had been supplied (giving events for ALL domains, instead of the requested one). This is because the code was incorrectly assuming that all "domain" options would be supplied via a mandatory VSH_OT_DATA, even though "domain" is optional for these two commands, so we had changed them to VSH_OT_STRING to quit failing for other reasons (ever since it was decided that VSH_OT_DATA and VSH_OT_STRING should no longer be synonyms). In looking at the situation, though, the code for looking up a domain was making a pointless check for whether the option exists prior to finding the option's string value, as vshCommandOptStringReq does just fine at reporting any errors when looking up a string whether or not the option was present. So this is a case of regression fixing by pure code deletion :) * tools/virsh-domain.c (vshCommandOptDomainBy): Drop useless filter. * tools/virsh-interface.c (vshCommandOptInterfaceBy): Likewise. * tools/virsh-network.c (vshCommandOptNetworkBy): Likewise. * tools/virsh-nwfilter.c (vshCommandOptNWFilterBy): Likewise. * tools/virsh-secret.c (vshCommandOptSecret): Likewise. * tools/virsh.h (vshCmdHasOption): Drop unused function. * tools/virsh.c (vshCmdHasOption): Likewise. 2015-04-15 Peter Krempa node: udev: Remove some redundant error reports All the called functions already report an error. 2015-04-15 Michal Privoznik virPidFileConstructPath: Drop useless VIR_FREE() If a virAsprintf() within the function fails, we call VIR_FREE() over @rundir variable and jump onto cleanup label, where it is freed again. It doesn't hurt, but not make much sense too. 2015-04-15 Peter Krempa qemu: monitor: Fix qemuMonitorGetAllBlockStatsInfo with HMP Commit f6563bc3 introduced HMP impl of the function (so that a different uglier function could be removed). Before the HMP code is called there's a leftover check that the monitor is JSON which inhibits the code from working. qemu: monitor: @running in qemuMonitorGetStatus is always non-NULL Add the attribute and remove the check. qemu: monitor: Don't use 'ret' variable where not necessary Quite a lot places set the 'ret' variable just once right before returning it's value. Remove such usage. qemu: monitor: Ensure that qemuMonitorSetLink is called with non-null name qemu: monitor: Sanitize control flow in qemuMonitorSetCapabilities qemu: monitor: Clean up coding style Fix line spacing between functions, ensure that function return type is on a separate line and reflow arguments for VIR_DEBUG statements. 2015-04-15 Michal Privoznik virNetSocketNewConnectUNIX: Use flocks when spawning a daemon https://bugzilla.redhat.com/show_bug.cgi?id=1200149 Even though we have a mutex mechanism so that two clients don't spawn two daemons, it's not strong enough. It can happen that while one client is spawning the daemon, the other one fails to connect. Basically two possible errors can happen: error: Failed to connect socket to '/home/mprivozn/.cache/libvirt/libvirt-sock': Connection refused or: error: Failed to connect socket to '/home/mprivozn/.cache/libvirt/libvirt-sock': No such file or directory The problem in both cases is, the daemon is only starting up, while we are trying to connect (and fail). We should postpone the connecting phase until the daemon is started (by the other thread that is spawning it). In order to do that, create a file lock 'libvirt-lock' in the directory where session daemon would create its socket. So even when called from multiple processes, spawning a daemon will serialize on the file lock. So only the first to come will spawn the daemon. Tested-by: Richard W. M. Jones 2015-04-15 Martin Kletzander json: export non-static functions Two non-static functions in virjson.c were missing their export info in libvirt_private.syms, so they couldn't be used anywhere it the code (and that's about to get changed). Change virConnectPtr into virObjectLocklable It already had a virMutex inside, so this is just a cleanup. closeCallback is already lockable, initialize it as such Luckily we are allocating structs as clean memory and PTHREAD_MUTEX_INITIALIZER is "{ 0 }", so nothing happened, but it should still be created as lockable object. configure: Align messages The first two were a bit off. 2015-04-15 John Ferlan storage: Add duplicate devices check for zfs pool def Check proposed pool definitions to ensure they aren't trying to use the same devices as currently defined definitions - disallow the duplicate storage: Add duplicate source pool for Gluster pool def Check the proposed pool source host XML definition against existing gluster pools to ensure the incoming definition doesn't use the same source dir and soure host XML definition as an existing pool. storage: Add duplicate host check for Sheepdog pool def Check the proposed pool source host XML definition against existing sheepdog pools to ensure the incoming definition doesn't use the same source host XML definition as an existing pool. storage: Remove default from switch in virStoragePoolSourceFindDuplicate So that we can cover all the cases. storage: Use virStoragePoolSourceMatchSingleHost for NETFS Rather than have duplicate code doing the same check, have the netfs matching processing code use the new virStoragePoolSourceMatchSingleHost. storage: Add check for different ports for host duplicate matching In virStoragePoolSourceMatchSingleHost, add a comparison for port number being different prior to checking the 'name' field. storage: Create virStoragePoolSourceMatchSingleHost Split out the nhost == 1 and hosts[0].name logic into a separate routine 2015-04-15 John Ferlan storage: Refactor iSCSI Source matching Create a separate iSCSI Source matching subroutine. Makes the calling code a bit cleaner as well as sets up for future patches which need to do better source hosts[0].name processing/checking. As part of the effort the logic will be inverted from a multi-level if statement to a series of single level checks for better readability and further separation 2015-04-15 Jiri Denemark sanlock: Use VIR_ERR_RESOURCE_BUSY if sanlock_acquire fails When acquiring resource via sanlock fails, we would report it as VIR_ERR_INTERNAL_ERROR, which is not very friendly to applications using libvirt. Moreover, the lockd driver would report the same failure as VIR_ERR_RESOURCE_BUSY, which looks better. Unfortunately, in sanlock driver we don't really know if acquiring the resource failed because it was already locked or there was another reason behind. But the end result is the same and I think using VIR_ERR_RESOURCE_BUSY reason for all acquire failures is still better than what we have now. https://bugzilla.redhat.com/show_bug.cgi?id=1165119 2015-04-15 Eric Blake build: provide virNetDevSysfsFile on non-Linux Commit 49ed6cff is broken on mingw and other non-linux platforms: CCLD libvirt.la Cannot export virNetDevSysfsFile: symbol not defined collect2: error: ld returned 1 exit status * src/util/virnetdev.c: Provide virNetDevSysfsFile fallback. 2015-04-15 Eric Blake build: include correct header for time() Found by ./autobuild.sh during a mingw cross-compile: Commit 8a96e87 was not innocuous - glibc happens to leak the definition of time() through other headers, so that even without , virrandom.c compiled just fine. But on mingw, we were not so lucky; was important for its side effect of dragging in , and we now have nothing providing the declaration of time(): ../../src/util/virrandom.c: In function 'virRandomOnceInit': ../../src/util/virrandom.c:65:5: error: implicit declaration of function 'time' [-Werror=implicit-function-declaration] unsigned int seed = time(NULL) ^ getpid(); ^ ../../src/util/virrandom.c:65:5: error: nested extern declaration of 'time' [-Werror=nested-externs] 2015-04-15 Michal Privoznik Introduce virnetdevtest This is yet another test for check of basic functionality of our NIC state handling code. 2015-04-14 John Ferlan cfg: Disallow usage of 'index' as variable name Since we've run afoul of the Xen-devel build for shadowing a global declaration of 'index', just disallow using index for a variable name nwfilter: Change 'index' to 'idx' Forthcoming syntax check rule will disallow usage of 'int index', so change it for nwfilter snapshot: Change 'index' to 'idx' Forthcoming syntax check rule will disallow usage of 'int index', so change it for snapshot util: Use 'idx' instead of 'index' Impending syntax checker will disallow 'int index', so change it here. qemu: Adjust the prototype to match the function Changing the prototype to not have "int *index" since we'll soon be disallowing index as a name. Curiously the original commit (a4504ac) for the function used 'int idx' in the function - so they didn't match. Now they do. 2015-04-14 Ján Tomko Add articles to virDomainDeviceDetachFlags docs Reported by John Ferlan. 2015-04-14 Pavel Hrdina xen: fix build error on rhel-5 ../../src/xen/block_stats.c:82: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] 2015-04-14 Martin Kletzander sparc: Add default PCI root controller It is there even with -nodefaults and -no-user-config, so count with that so we can start sparc domains. 2015-04-14 Huanle Han hostdev: fix loop index error when resetvfnetconfig The variable 'last_processed_hostdev_vf' indicates index of the last successfully configed vf. When resetvfnetconfig because of failure, hostdevs[last_processed_hostdev_vf] should also be reset. 2015-04-14 Huanle Han qemu: fix index error when clean up vport profile 1. 'last_good_net' indicates the index of last successfully configured net. so def->nets[last_good_net] should also be clean up if error occurs. 2. if error occurs in 'virNetDevMacVLanVPortProfileRegisterCallback' (second 'goto err_exit' in loop), we should also do 'virNetDevVPortProfileDisassociate' cleanup for the 'virNetDevVPortProfileAssociate'(first code block in loop). So we should consider the net is successfully configured after first code block in loop finishes. 2015-04-14 Serge Hallyn virt-aa-helper: add unix channels (esp for qemu-guest-agent) The original bug report was at https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1393842 Also skip abstract unix sockets. 2015-04-14 Shanzhi Yu qemu: save domain status after set memory parameters After set memory parameters for running domain, save the change to live xml is needed otherwise it will disappear after restart libvirtd. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1211548 2015-04-14 Shanzhi Yu virsh: improve the error for wrong memtune parameters When set guest memory with a invalid parameter of --soft-limit, it posts weird error: $ virsh memtune r7 --hard-limit 20417224 --soft-limit 9007199254740992 \ --swap-hard-limit 35417224 error: Unable to parse integer parameter 'NAME Change it to error: Unable to parse integer parameter soft-limit Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1211550 2015-04-14 John Ferlan qemu: Use 'idx' instead of 'index' for variable name Apparently for Xen-devel 'index' is a global and causes a build failure, so just use the shortened 'idx' instead to avoid the conflict. 2015-04-14 Peter Krempa qemu: Refactor qemuDomainBlockJobAbort() Change few variable names and refactor the code flow. As an additional bonus the function now fails if the event state is not as expected. 2015-04-14 Peter Krempa qemu: drivePivot: Fix assumption when 'block-job-complete' fails QEMU does not abandon the mirror. The job carries on in the synchronised phase and it might be either pivoted again or cancelled. The commit hints that the described behavior was happening in a downstream version. If the command returns false there are two possible options: 1) qemu did not reach the point where it would ask the block job to pivot 2) pivotting failed in the actual qemu coroutine If either of those would happen we return failure and reset the condition that waits for the block job to complete. This makes the API fail but in case where qemu would actually abandon the mirror the fact is notified via the event and handled asynchronously. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1202704 2015-04-14 Peter Krempa qemu: blockPull: Refactor the rest of qemuDomainBlockJobImpl Since it now handles only block pull code paths we can refactor it and remove tons of cruft. qemu: blockjob: Separate qemuDomainBlockJobAbort from qemuDomainBlockJobImpl Sacrifice a few lines of code in favor of the code being more readable. 2015-04-14 Peter Krempa qemu: blockjob: Split qemuDomainBlockJobSetSpeed from qemuDomainBlockJobImpl qemuDomainBlockJobImpl become an unmaintainable mess over the years of adding new stuff to it. This patch starts splitting up individual functions from it until it can be killed entirely. In bulk this will add lines of code rather than delete them but it will be traded for maintainability. 2015-04-14 Peter Krempa qemu: monitor: Extract handling of JSON block job error codes My intention is to split qemuMonitorJSONBlockJob() into simpler separate functions for every block job type. Since the error handling code is the same for all block jobs, this patch extracts the code into a separate function that will later be reused in more places. With the new helper qemuMonitorJSONErrorIsClass we can save a few function calls as we can extract the error object once. 2015-04-14 Peter Krempa qemu: monitor: json: Refactor error code class checker Split out the function that checks the actual error class string into a separate helper as it will be useful later and refactor qemuMonitorJSONHasError to return bool type and remove few useless checks. Basically virJSONValueObjectHasKey are useless here since the next call to virJSONValueObjectGet is checking the return value again (which can't fail at that point). By removing the first check we save a function call. 2015-04-14 Peter Krempa qemu: Fix condition for checking vcpu when pinning vcpus Previously we checked that the vcpu we are trying to set is in range of the number of threads presented by qemu. The problem is that if the VM is offline the count is 0. Since the condition subtracted 1 from the count the number would overflow and the check would never trigger. Change the condition for more sensible ones with specific error messages. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1208434 2015-04-14 Peter Krempa conf: Refactor virDomainVcpuPinDefParseXML Refactor the code to parse the vcpupin in a similar way the iothreadpin code is now structured. This allows to get rid of some very strange conditions and error messages. Additionally since a existing bug ( https://bugzilla.redhat.com/show_bug.cgi?id=1208434 ) allows to add vcpupin definitions for vcpus that don't exist, this patch makes the parser to ignore all vcpupins that don't have a matching vCPU in the definition rather than just offlined ones. 2015-04-14 Peter Krempa conf: Error out if iothread id is missing in iothreadpin Defining a domain with the following config: ... 1 will result in the following config formatted back: ... 1 After restart the VM would vanish. Since our schema requires the @iothread field to be present in make it required by the code too. 2015-04-14 Peter Krempa conf: Split up virDomainVcpuPinDefParseXML Extract part that parses iothreads into virDomainIothreadPinDefParseXML conf: Split out parsing of emulatorpin Split up parts of virDomainVcpuPinDefParseXML into virDomainEmulatorPinDefParseXML. lib: snapshot: Explain that only one layer of images is inserted When creating a snapshot with _REUSE_EXTERNAL when the pre-created image does not directly link to the current active layer libvirt would re-detect the backing chain incorrectly and it would not match with qemu's view. Since the configuration is an operator mistake, document that only the top layer image gets inserted. 2015-04-14 Peter Krempa qemu: Enforce WWN to be unique among VM's disks Operating systems use the identifier to name the disks. As the name suggests the ID should be unique. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1208009 2015-04-14 Peter Krempa conf: ABI: Check WWN in disk abi stability check Since the WWN influences guest behavior in naming disks we should treat this as vm ABI. 2015-04-14 John Ferlan Convert virDomainPinIsDuplicate into bool return Rename qemuCheckIothreads to qemuCheckIOThreads 2015-04-13 Ján Tomko Rewrite vshParseCPUList Use virBitmap helpers that were added after this function. Change cpumaplen to int and fill it out by this function. 2015-04-13 Ján Tomko Rewrite vshPrintPinInfo Use virBitmapDataToString instead of constructing the ranges bit by bit, remove the checking of parameters (that is already done by the callers). Let the callers choose the right bitmap, since there's only one that uses this helper on a matrix-in-an-array. 2015-04-13 Alexander Burluka Parallels: implemented domainAttachDevice That function uses domainAttachDeviceFlags Parallels: implement domainAttachDeviceFlags Parallels Cloud Server supports block devices and virtual NIC live attachment. I implemented that function for block devices so OpenStack volume attachment is now works. Parallels: remove disk serial number check OpenStack needs disk serial number setup because nova boot --block-device-mapping command generates that param in libvirt xml. I took QEMU libvirt driver behavior as a base. QEMU driver skips inability to set serial and continues work. So Parallels driver will ignore this param too and let domain boot. 2015-04-13 Ján Tomko Remove overengineered loop Do not loop over enum with one value. Introduce struct _virStorageBackendQemuImgInfo This will contain the data required for creating the qemu-img command line without having access to the volume definition. Rename virStorageBackendCreateQemuImgCmd Add FromVol at the end. This function will create the qemu-img command line from volume definitions and check them. Use XPath when parsing snapshot disk definition Instead of going through XML nodes in a loop and having to check if they are duplicate. Split out storage format 'compat' attribute sanity check For future reuse in the snapshot XML. 2015-04-13 Erik Skultety virBitmap: Place virBitmapIsAllClear check after virBitmapParse calls This patch adds checks for empty bitmaps right after the calls of virBitmapParse. These only include spots where set API's are called and where domain's XML is parsed. Also, it partially reverts commit 983f5a which added a check for invalid nodeset "0,^0" into virBitmapParse function. This change broke the logic, as an empty bitmap should not cause an error. https://bugzilla.redhat.com/show_bug.cgi?id=1210545 2015-04-13 Ján Tomko Remove feature formating funcs from pool-specific options We only have one formatting function for the features. Visually separate snapshot disk subelements Create four smaller blocks of texts instead of one large one. Rewrite usb device version parsing Simplify the function by leaving out the local copy and checking return values of virStrToLong. 2015-04-13 Ján Tomko Fix usb device version parsing issues Request that the number be parsed as decimal, to allow 08 and 09. Format it with the leading zero, 1.01 and 1.10 are two different versions. https://bugzilla.redhat.com/show_bug.cgi?id=1210650 2015-04-13 Ján Tomko Do xml->xml test for usb-redir-filter We don't format the default '-1' fields back. 2015-04-13 Ján Tomko Do not require virtio-pci devices when using virtio-mmio On arm, we probe for virtio-*-pci devices, but use their virtio-*-device variants. Set the capabilities based on the -device variants as well, to make them work with qemus with the PCI devices compiled out. 2015-04-13 Michal Privoznik qemuMigrationPrecreateStorage: Fix debug message When pre-creating storage for domains, we need to find corresponding disk in the XML on the destination (domain XML may differ there, e.g. disk is accessible under different path). For better debugging, I'm printing all info I received on a disk. But there was a typo when printing the disk capacity: "%lluu" instead of "%llu". 2015-04-13 Xing Lin qemu_migration.c: sleep first before checking for migration status. The problem with the previous implementation is, even when qemuMigrationUpdateJobStatus() detects a migration job has completed, it will do a sleep for 50 ms (which is unnecessary and only adds up to the VM pause time). 2015-04-13 Andrea Bolognani conf: Don't output tag if it contains no information. The tag is already marked as optional in the schema, so no changes are needed there. RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1202606 2015-04-11 John Ferlan qemu: qemuDomainHotplugVcpus - separate out pin adjustment code Future IOThread setting patches would copy the code anyway, so create and generalize the adding of pindef for the vcpu and the pinning of the thread into their own APIs. 2015-04-10 Dmitry Guryanov AUTHORS: Add my email address to AUTHORS.in 2015-04-10 Ján Tomko Support IPv6 in networkGetNetworkAddress We've been explicitly requesting IPv4 for some reason, even if there were only IPv6 addresses in the network definition. https://bugzilla.redhat.com/show_bug.cgi?id=1192318 2015-04-10 Luyao Huang util: Update virNetDevGetIPAddress to get IPv6 addresses Add static virNetDevGetifaddrsAddress to attempt to get the interface IP address. If getifaddrs is not supported, fall back to virNetDevGetIPv4AddressIoctl to get the IP address. This allows IPv6 addresses to be used for conf: fix virDomainDefFormatInternal for parallels We should add input devices with proper bus, not VIR_DOMAIN_INPUT_BUS_XEN. 2015-04-10 Dmitry Guryanov conf: fix virDomainDefParseXML for parallels Handle input devices in virDomainDefParseXML properly in case of parallels containers and VMs. Parallels containers support only VIR_DOMAIN_INPUT_BUS_PARALLELS. And if VNC is enabled we should add implicit mouse and keyboard. For VMs we should add implicit PS/2 mouse and keyboard. BTW, is it worth to refactor code and move all this code to drivers, to *DomainDefPostParse functions? 2015-04-10 Dmitry Guryanov parallels: add implicit input devices Add implicit input devices in parallelsLoadDomains, when VNC is enabled. 2015-04-10 Dmitry Guryanov conf: add input device type for parallels containers Add VIR_DOMAIN_INPUT_BUS_PARALLELS device type to handle domain configuration properly for parallels containers, when VNC is enabled. When domain configuration has at least one 'graphics', there should be mouse and keyboard. 2015-04-10 Dmitry Guryanov conf: return proper default video type for parallels Fix function virDomainVideoDefaultType for parallels VMs and containers. It should return VGA for VMs and VIR_DOMAIN_VIDEO_TYPE_PARALLELS for containers. 2015-04-10 Dmitry Guryanov conf: add VIR_DOMAIN_VIDEO_TYPE_PARALLELS video type We support VNC for containers to have the same interface with VMs. At this moment it just renders linux text console. Of course we don't pass any physical devices and don't emulate virtual devices. Our VNC server renders text from terminal master and sends input events from VNC client to terminal. So add special video type VIR_DOMAIN_VIDEO_TYPE_PARALLELS for these pseudo-devices. 2015-04-10 Dmitry Guryanov parallels: don't fill net adapter model for containers Network adapter model has no sense for container, so we shouldn't set it to e1000 in parallelsDomainDeviceDefPostParse. parallels: fill adapter model in virDomainNetDef We handle this parameter for VMs while defining domains, so let's get this property from PCS and set corresponding field of virDomainNetDef in prlsdkLoadDomains function. parallels: add controllers in prlsdkLoadDomain Call virDomainDefAddImplicitControllers to add disk controllers, so virDomainDef, filled by this function will look exactly like the one returned by virDomainDefParseString. parallels: report, that cdroms are readonly Set readonly flag for cdrom devices when we retrieve a list of domains from PCS. parallels: implement virDomainManagedSave Implement virDomainManagedSave api function. In PCS this feature called "suspend". You can suspend VM or CT while it is in running or paused state. And after resuming (or starting) it will have the same state, as before suspend. parallels: split prlsdkDomainChangeState function Split function prlsdkDomainChangeState into prlsdkDomainChangeStateLocked and prlsdkDomainChangeState. So it can be used from places, where virDomainObj already found and locked. parallels: fix headers in parallels_sdk.h Return value of functions prlsdkStart/Kill/Stop e.t.c. is PRL_RESULT in parallels_sdk.c and int in parallels_sdk.h. PRL_RESULT is int, so compiler didn't report errors. Let's fix the difference. 2015-04-10 John Ferlan qemu: qemuDomainHotplugVcpus - separate out the del cgroup and pin Future IOThread setting patches would copy the code anyway, so create and generalize a delete cgroup and pindef for the vcpu into its own API. qemu: qemuDomainHotplugVcpus - separate out the add cgroup Future IOThread setting patches would copy the code anyway, so create and generalize the add the vcpu to a cgroup into its own API. cgroup: Use virCgroupNewThread Replace the virCgroupNew{Vcpu|Emulator|IOThread} calls with the common virCgroupNewThread API cgroup: Introduce virCgroupNewThread Create a new common API to replace the virCgroupNew{Vcpu|Emulator|IOThread} API's using an emum to generate the cgroup name 2015-04-10 John Ferlan storage: Don't duplicate efforts of backend driver https://bugzilla.redhat.com/show_bug.cgi?id=1206521 If the backend driver updates the pool available and/or allocation values, then the storage_driver VolCreateXML, VolCreateXMLFrom, and VolDelete APIs should not change the value; otherwise, it will appear as if the values were "doubled" for each change. Additionally since unsigned arithmetic will be used depending on the size and operation, either or both values could be appear to be much larger than they should be (in the EiB range). Currently only the disk pool updates the values, but other pools could. Assume a "fresh" disk pool of 500 MiB using /dev/sde: $ virsh pool-info disk-pool ... Capacity: 509.88 MiB Allocation: 0.00 B Available: 509.84 MiB $ virsh vol-create-as disk-pool sde1 --capacity 300M $ virsh pool-info disk-pool ... Capacity: 509.88 MiB Allocation: 600.47 MiB Available: 16.00 EiB Following assumes disk backend updated to refresh the disk pool at deletion of primary partition as well as extended partition: $ virsh vol-delete --pool disk-pool sde1 Vol sde1 deleted $ virsh pool-info disk-pool ... Capacity: 509.88 MiB Allocation: 9.73 EiB Available: 6.27 EiB This patch will check if the backend updated the pool values and honor that update. 2015-04-10 John Ferlan storage: Need to update freeExtent at delete primary partition Commit id '471e1c4e' only considered updating the pool if the extended partition was removed. As it turns out removing a primary partition would also need to update the freeExtent list otherwise the following sequence would fail (assuming a "fresh" disk pool for /dev/sde of 500M): $ virsh pool-info disk-pool ... Capacity: 509.88 MiB Allocation: 0.00 B Available: 509.84 MiB $ virsh vol-create-as disk-pool sde1 --capacity 300M $ virsh vol-delete --pool disk-pool sde1 $ virsh vol-create-as disk-pool sde1 --capacity 300M error: Failed to create vol sde1 error: internal error: no large enough free extent $ This patch will refresh the pool, rereading the partitions, and return 2015-04-10 John Ferlan storage: Fix issues in storageVolResize https://bugzilla.redhat.com/show_bug.cgi?id=1073305 When creating a volume in a pool, the creation allows the 'capacity' value to be larger than the available space in the pool. As long as the 'allocation' value will fit in the space, the volume will be created. However, resizing the volume checks were made with the new absolute capacity value against existing capacity + the available space without regard for whether the new absolute capacity was actually allocating space or not. For example, a pool with 75G of available space creates a volume of 10G using a capacity of 100G and allocation of 10G will succeed; however, if the allocation used a capacity of 10G instead and then tried to resize the allocation to 100G the code would fail to allow the backend to try the resize. Furthermore, when updating the pool "available" and "allocation" values, the resize code would just "blindly" adjust them regardless of whether space was "allocated" or just "capacity" was being adjusted. This left a scenario whereby a resize to 100G would fail; however, a resize to 50G followed by one to 100G would both succeed. Again, neither was adjusting the allocation value, just the "capacity" value. This patch adds more logic to the resize code to understand whether the new capacity value is actually "allocating" space as well and whether it shrinking or expanding. Since unsigned arithmatic is involved, the possibility that we adjust the pool size values incorrectly is probable. This patch also ensures that updates to the pool values only occur if we actually performed the allocation. NB: The storageVolDelete, storageVolCreateXML, and storageVolCreateXMLFrom each only updates the pool allocation/availability values by the target volume allocation value. 2015-04-09 Peter Krempa qemu: Avoid shadow of 'sync' symbol Old compilers whine that 'sync' is being shadowed in the function introduced in 1eccac1d2da7bbe97e1df25fd0ddac6e71b0794a. qemu: blockPivot: Don't pause the VM any more since we don't use drive-reopen Support for drive-reopen was never present in the upstream code so we don't need to pause the VM when doing the block pivot. Kill all the code related to this semi-upstream artifact. qemu: Clean up old leftovers in qemuMonitorDrivePivot There are two leftover unused variables. Remove them and clean up the fallout of the change. qemu: blockjob: Use the new helpers in qemuDomainGetBlockJobInfo Refactor the function to use the new helpers. qemu: domain: Add helper to check block job support We need to check that qemu supports block jobs in multiple places. Add a helper to do the check. qemu: domain: Introduce helper to retrieve domain monitor object In some cases where the function does not need to access the private data this helper may be used to retrieve the monitor object. 2015-04-09 Erik Skultety doc: Add info (where necessary) that paths should be specified as absolute We documented this almost everywhere, but missed it on several places. https://bugzilla.redhat.com/show_bug.cgi?id=1208763 2015-04-09 Cédric Bosdonnat Open /proc/PID/ns/* read-only to avoid getting permission denied lxc-enter-namespace stopped working on recent kernels (at least 3.19+) due to /proc/PID/ns/* file descriptors being opened RW. From outside the namespace these can only be opened RO. Apparmor qemu abstraction fixes for SLES SLES 11 has legacy qemu-kvm package, /usr/bin/qemu-kvm and /usr/share/qemu-kvm need to be accessed to domains. 2015-04-09 Lubomir Rintel lxc: create the required directories upon driver start /var/run may reside on a tmpfs and we fail to create the PID file if /var/run/lxc does not exist. Since commit 0a8addc1, the lxc driver's state directory isn't automatically created before starting a domain. Now, the lxc driver makes sure the state directory exists when it initializes. 2015-04-09 Peter Krempa util: file: Don't carelessly sanitize URIs rfc3986 states that the separator in URI path is a single slash. Multiple slashes may potentially lead to different resources and thus we should not remove them. test: Add tests for virFileSanitizePath Add test infrastructure for virFileSanitizePath so that it can be sensibly refactored later. 2015-04-08 Michal Privoznik virLXCControllerSetupResourceLimits: Call virNuma*() iff needed Like we are doing in qemu driver (ea576ee543d6fb95583), lets call virNumaSetupMemoryPolicy() only if really needed. Problem is, if we numa_set_membind() child, there's no way to change it from the daemon afterwards. So any later attempts to change the pinning will fail. But in very weird way - CGroups will be set, but due to membind child will not allocate memory from any other node. 2015-04-08 Luyao Huang fix memleak in qemuRestoreCgroupState 131,088 bytes in 16 blocks are definitely lost in loss record 2,174 of 2,176 at 0x4C29BFD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4C2BACB: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x52A026F: virReallocN (viralloc.c:245) by 0x52BFCB5: saferead_lim (virfile.c:1268) by 0x52C00EF: virFileReadLimFD (virfile.c:1328) by 0x52C019A: virFileReadAll (virfile.c:1351) by 0x52A5D4F: virCgroupGetValueStr (vircgroup.c:763) by 0x1DDA0DA3: qemuRestoreCgroupState (qemu_cgroup.c:805) by 0x1DDA0DA3: qemuConnectCgroup (qemu_cgroup.c:857) by 0x1DDB7BA1: qemuProcessReconnect (qemu_process.c:3694) by 0x52FD171: virThreadHelper (virthread.c:206) by 0x82B8DF4: start_thread (pthread_create.c:308) by 0x85C31AC: clone (clone.S:113) 2015-04-08 Dawid Zamirski vbox: Implement virDomainSendKey Since the holdtime is not supported by VBOX SDK, it's being simulated by sleeping before sending the key-up codes. The key-up codes are auto-generated based on XT codeset rules (adding of 0x80 to key-down) which results in the same behavior as for QEMU implementation. vbox: Register IKeyboard with the unified API. The IKeyboard COM object is needed to implement virDomainSendKey and is available in all supported VBOX versions. 2015-04-08 Michal Privoznik qemuProcessHook: Call virNuma*() only when needed https://bugzilla.redhat.com/show_bug.cgi?id=1198645 Once upon a time, there was a little domain. And the domain was pinned onto a NUMA node and hasn't fully allocated its memory: 2355200 1048576 Oh little me, said the domain, what will I do with so little memory. If I only had a few megabytes more. But the old admin noticed the whimpering, barely audible to untrained human ear. And good admin he was, he gave the domain yet more memory. But the old NUMA topology witch forbade to allocate more memory on the node zero. So he decided to allocate it on a different node: virsh # numatune little_domain --nodeset 0-1 virsh # setmem little_domain 2355200 The little domain was happy. For a while. Until bad, sharp teeth shaped creature came. Every process in the system was afraid of him. The OOM Killer they called him. Oh no, he's after the little domain. There's no escape. Do you kids know why? Because when the little domain was born, her father, Libvirt, called numa_set_membind(). So even if the admin allowed her to allocate memory from other nodes in the cgroups, the membind() forbid it. So what's the lesson? Libvirt should rely on cgroups, whenever possible and use numa_set_membind() as the last ditch effort. 2015-04-08 Michal Privoznik vircgroup: Introduce virCgroupControllerAvailable This new internal API checks if given CGroup controller is available. It is going to be needed later when we need to make a decision whether pin domain memory onto NUMA nodes using cpuset CGroup controller or using numa_set_membind(). 2015-04-08 Michael Chapman qemu_driver: check caps after starting block job Currently we check qemuCaps before starting the block job. But qemuCaps isn't available on a stopped domain, which means we get a misleading error message in this case: # virsh domstate example shut off # virsh blockjob example vda error: unsupported configuration: block jobs not supported with this QEMU binary Move the qemuCaps check into the block job so that we are guaranteed the domain is running. 2015-04-08 Michael Chapman qemu_migrate: use nested job when adding NBD to cookie qemuMigrationCookieAddNBD is usually called from within an async MIGRATION_OUT or MIGRATION_IN job, so it needs to start a nested job. (The one exception is during the Begin phase when change protection isn't enabled, but qemuDomainObjEnterMonitorAsync will behave the same as qemuDomainObjEnterMonitor in this case.) This bug was encountered with a libvirt client that repeatedly queries the disk mirroring block job info during a migration. If one of these queries occurs just as the Perform migration cookie is baked, libvirt crashes. Relevant logs are as follows: 6701: warning : qemuDomainObjEnterMonitorInternal:1544 : This thread seems to be the async job owner; entering monitor without asking for a nested job is dangerous [1] 6701: info : qemuMonitorSend:972 : QEMU_MONITOR_SEND_MSG: mon=0x7fefdc004700 msg={"execute":"query-block","id":"libvirt-629"} [2] 6699: info : qemuMonitorIOWrite:503 : QEMU_MONITOR_IO_WRITE: mon=0x7fefdc004700 buf={"execute":"query-block","id":"libvirt-629"} [3] 6704: info : qemuMonitorSend:972 : QEMU_MONITOR_SEND_MSG: mon=0x7fefdc004700 msg={"execute":"query-block-jobs","id":"libvirt-630"} [4] 6699: info : qemuMonitorJSONIOProcessLine:203 : QEMU_MONITOR_RECV_REPLY: mon=0x7fefdc004700 reply={"return": [...], "id": "libvirt-629"} 6699: error : qemuMonitorJSONIOProcessLine:211 : internal error: Unexpected JSON reply '{"return": [...], "id": "libvirt-629"}' At [1] qemuMonitorBlockStatsUpdateCapacity sends its request, then waits on mon->notify. At [2] the request is written out to the monitor socket. At [3] qemuMonitorBlockJobInfo sends its request, and also waits on mon->notify. The reply from the first request is received at [4]. However, qemuMonitorJSONIOProcessLine is not expecting this reply since the second request hadn't completed sending. The reply is dropped and an error is returned. qemuMonitorIO signals mon->notify twice during its error handling, waking up both of the threads waiting on it. One of them clears mon->msg as it exits qemuMonitorSend; the other crashes: qemuMonitorSend (mon=0x7fefdc004700, msg=) at qemu/qemu_monitor.c:975 975 while (!mon->msg->finished) { (gdb) print mon->msg $1 = (qemuMonitorMessagePtr) 0x0 2015-04-08 Maxim Nestratov parallels: delete old networks in prlsdkDoApplyConfig before adding new ones In order to change an existing domain we delete all existing devices and add new from scratch. In case of network devices we should also delete corresponding virtual networks (if any) before removing actual devices from xml. In the patch, we do it by extending prlsdkDoApplyConfig with a new parameter, which stands for old xml, and calling prlsdkDelNet every time old xml is specified. 2015-04-08 Michael Chapman util: fix removal of callbacks in virCloseCallbacksRun The close callbacks hash are keyed by a UUID-string, but virCloseCallbacksRun was attempting to remove them by raw UUID. This patch ensures the callback entries are removed by UUID-string as well. This bug caused problems when guest migrations were abnormally aborted: # timeout --signal KILL 1 \ virsh migrate example qemu+tls://remote/system \ --verbose --compressed --live --auto-converge \ --abort-on-error --unsafe --persistent \ --undefinesource --copy-storage-all --xml example.xml Killed # virsh migrate example qemu+tls://remote/system \ --verbose --compressed --live --auto-converge \ --abort-on-error --unsafe --persistent \ --undefinesource --copy-storage-all --xml example.xml error: Requested operation is not valid: domain 'example' is not being migrated 2015-04-08 Michael Chapman qemu: fix race between disk mirror fail and cancel If a VM migration is aborted, a disk mirror may be failed by QEMU before libvirt has a chance to cancel it. The disk->mirrorState remains at _ABORT in this case, and this breaks subsequent mirrorings of that disk. We should instead check the mirrorState directly and transition to _NONE if it is already aborted. Do the check *after* aborting the block job in QEMU to avoid a race. 2015-04-08 Michael Chapman qemu: fix error propagation in qemuMigrationBegin If virCloseCallbacksSet fails, qemuMigrationBegin must return NULL to indicate an error occurred. 2015-04-08 Michael Chapman qemu: fix crash in qemuProcessAutoDestroy The destination libvirt daemon in a migration may segfault if the client disconnects immediately after the migration has begun: # virsh -c qemu+tls://remote/system list --all Id Name State ---------------------------------------------------- ... # timeout --signal KILL 1 \ virsh migrate example qemu+tls://remote/system \ --verbose --compressed --live --auto-converge \ --abort-on-error --unsafe --persistent \ --undefinesource --copy-storage-all --xml example.xml Killed # virsh -c qemu+tls://remote/system list --all error: failed to connect to the hypervisor error: unable to connect to server at 'remote:16514': Connection refused The crash is in: 1531 void 1532 qemuDomainObjEndJob(virQEMUDriverPtr driver, virDomainObjPtr obj) 1533 { 1534 qemuDomainObjPrivatePtr priv = obj->privateData; 1535 qemuDomainJob job = priv->job.active; 1536 1537 priv->jobs_queued--; Backtrace: #0 at qemuDomainObjEndJob at qemu/qemu_domain.c:1537 #1 in qemuDomainRemoveInactive at qemu/qemu_domain.c:2497 #2 in qemuProcessAutoDestroy at qemu/qemu_process.c:5646 #3 in virCloseCallbacksRun at util/virclosecallbacks.c:350 #4 in qemuConnectClose at qemu/qemu_driver.c:1154 ... qemuDomainRemoveInactive calls virDomainObjListRemove, which in this case is holding the last remaining reference to the domain. qemuDomainRemoveInactive then calls qemuDomainObjEndJob, but the domain object has been freed and poisoned by then. This patch bumps the domain's refcount until qemuDomainRemoveInactive has completed. We also ensure qemuProcessAutoDestroy does not return the domain to virCloseCallbacksRun to be unlocked in this case. There is similar logic in bhyveProcessAutoDestroy and lxcProcessAutoDestroy (which call virDomainObjListRemove directly). 2015-04-08 Michal Privoznik virQEMUDriverGetConfig: Fix memleak ==19015== 968 (416 direct, 552 indirect) bytes in 1 blocks are definitely lost in loss record 999 of 1,049 ==19015== at 0x4C2C070: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==19015== by 0x52ADF14: virAllocVar (viralloc.c:560) ==19015== by 0x5302FD1: virObjectNew (virobject.c:193) ==19015== by 0x1DD9401E: virQEMUDriverConfigNew (qemu_conf.c:164) ==19015== by 0x1DDDF65D: qemuStateInitialize (qemu_driver.c:666) ==19015== by 0x53E0823: virStateInitialize (libvirt.c:777) ==19015== by 0x11E067: daemonRunStateInit (libvirtd.c:905) ==19015== by 0x53201AD: virThreadHelper (virthread.c:206) ==19015== by 0xA1EE1F2: start_thread (in /lib64/libpthread-2.19.so) ==19015== by 0xA4EFC8C: clone (in /lib64/libc-2.19.so) virDomainVirtioSerialAddrSetFree: Fix memleak ==19015== 8 bytes in 1 blocks are definitely lost in loss record 34 of 1,049 ==19015== at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==19015== by 0x4C2C32F: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==19015== by 0x52AD888: virReallocN (viralloc.c:245) ==19015== by 0x52AD97E: virExpandN (viralloc.c:294) ==19015== by 0x52ADC51: virInsertElementsN (viralloc.c:436) ==19015== by 0x5335864: virDomainVirtioSerialAddrSetAddController (domain_addr.c:816) ==19015== by 0x53358E0: virDomainVirtioSerialAddrSetAddControllers (domain_addr.c:839) ==19015== by 0x1DD5513B: qemuDomainAssignVirtioSerialAddresses (qemu_command.c:1422) ==19015== by 0x1DD55A6E: qemuDomainAssignAddresses (qemu_command.c:1711) ==19015== by 0x1DDA5818: qemuProcessStart (qemu_process.c:4616) ==19015== by 0x1DDF1807: qemuDomainObjStart (qemu_driver.c:7265) ==19015== by 0x1DDF1A66: qemuDomainCreateWithFlags (qemu_driver.c:7320) qemuSetupCgroupForVcpu: Fix memleak ==19015== 1,064 (656 direct, 408 indirect) bytes in 2 blocks are definitely lost in loss record 1,002 of 1,049 ==19015== at 0x4C2C070: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==19015== by 0x52AD74B: virAlloc (viralloc.c:144) ==19015== by 0x52B47CA: virCgroupNew (vircgroup.c:1057) ==19015== by 0x52B53E5: virCgroupNewVcpu (vircgroup.c:1451) ==19015== by 0x1DD85A40: qemuSetupCgroupForVcpu (qemu_cgroup.c:1013) ==19015== by 0x1DDA66EA: qemuProcessStart (qemu_process.c:4844) ==19015== by 0x1DDF1807: qemuDomainObjStart (qemu_driver.c:7265) ==19015== by 0x1DDF1A66: qemuDomainCreateWithFlags (qemu_driver.c:7320) ==19015== by 0x1DDF1ACD: qemuDomainCreate (qemu_driver.c:7337) ==19015== by 0x53F87EA: virDomainCreate (libvirt-domain.c:6820) ==19015== by 0x12690A: remoteDispatchDomainCreate (remote_dispatch.h:3481) ==19015== by 0x126827: remoteDispatchDomainCreateHelper (remote_dispatch.h:3457) 2015-04-07 Erik Skultety storage: Introduce storagePoolUpdateAllState function The 'checkPool' callback was originally part of the storageDriverAutostart function, but the pools need to be checked earlier during initialization phase, otherwise we can't start a domain which mounts a volume after the libvirtd daemon restarted. This is because qemuProcessReconnect is called earlier than storageDriverAutostart. Therefore the 'checkPool' logic has been moved to storagePoolUpdateAllState which is called inside storageDriverInitialize. We also need a valid 'conn' reference to be able to execute 'refreshPool' during initialization phase. Though it isn't available until storageDriverAutostart all of our storage backends do ignore 'conn' pointer, except for RBD, but RBD doesn't support 'checkPool' callback, so it's safe to pass conn = NULL in this case. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1177733 2015-04-07 Erik Skultety conf: Introduce virStoragePoolLoadAllState && virStoragePoolLoadState These functions operate exactly the same as their network equivalents virNetworkLoadAllState, virNetworkLoadState. storage: Add support for storage pool state XML This patch introduces new virStorageDriverState element stateDir. Also adds necessary changes to storageStateInitialize, so that directories initialization becomes more generic. 2015-04-07 Shivaprasad G Bhat hostdev: Report the domain name for used hostdevs during nodedev-detach The nodedev-detach can report the name of the domain using the device just the way nodedev-reattach does it. 2015-04-07 Cole Robinson virsh: Improve change-media success message $ sudo virsh change-media f19 hdc /mnt/data/devel/media/Fedora-16-x86_64-Live-KDE.iso succeeded to complete action update on media Change the message to: Successfully {inserted,ejected,changed} media. https://bugzilla.redhat.com/show_bug.cgi?id=967946 2015-04-07 Laine Stump interface: allow multiple IPv4 addresses in interface XML An upcoming netcf release will support multiple ipv4 addresses, so let's loosen up libvirt's interface.rng to allow it. 2015-04-03 Jiri Denemark virsh.pod: Remove redundant --config from attach-interface 2015-04-03 Noella Ashu libvirt: virsh: Kill all uses of __FUNCTION__ in error messages The error output of snapshot-revert should be more friendly. There is no need to show virDomainRevertToSnapshot to user. virReportError already includes __FUNCTION__ information in a separate member of the struct, so repeating it in the message is redundant and leads to situations where higher level code ends up reporting the lower level name. We correctly converted the error output making it more succinct and user-friendly. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1086726 2015-04-03 Luyao Huang virsh: Fix domifaddr output in quiet mode In virsh we have two printing functions: vshPrint() which prints a string onto stdout and vshPrintExtra() which does not print anything if virsh is run in quiet mode. Usually, the former is used to print actual results, while the latter to print strings like table headers and other formatting stuff. However, in cmdDomIfAddr we have mistakenly used vshPrintExtra even for actual data. After this patch, the output should look like the following: # virsh -q domifaddr test3 --source agent lo 00:00:00:00:00:00 ipv4 127.0.0.1/8 - - ipv6 ::1/128 ens8 52:54:00:1a:cb:3f ipv6 fe80::5054:ff:fe1a:cb3f/64 virbr0 52:54:00:db:51:e7 ipv4 192.168.122.1/24 virbr0-nic 52:54:00:db:51:e7 N/A N/A 2015-04-03 Dawid Zamirski esx: esxNodeGetFreeMemory return info from host. Before this patch, when connected via vCenter, the free memory returned was from the resorcePool (usually a cluster). This is in conflict with e.g esxNodeGetInfo which always pulls info from the ESX host. Since libvirt ESX driver works primarily with ESX hosts, this patch changes esxNodeGetFreeMemory to pull that information from ESX host so it's consistent with behavior of esxNodeGetInfo. esx: add esxVI_GetInt Modeled after the already existing esxVI_GetLong. 2015-04-03 Erik Skultety conf: Change virStoragePoolSaveConfig prototype s/configDir/configFile Just a minor change which might be a little confusing for someone looking only at the API. conf: Introduce virStoragePoolSaveState Introduce virStoragePoolSaveState to properly format the state XML in the same manner as virStoragePoolDefFormat, except for adding a ... around the definition. This is similar to virNetworkObjFormat used to save the live/active network information. conf: Introduce virStoragePoolDefFormatBuf When modifying config/status XML, it might be handy to include some additional XML elements (e.g. ). In order to do so, introduce new formatting function virStoragePoolDefFormatBuf and make virStoragePoolDefFormat call it. 2015-04-02 Jim Fehlig libxl: fix dom0 balloon logic Recent testing on large memory systems revealed a bug in the Xen xl tool's freemem() function. When autoballooning is enabled, freemem() is used to ensure enough memory is available to start a domain, ballooning dom0 if necessary. When ballooning large amounts of memory from dom0, freemem() would exceed its self-imposed wait time and return an error. Meanwhile, dom0 continued to balloon. Starting the domain later, after sufficient memory was ballooned from dom0, would succeed. The libvirt implementation in libxlDomainFreeMem() suffers the same bug since it is modeled after freemem(). In the end, the best place to fix the bug on the Xen side was to slightly change the behavior of libxl_wait_for_memory_target(). Instead of failing after caller-provided wait_sec, the function now blocks as long as dom0 memory ballooning is progressing. It will return failure only when more memory is needed to reach the target and wait_sec have expired with no progress being made. See xen.git commit fd3aa246. There was a dicussion on how this would affect other libxl apps like libvirt http://lists.xen.org/archives/html/xen-devel/2015-03/msg00739.html If libvirt containing this patch was build against a Xen containing the old libxl_wait_for_memory_target() behavior, libxlDomainFreeMem() will fail after 30 sec and domain creation will be terminated. Without this patch and with old libxl_wait_for_memory_target() behavior, libxlDomainFreeMem() does not succeed after 30 sec, but returns success anyway. Domain creation continues resulting in all sorts of fun stuff like cpu soft lockups in the guest OS. It was decided to properly fix libxl_wait_for_memory_target(), and if anything improve the default behavior of apps using the freemem reference impl in xl. xl was patched to accommodate the change in libxl_wait_for_memory_target() with xen.git commit 883b30a0. This patch does the same in the libxl driver. While at it, I changed the logic to essentially match freemem() in $xensrc/tools/libxl/xl_cmdimpl.c. It was a bit cleaner IMO and will make it easier to spot future, potentially interesting divergences. 2015-04-02 Martin Kletzander Typos: Get rid of dependan(t|cies) Dependant is flagged as wrong in US dictionary (only valid in UK dictionary, and even then, it has only the financial sense and not the inter-relatedness sense that we are more prone to be wanting throughout code). docs: Add Host sFlow into monitoring apps Reported-by: Peter Phaal 2015-04-02 Huanle Han hostdev: Fix index error in loop after remove an element 'virPCIDeviceList' is actually an array. Removing one element makes the rest of the element move. Use while loop, increase index only when not virPCIDeviceListDel(pcidevs, dev) 2015-04-02 Ján Tomko Fix xlconfigtest with older libxl Commit cd5dc30 added this test, but it fails if LIBXL_HAVE_BUILDINFO_USBDEVICE_LIST is not defined: 6) Xen XM-2-XML Format fullvirt-multiusb ... libvirt: error : unsupported configuration: multiple USB devices not supported FAILED 2015-04-02 Ján Tomko Auto add virtio-serial controllers In virDomainVirtioSerialAddrNext, add another controller if we've exhausted all ports of the existing controllers. https://bugzilla.redhat.com/show_bug.cgi?id=1076708 2015-04-02 Ján Tomko Assign an address when hotplugging a virtio-serial device Expand the address set when attaching a virtio-serial controller 2015-04-02 Ján Tomko Allocate virtio-serial addresses when starting a domain Instead of always using controller 0 and incrementing port number, respect the maximum port numbers of controllers and use all of them. Ports for virtio consoles are quietly reserved, but not formatted (neither in XML nor on QEMU command line). Also rejects duplicate virtio-serial addresses. https://bugzilla.redhat.com/show_bug.cgi?id=890606 https://bugzilla.redhat.com/show_bug.cgi?id=1076708 Test changes: * virtio-auto.args Filling out the port when just the controller is specified. switched from using maxport + 1 to: first free port on the controller * virtio-autoassign.args Filling out the address when no
    is specified. Started using all the controllers instead of 0, also discards the bus value. * xml -> xml output of virtio-auto The port assignment is no longer done as a part of XML parsing, so the unspecified values stay 0. 2015-04-02 Ján Tomko Add functions to track virtio-serial addresses Create a sorted array of virtio-serial controllers. Each of the elements contains the controller index and a bitmap of available ports. Buses are not tracked, because they aren't supported by QEMU. 2015-04-02 Ján Tomko Add test for virtio serial port assignment Add a test to demonstrate the effect of automatic virtio-serial address assignment. 2015-04-02 John Ferlan scsi: Remove unused 'type_path' in processLU Seems to be a remnant that was never cleaned up from original submit... iscsi: Fix exit path for virStorageBackendISCSIFindLUs failure If the call to virStorageBackendISCSIGetHostNumber failed, we set retval = -1, but yet still called virStorageBackendSCSIFindLUs. Need to add a goto cleanup - while at it, adjust the logic to initialize retval to -1 and only changed to 0 (zero) on success. iscsi: Use error message from virStorageBackendSCSIFindLUs Don't supercede the error message virStorageBackendSCSIFindLUs as the message such as "error: Failed to find LUs on host 60: ..." is not overly clear as to what the real problem might be. 2015-04-02 Erik Skultety conf: Introduce virStoragePoolSaveXML Make XML definition saving more generic by moving the common code into virStoragePoolSaveXML and leave case specific code to PoolSave{Status,Config,...} functions. storage: Remove unused attribute conn from 'checkPool' callback In order to be able to use 'checkPool' inside functions which do not have any connection reference, 'conn' attribute needs to be discarded from the checkPool's signature, since it's not used by any storage backend anyway. 2015-04-02 Luyao Huang qemuDomainBlockCopy: Check @granularity to be a power of two https://bugzilla.redhat.com/show_bug.cgi?id=1206479 As described in virDomainBlockCopy() parameters description, the VIR_DOMAIN_BLOCK_COPY_GRANULARITY parameter may require the value to have some specific attributes (e.g. be a power of two or fall within a certain range). And in qemu, a power of two is required. However, our code does not check that and let qemu operation fail. Moreover, the virsh man page is not as exact as it could be in this respect. 2015-04-02 Michal Privoznik nodeinfodata: Remove broken symlinks and uneeded files The 7c3c7f217ebae5 and f5c2d6 commits introduced a nodeinfo test. In order to do that, some parts of sysfs had to be copied. However, sysfs is full of symlinks, so during copying some symlinks broke. Remove them, as on different systems they can point to different files or be broken. At the same time, we don't need all files added in those commits. For instance we don't care about 'uevent' files, 'power' folders, and others. 2015-04-02 zhang bo qemu: lifecycle: make agent-mode shutdown and reboot timeout When we shutdown/reboot a guest using agent-mode, if the guest itself blocks infinitely, libvirt would block in qemuAgentShutdown() forever. Thus, we set a timeout for shutdown/reboot, from our experience, 60 seconds would be fine. 2015-04-02 Ján Tomko Fix indentation in cmdVcpuPin virsh: remove stale comment Copied from the vcpupin command, which has two modes of operation. 2015-04-02 Shanzhi Yu conf: Rename virDomainHasDiskMirror and detect block jobs properly virDomainHasDiskMirror() currently detects only jobs that add the mirror elements. Since some operations like migration are interlocked by existing block jobs on the given domain the check needs to be instrumented to check regular jobs too. This patch renames virDomainHasDiskMirror to virDomainHasDiskBlockjob and adds an argument that allows to select that it returns true only for block copy jobs as those interlock making the domain persistent. Other two uses trigger on any block job type. 2015-04-02 Peter Krempa qemu: snapshot: Check for block jobs individually If any disk of a VM was involved in a (copy) block job we refused to do a snapshot. As not only copy jobs interlock snapshots and the interlocking is applicable to individual disks only we can make the check in a more individual fashion and interlock all block job types supported by libvirt. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1203628 2015-04-02 Ján Tomko Remove unnecessary includes from virsh.h Include them in the files that need them instead. 2015-04-02 Ján Tomko Remove unused includes from virsh After splitting out most of virsh command, some includes are no longer needed. Some files have the libXML includes despite not needing them. 2015-04-02 Ján Tomko Clean up headers in src/util/virutil.h * "verify.h" from gnulib is included in internal.h * is no longer needed added by commit da196338 to use fd_set in virExec prototype Do not include cpu_map.h in libvirtd.c No longer needed after commit dd47723 2015-04-02 Ján Tomko Use the DEFAULT_DRIVER_DIR macro Unused since commit bc2f42a0. Move it under the WITHOUT_DRIVER_MODULES #ifdef and start using it again. 2015-04-02 Ján Tomko Remove unused macros In the order of appearance: * MAX_LISTEN - never used added by 23ad665c (qemud) and addec57 (lock daemon) * NEXT_FREE_CLASS_ID - never used, added by 07d1b6b * virLockError - never used, added by eb8268a4 * OPENVZ_MAX_ARG, CMDBUF_LEN, CMDOP_LEN unused since the removal of ADD_ARG_LIT in d8b31306 * QEMU_NB_PER_CPU_STAT_PARAM - unused since 897808e * QEMU_CMD_PROMPT, QEMU_PASSWD_PROMPT - unused since 1dc10a7 * TEST_MODEL_WORDSIZE - unused since c25c18f7 * TEMPDIR - never used, added by 714bef5 * NSIG - workaround around old headers added by commit 60ed1d2 unused since virExec was moved by commit 02e8691 * DO_TEST_PARSE - never used, added by 9afa006 * DIFF_MSEC, GETTIMEOFDAY - unused since eee6eb6 2015-04-02 Peter Krempa qemu: Copy bitmap in a sane way Use virBitmapNewCopy instead of a combination of virBitmapNew and virBitmapCopy. qemu: cgroup: Kill qemuSetupCgroupVcpuPin() The function doesn't make sense. There's a simpler way to achieve the same. qemu: cgroup: Kill qemuSetupCgroupIOThreadsPin() The function doesn't make sense. There's a simpler way to achieve the same. qemu: cgroup: Rename qemuSetupCgroupEmulatorPin to qemuSetupCgroupCpusetCpus The function is used to set cpuset.cpus in various other helpers. qemu: cgroup: Use priv->autoCpuset instead of using qemuPrepareCpumap() Two places would call to qemuPrepareCpumap() with priv->autoNodeset to convert it to a cpuset. Remove the function and use the prepared cpuset automatically. 2015-04-02 Peter Krempa qemu: cgroup: Properly set up vcpu pinning When the default cpuset or automatic numa placement is used libvirt would place the whole parent cgroup in the specified cpuset. This then disallowed to re-pin the vcpus to a different cpu. This patch pins only the vcpu threads to the default cpuset and thus allows to re-pin them later. The following config would fail to start: ... 4 ... This is a regression since a39f69d2b. 2015-04-02 Peter Krempa qemu: cgroup: Refactor setup for IOThread cgroups Use the default or auto cpuset if they are provided for IOThreads. qemu: cgroup: Store auto cpuset instead of re-creating it on demand The automatic cpuset can be stored along with automatic nodeset and it does not have to be recreated when used. Bump version to 1.2.15 for new dev cycle 2015-04-02 Daniel Veillard Release of libvirt-1.2.14 - docs/news.html.in libvirt.spec.in: update for the release - po/*.po*: regenerated localization 2015-04-01 Cole Robinson tests: nodeinfo: Add test for RHELSA on APM mustang This would have caught the bug fixed by Wei's commit c13de016 tests: nodeinfo: Test F21 aarch64 on APM mustang 2015-03-31 Peter Krempa qemu: blockjob: Synchronously update backing chain in XML on ABORT/PIVOT When the synchronous pivot option is selected, libvirt would not update the backing chain until the job was exitted. Some applications then received invalid data as their job serialized first. This patch removes polling to wait for the ABORT/PIVOT job completion and replaces it with a condition. If a synchronous operation is requested the update of the XML is executed in the job of the caller of the synchronous request. Otherwise the monitor event callback uses a separate worker to update the backing chain with a new job. This is a regression since 1a92c719101e5bfa6fe2b78006ad04c7f075ea28 When the ABORT job is finished synchronously you get the following call stack: #0 qemuBlockJobEventProcess #1 qemuDomainBlockJobImpl #2 qemuDomainBlockJobAbort #3 virDomainBlockJobAbort While previously or while using the _ASYNC flag you'd get: #0 qemuBlockJobEventProcess #1 processBlockJobEvent #2 qemuProcessEventHandler #3 virThreadPoolWorker 2015-03-31 Peter Krempa qemu: Extract internals of processBlockJobEvent into a helper Later on I'll be adding a condition that will allow to synchronise a SYNC block job abort. The approach will require this code to be called from two different places so it has to be extracted into a helper. qemu: processBlockJob: Don't unlock @vm twice Commit 1a92c719 moved code to handle block job events to a different function that is executed in a separate thread. The caller of processBlockJob handles locking and unlocking of @vm, so the we should not do it in the function itself. 2015-03-30 Peter Krempa qemu: blockCopy: Pass adjusted bandwidth when called via blockRebase The block copy API takes the speed in bytes/s rather than MiB/s that was the prior approach in virDomainBlockRebase. We correctly converted the speed to bytes/s in the old API but we still called the common helper virDomainBlockCopyCommon with the unadjusted variable. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1207122 2015-03-30 Luyao Huang virsh: blockCopy: Add missing jump on error path The overflow check for the bandwidth parameter did not jump to the cleanup label. Additionally virsh should use vshError instead of virReportError. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1206987 2015-03-30 Michal Privoznik qemuDomainGetNumaParameters: Check for the correct CGroup controller When getting info on NUMA parameters for domain, virCgroupGetCpusetMems() may be called. However, as of 43b67f2e the call is guarded by check if memory controller is present. Even though it may be not obvious instantly, NUMA parameters are stored under cpuset controller. Therefore the check needs to look like this: if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUSET) || virCgroupGetCpusetMems(priv->cgroup, &nodeset) < 0) { 2015-03-30 Michal Privoznik virCgroupController: Check the enum fits into 'int' Throughout our code, the virCgroupController enum is used in two ways. First as an index to an array of cgroup controllers: struct virCgroup { char *path; struct virCgroupController controllers[VIR_CGROUP_CONTROLLER_LAST]; }; Second way is that when calling virCgroupNew() a bitmask of the enum items can be passed to selectively detect only some controllers. For instance: int virCgroupNewVcpu(virCgroupPtr domain, int vcpuid, bool create, virCgroupPtr *group) { ... controllers = ((1 << VIR_CGROUP_CONTROLLER_CPU) | (1 << VIR_CGROUP_CONTROLLER_CPUACCT) | (1 << VIR_CGROUP_CONTROLLER_CPUSET)); if (virCgroupNew(-1, name, domain, controllers, group) < 0) goto cleanup; } Even though it's highly unlikely that so many new controllers will be invented so that we would overflow when constructing the bitmask, it doesn't hurt to check at compile time either. 2015-03-30 Michal Privoznik virCgroupNew: Enhance debug message When creating new internal representation of cgroups, all passed arguments are logged. Well, except for two: pid and pointer for return value. Lets log them too. virCgroupNewPartition: Fix comment The function has no argument named @name rather than @path instead. The comment is, however, referring to @name while it should have been referring to @path really. 2015-03-29 Eric Blake build: avoid variable named 'interface', for mingw Commit 2f36e6944 (re-)introduced a use of an identifier 'interface', which causes this build failure on mingw: ../../tools/virsh-domain-monitor.c: In function 'cmdDomIfAddr': ../../tools/virsh-domain-monitor.c:2233:17: error: expected identifier or '(' before 'struct' const char *interface = NULL; ^ See also commit 6512c8b. Sadly, I'm not quite sure how to write a syntax check that can poison the use of this identifier. * tools/virsh-domain-monitor.c (cmdDomIfAddr): Use ifacestr instead. 2015-03-28 John Ferlan vircgroup: Fix build issue mingw cross compile Commit id '2dbfa716' exposed virCgroupDetectMountsFromFile, but did not add the corresponding entry in the "#else /* !VIR_CGROUP_SUPPORTED */" section of the module. vircgroup: Fix build issue on mingw cross compile Commit id 'ba1dfc5' added virCgroupSetCpusetMemoryMigrate and virCgroupGetCpusetMemoryMigrate, but did not add the corresponding entry points into the "#else /* !VIR_CGROUP_SUPPORTED */" section 2015-03-27 Pavel Hrdina tests: introduce qemucaps2xmlmock We need to mock virFileExists to return true for "/dev/kvm" because the test should not depend on host system. Revert "qemucaps2xmltest: fix test to successfully run without kvm support" This reverts commit 49bf09d16cb7050795f6963a2746d686a2fbaece. That commit is wrong and doesn't fix the issue. virnetlink: fix build error Commint 0473b45cc introduced new function virNetlinkDelLink, but in it's counterpart for non-linux platform there should be ATTRIBUTE_UNUSED instead of ATTRIBUTE_UNSUPPORTED. 2015-03-27 Shanzhi Yu qemu: end the job when try to blockcopy to non-file destination Blockcopy to non-file destination is not supported according the code, but a 'goto endjob' is missed after checking the destination. This leads to calling drive-mirror with wrong parameters. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1206406 2015-03-27 Wei Huang nodeinfo: Increase the num of CPU thread siblings to a larger value Current libvirt can only handle up to 1023 bytes when it reads Linux sysfs topology/thread_siblings. This isn't enough for Linux distributions that support a large value. This patch fixes the problem by using VIR_ALLOC()/VIR_FREE(), instead of using a fixed-size (1024) local char array. In the meanwhile SYSFS_THREAD_SIBLINGS_LIST_LENGTH_MAX is increased to 8192 which should be large enough for a foreseeable future. 2015-03-27 Eric Blake relaxng: allow : in /dev/disk/by-path names On IRC, Hydrar pointed a problem where 'virsh edit' failed on his domain created through an ISCSI pool managed by virt-manager, all because the XML included a block device with colons in the name. * docs/schemas/basictypes.rng (absFilePath): Add colon as safe. * tests/qemuxml2argvdata/qemuxml2argv-disk-iscsi.xml: New file. * tests/qemuxml2argvdata/qemuxml2argv-disk-iscsi.args: Likewise. * tests/qemuxml2argvtest.c (mymain): Test it. 2015-03-27 Konrad Rzeszutek Wilk libxl: Fix memory leak if pthread_create fails. If we fail to create the thread we leak the shutdown_info structure. 2015-03-27 Laine Stump util: use netlink to create bridge devices Just as it is possible to delete a bridge device with the netlink RTM_DELLINK message, one can be created with the RTM_NEWLINK message. Because of differences in the format of the message, it's not as straightforward as with virNetlinkDelLink() to create a single utility function that can be used to create any type of interface, so the new netlink version of virNetDevBridgeCreate() does its own construction of the netlink message and calls virNetlinkCommand() itself. This doesn't provide any extra functionality, just provides symmetry with the previous commit. NB: We *could* alter the API of virNetDevBridgeCreate() to take a MAC address, and directly program that mac address into the bridge (by adding an IFLA_ADDRESS attribute, as is done in virNetDevMacVLanCreate()) rather than separately creating the "dummy tap" (e.g. virbr0-nic) to maintain a fixed mac address on the bridge, but the commit history of virnetdevbridge.c shows that the presence of this dummy tap is essential in some older versions of the kernel (between 2.6.39 and 3.1 or 3.2, possibly?) to proper operation of IPv6 DAD, and I don't want to take the chance of breaking something that I don't have the time/setup to test (my RHEL6 box is at kernel 2.6.32-544, and the next lowest kernel I have is 3.17) 2015-03-27 Laine Stump util: use netlink to delete bridge devices https://bugzilla.redhat.com/show_bug.cgi?id=1125755 reported that a stray bridge device was left on the system when a libvirt network failed to start due to an illegal iptables rule caused by bad config. Apparently the reason this was happening was that NetworkManager was noticing immediately when the bridge device was created and automatically setting it IFF_UP. libvirt would then try to setup the iptables rules, get an error back, and since libvirt had never IFF_UPed the bridge, it didn't expect that it needed to set it ~IFF_UP before deleting it during the cleanup process. But the ioctl(SIOCBRDELBR) ioctl will fail to delete a bridge if it is IFF_UP. Since that bug was reported, NetworkManager has gotten a bit more polite in this respect, but just in case something similar happens in the future, this patch switches to using the netlink RTM_DELLINK message to delete the bridge - unlike SIOCBRDELBR, it will delete the requested bridge no matter what the setting of IFF_UP. 2015-03-27 Laine Stump util: replace body of virNetDevMacVLanDelete() with virNetlinkDelLink() These two functions are identical, so no sense in having the duplication. I resisted the temptation to replace calls to virNetDevMacVLanDelete() with calls to virNetlinkDelLink() just in case some mythical future platform has macvtap devices that aren't managed with netlink (or in case we some day need to do more than just tell the kernel to delete the device). util: netlink function to delete any network device libvirt has always used the netlink RTM_DELLINK message to delete macvtap/macvlan devices, but it can actually be used to delete other types of network devices, such as bonds and bridges. This patch makes virNetDevMacVLanDelete() available as a generic function so it can intelligibly be called to delete these other types of interfaces. 2015-03-26 Eric Blake maint: update to latest gnulib Usual update to latest gnulib status. In particular this update fixes at least one issue that can be seen in libvirt, by silencing a valgrind detection of uninitialized memory: https://bugzilla.redhat.com/show_bug.cgi?id=1174147 * .gnulib: Update to latest. * bootstrap: Resync to gnulib. 2015-03-26 Ján Tomko Rename DomainGetIOThreadsInfo to DomainGetIOThreadInfo While it returns info about multiple threads, the version without the plural is easier to read. Rename qemuMonitorIOThreadsInfo* to qemuMonitorIOThreadInfo* It only deals with a single thread. Rename virDomainIOThreadsInfoFree to virDomainIOThreadInfoFree This function only frees the info for one thread. virsh: rename iothreadsinfo to iothreadinfo The plural seems unnecessary. 2015-03-26 Luyao Huang qemu: command: Fix property name for start address of a pc-dimm module Starting a qemu VM with a memory module that has the base address specified results in the following error: error: internal error: early end of file from monitor: possible problem: 2015-03-26T03:45:52.338891Z qemu-kvm: -device pc-dimm,node=0,memdev=memdimm0, id=dimm0,slot=0,base=4294967296: Property '.base' not found The correct property name for the base address is 'addr'. 2015-03-26 Jiri Denemark qemu: Give hint about -noTSX CPU model Because of the microcode update to Haswell/Broadwell CPUs, existing domains using these CPUs may fail to start even though they used to run just fine. To help users solve this issue we try to suggest switching to -noTSX variant of the CPU model: virsh # start cd error: Failed to start domain cd error: unsupported configuration: guest and host CPU are not compatible: Host CPU does not provide required features: rtm, hle; try using 'Haswell-noTSX' CPU model 2015-03-26 Jiri Denemark cpu: Add {Haswell,Broadwell}-noTSX CPU models QEMU 2.3 adds these new models to cover Haswell and Broadwell CPUs with updated microcode. Luckily, they also reverted former the machine type specific changes to existing models. And since these changes were never released, we don't need to hack around them in libvirt. 2015-03-26 Peter Krempa qemu: command: Check for empty network source when formatting drive cmd Use the virStorageSourceIsEmpty helper to determine whether the drive source is empty rather than checking for src->path. This will fix start of VM with empty network cdrom that would not report any error. 2015-03-26 Peter Krempa qemu: command: Report error when formatting network source with protocol _NONE The function that formats the string for network drives would return error code but did not set the error message when called on storage source with VIR_STORAGE_NET_PROTOCOL_LAST or _NONE. Report an error in this case if it would ever be called in that way. 2015-03-26 Amy Fong build: fix race when creating the cpu_map.xml symlink In some circumstances where the build tree differs from the source, libvirt's compile will try to create the symlink for cpu_map.xml before creating the directory $(abs_builddir)/cpu: 'src/cpu/cpu_map.xml': No such file or directory' Do not create the symlink, it is no longer needed after commit e562e82f Load CPU map from builddir when run uninstalled 2015-03-25 Peter Krempa tests: qemuxml2xml: Test status XML formatting and parsing Recently we've fixed a bug where the status XML could not be parsed as the parser used absolute path XPath queries. This test enhancement tests all XML files used in the qemu-xml-2-xml test as a part of a status XML snippet to see whether they are parsed correctly. The status XML-2-XML is currently tested in 223 cases with this patch. util: buffer: Add support for adding text blocks with indentation The current auto-indentation buffer code applies indentation only on complete strings. To allow adding a string containing newlines and having it properly indented this patch adds virBufferAddStr. 2015-03-25 Guido Günther Don't validata filesystem target type When using QEMU's 9pfs the target "dir" element is not necessarily an absolute path but merely an arbitrary identifier. So validation in that case currently fails with the misleading $ virt-xml-validate /tmp/test.xml Relax-NG validity error : Extra element devices in interleave /tmp/test.xml:24: element devices: Relax-NG validity error : Element domain failed to validate content /tmp/test.xml fails to validate 2015-03-25 Peter Krempa rpc: Don't unref identity object while callbacks still can be executed While this thread is cleaning up the client and connection objects: #2 virFileReadAll (path=0x7f28780012b0 "/proc/1319/stat", maxlen=maxlen@entry=1024, buf=buf@entry=0x7f289c60fc40) at util/virfile.c:1287 #3 0x00007f28adbb1539 in virProcessGetStartTime (pid=, timestamp=timestamp@entry=0x7f289c60fc98) at util/virprocess.c:838 #4 0x00007f28adb91981 in virIdentityGetSystem () at util/viridentity.c:151 #5 0x00007f28ae73f17c in remoteClientFreeFunc (data=) at remote.c:1131 #6 0x00007f28adcb7f33 in virNetServerClientDispose (obj=0x7f28aecad180) at rpc/virnetserverclient.c:858 #7 0x00007f28adba8eeb in virObjectUnref (anyobj=) at util/virobject.c:265 #8 0x00007f28ae74ad05 in virNetServerHandleJob (jobOpaque=, opaque=0x7f28aec93ff0) at rpc/virnetserver.c:205 #9 0x00007f28adbbef4e in virThreadPoolWorker (opaque=opaque@entry=0x7f28aec88030) at util/virthreadpool.c:145 In stack frame #6 the client->identity object got unref'd, but the code that removes the event callbacks in frame #5 did not run yet as we are trying to obtain the system identity (frames #4, #3, #2). In other thead: #0 virObjectUnref (anyobj=anyobj@entry=0x7f288c162c60) at util/virobject.c:264 klass = 0xdeadbeef obj = 0x7f288c162c60 #1 0x00007f28ae71c709 in remoteRelayDomainEventCheckACL (client=, conn=, dom=dom@entry=0x7f28aecaafc0) at remote.c:164 #2 0x00007f28ae71fc83 in remoteRelayDomainEventTrayChange (conn=, dom=0x7f28aecaafc0, ... ) at remote.c:717 #3 0x00007f28adc04e53 in virDomainEventDispatchDefaultFunc (conn=0x7f287c0009a0, event=0x7f28aecab1a0, ...) at conf/domain_event.c:1455 #4 0x00007f28adc03831 in virObjectEventStateDispatchCallbacks (callbacks=, ....) at conf/object_event.c:724 #5 virObjectEventStateQueueDispatch (callbacks=0x7f288c083730, queue=0x7fff51f90030, state=0x7f288c18da20) at conf/object_event.c:738 #6 virObjectEventStateFlush (state=0x7f288c18da20) at conf/object_event.c:816 #7 virObjectEventTimer (timer=, opaque=0x7f288c18da20) at conf/object_event.c:562 #8 0x00007f28adb859cd in virEventPollDispatchTimeouts () at util/vireventpoll.c:459 Frame #0 is unrefing an invalid identity object while frame #2 hints that the client is still dispatching the event. For untrimmed backtrace see the bugzilla attachment. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1203030 2015-03-25 Peter Krempa daemon: Clear fake domain def object that is used to check ACL prior to use The fake object is used to pass the domain name and UUID to the ACL code for events where we don't have the full domain def when dispatching events. The rest of the entries would be left uninitialized. While this is not a problem code-wise as the used fields are initialized it looks ugly in the debugger. util: identity: Harden virIdentitySetCurrent() Don't unref the old identity unless we set the new one correctly and unref the new one on failure to set it so that we don't leak any references or use invalid pointers. 2015-03-25 Peter Krempa tests: qemuxml2xml: Refactor the qemuxml2xml test To allow adding more tests, refactor the XML-2-XML test so that the files are not reloaded always and clarify the control flow. Result of this changes is that the active and inactive portions of the XML are tested in separate steps rather than one test step. 2015-03-25 Peter Krempa qemu: domain: Don't leak device alias list While adding tests for status XML parsing and formatting I've noticed that the device alias list is leaked. ==763001== 81 (48 direct, 33 indirect) bytes in 1 blocks are definitely lost in loss record 414 of 514 ==763001== at 0x4C2B8F0: calloc (vg_replace_malloc.c:623) ==763001== by 0x6ACF70F: virAllocN (viralloc.c:191) ==763001== by 0x447B64: qemuDomainObjPrivateXMLParse (qemu_domain.c:727) ==763001== by 0x6B848F9: virDomainObjParseXML (domain_conf.c:15491) ==763001== by 0x6B84CAC: virDomainObjParseNode (domain_conf.c:15608) 2015-03-25 Pavel Hrdina qemucaps2xmltest: fix test to successfully run without kvm support Function virQEMUCapsInitGuestFromBinary detect kvm support by testing whether /dev/kvm exists or whether we pass path to kvmbin. Provide the path we are testing via kvmbin for testing purpose instead of detecting presence of /dev/kvm to successfully run the tests on all hosts. 2015-03-25 Luyao Huang qemu: Report better error when memory device source has wrong NUMA node When starting a VM with hotpluggable memory devices the user may specify an invalid source NUMA node. Libvirt would pass through the error from qemu: # virsh start test3 error: Failed to start domain test3 error: internal error: process exited while connecting to monitor: 2015-03-25T01:12:17.205913Z qemu-kvm: -object memory-backend-ram,id=memdimm0 ,size=536870912,host-nodes=1-3,policy=bind: cannot bind memory to host NUMA nodes: Invalid argument This patch adds a check that allows to report better error: # virsh start test3 error: Failed to start domain test3 error: configuration unsupported: NUMA node 1 is unavailable 2015-03-25 Peter Krempa util: NUMA: Change error code in virNumaNodesetIsAvailable() An invalid nodeset is a configuration problem rather than an internal error. 2015-03-25 Luyao Huang conf: Add missing apostrophe to error message 2015-03-25 Pavel Hrdina Makefile: fix typo Commit 95695388 introduced new util/virthreadjob.c/h files but the makefile has type that breaks rpm build. 2015-03-25 Chen Fan docs: route element must specify network address because network address is required by route, so here we should add one avoid user misunderstand. docs: no 'via' attribute in route element via -> gateway 2015-03-25 Jiri Denemark qemu: Add timing to domain jobs Whenever we fail to acquire a job, we can report how long ago it was locked by another API. https://bugzilla.redhat.com/show_bug.cgi?id=853839 2015-03-25 Jiri Denemark qemu: Track the API which started the current job This is very helpful when we want to log and report why we could not acquire a state change lock. Reporting what job keeps it locked helps with understanding the issue. Moreover, after calling virDomainGetControlInfo, it's possible to tell whether libvirt is just stuck somewhere within the API (or it just forgot to cleanup the job) or whether libvirt is waiting for QEMU to reply. The error message will look like the following: # virsh resume cd error: Failed to resume domain cd error: Timed out during operation: cannot acquire state change lock (held by remoteDispatchDomainSuspend) https://bugzilla.redhat.com/show_bug.cgi?id=853839 2015-03-25 Jiri Denemark Set thread job for every RPC call Since all APIs are also RPC calls, we automatically get all APIs covered with thread jobs. virThreadPool: Set thread worker name Every thread created as a worker thread within a pool gets a name according to virThreadPoolJobFunc name. virThread: Set thread job Automatically assign a job to every thread created by virThreadCreate. The name of the virThreadFunc function passed to virThreadCreate is used as the job or worker name in case no name is explicitly passed. Force usage of virThreadCreate We want all threads to be set as workers or to have a job assigned to them, which can easily be achieved in virThreadCreate wrapper to pthread_create. Let's make sure we always use the wrapper. 2015-03-25 Jiri Denemark Add support for tracking thread jobs Each thread can use a thread local variable to keep the name of a job which is currently running in the job. The virThreadJobSetWorker API is supposed to be called once by any thread which is used as a worker, i.e., it is waiting in a pool, woken up to do a job, and returned back to the pool. The virThreadJobSet/virThreadJobClear APIs are to be called at the beginning/end of each job. 2015-03-25 Jiri Denemark POTFILES.in: Sort 2015-03-25 Ján Tomko Document that USB hostdevs do not need nodeDettach The virNodeDeviceDettach API only works on PCI devices. Originally added by commit 10d3272e, but the API never supported USB devices. Reported by: Martin Polednik 2015-03-25 Peter Krempa rpc: serverclient: Clear pointer with NULL instead of 0 2015-03-25 Jim Fehlig libxl: remove per-domain libxl_ctx Although needed in the Xen 4.1 libxl days, there is no longer any benefit to having per-domain libxl_ctx. On the contrary, their use makes the code unecessarily complicated and prone to deadlocks under load. As suggested by the libxl maintainers, use a single libxl_ctx as a handle to libxl instead of per-domain ctx's. One downside to using a single libxl_ctx is there are no longer per-domain log files for log messages emitted by libxl. Messages for all domains will be sent to /var/log/libvirt/libxl/libxl-driver.log. 2015-03-25 Jim Fehlig libxl: make libxlDomainFreeMem static libxlDomainFreeMem() is only used in libxl_domain.c and thus should be declared static. While at it, change the signature to take a libxl_ctx instead of libxlDomainObjPrivatePtr, since only the libxl_ctx is needed. libxl: remove unnecessary libxlDomainEventsRegister This function now only enables domain death events. Simply call libxl_evenable_domain_death() instead of an unnecessary wrapper. libxl: use global libxl_ctx in event handler Change the domain event handler code to use the driver-wide libxl_ctx instead of the domain-specific one. libxl: move event registration to driver initialization Register a domain event handler with the driver-wide libxl_ctx during driver initialization. libxl: Move setup of child processing code to driver initialization Informing libxl how to handle its child proceses should be done once during driver initialization, not once for each domain-specific libxl_ctx object. The related libxl documentation in $xen-src/tools/libxl/libxl_event.h even mentions that "it is best to call this at initialisation". 2015-03-25 Jim Fehlig libxl: use driver-wide ctx in fd and timer event handling Long ago I incorrectly associated libxl fd and timer registrations with per-domain libxl_ctx objects. When creating a libxlDomainObjPrivate, a libxl_ctx is allocated, and libxl_osevent_register_hooks is called passing a pointer to the libxlDomainObjPrivate. When an fd or timer registration occurred, the registration callback received the libxlDomainObjPrivate, containing the per-domain libxl_ctx. This libxl_ctx was then used when informing libxl about fd events or timer expirations. The problem with this approach is that fd and timer registrations do not share the same lifespan as libxlDomainObjPrivate, and hence the per-domain libxl_ctx ojects. The result is races between per-domain libxl_ctx's being destoryed and events firing on associated fds/timers, typically manifesting as an assert in libxl libxl_internal.h:2788: libxl__ctx_unlock: Assertion `!r' failed There is no need to associate libxlDomainObjPrivate objects with libxl's desire to use libvirt's event loop. Instead, the driver-wide libxl_ctx can be used for the fd and timer registrations. This patch moves the fd and timer handling code away from the domain-specific code in libxl_domain.c into libxl_driver.c. While at it, function names were changed a bit to better describe their purpose. The unnecessary locking was also removed since the code simply provides a wrapper over the event loop interface. Indeed the locks may have been causing some deadlocks when repeatedly creating/destroying muliple domains. There have also been rumors about such deadlocks during parallel OpenStack Tempest runs. 2015-03-25 Pavel Hrdina qemu: fix set vcpus on host without NUMA We don't have to modify cpuset.mems on hosts without NUMA. It also fixes an error message that you get instead of success if you trying update vcpus of a guest on a host without NUMA. error: internal error: NUMA isn't available on this host Signer-off-by: Pavel Hrdina 2015-03-25 Pavel Hrdina qemu: cleanup setvcpus Remove unnecessary maximum variable. 2015-03-25 Pavel Hrdina qemu: move virDomainLiveConfigHelperMethod right after BeginJob We should call virDomainLiveConfigHelperMethod ASAP because this function transfers VIR_DOMAIN_AFFECT_CURRENT to VIR_DOMAIN_AFFECT_LIVE or VIR_DOMAIN_AFFECT_CONFIG. All other additional checks for those two flags should consider that the user give us VIR_DOMAIN_AFFECT_CURRENT. Remove the unnecessary check whether the domain is live in case of VIR_DOMAIN_VCPU_GUEST because this check is done by virDomainLiveConfigHelperMethod. 2015-03-25 Ján Tomko Document behavior of compat when creating qcow2 volumes Commit bab2eda changed the behavior for missing compat attribute, but failed to update the documentation. Before, the option was omitted from qemu-img command line and the qemu-img default was used. Now we always specify the compat value and the default is 0.10. Reported by Christophe Fergeau https://bugzilla.gnome.org/show_bug.cgi?id=746660#c4 2015-03-25 Ján Tomko Fix typo in error message by rewriting it completely from: error: unsupported configuration: virtio only support device address type 'PCI' to: error: unsupported configuration: virtio disk cannot have an address of type drive Since we now support CCW addresses as well. 2015-03-24 Laine Stump qemu: change accidental VIR_WARNING back to VIR_DEBUG While debugging the support for responding to qemu RX_FILTER_CHANGED events, I had changed the "ignoring this event" log message from VIR_DEBUG to VIR_WARN, but forgot to change it back before pushing. Since many guest OSes make enough changes to multicast lists and/or promiscuous mode settings to trigger this message, it's starting to show up as a red herring in bug reports. 2015-03-24 Pavel Hrdina qemucaps2xmltest: fix the test to correspond to new domain formatting Commit 2360fe5d updated formating of element but forgot to update qemucaps2xmldata xml files. In addition the test code was broken too. Update the xml files and return -1 if testCompareXMLToXML fails together with indentation fix. 2015-03-24 Luyao Huang conf: fix parsing of NUMA settings in VM status XML Commit 5bba61f changed the XPath strings to be absolute when parsing the VM NUMA configuration. Unfortunately the element is not a top level element when parsing the domain status XML thus the absolute XPath string doesn't match. Use the relative string so that the settings are not lost. 2015-03-23 Peter Krempa qemu: Implement memory device hotunplug Add code to hot-remove memory devices from qemu. Unfortunately QEMU doesn't support this right now, so this is just for completenes. qemu: Implement memory device hotplug Add code to hot-add memory devices to running qemu instances. qemu: conf: Add support for memory device cold(un)plug Add a few helpers that allow to operate with memory device definitions on the domain config and use them to implement memory device coldplug in the qemu driver. qemu: add support for memory devices Add support to start qemu instance with 'pc-dimm' device. Thanks to the refactors we are able to reuse the existing function to determine the parameters. 2015-03-23 Peter Krempa qemu: migration: Forbid migration with memory modules lacking info Make sure that libvirt has all vital information needed to reliably represent configuration of guest's memory devices in case of a migration. This patch forbids migration in case the required slot number and module base address are not present (failed to be loaded from qemu via monitor). 2015-03-23 Peter Krempa qemu: memdev: Add infrastructure to load memory device information When using 'dimm' memory devices with qemu, some of the information like the slot number and base address need to be reloaded from qemu after process start so that it reflects the actual state. The state then allows to use memory devices across migrations. 2015-03-23 Peter Krempa conf: Add interface to parse and format memory device information This patch adds code that parses and formats configuration for memory devices. A simple configuration would be: 524287 0 A complete configuration of a memory device: 4096 1-3 524287 1 This patch preemptively forbids use of the device in individual drivers so the users are warned right away that the device is not supported. 2015-03-23 Peter Krempa conf: Add device address type for dimm devices Dimm devices are described by the slot and base address. Add a new address type to be able to describe such address. qemu: Implement setup of memory hotplug parameters To enable memory hotplug the maximum memory size and slot count need to be specified. As qemu supports now other units than mebibytes when specifying memory, use the new interface in this case. 2015-03-23 Peter Krempa conf: Add support for parsing and formatting max memory and slot count Add a XML element that will allow to specify maximum supportable memory and the count of memory slots to use with memory hotplug. To avoid possible confusion and misuse of the new element this patch also explicitly forbids the use of the maxMemory setting in individual drivers's post parse callbacks. This limitation will be lifted when the support is implemented. 2015-03-23 Peter Krempa libxl: Refactor logic in domain post parse callback With the current control flow the post parse callback returned success right away for fully virtualized VMs. To allow adding additional checks into the post parse callback tweak the conditions so that the function doesn't return early except for error cases. To clarify the original piece of code borrow the wording from the commit message for the patch that introduced the code. 2015-03-23 Peter Krempa qemu: monitor: Don't leak @props with non-JSON in qemuMonitorAddObject The function comment states that @props is always consumed, even on failure. This was not true with the failure if the monitor is not using QMP. 2015-03-23 Peter Krempa qemu: Don't return memory device config on error in qemuBuildMemoryBackendStr In the last section if the function determines that the config is invalid when QEMU doesn't support the memory device the JSON config object would be returned even if it doesn't make sense. Assign the object to be returned only on success. 2015-03-23 Boris Fiuczynski qemu: Set default SCSI controller model for S390 arch When no model is specified in the domain definition for a scsi controller and the architectur is s390 than virtio-scsi is set as default model. Reviewed-by: Daniel Hansel Reviewed-by: Stefan Zimmermann Reviewed-by: Jens Freimann Reviewed-by: Michal Privoznik 2015-03-23 Natanael Copa Fix underlinking of libvirt_driver_interface.so Always add udev linker flags when WITH_UDEV is enabled to avoid underlinking. See commit 43dbcb15 (interface: always build all available backends) 2015-03-23 Michael Chapman qemu: skip precreation of network disks Commit cf54c60699833b3791a5d0eb3eb5a1948c267f6b introduced the ability to create missing storage volumes during migration. For network disks, however, we may not necessarily be able to detect whether they already exist -- there is no straight-forward way to map the disk to a storage volume, and even if there were it's possible no configured storage pool actually contains the disk. It is better to assume the network disk exists in this case, rather than aborting the migration completely. If the volume really is missing, QEMU will generate an appropriate error later in the migration. 2015-03-23 Michal Privoznik network_conf: Drop virNetworkObjIsDuplicate This function does not make any sense now, that network driver is (almost) dropped. I mean, previously, when threads were serialized, this function was there to check, if no other network with the same name or UUID exists. However, nowadays that threads can run more in parallel, this function is useless, in fact it gives misleading return values. Consider the following scenario. Two threads, both trying to define networks with same name but different UUID (e.g. because it was generated during XML parsing phase, whatever). Lets assume that both threads are about to call networkValidate() which immediately calls virNetworkObjIsDuplicate(). T1: calls virNetworkObjIsDuplicate() and since no network with given name or UUID exist, success is returned. T2: calls virNetworkObjIsDuplicate() and since no network with given name or UUID exist, success is returned. T1: calls virNetworkAssignDef() and successfully places its network into the virNetworkObjList. T2: calls virNetworkAssignDef() and since network with the same name exists, the network definition is replaced. Okay, this is mainly because virNetworkAssignDef() does not check whether name and UUID matches. Well, lets make it so! And drop useless function too. 2015-03-23 Michal Privoznik objecteventtest: Check for virNetwork* return values Lets not give a bad example and check for return values of virNetwork* APIs called within the test. Even though it's unlikely that any API will fail, it can happen. We're connected to the test driver after all, and our API sequence is correct. So test driver should fail only in case of bug or OOM. 2015-03-23 Michal Privoznik networkStateInitialize: Don't lock network driver There's no need to lock the network driver, as network driver initialization is done prior accepting any client. There's nobody to hop in and do something over partially initialized driver. Nor qemu driver is doing that. ==30532== Observed (incorrect) order is: acquisition of lock at 0x1439EF50 ==30532== at 0x4C31A26: pthread_mutex_lock (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so) ==30532== by 0x5324895: virMutexLock (virthread.c:88) ==30532== by 0x5307E86: virObjectLock (virobject.c:323) ==30532== by 0x5396440: virNetworkObjListForEach (network_conf.c:4511) ==30532== by 0x19B29308: networkStateInitialize (bridge_driver.c:686) ==30532== by 0x53E1CCC: virStateInitialize (libvirt.c:777) ==30532== by 0x11DEB7: daemonRunStateInit (libvirtd.c:906) ==30532== by 0x5324B6A: virThreadHelper (virthread.c:197) ==30532== by 0x4C30456: ??? (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so) ==30532== by 0xA1EC1F2: start_thread (in /lib64/libpthread-2.19.so) ==30532== by 0xA4EDC8C: clone (in /lib64/libc-2.19.so) ==30532== ==30532== followed by a later acquisition of lock at 0x1439CD60 ==30532== at 0x4C31A26: pthread_mutex_lock (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so) ==30532== by 0x5324895: virMutexLock (virthread.c:88) ==30532== by 0x19B27B2C: networkDriverLock (bridge_driver.c:102) ==30532== by 0x19B27B60: networkGetDnsmasqCaps (bridge_driver.c:113) ==30532== by 0x19B2856A: networkUpdateState (bridge_driver.c:389) ==30532== by 0x53963E9: virNetworkObjListForEachHelper (network_conf.c:4488) ==30532== by 0x52E2224: virHashForEach (virhash.c:521) ==30532== by 0x539645B: virNetworkObjListForEach (network_conf.c:4512) ==30532== by 0x19B29308: networkStateInitialize (bridge_driver.c:686) ==30532== by 0x53E1CCC: virStateInitialize (libvirt.c:777) ==30532== by 0x11DEB7: daemonRunStateInit (libvirtd.c:906) ==30532== by 0x5324B6A: virThreadHelper (virthread.c:197) ==30532== ==30532== Required order was established by acquisition of lock at 0x1439CD60 ==30532== at 0x4C31A26: pthread_mutex_lock (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so) ==30532== by 0x5324895: virMutexLock (virthread.c:88) ==30532== by 0x19B27B2C: networkDriverLock (bridge_driver.c:102) ==30532== by 0x19B28DF9: networkStateInitialize (bridge_driver.c:609) ==30532== by 0x53E1CCC: virStateInitialize (libvirt.c:777) ==30532== by 0x11DEB7: daemonRunStateInit (libvirtd.c:906) ==30532== by 0x5324B6A: virThreadHelper (virthread.c:197) ==30532== by 0x4C30456: ??? (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so) ==30532== by 0xA1EC1F2: start_thread (in /lib64/libpthread-2.19.so) ==30532== by 0xA4EDC8C: clone (in /lib64/libc-2.19.so) ==30532== ==30532== followed by a later acquisition of lock at 0x1439EF50 ==30532== at 0x4C31A26: pthread_mutex_lock (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so) ==30532== by 0x5324895: virMutexLock (virthread.c:88) ==30532== by 0x5307E86: virObjectLock (virobject.c:323) ==30532== by 0x538A09C: virNetworkAssignDef (network_conf.c:527) ==30532== by 0x5391EB2: virNetworkLoadState (network_conf.c:3008) ==30532== by 0x53922D4: virNetworkLoadAllState (network_conf.c:3128) ==30532== by 0x19B2929A: networkStateInitialize (bridge_driver.c:671) ==30532== by 0x53E1CCC: virStateInitialize (libvirt.c:777) ==30532== by 0x11DEB7: daemonRunStateInit (libvirtd.c:906) ==30532== by 0x5324B6A: virThreadHelper (virthread.c:197) ==30532== by 0x4C30456: ??? (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so) ==30532== by 0xA1EC1F2: start_thread (in /lib64/libpthread-2.19.so) 2015-03-23 Martin Kletzander Fix common misspellings Wikipedia's list of common misspellings [1] has a machine-readable version. This patch fixes those misspellings mentioned in the list which don't have multiple right variants (as e.g. "accension", which can be both "accession" and "ascension"), such misspellings are left untouched. The list of changes was manually re-checked for false positives. [1] https://en.wikipedia.org/wiki/Wikipedia:Lists_of_common_misspellings/For_machines 2015-03-20 Martin Kletzander qemu: Migrate memory on numatune change We've never set the cpuset.memory_migrate value to anything, keeping it on default. However, we allow changing cpuset.mems on live domain. That setting, however, don't have any consequence on a domain unless it's going to allocate new memory. I managed to make 'virsh numatune' move all the memory to any node I wanted even without disabling libnuma's numa_set_membind(), so this should be safe to use with it as well. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1198497 2015-03-20 Martin Kletzander cgroup: Add accessors for cpuset.memory_migrate 2015-03-20 Eric Blake maint: update .mailmap for recent contributions Deepak Shetty has changed preferred email address since prior contributions. 2015-03-20 Jim Fehlig libxl: use xenlight pkgconfig file if present xen.git commit babeca32 added a pkgconfig file for libxenlight, allowing libxl apps to determine the location of Xen binaries such as firmware blobs, device emulator, etc. This patch adds support for xenlight.pc in the libxl driver, falling back to the previous configure logic if not found. It introduces LIBXL_FIRMWARE_DIR and LIBXL_EXECBIN_DIR to define the firmware and libexec_bin locations. If xenlight.pc does not exist, the defines are set to the current hardcoded paths. The capabilities' and elements are updated to use the paths. 2015-03-19 Maxim Nestratov parallels: fix libvirt crash if parallelsNetworkOpen fails If, by any reason, parallelsNetworkOpen fails it dereferences newly allocated privconn->networks via virObjectUnref, which in turn deallocates its memory. Subsequent call of parallelsNetworkClose calls virObjectUnref that leads to double memory free. To prevent this we should zero privconn->networks to make all subsequent virObjectUnref be safe. 2015-03-19 Luyao Huang qemu: do not overwrite the error in qemuDomainObjExitMonitor https://bugzilla.redhat.com/show_bug.cgi?id=1196934 When qemu exits during startup, libvirt includes the error from /var/log/libvirt/qemu/vm.log in the error message: $ virsh start test3 error: Failed to start domain test3 error: internal error: early end of file from monitor: possible problem: 2015-02-27T03:03:16.985494Z qemu-kvm: -numa memdev is not supported by machine rhel6.5.0 The check for domain liveness added to qemuDomainObjExitMonitor in commit dc2fd51f sometimes overwrites this error: $ virsh start test3 error: Failed to start domain test3 error: operation failed: domain is no longer running Fix the check to only report an error if there is none set. 2015-03-19 Jim Fehlig libxl: Don't overwrite errors from xenconfig When converting domXML from native, the libxl driver was overwriting useful errors from the xenconfig parsing code with a useless, generic error. E.g. "internal error: parsing xm config failed" vs "internal error: config value usbdevice was malformed". Remove the redundant (and useless) error reporting in the libxl driver. 2015-03-19 John Ferlan qemu: Fix two issues in qemuDomainSetVcpus error handling Issue #1 - A call to virBitmapNew did not check if the allocation failed which could lead to a NULL dereference Issue #2 - When deleting the pin entries from the config file, the code loops from the number of elements down to the "new" vcpu count; however, the pin id values are numbered 0..n-1 not 1..n, so the "first" pin attempt would never work. Luckily the check was for whether the incoming 'n' (vcpu id) matched the entry in the array from 0..arraysize rather than a dereference of the 'n' entry 2015-03-19 Deepak Shetty doc: Fix doc for backingStore I spent quite some time figuring that backingStore info isn't included in the dom xml, unless guest is up and running. Hopefully putting that in the doc should help. Also, several people have complained that libvirt reports a backing file as raw, even though they expected it to be qcow2; where the culprit is usually the user forgetting to create the file with qemu-img create -o backing_fmt=qcow2. This patch adds that info to the doc. 2015-03-19 Eric Blake qemu: track 'cancelling' migration state In qemu 2.3, the migration status will include 'cancelling' in the window between when an asynchronous cancel has been requested and when the migration is actually halted. Previously, qemu hid this state and reported 'active'. Libvirt manages the sequence okay even when the string is unrecognized (that is, it will report an unknown state: Migration: [ 69 %]^Cerror: internal error: unexpected migration status in cancelling. but the migration is still cancelled), but recognizing the string makes for a smoother user experience. * src/qemu/qemu_monitor.h (QEMU_MONITOR_MIGRATION_STATUS_CANCELLING): Add enum. * src/qemu/qemu_monitor.c (qemuMonitorMigrationStatus): Map it. * src/qemu/qemu_migration.c (qemuMigrationUpdateJobStatus): Adjust clients. * src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetMigrationStatusReply): Likewise. 2015-03-19 Laine Stump util: more verbose error when failing to create macvtap device Investigation of a problem with creating passthrough macvtap devices (https://bugzilla.redhat.com/show_bug.cgi?id=1185501) has shown that this slightly more verbose failure message is useful. In particular, the mac address can be used to determine the domain. You could also figure this out by looking at preceding messages in a debug log, but this gets it in a single place. util: clean up #includes of virnetdevopenvswitch.h virnetdevopenvswitch.h declares a few functions that can be called to add ports to and remove them from OVS bridges, and retrieve the migration data for a port. It does not contain any data definitions that are used by domain_conf.h. But for some reason, domain_conf.h virnetdevopenvswitch.h should be directly #including it. This adds a few lines to the project, but saves all the files that don't need it from the extra computing, and makes the dependencies more clear cut. 2015-03-19 zhang bo util: vhost user: support for bootindex Problem Description: When we set boot order for a vhost-user network interface, we found the boot index doesn't work. Cause of the Problem: In the function qemuBuildVhostuserCommandLine(), it forcely set the arg bootindex of function qemuBuildNicDevStr() to 0. Thus, the bootindex parameter got missing. Solution: Trans the arg bootindex down. 2015-03-19 Maxim Nestratov parallels: don't prevent domain define if VIR_DOMAIN_NET_TYPE_BRIDGE network adapter is used parallels: switch off offline management feature which is on by default when a new VM/CT is created. We should do this because this feature can't be controlled by libvirt now and it sets up some iptables rules. So it's better to do this to avoid potential conflict of different set of rules or to avoid unexpected behavior. parallels: make E1000 network adapter model default and set adapter model specified in xml parallels: set correct network adapter link state when a new network adapter device is added parallels: better bridge network interface support In order to support 'bridge' network adapters in parallels driver we need to plug our veth devices into corresponding linux bridges. We are going to do this by reusing our abstraction of Virtual Networks in terms of PCS. On a domain creation, we create a new Virtual Network naming it with the same name as a source bridge for each network interface. Having done this, we plug PCS veth interfaces created with names of target dev into specified bridges using our standard PCS procedures parallels: fix parallelsLoadNetworks Don't fail initialization of parallels driver if parallelsLoadNetwork fails for optional networks. This can happen when some of them are added manually and configured incompletely. PCS requires only two networks created automatically (named Host-Only and Bridged), others are optional and their incompleteness can be ignored. parallels: introduce and use string constants for network types and names 2015-03-18 Jiri Denemark maint: Distribute tests/vircgroupdata My commit 2dbfa71 added test data for vircgrouptest but forgot to distribute the new directory. 2015-03-18 John Ferlan network: Resolve Coverity FORWARD_NULL The following is a long winded way to say this patch is avoiding a false positive. Coverity complains that calling networkPlugBandwidth() could eventually end up with a NULL dereference on iface->bandwidth because in the networkAllocateActualDevice there's a check of 'iface->bandwidth' before deciding to try to use the 'portgroup' if it exists or to not perferm the virNetDevBandwidthCopy if 'bandwidth' is not NULL. Later in networkPlugBandwidth the 'iface->bandwidth' is sourced from virDomainNetGetActualBandwidth - which would be either iface->bandwidth or (preferably) iface->data.network.actual->bandwidth which would have been filled in from either 'iface->bandwidth' or 'portgroup->bandwidth' back in networkAllocateActualDevice There *is* a check in networkCheckBandwidth for the result of the virDomainNetGetActualBandwidth being NULL and a return 1 based on that which would cause networkPlugBandwidth to exit properly and thus never hit the condition that Coverity complains about. However, since Coverity checks all paths - it somehow believes that a return of 0 by networkCheckBandwidth in this condition would end up causing the possible NULL dereference. The "fix" to silence Coverity is to not have networkCheckBandwidth also call virDomainNetGetActualBandwidth in order to get the ifaceBand, but rather have it accept it as an argument which causes Coverity to "see" that it's the exit condition of 1 that won't have the possible NULL dereference. Since we're passing that, I added the passing of iface->mac rather than passing iface as well. This just hopefully makes sure someone doesn't undo this in the future... 2015-03-18 Jiri Denemark Use PAUSED state for domains that are starting up When libvirt is starting a domain, it reports the state as SHUTOFF until it's RUNNING. This is not ideal because domain startup may take a long time (usually because of some configuration issues, firewalls blocking access to network disks, etc.) and domain lists provided by libvirt look awkward. One can see weird shutoff domains with IDs in a list of active domains or even shutoff transient domains. In any case, it looks more like a bug in libvirt than a normal state a domain goes through. tests: Add tests for virCgroupDetectMounts 2015-03-18 Michal Privoznik qemuGetDHCPInterfaces: Don't leak @network The function needs a pointer to the network to get list of DHCP leases. The pointer is obtained via virNetworkLookupByName() which requires callers to free the returned network once no longer needed. Otherwise it's leaked. cmdDomIfAddr: Free @ip_addr_str The variable holds formatted suffix to each line printed out (address type, address and prefix). However, the variable is never freed. At the same time, honour fact, that data held in the variable is not constant. qemuAgentGetInterfaces: Don't error out on missing HW address Now that we allow HW address to be not present on our RPC layer, don't error out if qemu-ga hasn't provided any. virsh: Adapt to new HW address scenario Make sure we don't print (null) (which in fact is printf()'s cleverness anyway, not ours). If no HW address is present, print "N/A" string just like we do for other fields. RPC: Allow HW address in remote_domain_interface struct to be NULL Not all NICs (esp. the virtual ones like TUN) must have a hardware address. Teach our RPC that it's possible. 2015-03-18 Eric Blake qemu: read backing chain names from qemu https://bugzilla.redhat.com/show_bug.cgi?id=1199182 documents that after a series of disk snapshots into existing destination images, followed by active commits of the top image, it is possible for qemu 2.2 and earlier to end up tracking a different name for the image than what it would have had when opening the chain afresh. That is, when starting with the chain 'a <- b <- c', the name associated with 'b' is how it was spelled in the metadata of 'c', but when starting with 'a', taking two snapshots into 'a <- b <- c', then committing 'c' back into 'b', the name associated with 'b' is now the name used when taking the first snapshot. Sadly, older qemu doesn't know how to treat different spellings of the same filename as identical files (it uses strcmp() instead of checking for the same inode), which means libvirt's attempt to commit an image using solely the names learned from qcow2 metadata fails with a cryptic: error: internal error: unable to execute QEMU command 'block-commit': Top image file /tmp/images/c/../b/b not found even though the file exists. Trying to teach libvirt the rules on which name qemu will expect is not worth the effort (besides, we'd have to remember it across libvirtd restarts, and track whether a file was opened via metadata or via snapshot creation for a given qemu process); it is easier to just always directly ask qemu what string it expects to see in the first place. As a safety valve, we validate that any name returned by qemu still maps to the same local file as we have tracked it, so that a compromised qemu cannot accidentally cause us to act on an incorrect file. * src/qemu/qemu_monitor.h (qemuMonitorDiskNameLookup): New prototype. * src/qemu/qemu_monitor_json.h (qemuMonitorJSONDiskNameLookup): Likewise. * src/qemu/qemu_monitor.c (qemuMonitorDiskNameLookup): New function. * src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskNameLookup) (qemuMonitorJSONDiskNameLookupOne): Likewise. * src/qemu/qemu_driver.c (qemuDomainBlockCommit) (qemuDomainBlockJobImpl): Use it. 2015-03-18 Antoni Segura Puimedon network: Add midonet virtual port type support to qemu Use the utilities introduced in the previous patches so the qemu driver is able to create tap devices that are bound (and unbound on domain destroyal) to Midonet virtual ports. 2015-03-18 Antoni Segura Puimedon docs: schema and docs for the midonet virtualport type Midonet is an opensource virtual networking that over lays the IP network between hypervisors. Currently, such networks can be made with the openvswitch virtualport type. This patch, defines the schema and documentation that will serve as basis for the follow up patches that will add support to libvirt for using Midonet virtual ports for its interfaces. The schema definition requires that the port profile expresses its interfaceid as part of the port profile. For that reason, this is part of the patch too. 2015-03-18 Antoni Segura Puimedon util: functions to support binding/unbinding midonet virtualports Adds the port type definitions and methods that will be used to bind interfaces to the Midonet virtual ports. virtnetdevmidonet.c adds the way to bind and unbind the ports by calling into the Midonet Host Agent control command line (installed with the midolman package). 2015-03-18 Peter Krempa conf: disk: Simplify checking if source definition was parsed Previously we had to check for 3 fields to see if the source was filled. Repurpose one of the variables as a boolean flag and use it instead of combining multiple sources. For the condition that checks that only CDROM/FLOPPY drives can be empty we can use the virStorageSourceIsEmpty() helper. 2015-03-18 Peter Krempa util: storage: Fix check for empty storage device If the storage device type is parsed as network our parser still allows it to omit the element. The empty drive check would not trigger on such device as it expects that every network storage source is valid. Use VIR_STORAGE_NET_PROTOCOL_NONE as a marker that the storage source is empty. 2015-03-18 Peter Krempa qemu: driver: Fix cold-update of removable storage devices Only selected fields from the disk source were copied when cold updating source in a CDROM drive. When such drive was backed by a network file this resulted into corruption of the definition:
    Update the whole source instead of cherry-picking elements. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1166024 2015-03-18 Peter Krempa qemu: hotplug: Use checker function to check if disk is empty 2015-03-18 Peter Krempa virsh: domain: Fix the change-media command The command did not modify the disk type and thus didn't allow to change media from a file image to a block backed image or vice versa. In addition when operating on a network backed removable devices the command would replace the while subelement with an invalid one. This patch adds the --block option that allows to specify that the new image is block backed and assumes that without that option all images are file backed. Since network backends were always mangled it should not cause problems. 2015-03-18 Peter Krempa virsh: domain: Add --print-xml flag for command change-media Allow printing the XML that would be used mostly for debugging purposes. 2015-03-18 Peter Krempa virsh: domain: Don't use vshPrepareDiskXML for creating XML to detach disk Since cmdDetachDisk() calls into vshPrepareDiskXML() with type == VSH_PREPARE_DISK_XML_NONE && source == NULL this would result into skipping all the checks and effectively turn the function into a XML formatter. This patch changes the code to use the formatter directly so that the function can be refactored in a easier way. 2015-03-17 Maxim Nestratov parallels_sdk.c: minor cleanup Fix indentation in prlsdkGetNetInf()o, remove unnecessary error message in prlsdkDomainChangeState(), remove unnecessary job freeing in prlsdkLoadDomains(). 2015-03-17 Nehal J Wani domifaddr: Add virsh support tools/virsh-domain-monitor.c * Introduce new command : domifaddr Usage: domifaddr [interface] [--full] [--source lease|agent] Example outputs: virsh # domifaddr f20 Name MAC address Protocol Address ------------------------------------------------------------------------------- lo 00:00:00:00:00:00 ipv4 127.0.0.1/8 - - ipv6 ::1/128 vnet0 52:54:00:2e:45:ce ipv4 10.1.33.188/24 - - ipv6 2001:db8:0:f101::2/64 - - ipv6 fe80::5054:ff:fe2e:45ce/64 vnet1 52:54:00:b1:70:19 ipv4 192.168.105.201/16 - - ipv4 192.168.201.195/16 - - ipv6 fe80::5054:ff:feb1:7019/64 vnet2 52:54:00:36:2a:e5 N/A N/A vnet3 52:54:00:20:70:3d ipv4 192.168.105.240/16 - - ipv6 fe80::5054:ff:fe20:703d/64 virsh # domifaddr f20 eth1 --source lease Name MAC address Protocol Address ------------------------------------------------------------------------------- vnet1 52:54:00:b1:70:19 ipv4 192.168.105.201/16 - - ipv4 192.168.201.195/16 - - ipv6 fe80::5054:ff:feb1:7019/64 virsh # domifaddr f20 eth0 --source agent --full Name MAC address Protocol Address ------------------------------------------------------------------------------- eth0 52:54:00:2e:45:ce ipv4 10.1.33.188/24 eth0 52:54:00:2e:45:ce ipv6 2001:db8:0:f101::2/64 eth0 52:54:00:2e:45:ce ipv6 fe80::5054:ff:fe2e:45ce/64 tools/virsh.pod * Document new command 2015-03-17 Nehal J Wani domifaddr: Implement the API for qemu By querying the qemu guest agent with the QMP command "guest-network-get-interfaces" and converting the received JSON output to structured objects. Although "ifconfig" is deprecated, IP aliases created by "ifconfig" are supported by this API. The legacy syntax of an IP alias is: ":". Since we want all aliases to be clubbed under parent interface, simply stripping ":" suffices. Note that IP aliases formed by "ip" aren't visible to "ifconfig", and aliases created by "ip" do not have any specific name. But we are lucky, as qemu guest agent detects aliases created by both. src/qemu/qemu_agent.h: * Define qemuAgentGetInterfaces src/qemu/qemu_agent.c: * Implement qemuAgentGetInterface src/qemu/qemu_driver.c: * New function qemuGetDHCPInterfaces * New function qemuDomainInterfaceAddresses src/remote_protocol-sructs: * Define new structs tests/qemuagenttest.c: * Add new test: testQemuAgentGetInterfaces Test cases for IP aliases, 0 or multiple ipv4/ipv6 address(es) 2015-03-17 Nehal J Wani domifaddr: Implement the remote protocol daemon/remote.c * Define remoteSerializeDomainInterface, remoteDispatchDomainInterfaceAddresses src/remote/remote_driver.c * Define remoteDomainInterfaceAddresses src/remote/remote_protocol.x * New RPC procedure: REMOTE_PROC_DOMAIN_INTERFACE_ADDRESSES * Define structs remote_domain_ip_addr, remote_domain_interface, remote_domain_interfaces_addresse_args, remote_domain_interface_addresses_ret * Introduce upper bounds (to handle DoS attacks): REMOTE_DOMAIN_INTERFACE_MAX = 2048 REMOTE_DOMAIN_IP_ADDR_MAX = 2048 Restrictions on the maximum number of aliases per interface were removed after kernel v2.0, and theoretically, at present, there are no upper limits on number of interfaces per virtual machine and on the number of IP addresses per interface. src/remote_protocol-structs * New structs added 2015-03-17 Nehal J Wani domifaddr: Implement the public APIs Define helper function virDomainInterfaceFree, which allows the upper layer application to free the domain interface object conveniently. The API is going to provide multiple methods by flags, e.g. * Query guest agent * Parse DHCP lease file include/libvirt/libvirt-domain.h * Define virDomainInterfaceAddresses, virDomainInterfaceFree * Define structs virDomainInterface, virDomainIPAddress src/driver-hypervisor.h: * Define domainInterfaceAddresses src/libvirt-domain.c: * Implement virDomainInterfaceAddresses * Implement virDomainInterfaceFree src/libvirt_public.syms: * Export the new symbols 2015-03-17 Maxim Nestratov parallels: fix home directory for VMs Failures of parallelsStorageOpen occured because we incorrectly treated path to VM' configuration file as a directory. Now initialization of parallels VM domains home directory is fixed. parallels: don't forget to unlock domain if unregister fails 2015-03-17 Mikhail Feoktistov parallels: set cpu mode when applying xml configuration Otherwise exporting existing domain config and defining a new one like this: virsh -c parallels:///system dumpxml instance01 > my.xml virsh -c parallels:///system define my.xml leads to an error because PCS default x64 mode turns to x32. Thus, we need to set correct cpuMode in prlsdkDoApplyConfig() explicitly. 2015-03-17 Martin Kletzander conf: Use correct type for balloon stats period We're parsing memballoon status period as unsigned int, but when we're trying to set it, both we and qemu use signed int. That means large values will get wrapped around to negative one resulting in error. Basically the same problem as commit e3a7b874 was dealing with when updating live domain. QEMU changed the accepted value to int64 in commit 1f9296b5, but even values as INT_MAX don't make sense since the value passed means seconds. Hence adding capability flag for this change isn't worth it. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140958 2015-03-17 Martin Kletzander qemu: Don't duplicate errors when settings stats period In order not to leave old error messages set, this patch refactors the code so the error is reported only when acted upon. The only such place already rewrites any error, so cleaning up all the error reporting in qemuMonitorSetMemoryStatsPeriod() is enough. conf: Reorder elements inside memballoon All the devices we have format their address as its last sub-element, so let's change memballoon to follow suit. Also adjust RNG to allow any order of them so 'virsh edit' doesn't shout at us. util: Make sure the comment about virBufferAddBuffer is true Change it so it really *always* eats the @toadd buffer. 2015-03-17 Pavel Hrdina wireshark: fix VPATH build Add $(top_builddir) paths to INCLUDES to fix VPATH build. 2015-03-17 Luyao Huang qemu_command: Fix some indentation and a typo 2015-03-17 Pavel Hrdina rpm-build: use pkg-config to detect wireshark presence Wireshark supports pkg-config since 1.11.3. Right now we build wireshark-dissectior tool as default trough rpm build only on fedora >= 21 and there is new wireshark that supports pkg-config. If someone wants to build libvirt with wireshark-dissector against old wireshark, they should specify the location by hand. This patch is mainly to fix wrong dependency on wireshark binary as it doesn't make sense to require that binary file to just get version info of that package in makefile. 2015-03-17 Jim Fehlig libxl: fix regression introduced by commit 4ab8cd77 Commit 4ab8cd77 added a check requiring input devices to have a bus type of VIR_DOMAIN_INPUT_BUS_USB, failing to start the domain otherwise. But virDomainDefParseXML adds implicit mouse and keyboard if a graphics device is configured. See calls to virDomainDefMaybeAddInput. The regression is fixed by removing the check requiring USB input devices, and skipping non-USB input devices when populating USB 'usbdevice' in libxl_domain_build_info struct. 2015-03-17 Peter Krempa qemu: block-commit: Mark disk in block jobs only on successful command Patch 51f9f03a4ca50b070c0fbfb29748d49f583e15e1 introduces a regression where if a blockCommit operation fails the disk is still marked as being part of a block job but can't be unmarked later. 2015-03-17 Eric Blake daemon: avoid memleak when ListAll returns nothing Commit 4f25146 (v1.2.8) managed to silence Coverity, but at the cost of a memory leak detected by valgrind: ==24129== 40 bytes in 5 blocks are definitely lost in loss record 355 of 637 ==24129== at 0x4A08B1C: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==24129== by 0x5084B8E: virReallocN (viralloc.c:245) ==24129== by 0x514D5AA: virDomainObjListExport (domain_conf.c:22200) ==24129== by 0x201227DB: qemuConnectListAllDomains (qemu_driver.c:18042) ==24129== by 0x51CC1B6: virConnectListAllDomains (libvirt-domain.c:6797) ==24129== by 0x14173D: remoteDispatchConnectListAllDomains (remote.c:1580) ==24129== by 0x121BE1: remoteDispatchConnectListAllDomainsHelper (remote_dispatch.h:1072) In short, every time a client calls a ListAll variant and asks for the resulting list, but there are 0 elements to return, we end up leaking the 1-entry array that holds the NULL terminator. What's worse, a read-only client can access these functions in a tight loop to cause libvirtd to eventually run out of memory; and this can be considered a denial of service attack against more privileged clients. Thankfully, the leak is so small (8 bytes per call) that you would already have some other denial of service with any guest calling the API that frequently, so an out-of-memory crash is unlikely enough that this did not warrant a CVE. * daemon/remote.c (remoteDispatchConnectListAllDomains) (remoteDispatchDomainListAllSnapshots) (remoteDispatchDomainSnapshotListAllChildren) (remoteDispatchConnectListAllStoragePools) (remoteDispatchStoragePoolListAllVolumes) (remoteDispatchConnectListAllNetworks) (remoteDispatchConnectListAllInterfaces) (remoteDispatchConnectListAllNodeDevices) (remoteDispatchConnectListAllNWFilters) (remoteDispatchConnectListAllSecrets) (remoteDispatchNetworkGetDHCPLeases): Plug leak. 2015-03-16 John Ferlan Remove virDomainIOThreadsPinDel This one is no longer necessary since the Vcpu and IOThreads API's share Replace virDomainVcpuPinDel with virDomainPinDel Since both Vcpu and IOThreads code use the same API's, alter the naming of the API's to remove the "Vcpu" specific reference Replace virDomainIOThreadsPinAdd with virDomainPinAdd This one is no longer necessary since the Vcpu and IOThreads API's share Replace virDomainVcpuPinAdd with virDomainPinAdd Since both Vcpu and IOThreads code use the same API's, alter the naming of the API's to remove the "Vcpu" specific reference Convert virDomainVcpuPinFindByVcpu into virDomainPinFindByVcpu Since both Vcpu and IOThreads code use the same API's, alter the naming of the API's to remove the "Vcpu" specific reference Convert virDomainVcpuPinIsDuplicate into virDomainPinIsDuplicate Since both Vcpu and IOThreads code use the same API's, alter the naming of the API's to remove the "Vcpu" specific reference Convert virDomainVcpuPinDefCopy into virDomainPinDefCopy Since both Vcpu and IOThreads code use the same API's, alter the naming of the API's to remove the "Vcpu" specific reference Convert virDomainVcpuPinDefArrayFree to virDomainPinDefArrayFree Since both Vcpu and IOThreads code use the same API's, alter the naming of the API's to remove the "Vcpu" specific reference Convert virDomainVcpuPinDefFree to virDomainPinDefFree Since both Vcpu and IOThreads code use the same API's, alter the naming of the API's to remove the "Vcpu" specific reference Convert virDomainPinDefPtr->vcpuid to virDomainPinDefPtr->id Since we're not specifically a vcpu related structure anymore... 2015-03-16 John Ferlan Convert virDomainVcpuPinDefPtr to virDomainPinDefPtr As pointed out by jtomko in his review of the IOThreads pinning code: http://www.redhat.com/archives/libvir-list/2015-March/msg00495.html there are some comments sprinkled in indicating IOThreads were using the same structure as the VcpuPin code... This is the first patch of a few that will change the virDomainVcpuPin* structures and code to just virDomainPin* - starting with the data structure naming... 2015-03-16 John Ferlan qemu: Fix possible memory leak in qemuDomainPinVcpuFlags During his review of the iothreads pin setting code, Pavel noted that there was a potential memory leak with respect to how the newVcpuPin is handled and the goto endjob's in failure paths which would not free the memory. For reference, See: http://www.redhat.com/archives/libvir-list/2015-March/msg00415.html 2015-03-16 Peter Krempa conf: Make specifying optional Now that the size of guest's memory can be inferred from the NUMA configuration (if present) make it optional to specify explicitly. To make sure that memory is specified add a check that some form of memory size was specified. One side effect of this change is that it is no longer possible to specify 0KiB as memory size for the VM, but I don't think it would be any useful to do so. (I can imagine embedded systems without memory, just registers, but that's far from what libvirt is usually doing). Forbidding 0 memory for guests also fixes a few corner cases where 0 was not interpreted correctly and caused failures. (Arguments for numad when using automatic placement, size of the balloon). This fixes problems described in https://bugzilla.redhat.com/show_bug.cgi?id=1161461 Test case changes are added to verify that the schema change and code behave correctly. 2015-03-16 Peter Krempa conf: Automatically use NUMA memory size in case NUMA is enabled Use the NUMA total instead of the configured size both in XML and for uses in the code once NUMA is enabled for a domain. One test case change is necessary as the rounding of the individual cell sizes was not matching the rounding of the total size. 2015-03-16 Peter Krempa qemu: command: Add helper to align memory sizes The memory sizes in qemu are aligned up to 1 MiB boundaries. There are two places where this was done once for the total size and then for individual NUMA cell sizes. Add a function that will align the sizes in one place so that it's clear where the sizes are aligned. 2015-03-16 Peter Krempa conf: Replace access to def->mem.max_balloon with accessor functions As there are two possible approaches to define a domain's memory size - one used with legacy, non-NUMA VMs configured in the element and per-node based approach on NUMA machines - the user needs to make sure that both are specified correctly in the NUMA case. To avoid this burden on the user I'd like to replace the NUMA case with automatic totaling of the memory size. To achieve this I need to replace direct access to the virDomainMemtune's 'max_balloon' field with two separate getters depending on the desired size. The two sizes are needed as: 1) Startup memory size doesn't include memory modules in some hypervisors. 2) After startup these count as the usable memory size. Note that the comments for the functions are future aware and document state that will be present after a few later patches. 2015-03-16 Peter Krempa qemu: Disallow concurrent block jobs on a single disk While qemu may be prepared to do this libvirt is not. Forbid the block ops until we fix our code. 2015-03-16 Peter Krempa qemu: event: Don't fiddle with disk backing trees without a job Surprisingly we did not grab a VM job when a block job finished and we'd happily rewrite the backing chain data. This made it possible to crash libvirt when queueing two backing chains tightly and other badness. To fix it, add yet another handler to the helper thread that handles monitor events that require a job. 2015-03-16 Peter Krempa qemu: process: Export qemuProcessFindDomainDiskByAlias 2015-03-16 Erik Skultety qemu: Check for negative port values in network drive configuration We interpret port values as signed int (convert them from char *), so if a negative value is provided in network disk's configuration, we accept it as valid, however there's an 'unknown cause' error raised later. This error is only accidental because we return the port value in the return code. This patch adds just a minor tweak to the already existing check so we reject negative values the same way as we reject non-numerical strings. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1163553 2015-03-16 Erik Skultety AUTHORS: add myself to commiters list 2015-03-15 Eric Blake network: avoid memory leak of dnsmasq capabilities Valgrind detected a leak: ==17820== 102 (56 direct, 46 indirect) bytes in 1 blocks are definitely lost in loss record 479 of 646 ==17820== at 0x4A08946: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==17820== by 0x508521A: virAllocVar (viralloc.c:560) ==17820== by 0x50D9FCA: virObjectNew (virobject.c:193) ==17820== by 0x50A4FD9: dnsmasqCapsNewEmpty (virdnsmasq.c:784) ==17820== by 0x50A514E: dnsmasqCapsNewFromBinary (virdnsmasq.c:830) ==17820== by 0x1B508287: networkStateInitialize (bridge_driver.c:666) It looks like commit 172acef introduced the problem, because networkGetDnsmasqCaps() increments the reference count but an early exit never does a matching decrement. * src/network/bridge_driver.c (networkStateCleanup): Plug leak. 2015-03-15 Eric Blake netdev: silence valgrind warning about ioctl use Valgrind complained: ==3770== Syscall param ioctl(SIOCETHTOOL) points to uninitialised byte(s) ==3770== at 0x919D407: ioctl (syscall-template.S:81) ==3770== by 0x530FE7E: rpl_ioctl (ioctl.c:42) ==3770== by 0x50CB433: virNetDevFeatureAvailable (virnetdev.c:2764) ==3770== by 0x50CB6A7: virNetDevGetFeatures (virnetdev.c:2830) ==3770== by 0x1F0E5347: udevProcessNetworkInterface (node_device_udev.c:722) ==3770== by 0x1F0E689F: udevGetDeviceDetails (node_device_udev.c:1300) ==3770== by 0x1F0E6E06: udevAddOneDevice (node_device_udev.c:1422) ==3770== by 0x1F0E6FB8: udevProcessDeviceListEntry (node_device_udev.c:1464) ==3770== by 0x1F0E70CF: udevEnumerateDevices (node_device_udev.c:1494) ==3770== by 0x1F0E7BB4: nodeStateInitialize (node_device_udev.c:1806) ==3770== by 0x51B4303: virStateInitialize (libvirt.c:777) ==3770== by 0x11DEE7: daemonRunStateInit (libvirtd.c:906) ==3770== Address 0x228e38d4 is on thread 12's stack ==3770== in frame #2, created by virNetDevFeatureAvailable (virnetdev.c:2750) * src/util/virnetdev.c (virNetDevFeatureAvailable): Initialize all bytes of ifr. 2015-03-15 Eric Blake virsh: fix report of non-active commit completion Commit f182da20 (v1.2.6) caused a slight regression in virsh reporting of a non-active block job; where it used to state "Commit complete", it now states "Now in synchronized phase". But the synchronized phase is only possible for an active commit. For a reproducer, I created a chain 'a <- b <- c <- d <- e' and ran virsh blockcommit $dom vda --top c --base a --verbose --wait * tools/virsh-domain.c (cmdBlockCommit): Synchronized phase is only possible on active commits. 2015-03-14 zhang bo util: don't fail if no PortData is found while getting migrateData Introduced by f6a2f97e Problem Description: After multiple times of migrating a domain, which has an ovs interface with no portData set, with non-shared disk, nbd ports got overflowed. The steps to reproduce the problem: 1 define and start a domain with its network configured as: 2 do not set the network's portData. 3 migrate(ToURI2) it with flag 91(1011011), which means: VIR_MIGRATE_LIVE VIR_MIGRATE_PEER2PEER VIR_MIGRATE_PERSIST_DEST VIR_MIGRATE_UNDEFINE_SOURCE VIR_MIGRATE_NON_SHARED_DISK 4 migrate success, but we got an error log in libvirtd.log: error : virCommandWait:2423 : internal error: Child process (ovs-vsctl --timeout=5 get Interface vnet1 external_ids:PortData) unexpected exit status 1: ovs-vsctl: no key "PortData" in Interface record "vnet1" column external_ids 5 migrate it back, migrate it , migrate it back, ....... 6 nbd port got overflowed. The reasons for the problem is : 1 virNetDevOpenvswitchGetMigrateData() takes it as wrong if no portData is available for the ovs interface of a domain. (We think it's not appropriate, as portData is just OPTIONAL) 2 in func qemuMigrationBakeCookie(), it fails in qemuMigrationCookieAddNetwork(), and returns with -1. qemuMigrationCookieAddNBD() is not called thereafter, and mig->nbd is still NULL. 3 However, qemuMigrationRun() just *WARN* if qemuMigrationBakeCookie() fails, migration still successes. cookie is NULL, it's not baked on the src side. 4 On the destination side, it would alloc a port first and then free the nbd port in COOKIE. But the cookie is NULL due to qemuMigrationCookieAddNetwork() failure at src side. thus the nbd port is not freed. In this patch, we add "--if-exists" option to make ovs-vsctl not raise error if there's no portData available. Further more, because portData may be NULL in the cookie at the dest side, check it before setting portData. 2015-03-14 Marek Marczykowski-Górecki libxl: prevent attaching multiple netdevs with the same MAC It will not be possible to detach such device later. Also improve logging in such cases. conf: add virDomainHasNet virDomainNetFindIdx no longer returns info whether device was not found, or there was multiple matches. Additionally it already handle error reporting. Introduce virDomainHasNet which does a simple task, without implicit error reporting. tests: xenconfig: test for multiple USB devices and other HVM options 2015-03-14 Marek Marczykowski-Górecki xenconfig: add support for multiple USB devices syntax In Xen>=4.3, libxl supports new syntax for USB devices: usbdevice=[ "DEVICE", "DEVICE", ... ] Add support for that in xenconfig driver. When only one device is defined, keep using old syntax for backward compatibility. Adjust tests for changed options order. 2015-03-14 Marek Marczykowski libxl: add tablet/mouse input device support 2015-03-13 Michal Privoznik bridge_driver: Use more of networkObjFromNetwork Now that the network driver lock is ash heap of history, we can use more of networkObjFromNetwork(). parallels_network: Drop parallelsDriverLock() from everywhere. While in previous commits there were some places that relied on the big lock, in this file there's no such place and the big driver lock can be dropped completely. Yay! test_driver: Drop testDriverLock() from almost everywhere Well, if 'everywhere' is defined as that part of the driver code that serves virNetwork* APIs. Again, we lower layers already have their locks, so there's no point doing big lock. bridge_driver: Drop networkDriverLock() from almost everywhere Now that we have fine grained locks, there's no need to lock the whole driver. We can rely on self-locking APIs. struct _virNetworkDriverState: Annotate items In order to drop network driver lock, lets annotate which structure items are immutable, which have self-locking APIs and so on. network_driver: Use accessor for dnsmasqCaps This is not an immutable pointer and can change during lifetime. Therefore, in order to drop network driver lock, we must use an internal accessor which does not lock the network driver yet, but it will soon. Now it merely returns an referenced object. bridge_driver: Don't access global driver randomly Well, network driver code has the driver accessible as a global variable. This makes any rework hard, as it's unclear where the variable is accessed and/or modified. Lets just pass the driver as a parameter to all functions where needed. 2015-03-13 Ján Tomko Introduce virBitmapIsBitSet A helper that never returns an error and treats bits out of bitmap range as false. Use it everywhere we use ignore_value on virBitmapGetBit, or loop over the bitmap size. 2015-03-13 Ján Tomko Clarify the meaning of version in redirdev filters The version attribute in redirdev filters refers to the revision of the device, not the version of the USB protocol. Explicitly state that this is not the USB protocol and remove references to those round version numbers that resemble USB protocol versions. https://bugzilla.redhat.com/show_bug.cgi?id=1177237 2015-03-13 Maxim Nestratov parallels: fix prlsdkCheckUnsupportedParams checks for memory limits since unset ones are no longer zero 2015-03-13 Dawid Zamirski vmx: add e1000e to supported NIC models. This NIC model is supported on hardware version 8 and newer and libvirt ESX driver does support those. 2015-03-13 Dawid Zamirski vbox: use user cache dir when screenshotting. For VBOX it's most likely that the connection is vbox:///session and it runs with local non-root account. This caused permission denied when LOCALSTATEDIR was used to create temp file. This patch makes use of the virGetUserCacheDirectory to address this problem for non-root users. 2015-03-13 Pavel Hrdina virnetdev: fix build with old kernel Commit c9027d8f added a detection of NIC HW features, but some of them are not available in old kernel. Very old kernels lack enum ethtool_flags and even if this enum is present, not all values are available for all kernels. To be sure that we have everything in kernel that we need, we must check for existence of most of that flags, because only few of them were defined at first. Also to successfully build libvirt with older kernel we need to include before to have __u32 and friends defined. 2015-03-12 Maxim Nestratov parallels: add VIR_ARCH_I686 capability to parallels driver as soon as x32 architecture is also supported 2015-03-12 Ján Tomko Error out on an address for isa-serial in QEMU driver. We've never formatted them on the qemu command line. https://bugzilla.redhat.com/show_bug.cgi?id=1164053 2015-03-12 John Ferlan xenapi: Resolve Coverity REVERSE_INULL Coverity notes in xenapiDomainGetXMLDesc that 'vms' is dereferenced a few times before a "if (vms) xen_vm_set_free(vms);" call is made. Since we'd exit out much sooner if the fetch of the vms failed, just remove the unnecessary "if (vms)" check. xenapi: Resolve Coverity REVERSE_INULL Coverity complains that "net_set" is compared to NULL before calling xen_network_set_free, but used rather liberally before that. While I was looking at the code I also noted that if the virAsprintfQuiet fails, then we leak our structures - so I added those too. xenapi: Resolve Coverity NULL_RETURNS Coverity points out that the return from virDomainDefParseString is not checked in xenapiDomainCreateXML like it should be which could end up in a NULL pointer dereference xenapi: Resolve Coverity NO_EFFECT Coverity points out that check (def->uuid) has no effect since it's not a pointer, rather an array of characters. Just remove the extranous check. xenapi: Resolve Coverity FORWARD_NULL Since inception. Coverity complains that the code checks "(record == NULL && !session->ok)", but doesn't check (record != NULL) before dereferencing at "record->is_a_template" conf: Resolve Coverity RESOURCE_LEAK Commit id 'c9027d8f' added parsing of the CapNet for offload SRIOV NIC discovery, but forgot to free the nodes 2015-03-12 John Ferlan virsh: Add iothreadpin command https://bugzilla.redhat.com/show_bug.cgi?id=1135491 $ virsh iothread --help NAME iothreadpin - control domain IOThread affinity SYNOPSIS iothreadpin [--config] [--live] [--current] DESCRIPTION Pin domain IOThreads to host physical CPUs. OPTIONS [--domain] domain name, id or uuid [--iothread] IOThread ID number [--cpulist] host cpu number(s) to set --config affect next boot --live affect running domain --current affect current domain Using the output from iothreadsinfo, allow changing the pinned CPUs for a single IOThread. $ virsh iothreadsinfo $dom IOThread ID CPU Affinity --------------------------------------------------- 1 2 2 3 3 0-1 $ virsh iothreadpin $dom 3 0-2 Then view the change $ virsh iothreadsinfo $dom IOThread ID CPU Affinity --------------------------------------------------- 1 2 2 3 3 0-2 If an invalid value is supplied or require option missing, then an error will be displayed: $ virsh iothreadpin $dom 4 3 error: invalid argument: iothread value out of range 4 > 3 $ virsh iothreadpin $dom 3 error: command 'iothreadpin' requires option 2015-03-12 John Ferlan qemu: Add support to pin IOThreads to specific CPU Add qemuDomainPinIOThread to handle setting the CPU affinity for a specific IOThread 2015-03-12 John Ferlan domain: Introduce virDomainIOThreadsPin{Add|Del} https://bugzilla.redhat.com/show_bug.cgi?id=1135491 More or less a virtual copy of the existing virDomainVcpuPin{Add|Del} API's. NB: The IOThreads implementation "reused" the virDomainVcpuPinDefPtr since it provided everything necessary - an "id" and a "map" for each thread id configured. 2015-03-12 John Ferlan remote: Implement the plumbing for virDomainPinIOThread Implement the remote plumbing. 2015-03-12 John Ferlan Implement public API for virDomainPinIOThread Add virDomainPinIOThread to allow setting the CPU affinity for a specific IOThread based on the output generated from virDomainGetIOThreadsInfo The API supports updating both the --live domain and the --config data 2015-03-11 Michal Privoznik virNetworkObjFindBy*: Return an reference to found object This patch turns both virNetworkObjFindByUUID() and virNetworkObjFindByName() to return an referenced object so that even if caller unlocks it, it's for sure that object won't disappear meanwhile. Especially if the object (in general) is locked and unlocked during the caller run. Moreover, this commit is nicely small, since the object unrefing can be done in virNetworkObjEndAPI(). virNetworkObjListPtr: Make APIs self-locking Every API that touches internal structure of the object must lock the object first. Not every API that has the object as an argument needs to do that though. Some APIs just pass the object to lower layers which, however, must lock the object then. Look at the code, you'll get my meaning soon. network_conf: Introduce locked versions of lookup functions This is going to be needed later, when some functions already have the virNetworkObjList object already locked and need to lookup a object to work on. As an example of such function is virNetworkAssignDef(). The other use case might be in virNetworkObjListForEach() callback. virNetworkObjList: Derive from virObjectLockableClass Later we can turn APIs to lock the object if needed instead of relying on caller to mutually exclude itself (probably done by locking a big lock anyway). parallels_network: Use virNetworkObjEndAPI So far, this is pure code replacement. But once we introduce reference counting to virNetworkObj this will be more handy as there'll be only one function to change: virNetworkObjEndAPI(). test_driver: Use virNetworkObjEndAPI So far, this is pure code replacement. But once we introduce reference counting to virNetworkObj this will be more handy as there'll be only one function to change: virNetworkObjEndAPI(). bridge_driver: Use virNetworkObjEndAPI So far, this is pure code replacement. But once we introduce reference counting to virNetworkObj this will be more handy as there'll be only one function to change: virNetworkObjEndAPI(). network_conf: Introduce virNetworkObjEndAPI This is practically copy of qemuDomObjEndAPI. The reason why is it so widely available is to avoid code duplication, since the function is going to be called from our bridge driver, test driver and parallels driver too. network_conf: Make virNetworkObj actually virObject So far it's just a structure which happens to have 'Obj' in its name, but otherwise it not related to virObject at all. No reference counting, not virObjectLock(), nothing. virNetworkObjListPtr: Turn list into a hash table 2015-03-11 Peter Krempa qemu: monitor: Kill qemuMonitorGetBlockStats(Info,ParamsNumber) The functions and their QMP and HMP implementations are no longer needed since everything is now done via the *AllStats functions. test: qemu: json: Avoid using the now obsolete functions Use the new single function instead of calling qemuMonitorJSONGetBlockStatsInfo and qemuMonitorJSONGetBlockStatsParamsNumber. This will allow to delete the functions later while still maintaining coverage. 2015-03-11 Peter Krempa qemu: blockstats: Refactor qemuDomainBlockStatsFlags Now that qemuDomainBlocksStatsGather provides functions of both qemuMonitorGetBlockStatsParamsNumber and qemuMonitorGetBlockStatsInfo we can reuse it and kill a lot of code. Additionally as a bonus qemuDomainBlockStatsFlags will now support summary statistics so add a statement to the virsh man page about that. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1142636 2015-03-11 Peter Krempa qemu: blockstats: Add support for totalled block statistics In the LXC driver, if the disk path is not provided the API returns total statistics for all disks of the domain. With the new text monitor implementation this can be now done in the qemu driver too. Add code that wil total the stats for all disks if the path is not provided. 2015-03-11 Peter Krempa qemu: Split out working code qemuDomainBlockStats Extract the code to look up the disk alias and return the block stats struct so that it can be reused later in qemuDomainBlockStatsFlags. The function uses qemuMonitorGetAllBlockStatsInfo instead of qemuMonitorGetBlockStatsInfo. 2015-03-11 Peter Krempa qemu: monitor: Count block stats fields in qemuMonitorGetAllBlockStatsInfo Our virDomainBlockStatsFlags API uses the old approach where, when it's called without the typed parameter array, returns the count of parameters supported by qemu. The supported parameter count is obtained via separate monitor calls which is a waste since we can calculate it when gathering the data. This patch adds code to the qemuMonitorGetAllBlockStatsInfo workers that allows to track the count of supported fields reported by qemu and will allow to remove the old duplicate code. 2015-03-11 Peter Krempa qemu: monitor: Convert common code to a macro The function that is extracting block stats data from the QMP monitor reply contains a lot of repeated code. Since I'd be changing each of the copies in the next patch, lets convert it to a macro right away. 2015-03-11 Peter Krempa qemu: monitor: Implement HMP version for listing all block device stats Add a different version of parser for "info blockstats" that basically parses the same information as the existing copy of the function. This will allow us to remove the single device version qemuMonitorGetBlockStatsInfo in the future. The new implementation uses few new helpers so it should be more understandable and provides a test case to verify that it works. 2015-03-11 Peter Krempa test: qemu: Fix qemu monitor test utils to allow testing HMP qemu HMP commands sent by libvirt are terminated just by a '\r'. The fake monitor used in tests wasn't prepared to handle this and the communication would hang on an attempt to do a HMP conversation. Add a special case for handling commands separated by \r in case HMP is used. 2015-03-11 Peter Krempa qemu: blockstats: Switch to caller allocated hash table Allocate the hash table in the monitor wrapper function instead of the worker itself so that the text monitor impl that will be added in the next patch doesn't have to duplicate it. qemu: monitor: Drop parsing of 'errs' from block info The error count statistic is not supported by qemu, so there's no need to pass the variables around if the result is ignored anyways. qemu: Use macro to set block stats typed parameters All the setters are the same code except for parameter name and variable, so they can be converted to a macro to save a ton of duplicated code. 2015-03-11 Michal Privoznik RNG: Allow multiple parameters to be passed to an interface filter Our code supports that for ages. When using a to an several parameters can be passed to the filter. Later, when building firewall rules, parameters are substituted for their values. However, our RNG schema allowed only one parameter to be passed. Reported-by: Brian Rak 2015-03-11 Maxim Nestratov parallels: prevent domain define only if vcpupin is specified and their settings differ from common cpumask parallels: prevent domain define only if NUMA is really specified parallels: don't forget to unlock domain in parallelsDomainHasManagedSaveImage parallels: cpumask support 2015-03-11 Michael Chapman domain_conf: fix crash in virDomainObjListFindByUUIDInternal If a domain object is being removed and looked up concurrently we must ensure we unlock the object before unreferencing it, since the latter might free the object. The flaw was introduced in commit feb1a4d792e1c35b1009e69c00bf351b39. 2015-03-11 Michael Chapman {domain, network}_conf: disable autostart when deleting config Undefining a running, autostarted domain removes the autostart link, but dom->autostart is not cleared. If the domain is subsequently redefined, libvirt thinks it is already autostarted and will not create the link even if requested: # virsh dominfo example | grep Autostart Autostart: enable # ls /etc/libvirt/qemu/autostart/example.xml /etc/libvirt/qemu/autostart/example.xml # virsh undefine example Domain example has been undefined # virsh define example.xml Domain example defined from example.xml # virsh dominfo example | grep Autostart Autostart: enable # virsh autostart example Domain example marked as autostarted # ls /etc/libvirt/qemu/autostart/example.xml ls: cannot access /etc/libvirt/qemu/autostart/example.xml: No such file or directory This commit ensures dom->autostart is cleared whenever the config and autostart link (if present) are removed. The bridge network driver cleared this flag itself in networkUndefine. This commit moves this into virNetworkDeleteConfig for symmetry with virDomainDeleteConfig, and to ensure it is not missed in future network drivers. 2015-03-11 Luyao Huang qemu: Remove unnecessary virReportError on networkGetNetworkAddress return Error messages are already set in all code paths returning -1 from networkGetNetworkAddress, so we don't want to overwrite them. 2015-03-11 Michal Privoznik virQEMUCapsInitQMP: Don't dispose locked @vm When creating qemu capabilities, a dummy virDomainObj is created just because our monitor code expects that. However, the object is created locked already. Then, under cleanup label, we simply unref the object which results in whole domain object to be disposed. The object lock is destroyed subsequently, but hey - it's still locked: ==24845== Thread #14's call to pthread_mutex_destroy failed ==24845== with error code 16 (EBUSY: Device or resource busy) ==24845== at 0x4C3024E: pthread_mutex_destroy (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so) ==24845== by 0x531F72E: virMutexDestroy (virthread.c:83) ==24845== by 0x5302977: virObjectLockableDispose (virobject.c:237) ==24845== by 0x5302A89: virObjectUnref (virobject.c:265) ==24845== by 0x1DD37866: virQEMUCapsInitQMP (qemu_capabilities.c:3397) ==24845== by 0x1DD37CC6: virQEMUCapsNewForBinary (qemu_capabilities.c:3481) ==24845== by 0x1DD381E2: virQEMUCapsCacheLookup (qemu_capabilities.c:3609) ==24845== by 0x1DD30F8A: virQEMUCapsInitGuest (qemu_capabilities.c:744) ==24845== by 0x1DD31889: virQEMUCapsInit (qemu_capabilities.c:1020) ==24845== by 0x1DD7DD36: virQEMUDriverCreateCapabilities (qemu_conf.c:888) ==24845== by 0x1DDC57C0: qemuStateInitialize (qemu_driver.c:803) ==24845== by 0x53DC743: virStateInitialize (libvirt.c:777) ==24845== 2015-03-10 Chen Fan qemu: fix memory leak in qemuAgentGetFSInfo in virDomainFSInfoFree(), don't free the virDomainFSInfo data. ==10670== 80 bytes in 2 blocks are definitely lost in loss record 576 of 793 ==10670== at 0x4A06BC3: calloc (vg_replace_malloc.c:618) ==10670== by 0x509DEBD: virAlloc (viralloc.c:144) ==10670== by 0x19FBD558: qemuAgentGetFSInfo (qemu_agent.c:1837) ==10670== by 0x1A03CF91: qemuDomainGetFSInfo (qemu_driver.c:19238) 2015-03-10 Ján Tomko Reverse the logic in virbitmaptest Test the whole range in testBit, not just the first bit. Use virBitmapNextClearBit in networkNextClassID Instead of finding the next clear bit by calling virBitmapGetBit in a loop, use the virBitmapNextClearBit helper. 2015-03-10 Laine Stump qemu: don't fill in nicindexes for session mode libvirtd Commit 4bbe1029f fixed a problem in commit f7afeddc by moving the call to virNetDevGetIndex() to a location common to all interface types (so that the nicindex array would be filled in for macvtap as well as tap interfaces), but the location was *too* common, as the original call to virNetDevGetIndex() had been in a section qualified by "if (cfg->privileged)". The result was that the "fixed" libvirtd would try to call virNetDevGetIndex() even for session mode libvirtd, and end up failing with the log message: Unable to open control socket: Operation not permitted To remedy that, this patch qualifies the call to virNetDevGetIndex() in its new location with cfg->privileged. This resolves https://bugzilla.redhat.com/show_bug.cgi?id=1198244 2015-03-10 Michal Privoznik virnet*: Don't unlock object in dispose As of bba93d40 all of our RPC objects are derived from virObjectLockable. However, during rewrite some errors sneaked in. For instance, the dispose functions to virNetClient and virNetServerClient objects were not only freeing allocated memory, but unlocking themselves. This is wrong. Object should never disappear while locked. 2015-03-10 Pavel Hrdina docs: add a note that spice channel is usable only with spice graphics To prevent a confusion about missing chardev argument in qemu command line add a note about that behavior into documentation. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1129198 2015-03-09 Pavel Hrdina net-define: update or unify documentation Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1127045 pool-define: update and unify documentation Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1127045 iface-define: update and unify documentation Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1127045 2015-03-09 Michal Privoznik network_conf: Turn struct _virNetworkObjList private Now that all the code uses accessors, don't expose the structure anyway. network_conf: Turn virNetworkObjList into virObject Well, one day this will be self-locking object, but not today. But lets prepare the code for that! Moreover, virNetworkObjListFree() is no longer needed, so turn it into virNetworkObjListDispose(). parallels_network: Adapt to new virNetworkObjList accessors test_driver: Adapt to new virNetworkObjList accessors bridge_driver: Adapt to new virNetworkObjList accessors network_conf: Introduce virNetworkObjListPrune The API will iterate over the list of network object and remove desired ones from it. network_conf: Introduce virNetworkObjListNumOfNetworks An accessor following pattern laid out by virDomainObjList* APIs. network_conf: Introduce virNetworkObjListGetNames An accessor following pattern laid out by virDomainObjList* APIs. network_conf: Introduce virNetworkObjListForEach This API will be used in the future to call passed callback over each network object in the list. It's slightly different to its virDomainObjListForEach counterpart, because virDomainObjList uses a hash table to store domain object, while virNetworkObjList uses an array. 2015-03-09 Jiri Denemark sanlock: Don't spam logs with "target pid not found" Commit v1.2.4-52-gda879e5 fixed issues with domains started before sanlock driver was enabled by checking whether a running domain is registered with sanlock and if it's not, sanlock driver is basically ignored for the domain. However, it was checking this even for domain which has just been started and no sanlock_* API was called for them yet. This results in cmd 9 target pid 2135544 not found error messages to appear in sanlock.log whenever we start a new domain. This patch avoids this useless check for freshly started domains. 2015-03-09 Jiri Denemark locking: Fix flags in virLockManagerLockDaemonNew virLockManager*New APIs are never called with VIR_LOCK_MANAGER_USES_STATE. Moreover, lockd driver does not maintain any state that would need to be transferred during migration and thus it should not mention VIR_LOCK_MANAGER_USES_STATE at all. 2015-03-09 Pavel Hrdina tests: fix qemuxml2argvtest to be arch independent Commit 5aee81a0 introduced a new test for disk-serial. The test fails on i686 arch because there is no need to add "-cpu qemu32" to command line. To fix the test update emulator in XML to "/usr/bin/qemu" so we don't add the "-cpu qemu32" to command while running the test on i686 or x86_64 host. 2015-03-09 John Ferlan qemu: Change qemuDomainGetEmulatorPinInfo bitmap manipulation Follow-up to the IOThread review on CPU affinity map manipulation: http://www.redhat.com/archives/libvir-list/2015-March/msg00294.html indicates that the GetEmulatorPinInfo could use similar algorithm adjustments which is what this patch does. 2015-03-09 John Ferlan qemu: Change qemuDomainGetVcpuPinInfo bitmap manipulation Follow-up to the IOThread review on CPU affinity map manipulation: http://www.redhat.com/archives/libvir-list/2015-March/msg00294.html indicates that the GetVcpuPinInfo could use similar algorithm adjustments which is what this patch does. 2015-03-09 John Ferlan qemu: Resolve Coverity CHECKED_RETURN issue By adding a call and check of return of virBitmapToData to the IOThreads code, my Coverity checker lets me know qemuDomainHelperGetVcpus also needs to check the status... 2015-03-09 John Ferlan qemu: Change/Fix IOThread CPU affinity bitmap manipulation Based on review: http://www.redhat.com/archives/libvir-list/2015-March/msg00294.html Adjust how the cpumap and cpumaplen to be returned are generated 2015-03-09 John Ferlan Remove ReadOnly check for GetIOThreadsInfo Fix syntax for vcpupin description 2015-03-09 Martin Kletzander tests: Add test for os interleaving We don't usually do tests purely for one change, but one change was special because when users will migrate to OVMF/AAVMF, commit 18f9f69b makes their lives easier by allowing them to interleave inside . It would be nice of us to keep the possibility of them pasting the loader and nvram elements wherever it is valid, hence this test. tests: Add test for virtio-mmio address type Commit 3e4b783e fixed an issue with RNG schema where this address type was missing, this commit adds a test for it. 2015-03-06 Michal Privoznik domain_conf: Format without address correctly We have something like pvpanic device. However, in some cases it does not have any address assigned, in which case we produce this ugly XML (still valid though): /usr/bin/qemu ... Lets format "" instead. 2015-03-06 Daniel P. Berrange Refresh translations from Zanata Delete .po files which contain zero translated strings. Refresh the .pot file and pull down latest translations from Zanata. When refreshing the libvirt.pot, it can be pushed to zanata and .po files resynchonized using # cd po # rm libvirt.pot # make libvirt.pot # zanata-cli push # zanata-cli pull Note there is no need for 'make update-po', as long as you do a zanata push, immediately followed by zanata pull, as the Zanata server will ensure the .po files downloaded match the just pushed .pot file. Note at time of writing, it is strongly recommended to only use the zanata Java client binary (zanata-cli), and not the python client binary (zanata). This is because the moderately large size of the libvirt pot file is causing errors when the python client tries to push, which have been known to result in the loss of all translations on the server, as well as also preventing uploading of .po files themselves :-( 2015-03-06 John Ferlan virsh: Add 'iothreadsinfo' command Add the 'iothreadsinfo' command to display IOThread Info data. Allow for [--live] or [--config] options in order to display live or config data for an active domain. $ virsh iothreadsinfo --help NAME iothreadsinfo - view domain IOThreads SYNOPSIS iothreadsinfo [--config] [--live] [--current] DESCRIPTION Returns basic information about the domain IOThreads. OPTIONS [--domain] domain name, id or uuid --config affect next boot --live affect running domain --current affect current domain An active domain may return: $ virsh iothreads $dom IOThread ID CPU Affinity --------------------------------------------------- 1 2 2 3 3 0 $ echo $? 0 For domains which don't have IOThreads the following is returned: $ virsh iothreads $dom No IOThreads found for the domain $ echo $? 0 For domains which are not running the following is returned: $ virsh iothreads $dom --live error: Unable to get domain IOThreads information error: Requested operation is not valid: domain is not running $ echo $? 1 Editing a domains configuration and modifying the iothreadpin data for thread 3 from nothing provided to setting a cpuset of '0-1' and then displaying using --config would display: $ virsh iothreads f18iothr --config IOThread ID CPU Affinity ---------------------------- 1 2 2 3 3 0-1 $ 2015-03-06 John Ferlan qemu: Implement the qemu driver fetch for IOThreads Depending on the flags passed, either attempt to return the active/live IOThread data for the domain or the config data. The active/live path will call into the Monitor in order to get the IOThread data and then correlate the thread_id's returned from the monitor to the currently running system/threads in order to ascertain the affinity for each iothread_id. The config path will map each of the configured IOThreads and return any configured iothreadspin data 2015-03-06 John Ferlan remote: Implement the remote plumbing for virDomainGetIOThreadsInfo Implement the remote plumbing for virDomainGetIOThreadsInfo 2015-03-06 John Ferlan Implement public API for virDomainGetIOThreadsInfo Add virDomainGetIOThreadInfo in order to return a list of virDomainIOThreadInfoPtr structures which list the IOThread ID and the CPU Affinity map for each IOThread for the domain. For an active domain, the live data will be returned, while for an inactive domain, the config data will be returned. The API supports either the --live or --config flag, but not both. Also added virDomainIOThreadsInfoFree in order to free the cpumap and the IOThreadInfo structure. 2015-03-06 Pavel Hrdina memtune: change the way how we store unlimited value There was a mess in the way how we store unlimited value for memory limits and how we handled values provided by user. Internally there were two possible ways how to store unlimited value: as 0 value or as VIR_DOMAIN_MEMORY_PARAM_UNLIMITED. Because we chose to store memory limits as unsigned long long, we cannot use -1 to represent unlimited. It's much easier for us to say that everything greater than VIR_DOMAIN_MEMORY_PARAM_UNLIMITED means unlimited and leave 0 as valid value despite that it makes no sense to set limit to 0. Remove unnecessary function virCompareLimitUlong. The update of test is to prevent the 0 to be miss-used as unlimited in future. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146539 2015-03-06 Pavel Hrdina virutil: introduce helper functions for memory limits The first one is to truncate the memory limit to VIR_DOMAIN_MEMORY_PARAM_UNLIMITED if the value is greater and the second one is to decide whether the memory limit is set or not, unlimited means that it's not set. virsh: fix memtune to also accept 0 as valid value Fix vshMemtuneGetSize to return correct value. We can then decide according that return code whether a parameter is present and valid or not. This will allow as to accept 0 as a valid value. 2015-03-06 Stefan Berger qemu: Pass file descriptor when using TPM passthrough Pass the TPM file descriptor to QEMU via command line. Instead of passing /dev/tpm0 we now pass /dev/fdset/10 and the additional parameters -add-fd set=10,fd=20. This addresses the use case when QEMU is started with non-root privileges and QEMU cannot open /dev/tpm0 for example. 2015-03-06 Stefan Berger qemu: Move TPM command line build code into own function Move the TPM command line build code into its own function. utils: Implement virCommandPassFDGetFDIndex Implement virCommandPassFDGetFDIndex to determine the index a given file descriptor will have when passed to the child process. 2015-03-06 Jim Fehlig libxl: remove unneeded cleanup_unlock label In the old days of a global driver lock, it was necessary to unlock the driver after a domain restore operation. When the global lock was removed from the driver, some remnants were left behind in libxlDomainRestoreFlags. Remove this unneeded (and incorrect) code. libxl: use libxl_ctx passed to libxlConsoleCallback Instead of using the libxl_ctx in the libxlDomainObjPrivatePtr, use the ctx passed to the callback. libxl: remove redundant calls to libxl_evdisable_domain_death Domain death watch is already disabled in libxlDomainCleanup. No need to disable it a second and third time. 2015-03-05 Peter Krempa spec: Enable RBD storage driver in RHEL-7 Use correct package names too as they differ. 2015-03-05 Peter Krempa conf: Remove duplicate entries in by namespace Since the APIs support just one element per namespace and while modifying an element all duplicates would be removed, let's do this right away in the post parse callback. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1190590 2015-03-05 Michal Privoznik qemu: Allow spaces in disk serial https://bugzilla.redhat.com/show_bug.cgi?id=1195660 There's been a bug report appearing on the qemu-devel list, that libvirt is unable to pass spaces in disk serial number [1]. Not only our RNG schema forbids that, the code is not prepared either. However, with a bit of escaping (if needed) we can allow spaces there. 1: https://lists.gnu.org/archive/html/qemu-devel/2015-02/msg04041.html 2015-03-05 Ján Tomko Fix build on mingw Last commit unconditionally included a linux-specific header. Do not do that. 2015-03-05 James Chapman SRIOV NIC offload feature discovery Adding functionality to libvirt that will allow it query the ethtool interface for the availability of certain NIC HW offload features Here is an example of the feature XML definition: net_eth4_90_e2_ba_5e_a5_45 /sys/devices/pci0000:00/0000:00:03.0/0000:08:00.1/net/eth4 pci_0000_08_00_1 eth4
    90:e2:ba:5e:a5:45
     2015-03-05 Michal Privoznik parallels: Cleanup partly opened drivers on connect open failure Well, the parallelsConnectOpen() joins several sub-driver openings into one big if condition. If any of sub-driver fails to open, the whole API finishes immediately. The problem is, sub-drivers may have left some memory allocated. Fortunately, we have a free function for that: parallelsConnectClose(). This is, however, not prepared for partially allocated driver structure. So, prepare the free function for it and call it at the right place, in the if body. 2015-03-04 Erik Skultety storage: tweak condition to properly test lseek According to the POSIX standard, off_t (returned by lseek) is defined as signed integral type no shorter than int. Because our offset variable is defined as unsigned long long, the original check was passed successfully if UINT64_MAX had been used as offset value, due to implicit conversion. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1177219 2015-03-04 Erik Skultety virsh: tweak domif-getlink link state reporting message According to docs, we only support 2 link states for an interface up/down, 'up' being the default state if link state is unspecified in domain's XML, so the message when no link state is provided should be changed a little. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1141119 2015-03-04 Shanzhi Yu qemu: snapshot: Don't skip check for qcow2 format with network disks When the domain's source disk type is network, if source protocol is rbd or sheepdog, the 'if().. break' will end the current case, which lead to miss check the driver type is raw or qcow2. Libvirt will allow to create internal snapshot for a running domain with raw format disk which based on rbd storage. While both protocols support internal snapshots of the disk qemu is not able to use it as it requires some place to store the memory image. The check if the disk is backed by a qcow2 image needs to be executed always. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1179533 2015-03-04 Peter Krempa qemu: Allow inactive domains in qemuDomainGetControlInfo() Inactive domains can still be stuck in a job or other problems. Add a way to detect it. 2015-03-04 Peter Krempa qemu: Properly report error state in qemuDomainGetControlInfo() Previously when a domain would get stuck in a domain job due to a programming mistake we'd report the following control state: $ virsh domcontrol domain occupied (1424343406.150s) The timestamp is invalid as the monitor was not entered for that domain. We can use that to detect that the domain has an active job and report a better error instead: $ virsh domcontrol domain error: internal (locking) error 2015-03-04 Michal Privoznik conf: s/virNetworkFindByName/virNetworkObjFindByName/ It's returning virNetworkObjPtr after all. And it matches the pattern laid out by domain_conf.h. conf: s/virNetworkFindByUUID/virNetworkObjFindByUUID/ It's returning virNetworkObjPtr after all. And it matches the pattern laid out by domain_conf.h. bridge_driver: s/virNetworkObjList/virNetworkObjListPtr/ In order to hide the object internals (and use just accessors everywhere), lets store a pointer to the object, instead of object itself. parallels: s/virNetworkObjList/virNetworkObjListPtr/ In order to hide the object internals (and use just accessors everywhere), lets store a pointer to the object, instead of object itself. test_driver: s/virNetworkObjList/virNetworkObjListPtr/ In order to hide the object internals (and use just accessors everywhere), lets store a pointer to the object, instead of object itself. virNetworkObjListExport: Pass virNetworkObjListPtr Instead of copying the whole object onto stack when calling the function, just pass the pointer to the object and save up some space on the stack. Moreover, this prepares the code to hide the virNetworkObjList structure into network_conf.c and use accessors only. virNetworkObjListFree: Accept NULL All of our vir*Free() functions should accept NULL, even though that there's no way of actually passing NULL with current code. virNetworkObjIsDuplicate: s/@doms/@nets/ This is probably a copy-paste error from virDomainObj* counterpart. But when speaking of virNetworkObj we should use variable @nets for an array of networks, rather than @doms. It's just confusing. networkGetNetworkAddress: Drop empty 'error' label Moreover, there are two points within the function, where we're missing 'goto cleanup'. Fix this too. testNetworkUpdate: Unlock network at the end Silly this bug went unnoticed so long. At the beginning we try to find the passed network in the list of network objects. If found, it's locked and real work takes place. Then, in the end, the network object is never unlocked. bridge_driver: Don't check network active unlocked Okay, this is mainly for educational purposes since is called from single point only with all the possible locks held. So there's no way for other thread to hop in and do something wrong. Nevertheless, we should not give bad example. 2015-03-04 Michal Privoznik networkLookupByUUID: Improve error message We have this function networkObjFromNetwork() which for given virNetworkPtr tries to find corresponding virNetworkObjPtr. If no object is found, a nice error message is printed out: no network with matching uuid '$uuid' ($name) Let's improve the error message produced by networkLookupByUUID to follow that logic. 2015-03-03 Michal Privoznik qemuProcessReconnect: Fill in pid file path https://bugzilla.redhat.com/show_bug.cgi?id=1197600 So, libvirt uses pid file to track pid of started qemus. Whenever a domain is started, its pid is put into corresponding pid file. The pid file path is generated based on domain name and stored into domain object internals. However, it's not stored in the status XML and therefore lost on daemon restarts. Hence, later, when domain is being shut down, the daemon does not know which pid file to unlink, and the correct pid file is left behind. To avoid this, lets generate the pid file path again in qemuProcessReconnect(). Reported-by: Luyao Huang 2015-03-03 Pavel Hrdina qemu: check defaultMode for spice graphics independently Instead of checking defaultMode for every channel that has no mode configured, test it only once outside of channel loop. This fixes a bug that in case all possible channels are fore example set to insecure, but defaultMode is set to secure, we wouldn't auto-generate TLS port. This results in failure while starting a guest. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1143832 2015-03-03 Pavel Hrdina qemu: remove duplicated code for allocating spice ports We have two different places that needs to be updated while touching code for allocation spice ports. Add a bool option to 'qemuProcessSPICEAllocatePorts' function to switch between true and fake allocation so we can use this function also in qemu_driver to generate native domain definition. 2015-03-03 Prerna Saxena tests : Add test for 'ppc64le' architecture. RNG: Add 'ppc64le' arch and newer pseries-2.* machine types Acked-by: Ján Tomko 2015-03-03 Peter Krempa schema: Fix interface link state schema In commit edd1295e1da6bfe8e4e257e5fbfad71ac0bf7c87 I've introduced an XML element that allows to configure state of the network interface link. Somehow the RNG schema hunk ended up in a weird place in the network schema definition. Move it to the right place and add a test case. Note that the link state is set up via the monitor at VM startup so I originally didn't think of adding a test case. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1173468 2015-03-03 Martin Kletzander conf: De-duplicate scheduling policy enums Since adding the support for scheduler policy settings in commit 8680ea97, there are two enums with the same information. That was caused by rewriting the patch since first draft. Find out thanks to clang, but there was no impact whatsoever. 2015-03-03 Martin Kletzander qemu: Don't crash in qemuDomainOpenChannel() The problem here was that when opening a channel, we were checking whether the channel given is alias (can't be NULL for running domain) or it's name, which can be NULL (for example with spicevmc). In case of such domain qemuDomainOpenChannel() made the daemon crash. STREQ_NULLABLE() is safe to use since the code in question is wrapped in "if (name)" and is more readable, so use that instead of checking for non-NULL "vm->def->channels[i]->target.name". 2015-03-03 John Ferlan virsh.pod: Update find-storage-pool-sources[-as] man page https://bugzilla.redhat.com/show_bug.cgi?id=921426 Add to the man page a more complete description of what exactly the command expects on input and will return on output based on what is currently supported. Perhaps missing findPoolSources implementations are backends for sheepdog and rbd. Also missing any backend is zfs. 2015-03-03 John Ferlan iscsi: Adjust error message for findStorageSources backend The virStorageBackendISCSIFindPoolSources API only needs the 'host' name in order to discover iSCSI pools, it returns the various device paths. On input, it's also possible to further restrict a search by providing the port attribute for the host element and the (undocumented) initiator element. For example: $ virsh find-storage-pool-sources-as iscsi error: Failed to find any iscsi pool sources error: invalid argument: hostname and device path must be specified for iscsi sources $ virsh find-storage-pool-sources-as iscsi 192.168.122.1 2015-03-03 John Ferlan virsh.pod: Add information regarding LXC for setmem, memtune, and dominfo https://bugzilla.redhat.com/show_bug.cgi?id=1070695 Modify the virsh man page to more accurately describe which values are set by the virsh setmem and displayed by the virsh memtune or dominfo based on the setmem command results. 2015-03-03 John Ferlan disk: Provide a default storage source format type. https://bugzilla.redhat.com/show_bug.cgi?id=1181062 According to the formatstorage.html description for element and "format" attribute: "All drivers are required to have a default value for this, so it is optional." As it turns out the disk backend did not choose a default value, so I added a default of "msdos" if the source type is "unknown" as well as updating the storage.html backend disk volume driver documentation to indicate the default format is dos. 2015-03-03 John Ferlan disk: Disallow duplicated target 'dev' values https://bugzilla.redhat.com/show_bug.cgi?id=1142631 This patch resolves a situation where the same "" can be used for multiple disks in the domain. While the $name is "mostly" advisory regarding the expected order that the disk is added to the domain and not guaranteed to map to the device name in the guest OS, it still should be unique enough such that other domblk* type operations can be performed. Without the patch, the domblklist will list the same Target twice: $ virsh domblklist $dom Target Source ------------------------------------------------ sda /var/lib/libvirt/images/file.qcow2 sda /var/lib/libvirt/images/file.img Additionally, getting domblkstat, domblkerror, domblkinfo, and other block* type calls will not be able to reference the second target. Fortunately, hotplug disallows adding a "third" sda value: $ qemu-img create -f raw /var/lib/libvirt/images/file2.img 10M $ virsh attach-disk $dom /var/lib/libvirt/images/file2.img sda error: Failed to attach disk error: operation failed: target sda already exists $ BUT, it since 'sdb' doesn't exist one would get the following on the same hotplug attempt, but changing to use 'sdb' instead of 'sda' $ virsh attach-disk $dom /var/lib/libvirt/images/file2.img sdb error: Failed to attach disk error: internal error: unable to execute QEMU command 'device_add': Duplicate ID 'scsi0-0-1' for device $ Since we cannot fix this issue at parsing time, the best that can be done so as to not "lose" a domain is to make the check prior to starting the guest with the results as follows: $ virsh start $dom error: Failed to start domain $dom error: XML error: target 'sda' duplicated for disk sources '/var/lib/libvirt/images/file.qcow2' and '/var/lib/libvirt/images/file.img' $ Running 'make check' found a few more instances in the tests where this duplicated target dev value was being used. These also exhibited some duplicated 'id=' values (negating the uniqueness argument of aliases) in the corresponding .args file and of course the *xmlout version of a few input XML files. 2015-03-03 John Ferlan virsh: Adjust domblklist to understand disk volume syntax A disk using a source pool is listed as having a source '-' in domblklist because it doesn't check the right XML syntax to find the source. Add a check for "./source/volume" which is where the "path" (of sorts) to the volume name is described. 2015-03-02 Peter Krempa conf: numa: Add helper to count total memory size configured in NUMA The total NUMA memory consists of the sum of individual NUMA node memory amounts. 2015-03-02 Peter Krempa qemu: Forbid setting maximum memory size with the API with NUMA enabled NUMA enabled guest configuration explicitly specifies memory sizes for individual nodes. Allowing the virDomainSetMemoryFlags API (and friends) to change the total doesn't make sense as the individual node configs are not updated in that case. Forbid use of the API in case NUMA is specified. 2015-03-02 Peter Krempa phyp: Fix error messages mentioning memory The messages for currentMemory and memory were swapped. 2015-03-02 Erik Skultety docs: add a note that attr 'managed' is only used by PCI devices Our documentation isn't 100% clear about hostdev 'managed' attribute usage, because it only makes sense to use it with PCI devices, yet we format this attribute to all hostdev devices. By adding a note into the docs, we can possibly avoid confusion from customer's side and also avoid a solution using ternary logic. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1155887 2015-03-02 Peter Krempa storage: sheepdog: Avoid skipping variable initialization Commit 155ca616eb231181f6978efc9e3a1eb0eb60af8a added a error message that skips initialization of the 'cmd' variable. Fortunately it was not released. 2015-03-02 Ján Tomko Check if domain is running in qemuDomainAgentIsAvailable If the domain is not running, the agent will not respond. Do not even try. https://bugzilla.redhat.com/show_bug.cgi?id=872424 2015-03-02 Ján Tomko Pass virDomainObjPtr to qemuDomainAgentAvailable Not just the DomainObj's private data. Check for qemu guest agent availability after getting the job This way checks requiring the job can be done in qemuDomainAgentAvailable. 2015-03-02 Ján Tomko Allow creating volumes with a backing store but no capacity The tool creating the image can get the capacity from the backing storage. Just refresh the volume afterwards. https://bugzilla.redhat.com/show_bug.cgi?id=958510 2015-03-02 Ján Tomko Allow omitting volume capacity when backing store is specified Add VIR_VOL_XML_PARSE_OPT_CAPACITY flag to virStorageVolDefParseXML. With this flag, no error is reported when the capacity is missing if there is a backing store. 2015-03-02 Ján Tomko Revert "Restore skipping of setting capacity" This reverts commit f1856eb622fde2e6c3a6a932d1dded7f1691d205. Now that we can update capacity from image metadata, we don't need to skip the update. 2015-03-02 Ján Tomko Probe for capacity in virStorageBackendUpdateVolTargetInfo Instead of just looking at the output of fstat, call virStorageFileGetMetadata to get the full capacity from image headers. Note that the capacity is probed unconditionally. The updateCapacity bool parameter is ignored and will be removed in the following commit. 2015-03-02 Ján Tomko Allow cloning volumes with no capacity specified In virStorageVolCreateXML, add VIR_VOL_XML_PARSE_NO_CAPACITY to the call parsing the XML of the new volume to make the capacity optional. If the capacity is omitted, use the capacity of the old volume. We already do that for values that are less than the original volume capacity. 2015-03-02 Ján Tomko Allow parsing volumes without specifying the capacity Add VIR_VOL_XML_PARSE_NO_CAPACITY flag to the volume XML parser. When set, it allows the capacity element to be omitted. Parse backingStore before capacity in volume XML So we can allow omitting the capacity element if backing store is present. Add flags argument to virStorageVolDefParse* Allow the callers to pass down libvirt-internal flags. Add --migratable support to virsh cpu-baseline Wire up VIR_CONNECT_BASELINE_CPU_MIGRATABLE to this command line option. Trivially implement VIR_CONNECT_BASELINE_CPU_MIGRATABLE for non-x86 cpus Assume no features block migration. Implement VIR_CONNECT_BASELINE_CPU_MIGRATABLE in the x86 cpu driver Filter out non-migratable features if VIR_CONNECT_BASELINE_CPU_MIGRATABLE was specified. 2015-03-02 Ján Tomko Add VIR_CONNECT_BASELINE_CPU_MIGRATABLE flag This flag for virConnectBaselineCPU will allow filtering out CPU features that block migration from the result. https://bugzilla.redhat.com/show_bug.cgi?id=1171484 2015-03-02 Ján Tomko Use virBufferTrim when generating boot options Instead of tracking the number of added parameters, add a comma at the end of each one unconditionally and trim the trailing one at the end. 2015-03-02 Ján Tomko Make -boot arg generation more readable If we combine the boot order on the command line with other boot options, we prepend order= in front of it. Instead of checking if the number of added arguments is between 0 and 2, separate the strings for boot order and options and prepend boot order only if both strings are not empty. 2015-03-02 Ján Tomko Remove code handling the QEMU_CAPS_DOMID capability This option is xenner-only (since commit b81a7ece), and we dropped support for xenner in commit de9be0a. 2015-03-02 Ján Tomko Remove bootloader option from QEMU It was only supported by xenner (since commit 763a59d8), for which we removed support in commit de9be0a. Remove the code generating this command line option, refuse to parse it and delete the outdated tests. https://bugzilla.redhat.com/show_bug.cgi?id=1176050 2015-03-02 Ján Tomko Post-release version bump for new dev cycle 2015-03-02 Daniel Veillard Release of libvirt-1.2.13 2015-02-27 Michal Privoznik docs: Add mist.io as libvirt-based application As reported on the libvirt-users list [1], there's new web application called mist.io which uses libvirt as one of its backends. Lets add it into our list of libivrt based applications. 1: https://www.redhat.com/archives/libvirt-users/2015-February/msg00096.html 2015-02-27 Ján Tomko Really fix XML formatting flags in SaveImageUpdateDef Commit cf2d4c6 used a logical or instead of bitwise or, effectively passing 1, that is VIR_DOMAIN_XML_INACTIVE. This was caught by a warning when building with clang. https://bugzilla.redhat.com/show_bug.cgi?id=1183869 2015-02-27 Ján Tomko Ignore listen attribute of for type network listens Commit 6992994 started filling the listen attribute of the parent elements from type='network' listens. When this XML is passed to UpdateDevice, parsing fails: XML error: graphics listen attribute 10.20.30.40 must match address attribute of first listen element (found none) Ignore the address in the parent attribute when no type='address' listens are found, the same we ignore the address for the subelements when parsing inactive XML. 2015-02-26 Peter Krempa util: storage: Fix error type in virStorageSourceParseBackingURI The gluster volume name extraction code was copied from the XML parser without changing the VIR_ERR_XML_ERROR error code. Use VIR_ERR_CONFIG_UNSUPPORTED instead. 2015-02-26 Peter Krempa util: storagefile: Don't crash on gluster URIs without path Similar to commit fdb80ed4f6563928b9942a0d1450e0c725aa6c06 libvirtd would crash if a gluster URI without path would be used in the backing chain of a volume. The crash happens in the gluster specific part of the parser that extracts the gluster volume name from the path. Fix the crash by checking that the PATH is NULL. This patch does not contain a test case as it's not possible to test it with the current infrastructure as the test suite would attempt to contact the gluster server in the URI. I'm working on the test suite addition but that will be post-release material. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1196528 2015-02-26 Ján Tomko conf: error out on missing dhcp host attributes In virNetworkDHCPHostDefParseXML an error is reported when partialOkay == true, and none of ip, mac, name were supplied. Add the missing goto and error out in this case. 2015-02-26 Luyao Huang conf: error out on invalid host id https://bugzilla.redhat.com/show_bug.cgi?id=1196503 We already check whether the host id is valid or not, add a jump to forbid invalid host id. 2015-02-26 Laine Stump qemu: fix ifindex array reported to systemd Commit f7afeddc added code to report to systemd an array of interface indexes for all tap devices used by a guest. Unfortunately it not only didn't add code to report the ifindexes for macvtap interfaces (interface type='direct') or the tap devices used by type='ethernet', it ended up sending "-1" as the ifindex for each macvtap or hostdev interface. This resulted in a failure to start any domain that had a macvtap or hostdev interface (or actually any type other than "network" or "bridge"). This patch does the following with the nicindexes array: 1) Modify qemuBuildInterfaceCommandLine() to only fill in the nicindexes array if given a non-NULL pointer to an array (and modifies the test jig calls to the function to send NULL). This is because there are tests in the test suite that have type='ethernet' and still have an ifname specified, but that device of course doesn't actually exist on the test system, so attempts to call virNetDevGetIndex() will fail. 2) Even then, only add an entry to the nicindexes array for appropriate types, and to do so for all appropriate types ("network", "bridge", and "direct"), but only if the ifname is known (since that is required to call virNetDevGetIndex(). 2015-02-26 Laine Stump util: check for null ifname inside virNetDevBandwidthSet() Previously this function relied on having ATTRIBUTE_NONNULL(1) in its prototype rather than explicitly checking for a null ifname. Unfortunately, ATTRIBUTE_NONNULL is just a hint to the optimizer and code analyzers like Coverity, it doesn't actually check anything at execution time, so the result was possible warnings from Coverity, along with the possibility of null dereferences when ifname wasn't available. This patch removes the ATTRIBUTE_NONNULL from the prototype, and checks ifname inside the function, logging an error if it's NULL (once we've determined that the user really is trying to set a bandwidth). 2015-02-26 Laine Stump network: only clear bandwidth if it has been set libvirt was unconditionally calling virNetDevBandwidthClear() for every interface (and network bridge) of a type that supported bandwidth, whether it actually had anything set or not. This doesn't hurt anything (unless ifname == NULL!), but is wasteful. This patch makes sure that all calls to virNetDevBandwidthClear() are qualified by checking that the interface really had some bandwidth setup done, and checks for a null ifname inside virNetDevBandwidthClear(), silently returning success if it is null (as well as removing the ATTRIBUTE_NONNULL from that function's prototype, since we can't guarantee that it is never null, e.g. sometimes a type='ethernet' interface has no ifname as it is provided on the fly by qemu). 2015-02-26 Peter Krempa schema: Allow interleaving the /domain/os/type element The element wasn't declared under the interleave thus it was required always to be first. This made it inconvenient when pasting new stuff to the XML manually in the "wrong" place. 2015-02-25 Yuri Chornoivan Fix typos in messages 2015-02-25 Ján Tomko Fix error messages in virStorageFileGetMetadataFromFD Do not use relPath, it has not been filled by virStorageFileMetadataNew. 2015-02-25 Martin Kletzander schema: Add virtio-mmio address type into RNG The "virtio-mmio" is perfectly valid address type which we parse and format correctly, but it's missing in our RNG schemas, hence editing a domain with device having such address fails the validation. 2015-02-25 Ján Tomko Clarify behavior or virDomainDetachDevice Document that a complete device definition should be used and a partial match can lead to the device being detached. https://bugzilla.redhat.com/show_bug.cgi?id=872028 2015-02-25 Ján Tomko Assign default SCSI controller model before checking attribute validity If the qemu binary on x86 does not support lsi SCSI controller, but it supports virtio-scsi, we reject the virtio-specific attributes for no reason. Move the default controller assignment before the check. https://bugzilla.redhat.com/show_bug.cgi?id=1168849 2015-02-25 Martin Kletzander virsh: Add missing parenthesis into man page 2015-02-25 Michal Privoznik qemu: Use correct flags for ABI stability check in SaveImageUpdateDef https://bugzilla.redhat.com/show_bug.cgi?id=1183869 Soo. you've successfully started yourself a domain. And since you want to use it on your host exclusively you are confident enough to passthrough the host CPU model, like this: Then, after a while, you want to save the domain into a file (e.g. virsh save dom dom.save). And here comes the trouble. The file consist of two parts: Libvirt header (containing domain XML among other things), and qemu migration data. Now, the domain XML in the header is formatted using special flags (VIR_DOMAIN_XML_SECURE | VIR_DOMAIN_XML_UPDATE_CPU | VIR_DOMAIN_XML_INACTIVE | VIR_DOMAIN_XML_MIGRATABLE). Then, on your way back from the bar, you think of changing something in the XML in the saved file (we have a command for it after all), say listen address for graphics console. So you successfully type in the command: virsh save-image-edit dom.save Change all the bits, and exit the editor. But instead of success you're left with sad error message: error: unsupported configuration: Target CPU model does not match source Pentium Pro Sigh. Digging into the code you see lines, where we check for ABI stability. The new XML you've produced is compared with the old one from the saved file to see if qemu ABI will break or not. Wait, what? We are using different flags to parse the XML you've provided so we were just lucky it worked in some cases? Yep, that's right. 2015-02-25 Michal Privoznik cpu: Format properly Well, not that we are not formatting invalid XML, rather than not as beautiful as we can: If there are no children, let's use the singleton element. 2015-02-25 Michal Privoznik virCPUDefFormatBufFull: Use our general error handling pattern Well, so far there are no variables to free, no cleanup work needed on an error, so bare 'return -1;' after each error is just okay. But this will change in a while. 2015-02-25 Michal Privoznik util: Introduce virBufferAddBuffer This API joins the following two lines: char *s = virBufferContentAndReset(buf1); virBufferAdd(buf2, s, -1); into one: virBufferAddBuffer(buf2, buf1); With one exception: there's no re-indentation applied to @buf1. The idea is, that in general both can have different indentation (like the test I'm adding proves) 2015-02-24 Pavel Hrdina qemu: fix memory leak while starting a guest In commit cc41c648 I've re-factored qemuMonitorFindBalloonObjectPath, but missed that there is a memory leak. The "nextpath" variable is overwritten while looping in for cycle and we have to free it before next cycle. 2015-02-24 Michal Privoznik network_conf: Forbid commas in DNS TXT https://bugzilla.redhat.com/show_bug.cgi?id=1151942 While the restriction doesn't have origin in any RFC, it matters to us while constructing the dnsmasq config file (or command line previously). For better picture, this is how the corresponding part of network XML look like: And this is how the config file looks like then: server=8.8.4.4 txt-record=example,example value Now we can see why there can't be any commas in the TXT name. They are used by dnsmasq to separate @name and @value. Funny, we have it in the documentation, but the code (which was pushed back in 2011) didn't reflect that. 2015-02-24 Stefan Zimmermann Rework s390 architecture checking Making use of the ARCH_IS_S390 macro introduced with e808357528d8be1ebc3970424b4a7b7c04eda2b6 Reviewed-by: Boris Fiuczynski 2015-02-24 Stefan Zimmermann Prevent default creation of usb controller on s390 and s390x Since s390 does not support usb the default creation of a usb controller for a domain should not occur. Also adjust s390 test cases by removing usb device instances since usb devices are no longer created by default for s390 the s390 test cases need to be adjusted. Reviewed-by: Boris Fiuczynski 2015-02-24 Daniel Hansel man: moved virsh command cpu-models The description of the virsh command 'cpu-models' was written in the wrong context (i.e. beside the domain states). This patch moves the command description just to the cpu related commands like 'cpu-baseline' and 'cpu-compare'. 2015-02-23 Daniel P. Berrange po: Add config file for zanata Add configuration file for use with https://fedora.zanata.org translation system 2015-02-23 Michal Privoznik libvirt-guests: Allow time sync on guests resume Well, imagine domains were running, and as the host went down, they were managesaved. Later, after some time, the host went up again and domains got restored. But without correct time. And depending on how long was the host shut off, it may take some time for ntp to sync the time too. But hey, wait a minute. We have an API just for that! So: 1) Introduce SYNC_TIME variable in libvirt-guests.sysconf to allow users control over the new functionality 2) Call 'virsh domtime --sync $dom' in the libvirt-guests script. Unfortunately, this is all-or-nothing approach (just like anything else with the script). Domains are required to have configured and running qemu-ga inside. 2015-02-22 Cole Robinson qemu: Fix AAVMF/OVMF #define names The AAVMF and OVMF names were swapped. Reorder the one usage where it matters so behavior doesn't change. 2015-02-21 Marek Marczykowski libxl: support backend domain setting for disk and net devices This implement handling of parameter introduced in previous patch. Works on Xen >= 4.3, because only there libxl supports setting backend domain by name. Specifying backend domain by ID or UUID is currently not supported. 2015-02-21 Marek Marczykowski conf: support backend domain name in disk and network devices At least Xen supports backend drivers in another domain (aka "driver domain"). This patch introduces an XML config option for specifying the backend domain name for and devices. E.g. ... ... In the future, same option will be needed for USB devices (hostdev objects), but for now libxl doesn't have support for PVUSB. 2015-02-21 Laine Stump network: allow together with /
    in network status The function that parses the subelement of a network used to fail/log an error if the network definition contained both a element as well as at least one or
    element. That check was present because the configuration of a network should have either one , one or more , or one or more
    , but never combinations of multiple kinds. This caused a problem when libvirtd was restarted with a network already active - when a network with a element is started, the referenced PF (Physical Function of an SRIOV-capable network card) is checked for VFs (Virtual Functions), and the is filled in with a list of all VFs for that PF either in the form of their PCI addresses (a list of
    ) or their netdev names (a list of ); the element is not removed though. When libvirtd is restarted, it parses the network status and finds both the original from the config, as well as the list of either
    or , fails the parse, and the network is not added to the active list. This failure is often obscured because the network is marked as autostart so libvirt immediately restarts it. It seems odd to me that and
    are stored in the same array rather than keeping two separate arrays, and having separate arrays would have made the check much simpler. However, changing to use two separate arrays would have required changes in more places, potentially creating more conflicts and (more importantly) more possible regressions in the event of a backport, so I chose to keep the existing data structure in order to localize the change. It appears that this problem has been in the code ever since support for was added (0.9.10), but until commit 34cc3b2f106e296df5e64309620c79d16fd76c85 (first in libvirt 1.2.4) networks with interface pools were not properly marked as active on restart anyway, so there is no point in backporting this patch any further than that. 2015-02-21 Peter Krempa qemu: caps: Add capability bit for the "pc-dimm" device The pc-dimm device represents a RAM memory module. conf: Hoist validation of memory size into the post parse callback Later patches will need to access the full definition to do check the memory size and thus the checking needs to be done after the whole definition including devices is known. conf: numa: Check ABI stability of NUMA configuration Add helper to compare initial sizes of indivitual NUMA nodes and the map of belonging vCPUs. Other configuration is not ABI. conf: ABI: Hugepage backing definition is not guest ABI The backing of the vm's memory isn't influencing the guest ABI thus shouldn't be checked. 2015-02-21 Peter Krempa conf: Move all NUMA configuration to virDomainNuma For historical reasons data regarding NUMA configuration were split between the CPU definition and numatune. We cannot do anything about the XML still being split, but we certainly can at least store the relevant data in one place. This patch moves the NUMA stuff to the right place. 2015-02-21 Peter Krempa conf: numa: Add setter/getter for NUMA node memory size Add the helpers and refactor places where the value is accessed without them. conf: numa: Add accessor to NUMA node's memory access mode conf: numa: Add accessor for the NUMA node cpu mask Add virDomainNumaGetNodeCpumask() and refactor a few places that would get the cpu mask without the helper. conf: numa: Add helper to get guest NUMA node count and refactor users Add an accessor so that a later refactor is simpler. qemu: command: Unify retrieval of NUMA cell count in qemuBuildNumaArgStr The function uses the cell count in 6 places. Add a temp variable to hold the count as it will greatly simplify the refactor. conf: numa: Don't pass double pointer to virDomainNumatuneParseXML virDomainNumatuneParseXML now doesn't allocate the def->numa object any longer so we don't need to pass a double pointer. 2015-02-21 Peter Krempa numa: conf: Tweak parameters of virDomainNumatuneSet As virDomainNumatuneSet now doesn't allocate the virDomainNuma object any longer it's not necessary to pass the pointer to a pointer to store the object as it will not change any longer. While touching the parameter definitions I've also changed the name of the parameter to "numa". 2015-02-21 Peter Krempa conf: numa: Always allocate the NUMA config Since our formatter now handles well if the config is allocated and not filled we can safely always-allocate the NUMA config and remove the ad-hoc allocation code. This will help in later patches as the parser will be refactored to just fill the data. 2015-02-21 Peter Krempa conf: Allocate domain definition with the new helper Use the virDomainDefNew() helper to allocate the definition instead of doing it via VIR_ALLOC. conf: Separate helper for creating domain objects Move the existing virDomainDefNew to virDomainDefNewFull as it's setting a few things in the conf and re-introduce virDomainDefNew as a function without parameters for common use. conf: numa: Format XML only if necessary Do a content-aware check if formatting of the element is necessary. Later on the def->numa structure will be always present so we cannot decide only on the basis whether it's allocated. conf: numa: Refactor logic in virDomainNumatuneParseXML Shuffling around the logic will allow to simplify the code quite a bit. As an additional bonus the change in the logic now reports an error if automatic placement is selected and individual placement is configured. conf: numa: Reformat virDomainNumatuneParseXML Collapse few of the conditions so that the program flow is more clear. conf: numa: Improve error message in case a numa node doesn't have cpus Currently the code would exit without reporting an error as virBitmapParse reports one only if it fails to parse the bitmap, whereas the code was jumping to the error label even in case 0 cpus were correctly parsed in the map. conf: numa: Recalculate rather than remember total NUMA cpu count It's easier to recalculate the number in the one place it's used as having a separate variable to track it. It will also help with moving the NUMA code to the separate module. 2015-02-21 Peter Krempa conf: Move enum virMemAccess to the NUMA code and rename it Name it virNumaMemAccess and add it to conf/numa_conf.[ch] Note that to avoid a circular dependency the type of the NUMA cell memAccess variable was changed to int. It will be turned back later after the circular dependency will not exist. 2015-02-21 Peter Krempa conf: numa: Rename virDomainNumatune to virDomainNuma The structure will gradually become the only place for NUMA related config, thus rename it appropriately. conf: Move NUMA cell formatter to numa_conf Move the code that formats the /domain/cpu/numa element to numa_conf as it belongs there. 2015-02-21 Peter Krempa conf: numa: Don't duplicate NUMA cell cpumask The mask was stored both as a bitmap and as a string. The string is used for XML output only. Remove the string, as it can be reconstructed from the bitmap. The test change is necessary as the bitmap formatter doesn't "optimize" using the '^' operator. 2015-02-21 Peter Krempa conf: Refactor virDomainNumaDefCPUParseXML Rewrite the function to save a few local variables and reorder the code to make more sense. Additionally the ncells_max member of the virCPUDef structure is used only for tracking allocation when parsing the numa definition, which can be avoided by switching to VIR_ALLOC_N as the array is not resized after initial allocation. 2015-02-21 Peter Krempa conf: Move NUMA cell parsing code from cpu conf to numa conf For weird historical reasons NUMA cells are added as a subelement of while the actual configuration is done in . This patch splits out the cell parser code from cpu config to NUMA config. Note that the changes to the code are minimal just to make it work and the function will be refactored in the next patch. 2015-02-21 Peter Krempa conf: Move numatune_conf to numa_conf For a while now there are two places that gather information about NUMA related guest configuration. While the XML can't be changed we can at least store the data in one place in the definition. Rename the numatune_conf.[ch] files to numa_conf as later patches will move the rest of the definitions from the cpu definition to this one. 2015-02-20 Pavel Hrdina virsh: fix vcpupin info The "virDomainGetInfo" will get for running domain only live info and for offline domain only config info. There was no way how to get config info for running domain. We will use "vshCPUCountCollect" instead to get the correct cpu count that we need to pass to "virDomainGetVcpuPinInfo". Also cleanup some unnecessary variables and checks that are done by drivers. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1160559 2015-02-20 Michal Privoznik virQEMUCapsCacheLookupCopy: Filter qemuCaps based on machineType Not all machine types support all devices, device properties, backends, etc. So until we create a matrix of [machineType, qemuCaps], lets just filter out some capabilities before we return them to the consumer (which is going to make decisions based on them straight away). Currently, as qemu is unable to tell which capabilities are (not) enabled for given machine types, it's us who has to hardcode the matrix. One day maybe the hardcoding will go away and we can create the matrix dynamically on the fly based on a few monitor calls. virQEMUCapsCacheLookupCopy: Pass machine type It will come handy in the near future when we will filter some capabilities based on it. 2015-02-20 Martin Kletzander virsh-edit: Make force editing usable When editing a domain with 'virsh edit' and failing validation, the usual message pops up: Failed. Try again? [y,n,f,?]: Turning off validation can be useful, mainly for testing (but other purposes too), so this patch adds support for relaxing definition in virsh-edit and makes 'virsh edit ' more usable. 2015-02-19 Mikhail Feoktistov parallels: Set the first HDD from XML as bootable 1. Delete all boot devices for VM instance 2. Find the first HDD from XML and set it as bootable Now we support only one boot device and it should be HDD. 2015-02-19 Mikhail Feoktistov parallels: Use IS_CT() macro instead of STREQ("exe") parallels: code aligment 2015-02-19 Jiri Denemark Search for schemas and cpu_map.xml in source tree Not all files we want to find using virFileFindResource{,Full} are generated when libvirt is built, some of them (such as RNG schemas) are distributed with sources. The current API was not able to find source files if libvirt was built in VPATH. Both RNG schemas and cpu_map.xml are distributed in source tarball. 2015-02-19 Michal Privoznik qemuMigrationDriveMirror: Listen to events https://bugzilla.redhat.com/show_bug.cgi?id=1179678 When migrating with storage, libvirt iterates over domain disks and instruct qemu to migrate the ones we are interested in (shared, RO and source-less disks are skipped). The disks are migrated in series. No new disk is transferred until the previous one hasn't been quiesced. This is checked on the qemu monitor via 'query-jobs' command. If the disk has been quiesced, it practically went from copying its content to mirroring state, where all disk writes are mirrored to the other side of migration too. Having said that, there's one inherent error in the design. The monitor command we use reports only active jobs. So if the job fails for whatever reason, we will not see it anymore in the command output. And this can happen fairly simply: just try to migrate a domain with storage. If the storage migration fails (e.g. due to ENOSPC on the destination) we resume the host on the destination and let it run on partly copied disk. The proper fix is what even the comment in the code says: listen for qemu events instead of polling. If storage migration changes state an event is emitted and we can act accordingly: either consider disk copied and continue the process, or consider disk mangled and abort the migration. 2015-02-19 Michal Privoznik qemuProcessHandleBlockJob: Take status into account Upon BLOCK_JOB_COMPLETED event delivery, we check if the job has completed (in qemuMonitorJSONHandleBlockJobImpl()). For better image, the event looks something like this: "timestamp": {"seconds": 1423582694, "microseconds": 372666}, "event": "BLOCK_JOB_COMPLETED", "data": {"device": "drive-virtio-disk0", "len": 8412790784, "offset": 409993216, "speed": 8796093022207, "type": "mirror", "error": "No space left on device"}} If "len" does not equal "offset" it's considered an error, and we can clearly see "error" field filled in. However, later in the event processing this case was handled no differently to case of job being aborted via separate API. It's time that we start differentiate these two because of the future work. 2015-02-19 Michal Privoznik qemuProcessHandleBlockJob: Set disk->mirrorState more often Currently, upon BLOCK_JOB_* event, disk->mirrorState is not updated each time. The callback code handling the events checks if a blockjob was started via our public APIs prior to setting the mirrorState. However, some block jobs may be started internally (e.g. during storage migration), in which case we don't bother with setting disk->mirror (there's nothing we can set it to anyway), or other fields. But it will come handy if we update the mirrorState in these cases too. The event wasn't delivered just for fun - we've started the job after all. So, in this commit, the mirrorState is set to whatever job status we've obtained. Of course, there are some actions on some statuses that we want to perform. But instead of if {} else if {} else {} ... enumeration, let's move to switch(). 2015-02-19 Peter Krempa qemu: Exit job on error path of qemuDomainSetVcpusFlags() Commit e105dc981438bc33fa771bd67cece6234dbf6c8d moved some code but didn't adjust the jump labels so that the job would be terminated. 2015-02-19 Pavel Hrdina daemon: Fix segfault by reloading daemon right after start Libvirt could crash with segfault if user issue "service reload" right after "service start". One possible way to crash libvirt is to run reload during initialization of QEMU driver. It could happen when qemu driver will initialize qemu_driver_lock but don't have a time to set it's "config" and the SIGHUP arrives. The reload handler tries to get qemu_drv->config during "virStorageAutostart" and dereference it which ends with segfault. Let's ignore all reload requests until all drivers are initialized. In addition set driversInitialized before we enter virStateCleanup to ignore reload request while we are shutting down. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1179981 2015-02-18 Ján Tomko docs: clarify nat range behavior All the addresses from the range are used, not just those that are in use on the host. https://bugzilla.redhat.com/show_bug.cgi?id=1079917 2015-02-17 Daniel P. Berrange docs: add page about virtlockd setup Introduce some basic docs describing the virtlockd setup. docs: split out sanlock setup docs In preparation for adding docs about virtlockd, split out the sanlock setup docs into a separate page. 2015-02-17 Pavel Hrdina qemu_cgroup: initialize mem_mask to NULL If 'virNumaGetHostNodeset()' fails then the error path will try to free uninitialized pointer mem_mask. Introduced by commit af2a1f058. 2015-02-17 Prerna Saxena PowerPC : Forbid NULL CPU model with 'host-model' mode. PowerPC : Forbid NULL CPU model with 'host-model' mode in qemu command line. This ensures that an XML such as following: ... ... will not generate a '-cpu host,compat=(null)' command line with qemu-system-ppc64. 2015-02-17 Prerna Saxena PowerPC : Make 'qemu-system-ppc64' the default emulator on ppc64[le]. PowerPC : Explicitly associate 'qemu-system-ppc64' as the default emulator for all 64-bit PowerPC guests ( both Big & Little Endian ) 2015-02-17 Luyao Huang qemu: fix vm deadlock when try to use numatune in session mode https://bugzilla.redhat.com/show_bug.cgi?id=1126762 Commit 43b67f introduced a deadlock issue when we use numatune to change numa settings to a vm in session mode. Jump to endjob instead of jump to cleanup. 2015-02-17 Michal Privoznik qemuBuildMemoryBackendStr: Report backend requirement more appropriately So, when building the '-numa' command line, the qemuBuildMemoryBackendStr() function does quite a lot of checks to chose the best backend, or to check if one is in fact needed. However, it returned that backend is needed even for this little fella: This can be guaranteed via CGroups entirely, there's no need to use memory-backend-ram to let qemu know where to get memory from. Well, as long as there's no element, which explicitly requires the backend. Long story short, we wouldn't have to care, as qemu works either way. However, the problem is migration (as always). Previously, libvirt would have started qemu with: -numa node,memory=X in this case and restricted memory placement in CGroups. Today, libvirt creates more complicated command line: -object memory-backend-ram,id=ram-node0,size=X -numa node,memdev=ram-node0 Again, one wouldn't find anything wrong with these two approaches. Both work just fine. Unless you try to migrated from the older libvirt into the newer one. These two approaches are, unfortunately, not compatible. My suggestion is, in order to allow users to migrate, lets use the older approach for as long as the newer one is not needed. 2015-02-17 Michal Privoznik qemuxml2argvtest: Fake response from numad Well, we can pretend that we've asked numad for its suggestion and let qemu command line be built with that respect. Again, this alone has no big value, but see later commits which build on the top of this. numatune_conf: Expose virDomainNumatuneNodeSpecified This function is going to be needed in the near future. 2015-02-16 Luyao Huang virsh: fix IP address in vncdisplay for listen type='network' Just like the fix for domdisplay in commit 1ba815. 2015-02-14 John Ferlan libxl: Resolve Coverity CHECKED_RETURN Periodically my Coverity scan will return a checked_return failure for libxlDomainShutdownThread call to libxlDomainStart. Followed the libxlAutostartDomain example in order to check the status, emit a message, and continue on. security: Resolve Coverity RESOURCE_LEAK Introduced by commit id 'c3d9d3bb' - return from virSecurityManagerCheckModel wasn't VIR_FREE()'ing the virSecurityManagerGetNested allocated memory. 2015-02-14 Luyao Huang lxc: Fix container cleanup for LXCProcessStart Jumping to the cleanup label prior to starting the container failed to properly clean everything up that is handled by the virLXCProcessCleanup which is called if virLXCProcessStop is called on failure after the container properly starts. Most importantly is prior to this patch none of the stop/release hooks, host device reattachment, and network cleanup (that is reverse of virLXCProcessSetupInterfaces). 2015-02-14 John Ferlan lxc: Modify/add some debug messages Modify the VIR_DEBUG message in virLXCProcessCleanup to make it clearer about the path. Also add some more VIR_DEBUG messages in virLXCProcessStart in order to help debug error flow. 2015-02-14 Luyao Huang lxc: Move console checks in LXCProcessStart https://bugzilla.redhat.com/show_bug.cgi?id=1176503 Move the two console checks - one for zero nconsoles present and the other for an invalid console type to earlier in the processing rather than getting after performing some setup that has to be undone for what amounts to an invalid configuration. This resolves the above bug since it's not not possible to have changed the security labels when we cause the configuration check failure. 2015-02-13 Erik Skultety security: Refactor virSecurityManagerGenLabel if (mgr == NULL || mgr->drv == NULL) return ret; This check isn't really necessary, security manager cannot be a NULL pointer as it is either selinux (by default) or 'none', if no other driver is set in the config. Even with no config file driver name yields 'none'. The other hunk checks for domain's security model validity, but we should also check devices' security model as well, therefore this hunk is moved into a separate function which is called by virSecurityManagerCheckAllLabel that checks both the domain's security model and devices' security model. https://bugzilla.redhat.com/show_bug.cgi?id=1165485 2015-02-13 Erik Skultety security: introduce virSecurityManagerCheckAllLabel function We do have a check for valid per-domain security model, however we still do permit an invalid security model for a domain's device (those which are specified with element). This patch introduces a new function virSecurityManagerCheckAllLabel which compares user specified security model against currently registered security drivers. That being said, it also permits 'none' being specified as a device security model. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165485 2015-02-13 Ján Tomko Wire up mrg_rxbuf option for qemu ... will result in: -device virtio-net-pci,mrg_rxbuf=off,... https://bugzilla.redhat.com/show_bug.cgi?id=1186886 2015-02-13 Ján Tomko Add mrg_rxbuf option to virtio interfaces Add an XML attribute to allow disabling merge of rx buffers on the host: ... https://bugzilla.redhat.com/show_bug.cgi?id=1186886 2015-02-13 Michal Privoznik virsh attach-interface: Allow macvtap hotplug Our hotplug code supports macvtap insertion to guests. However, we somehow forgot about 'attach-interface' (which tries to build XML from passed arguments and use virDomainAttachDeviceFlags()). New type is accessible under 'direct' type, to keep the same type as used in domain XML. virsh attach-interface: Use virDomainNetType{From,To}String() Instead of verbose string to enum conversion (if STREQ() else if STREQ() else if STREQ() ...) lets use virDomainNetType{From,To}String. virsh attach-interface: Use enum instead of arbitrary integers The type of interface to attach is held in the variable 'typ'. Depending on interface type selected by user, the variable is set either to 1 (network), or 2 (bridge). Lets use already existing enum from domain_conf.h instead: virDomainNetType. libvirt_private.syms: Expose virDomainNetTypeFromString The enum converters are defined in the domain_conf.h (so accessible widely across the code), but on the symbol layer, only virDomainNetTypeToString was exposed. However, FromString variant is going to be needed shortly. 2015-02-13 Pavel Hrdina virprocess: fix MinGW build and RHEL-5 build Commit b6a2828e introduced new functions to set process scheduler. There is a small typo in ELSE path for systems where scheduler is not available. Also some of the definitions were introduced later in kernel. For example RHEL-5 is running on kernel 2.6.18, but SCHED_IDLE was introduces in 2.6.23 [1] and SCHED_BATCH in 2.6.16 [1]. We should not count only on existence of function sched_setscheduler(), we must also check for existence of used macros as they might not be defined. [1] see 'man 7 sched' 2015-02-13 Zhang Bo Fix a syntax error in the description text of libvirtd.conf not yet not -> not yet. 2015-02-12 Martin Kletzander docs: Fix version reference in vcpu/iothread scheduling 2015-02-12 Daniel P. Berrange Allow shrinking of file based volumes While the main storage driver code allows the flag VIR_STORAGE_VOL_RESIZE_SHRINK to be set, none of the backend drivers are supporting it. At the very least this can work for plain file based volumes since we just ftruncate() them to the new size. It does not work with qcow2 volumes, but we can arguably delegate to qemu-img for error reporting for that instead of second guessing this for ourselves: $ virsh vol-resize --shrink /home/berrange/VirtualMachines/demo.qcow2 2G error: Failed to change size of volume 'demo.qcow2' to 2G error: internal error: Child process (/usr/bin/qemu-img resize /home/berrange/VirtualMachines/demo.qcow2 2147483648) unexpected exit status 1: qemu-img: qcow2 doesn't support shrinking images yet qemu-img: This image does not support resize See also https://bugzilla.redhat.com/show_bug.cgi?id=1021802 2015-02-12 Daniel P. Berrange qemu: do upfront check for vcpupids being null when querying pinning The qemuDomainHelperGetVcpus attempted to report an error when the vcpupids info was NULL. Unfortunately earlier code would clamp the value of 'maxinfo' to 0 when nvcpupids was 0, so the error reporting would end up being skipped. This lead to 'virsh vcpuinfo ' just returning an empty list instead of giving the user a clear error. 2015-02-12 Daniel P. Berrange qemu: fix setting of VM CPU affinity with TCG If a previous commit I fixed the incorrect handling of vcpu pids for TCG mode QEMU: commit b07f3d821dfb11a118ee75ea275fd6ab737d9500 Author: Daniel P. Berrange Date: Thu Dec 18 16:34:39 2014 +0000 Don't setup fake CPU pids for old QEMU The code assumes that def->vcpus == nvcpupids, so when we setup fake CPU pids for old QEMU with nvcpupids == 1, we cause the later code to read off the end of the array. This has fun results like sche_setaffinity(0, ...) which changes libvirtd's own CPU affinity, or even better sched_setaffinity($RANDOM, ...) which changes the affinity of a random OS process. The intent was that this would merely disable the ability to set per-vCPU affinity. It should still have been possible to set VM level host CPU affinity. Unfortunately, when you set 4, the XML parser will internally take this & initialize an entry in the def->cputune.vcpupin array for every VCPU. IOW this is implicitly being treated as Even more fun, the faked cputune elements are hidden from view when querying the live XML, because their cpuset mask is the same as the VM default cpumask. The upshot was that it was impossible to set VM level CPU affinity. To fix this we must update qemuProcessSetVcpuAffinities so that it only reports a fatal error if the per-VCPU cpu mask is different from the VM level cpu mask. 2015-02-12 Marek Marczykowski-Górecki libxl: disable VNC and SDL until explicitly enabled When initializing a libxl_domain_build_info struct with libxl_domain_build_info_init(), VNC is enabled by default. As a result, VMs configured with no graphics still have VNC enabled. This behavior is a regression wrt to the legacy Xen driver. libxl: pass ipaddr to libxl toolstack Do not silently ignore its value. LibXL support only one address, so refuse multiple IPs. 2015-02-12 Martin Kletzander qemu: Add support for setting vCPU and I/O thread scheduler setting Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178986 2015-02-12 Martin Kletzander docs, schema, conf: Add support for setting scheduler parameters of guest threads In order for QEMU vCPU (and other) threads to run with RT scheduler, libvirt needs to take care of that so QEMU doesn't have to run privileged. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178986 2015-02-12 Martin Kletzander util: Add virProcessSetScheduler() function for scheduler settings This function uses sched_setscheduler() function so it works with processes and threads as well (even threads not created by us, which is what we'll need in the future). 2015-02-12 Laine Stump domain: include portgroup in interface status xml Prior to commit 7d5bf484747 (first appearing in libvirt 1.2.2), the status XML of a domain's interface was missing a lot of important information; mainly it just output the config of the interface, plus the name of the tap device and qemu device alias. Commit 7d5bf484747 changed the status XML to include many important bits of information that were required to make network "hook" scripts useful - bandwidth information, vlan tag, the name of the bridge (or physical device in the case of macvtap) that the tap/macvtap device was attached to - the commit log for 7d5bf484747 has a very detailed explanation of the change. For quick reference - in the example given there, prior to the change, status XML looked like figure [C]:
    and after the change, it looked like figure [E]:
    You'll notice that bandwidth info, physdev, and macvtap mode have been added, but the network and portgroup names are now missing - I didn't think that this information was of any use once the needed bandwidth/vlan/etc config had been pulled from the network/portgroup. I was wrong. A few months after that change a user on IRC asked what happened to portgroup in the status XML and described how he used it (more or less as a tag to decide what external information to use in a hook script that was run at startup/migration time - see http://wiki.libvirt.org/page/OVS_and_PVLANS ). At that time I planned to make a patch to re-add portgroup, but life intervened as that was just prior to a transatlantic move involving several weeks of "vacation". During this time I somehow forgot to make the patch, and also mistakenly remembered that I *had* made it. Subsequent to this, as a part of mprivozn's work to add support for network-specific hooks, I did re-add the output of the network name in status XML, but once again completely forgot about portgroup. This was in commit a3609121 (first appearing in libvirt 1.2.11). This made the status XML from the above example look like this:
    *This* patch just adds the portgroup back to the status XML, so the same example interface will look like this:
    The result is that the status XML now contains all information about how the interface is setup (bandwidth, physical device, tap device, etc), in addition to pointers to its origin (the network and portgroup). 2015-02-12 Laine Stump domain: avoid potential memory leak in virDomainGraphicsListenSet*() virDomainGraphicsListenSetAddress() and virDomainGraphicsListenSetNetwork() both set their respective char* to NULL directly when asked to set it to NULL, which is okay as long as it's already set to NULL. If these functions are ever called to clear a listen object that has a valid string in address or network, it will end up leaking the old value. Currently that doesn't happen, so this is just a preemptive strike. 2015-02-12 Laine Stump domain: backfill listen address to parent listen attribute Prior to 0.9.4, libvirt only supported a single listen, and it had to be an IP address: Starting with 0.9.4, a graphics element could have a subelement (actually the grammar supports multiples, but all of the drivers only support a single per ), and that listen element can be of type='address' or type='network'. For type='address', also has an attribute called 'address' which contains the IP address for listening: type can also be "network", and in that case listen will have a "network" attribute which will contain the name of a libvirt network: At domain start (or migrate) time, libvirt will attempt to find an IP address associated with that network (e.g. the IP address of the bridge device used by the network, or the physical device listed in ) and fill in that address in the status XML: In the case that a element has a subelement of type='address', that listen subelement's "address" attribute is backfilled into the parent graphics element's "listen" *attribute* for backward compatibility (so that a management application unaware of the separate element can still learn the listen address). This backfill should be done with the IP learned from type='network' as well, and that's what this patch does: This is a continuation of the fix for: https://bugzilla.redhat.com/show_bug.cgi?id=1191016 2015-02-11 Luyao Huang virsh: fix IP address in domdisplay for listen type='network' https://bugzilla.redhat.com/show_bug.cgi?id=1191016 virsh's domdisplay command looks in /domain/devices/graphics/@listen of the domain's XML for the listen address, however for listen type='network' (added in libvirt 0.9.4), the element doesn't have a listen attribute, but has a subelement, *still* with no address (this is the inactive XML): However, at domain start time the subelement gets its address attribute filled in once libvirt figures out the IP address associated with the named network (this is the status XML): So in these cases, we need to look at /domain/devices/graphics/listen/@address instead. Even though another patch is being pushed that will backfill listen/@address into @listen, this patch is still useful, as it fixes domdisplay for cases of a new virsh (with this patch) connecting to a libvirtd that is newer than 0.9.4 but doesn't have the followup patch. 2015-02-11 Pavel Hrdina bhyvexml2argvmock: change int to size_t for tapfdSize Commit c5b6a4a5 forget to update also this mock function. 2015-02-11 John Ferlan qemu: qemuOpenFileAs - set flag VIR_FILE_OPEN_FORCE_MODE In the event we're falling into the code that tries to create the file in a forked environment (VIR_FILE_OPEN_FORK) we pass different mode bits, but those are never set because the virFileOpenForceOwnerMode has a check if the OPEN_FORCE_MODE bit is set before attempting to change the mode. Since this is a special case it seems reasonable to set u+rw,g+rw,o 2015-02-11 John Ferlan virfile: Adjust error path for virFileOpenForked Rather than have a dummy waitpid loop and return of the failure status from recvfd, adjust the logic to save the recvfd error & fd and then in priority order: - if waitpid failed, use that errno value - waitpid succeeded, but if the child exited abnormally, report failure (use EACCES to report as return failure, since either EACCES or EPERM is what caused us to fall into the fork+setuid path) - waitpid succeeded, but if the child reported non-zero status, report failure (use the errno value that the child encoded into exit status) - waitpid succeeded, but if recvfd failed, report recvfd_errno - waitpid and recvfd succeeded, use the fd NOTE: Original logic to retry the open and force owner mode was "documented" as only being attempted if we had already tried opening with the fork+setuid, but checked flags vs. VIR_FILE_OPEN_NOFORK which is counter to how we would get to that point. So that code was removed. 2015-02-11 Luyao Huang qemu: fix crash when migrateuri has no scheme https://bugzilla.redhat.com/show_bug.cgi?id=1191355 When we attempt to migrate a vm with a migrateuri that has no scheme: # virsh migrate test4 --live qemu+ssh://lhuang/system --migrateuri 127.0.0.1 target libvirtd will crash because uri->scheme is NULL in qemuMigrationPrepareDirect on this line: if (STRNEQ(uri->scheme, "tcp") && Add a value check before this line. Also fix a bug like this in doNativeMigrate, that could only happen when destination libvirtd returned an incorrect URI. 2015-02-11 Zhang Bo conf: Fix libvirtd crash and memory leak caused by virDomainVcpuPinDel() The function virDomainVcpuPinDel() used vcpupin_list to stand for def->cputune.vcpupin, which made the codes more readable. However, in this function, it will realloc vcpupin_list later. As the definition of realloc(), it may free vcpupin_list and then points it to a new-realloced address, but def->cputune.vcpupin doesn't point to the new address(it's freed however). Thus, 1) When we refer to the def->cputune.vcpupin afterwards, which was freed by realloc(), an INVALID READ occurs, and libvirtd may crash. 2) As no one will use vcpupin_list any more, and no one frees it(it's just alloced by realloc()), memory leak occurs. Part of the valgrind logs are shown as below: ==1837== Thread 15: ==1837== Invalid read of size 8 ==1837== at 0x5367337: virDomainDefFormatInternal (domain_conf.c:18392) which is : virBufferAsprintf(buf, "cputune.vcpupin[i]->vcpuid); ==1837== by 0x536966C: virDomainObjFormat (domain_conf.c:18970) ==1837== by 0x5369743: virDomainSaveStatus (domain_conf.c:19166) ==1837== by 0x117B26DC: qemuDomainPinVcpuFlags (qemu_driver.c:4586) ==1837== by 0x53EA313: virDomainPinVcpuFlags (libvirt.c:9803) ==1837== by 0x14CB7D: remoteDispatchDomainPinVcpuFlags (remote_dispatch.h:6762) ==1837== by 0x14CC81: remoteDispatchDomainPinVcpuFlagsHelper (remote_dispatch.h:6740) ==1837== by 0x5464C30: virNetServerProgramDispatchCall (virnetserverprogram.c:437) ==1837== by 0x546507A: virNetServerProgramDispatch (virnetserverprogram.c:307) ==1837== by 0x171B83: virNetServerProcessMsg (virnetserver.c:172) ==1837== by 0x171E6E: virNetServerHandleJob (virnetserver.c:193) ==1837== by 0x5318E78: virThreadPoolWorker (virthreadpool.c:145) ==1837== Address 0x12ea2870 is 0 bytes inside a block of size 16 free'd ==1837== at 0x4C291AC: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==1837== by 0x52A3D14: virReallocN (viralloc.c:245) ==1837== by 0x52A3DFB: virShrinkN (viralloc.c:372) ==1837== by 0x52A3F57: virDeleteElementsN (viralloc.c:503) ==1837== by 0x533939E: virDomainVcpuPinDel (domain_conf.c:15405) //doReset为true时才会进到。 ==1837== by 0x117B2642: qemuDomainPinVcpuFlags (qemu_driver.c:4573) ==1837== by 0x53EA313: virDomainPinVcpuFlags (libvirt.c:9803) ==1837== by 0x14CB7D: remoteDispatchDomainPinVcpuFlags (remote_dispatch.h:6762) ==1837== by 0x14CC81: remoteDispatchDomainPinVcpuFlagsHelper (remote_dispatch.h:6740) ==1837== by 0x5464C30: virNetServerProgramDispatchCall (virnetserverprogram.c:437) ==1837== by 0x546507A: virNetServerProgramDispatch (virnetserverprogram.c:307) ==1837== by 0x171B83: virNetServerProcessMsg (virnetserver.c:172) Steps to reproduce the problem: 1) use virDomainPinVcpuFlags() to pin a guest's vcpu to all the pcpus of the host. This patch uses def->cputune.vcpupin instead of vcpupin_list to do the realloc() job, to avoid invalid read or memory leaking. 2015-02-11 Erik Skultety conf: forbid seclabel duplicates for domain devices Parser checks for per-domain seclabel duplicates, so it would be nice if it checked for per-device seclabel duplicates the same way Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165485 2015-02-11 Erik Skultety schema: allow multiple seclabel for devices in domaincommon.rng In our RNG schema we do allow multiple (different) seclabels per-domain, but don't allow this for devices, yet we neither have a check in our XML parser, nor in a post-parse callback. In that case we should allow multiple (different) seclabels for devices as well. 2015-02-10 Ján Tomko Fix qemu job handling in SetSchedulerParameters Commit c5ee5cf added a job to SetSchedulerParameters, but forgot to change one label in the SCHED_RANGE_CHECK macro. 2015-02-10 Luyao Huang qemu: Implement random number generator hotunplug qemu: Implement random number generator hotplug Export the required helpers and add backend code to hotplug RNG devices. 2015-02-10 Peter Krempa qemu: Implement random number generator cold (un)plug Add support for using the attach/detach device APIs on the inactive configuration to add RNG devices. 2015-02-10 Luyao Huang conf: Add helpers to insert/remove/find RNG devices in domain def The helpers will be useful when implementing hotplug and coldplug of random number generator devices. audit: export virDomainAuditRNG 2015-02-10 Peter Krempa qemu: command: Refactor creation of RNG device commandline As the RNG device is using an -object as backend refactor the code to use the JSON to commandline generator so that we can reuse the code later in hotplug. qemu: command: Break some very long lines in qemuBuildRNGDevStr() qemu: command: Shuffle around formatting of alias for RNG device backend Move the alias name right after the object type for rng-egd backend so that we can later use the JSON to commandline generator to create the command line. 2015-02-10 Luyao Huang qemu: command: Make RNG backend device IDs unique Libvirt didn't prefix the random number generator backend object alias with any string thus the device alias and object alias were identical. To avoid possible problems, rename the alias for the backend object and tweak tests to comply with the change. 2015-02-10 Luyao Huang qemu: refactor qemuBuildRNGDeviceArgs to allow reuse in RNG hotplug Rename qemuBuildRNGDeviceArgs to qemuBuildRNGDevStr and change the return type so that it can be reused in the device hotplug code later. qemu: Add helper to assign RNG device aliases This function is used to assign an alias for a RNG device. It will be later reused when hotplugging RNGs. 2015-02-10 Peter Krempa conf: Introduce helper to find duplicate device address When adding devices to the definition it's useful to check whether the devices don't reside on a conflicting address. This patch adds a helper that iterates all device info and compares the addresses with the given info. 2015-02-10 Martin Kletzander conf: disallow invalid values for video attributes Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1190956 2015-02-09 Stefan Zimmermann S390: Documentation for ccw address type Change the wording in the device-address-part of the docmunentation since the ccw bus address support added to the optional address parameter of virsh attach-disk for S390. Reviewed-by: Boris Fiuczynski Reviewed-by: Cornelia Huck 2015-02-09 Stefan Zimmermann S390: ccw support for virsh attach-disk address parameter Adding ccw bus address support to the optional address parameter of virsh attach-disk. The format used is ccw:cssid. ssid.devno, e.g. ccw:0xfe.0x0.0x0201 Virtio-ccw devices must have their cssid set to 0xfe. Reviewed-by: Boris Fiuczynski Reviewed-by: Cornelia Huck 2015-02-09 Erik Skultety conf: fix a minor typo 2015-02-09 Cédric Bosdonnat Clear dynamic seclabels on LXCProcessStart failure commit a58e1cb4 didn't fix the bug if the security_default_confined is not set to 1. We now clean up even if there is no seclabel defined or the default one. 2015-02-07 Stefan Zimmermann maint: improve usage of autogen's --no-git If you build libvirt with the --no-git option, then gnulib requires either $GNULIB_SRCDIR in the environment or --gnulib-srcdir on the command line. But we had not been supporting its use from the command line. This patch is a bit picky: --gnulib-srcdir must be passed immediately after --no-git; but since we don't reorder arguments, and since we already required --no-git to be first to have any effect, it's not too horrible. It also does the wrong thing if you include spaces in your arguments, but developers doing that deserve what they get, right? 2015-02-06 Laine Stump network: don't allow multiple portgroups with the same name in a network When defining and creating networks, we have been checking to make sure there is only a single "default" portgroup, but haven't verified that no two portgroups have the same name. We *do* check for multiple definitions when updating the portgroups in an existing network though. This patch adds a check to networkValidate(), which is called when a network is defined or created, to disallow duplicate names. It would actually make sense to do this in the network XML parser (since it's not really "something that might make sense but isn't supported by this driver", but is instead "something that should never be allowed"), but doing that carries the danger of causing errors when rereading the config of existing networks when libvirtd is restarted after an upgrade, and that would result in networks disappearing from libvirt's list. (I'm thinking I should change the error to "XML_ERROR" instead of "UNSUPPORTED", even though that's not the type of error that networkValidate is intended for) This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1115858 2015-02-06 Ján Tomko Error out when custom tap device path makes no sense It is only usable for NETWORK and BRIDGE type interfaces. Error out when trying to start a domain where the custom tap device path is specified for interfaces of other types, or when the daemon is not privileged. Note that this cannot be checked at definition time, because the comparison is against actual type. https://bugzilla.redhat.com/show_bug.cgi?id=1147195 2015-02-06 Ján Tomko Only parse custom vhost path for virtio interfaces It is only supported for virtio adapters. Silently drop it if it was specified for other models, as is done for other virtio attributes. Also mention this in the documentation. https://bugzilla.redhat.com/show_bug.cgi?id=1147195 2015-02-06 Ján Tomko Trivially support DomainHasManagedSaveImage Return 0 instead of ERR_NO_SUPPORT in each driver where we don't support managed save or -1 if the domain does not exist. This avoids spamming daemon logs when 'virsh dominfo' is run. https://bugzilla.redhat.com/show_bug.cgi?id=1095637 2015-02-06 Daniel P. Berrange qemu: include libvirt & QEMU versions in QEMU log files It is often helpful to know which version of libvirt and QEMU was present when a guest was first launched. Ensure this info is written into the QEMU log file for each guest. 2015-02-06 Marek Marczykowski-Górecki libxl: update dom->id in libxlDomainCreateWithFlags Otherwise domainCreateWithFlags via remote returns -1 as domid. 2015-02-05 John Ferlan nodedev: check/add for scsi_host caps for NumOfCaps and ListCaps Commit id '652a2ec6' introduced two new node device capability flags and the ability to use those flags as a way to search for a specific subset of a 'scsi_host' device - namely a 'fc_host' and/or 'vports'. The code modified the virNodeDeviceCapMatch whichs allows for searching using the 'virsh nodedev-list [cap]' via virConnectListAllNodeDevices. However, the original patches did not account for other searches for the same capability key from virNodeDeviceNumOfCaps and virNodeDeviceListCaps using nodeDeviceNumOfCaps and nodeDeviceListCaps. Since 'fc_host' and 'vports' are self defined bits of a 'scsi_host' device mere string comparison against the basic/root type is not sufficient. This patch adds the check for the 'fc_host' and 'vports' bits within a 'scsi_host' device and allows the following python code to find the capabilities for the device: import libvirt conn = libvirt.openReadOnly('qemu:///system') devs = conn.listAllDevices() for dev in devs: if 'fc_host' in dev.listCaps() or 'vports' in dev.listCaps(): print dev.name(),dev.numOfCaps(),dev.listCaps() 2015-02-05 Shivaprasad G Bhat nodedev: check/add for scsi_host caps for ListDevices Commit id '652a2ec6' introduced two new node device capability flags and the ability to use those flags as a way to search for a specific subset of a 'scsi_host' device - namely a 'fc_host' and/or 'vports'. The code modified the virNodeDeviceCapMatch whichs allows for searching using the 'virsh nodedev-list [cap]' via virConnectListAllNodeDevices. However, the original patches did not account for other searches for the same capability key from virNodeListDevices using virNodeDeviceHasCap. Since 'fc_host' and 'vports' are self defined bits of a 'scsi_host' device mere string comparison against the basic/root type is not sufficient. This patch adds the check for the 'fc_host' and 'vports' bits within a 'scsi_host' device and allows the following python code to find the capabilities for the device: import libvirt conn = libvirt.openReadOnly('qemu:///system') fc = conn.listDevices('fc_host', 0) print(fc) fc = conn.listDevices('vports', 0) print(fc) 2015-02-05 Luyao Huang qemu: Properly report error on uuid mismatch in the migration cookie Add the missing jump to the error label when the uuid in the migration cookie XML does not match the uuid of the migrated domain. 2015-02-04 Luyao Huang lxc: fix double close handshakefds[1] 2015-02-04 Olivia Yin cpu: add Freescale ppc64 CPU models With this patch, Freescale ppc64 CPU modesl could be recognized. virsh # cpu-models ppc64 POWERPC_e6500 POWERPC_e5500 power8 power8e power7+ power7 power6 POWER8_v1.0 POWER7+_v2.1 POWER7_v2.3 POWER7_v2.1 POWER7 virsh # capabilities 5a54efa6-20dc-4da7-b271-0b7fb7062cb8 ppc64 POWERPC_e6500 Freescale 2015-02-04 Peter Krempa util: storage: Fix parsing of nbd:// URI without path If a storage file would be backed with a NBD device without path (nbd://localhost) libvirt would crash when parsing the backing path for the disk as the URI structure's path element is NULL in such case but the NBD parser would access it shamelessly. tests: virstoragetest: Switch backing chain test to use automatic numbering I'm going to add a few test cases so it's the best time to convert the test to automatic numbering. 2015-02-04 Luyao Huang conf: Properly report error of unsupported input bus type https://bugzilla.redhat.com/show_bug.cgi?id=1188914 Add a missing jump to the error label in case the input device bus is invalid. 2015-02-04 Luyao Huang conf: Properly report error when an unsupported chr device name is passed Add the missing jump to thje error label. The error message shouldn't ever be triggered though as it's called only on pre-selected nodes. 2015-02-04 Chen Hanxiao virsh-volume: add support for --reflink Add support for --reflink to the virsh 'vol-create-from' and 'vol-clone' commands to signify usage of the VIR_STORAGE_VOL_CREATE_REFLINK flag in the ensuing virStorageVolCreateXMLFrom API call. Updated the man page to describe the new flag. 2015-02-03 Pavel Hrdina virutil: fix MinGW build Commit b38da584 introduced two new functions to get a page size but it won't work on Windows. We should take care of this. virnetdev: fix some issues found by coverity and mingw builds Commit e562a61a introduced new function to get/set interface state but there was misuse of ATTRIBUTE_NONNULL on non-pointer attributes and also we need to wrap that functions by #ifdef to not break mingw build. 2015-02-03 Daniel P. Berrange Make tests independant of system page size Some code paths have special logic depending on the page size reported by sysconf, which in turn affects the test results. We must mock this so tests always have a consistent page size. 2015-02-03 Laine Stump util: make virNetDev(Get|Set)IFFlags() static e562a61a0739 added these two new helper functions and only used them within virnetdev.c, but declared them in the .h file. If some currently unsupported interface flags need to be accessed in the future, it will make more sense to write the appropriate higher level function rather than require us to artificially define IFF_* on some mythical platform that doesn't have SIOC[SG]IFFLAGS (and therefore doesn't have IFF_*) just so we can call virNetDevSetIFFFlags() to return an error. To help someone in not going down the wrong road, this patch makes the two helper functions static, hopefully making it less likely that someone will want to use them outside of virnetdev.c. 2015-01-31 John Ferlan storage: Need to clear pool prior to refreshPool during Autostart https://bugzilla.redhat.com/show_bug.cgi?id=1176510 When storageDriverAutostart is called path virStateReload via a 'service libvirtd reload', then because the volume list in the pool wasn't cleared prior to the call, each volume would be listed multiple times (as many times as we reload). I believe the issue would be introduced by commit id '9e093f0b' at least for the libvirtd reload path, although I suppose the introduction of virStateReload (commit id '70da0494') could be a different cause. Thus like other places prior to calling refreshPool, we need to call virStoragePoolObjClearVols 2015-01-31 Peter Krempa qemu: command: Don't combine old and modern NUMA node creation Change done by commit f309db1f4d51009bad0d32e12efc75530b66836b wrongly assumes that qemu can start with a combination of NUMA nodes specified with the "memdev" option and the appropriate backends, and the legacy way by specifying only "mem" as a size argument. QEMU rejects such commandline though: $ /usr/bin/qemu-system-x86_64 -S -M pc -m 1024 -smp 2 \ -numa node,nodeid=0,cpus=0,mem=256 \ -object memory-backend-ram,id=ram-node1,size=12345 \ -numa node,nodeid=1,cpus=1,memdev=ram-node1 qemu-system-x86_64: -numa node,nodeid=1,cpus=1,memdev=ram-node1: qemu: memdev option must be specified for either all or no nodes To fix this issue we need to check if any of the nodes requires the new definition with the backend and if so, then all other nodes have to use it too. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1182467 2015-01-31 Peter Krempa qemu: command: Refactor NUMA backend object formatting to use JSON objs With the new JSON to argv formatter we are now able to represent the memory backend definitions in the JSON object format that is reusable for monitor use (hotplug) and then convert it into the shell string. This will avoid having two separate instances of the same code that would create the different formats. Previous refactors now allow to make this step without changes to the test suite. 2015-01-31 Peter Krempa qemu: command: Switch to bytes when formatting size for memory backends QEMU's command line visitor as well as the JSON interface take bytes by default for memory object sizes. Convert mebibytes to bytes so that we can later refactor the existing code for hotplug purposes. qemu: command: Unify values for boolean values when formating memory backends QEMU's qapi visitor code allows yes/on/y for true and no/off/n for false value of boolean properities. Unify the used style so that we can generate it later and fix test cases. qemu: command: Shuffle around formating of alias for memory backend objs Move the alias as the second formated argument and tweak the tests so that a future refactor that will change the order doesn't break tests. 2015-01-31 Peter Krempa qemu: Extract code to setup memory backing objects Extract the memory backend device code into a separate function so that it can be later easily refactored and reused. Few small changes for future reusability, namely: - new (currently unused) parameter for user specified page size - size of the memory is specified in kibibytes, divided up in the function - new (currently unused) parameter for user specifed source nodeset - option to enforce capability check 2015-01-31 Peter Krempa qemu: command: Add helper to format -object strings from JSON representation Unlike -device, qemu uses a JSON object to add backend "objects" via the monitor rather than the string that would be passed on the commandline. To be able to reuse code parts that configure backends for various devices, this patch adds a helper that will allow generating the command line representations from the JSON property object. 2015-01-31 Peter Krempa util: json: add helper to iterate JSON object key=value pairs This helper eases iterating all key=value pairs stored in a JSON object. Usually we pick only certain known keys from a JSON object, but this will allow to walk complete objects and have the callback act on those. util: json: Add functions to convert JSON arrays from/to virBitmaps To be able to easily represent nodesets and other data stored in virBitmaps in libvirt, this patch introduces a set of helpers that allow to convert the bitmap to and from JSON value objects. util: bitmap: Add option to allocate bitmap without reporting error The virBitmapNew() function reports only OOM errors. Split out the internals into a "quiet" function and add a wrapper that reports the error. util: json: make value object creator universal by supporting adding To allow constructing of value objects stepwise explode the helper into separate steps and allow appending into existing value objects. 2015-01-31 Peter Krempa test: utils: Add helpers for automatic numbering of test cases Adding or reordering test cases is usually a pain due to static test case names that are then passed to virtTestRun(). To ease the numbering of test cases, this patch adds two simple helpers that generate the test names according to the order they are run. The test name can be configured via the reset function. This will allow us to freely add test cases in middle of test groups without the need to re-number the rest of test cases. 2015-01-31 Peter Krempa conf: numatune: Extract code for requesting memory nodeset from formatting Extract the logic to determine which nodeset has to be used for a domain from the formatting step so that it can be reused separately when the nodeset is used in a different way. 2015-01-30 Michal Privoznik xend: Don't crash in virDomainXMLDevID The function is called from all {Attach,Update,Detach}Device APIs to create config strings that are later passed to the xend to perform the desired action. The function is intended to handle all supported devices. However, as of 5b05358abacb1029fa0d61f72decacf0d4fd8ffb we are trying to get disk driver of the device without checking if the device really is a disk. This leads to an segmentation fault: #0 0x00007ffff7571815 in virDomainDiskGetDriver () from /usr/lib/libvirt.so.0 #1 0x00007fffeb9ad471 in ?? () from /usr/lib/libvirt/connection-driver/libvirt_driver_xen.so #2 0x00007fffeb9b1062 in xenDaemonAttachDeviceFlags () from /usr/lib/libvirt/connection-driver/libvirt_driver_xen.so #3 0x00007fffeb9a8a86 in ?? () from /usr/lib/libvirt/connection-driver/libvirt_driver_xen.so #4 0x00007ffff7609266 in virDomainAttachDevice () from /usr/lib/libvirt.so.0 #5 0x0000555555593c9d in ?? () #6 0x00007ffff76743c9 in virNetServerProgramDispatch () from /usr/lib/libvirt.so.0 #7 0x00005555555a678d in ?? () #8 0x00007ffff755460e in ?? () from /usr/lib/libvirt.so.0 #9 0x00007ffff7553b06 in ?? () from /usr/lib/libvirt.so.0 #10 0x00007ffff4998b50 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 #11 0x00007ffff46e30ed in clone () from /lib/x86_64-linux-gnu/libc.so.6 #12 0x0000000000000000 in ?? () Reported-by: Xiaolin Su 2015-01-30 Michal Privoznik conf: Don't mangle vcpu placement randomly https://bugzilla.redhat.com/show_bug.cgi?id=1170492 In one of our previous commits (dc8b7ce7) we've done a functional change even though it was intended as pure refactor. The problem is, that the following XML: 6 gets translated into this one: 6 We should not change the vcpu placement mode. Moreover, we're doing something similar in case of emulatorpin and iothreadpin. If they were set, but vcpu placement was auto, we've mistakenly removed them from the domain XML even though we are able to set them independently on vcpus. 2015-01-30 Tony Krowiak qemu: change macvtap device options in response to NIC_RX_FILTER_CHANGED This patch enables synchronization of the host macvtap device options with the guest device's in response to the NIC_RX_FILTER_CHANGED event. The following device options will be synchronized: * PROMISC * MULTICAST * ALLMULTI 2015-01-30 Tony Krowiak util: Functions for getting/setting device options This patch provides the utility functions needed to synchronize the rxfilter changes made to a guest domain with the corresponding macvtap devices on the host: * Get/set PROMISC flag * Get/set ALLMULTI, MULTICAST 2015-01-30 John Ferlan qemu: Don't unconditionally delete file in qemuOpenFileAs https://bugzilla.redhat.com/show_bug.cgi?id=1158034 If we're expecting to create a file somewhere and that fails for some reason during qemuOpenFileAs, then we unlink the path we're attempting to create leaving no way to determine what the "existing" privileges, protections, or labels are that caused the failure (open, change owner and group, change mode, etc.). Furthermore, if we fall into the path where we'll be opening / creating the file using VIR_FILE_OPEN_FORK, we need to first unlink/delete the file we created in the first path; otherwise, the attempt by the child process to open as some specific user:group may fail because the file was already created using nfsnobody:nfsnobody. Again, if we didn't create the file we don't want to blindly delete what already exists. Thus, a second reason for the original check to set need_unlink to false when we find the file with CREAT set, but already existing. 2015-01-30 John Ferlan virfile: Need to check for ENOTCONN from recvfd failure A gnulib change (commit id 'beae0bdc') causes ENOTCONN to be returned from recvfd which causes us to fall into the throwaway waitpid() call and return ENOTCONN to the caller, this then gets displayed during a 'virsh save' when using a root squashed NFS environment that's trying to save the file as something other than root:root. This patch will add the additional check for ENOTCONN to force the code into the waitpid loop looking for the actual status from the _exit()'d child fork. 2015-01-30 John Ferlan qemu: Adjust EndAsyncJob for qemuDomainSaveInternal error path Commit id '540c339a' to fix issues with reference counting and transient domains moved the qemuDomainObjEndAsyncJob call prior to the attempt to restart the guest CPU's resulting in an error: error: Failed to save domain rhel70 to /tmp/pl/rhel70.save error: internal error: unexpected async job 3 when (ret != 0) - eg, the error path from qemuDomainSaveMemory. This patch will adjust the logic to call the EndAsyncJob only after we've tried to restart the guest CPUs. It also needs to adjust the test for qemuDomainRemoveInactive to add the ret == 0 condition. Additionally, if we get to endjob: because of some error earlier, then we need to save that error in the event the CPU restart logic fails. We don't want to return the error from CPU restart failure, rather we want to return the error from the failed save that caused us to fall into the retry to start the CPU logic. 2015-01-29 Michal Privoznik schemas: Allow all generic elements and attributes for all interfaces There are some interface types (notably 'server' and 'client') which instead of allowing the default set of elements and attributes (like the rest do), try to enumerate only the elements they know of. This way it's, however, easy to miss something. For instance, the
    element was not mentioned at all. This resulted in a strange behavior: when such interface was added into XML, the address was automatically generated by parsing code. Later, the formatted XML hasn't passed the RNG schema. This became more visible once we've turned on the XML validation on domain XML changes: appending an empty line at the end of formatted XML (to trick virsh think the XML had changed) made libvirt to refuse the very same XML it formatted. Instead of trying to find each element and attribute we are missing in the schema, lets just allow all the elements and attributes like we're doing that for the rest of types. It's no harm if the schema is wider than our parser allows. 2015-01-29 Michal Privoznik qemu: Add AAVMF to the list of known UEFIs Well, even though users can pass the list of UEFI:NVRAM pairs at the configure time, we may maintain the list of widely available UEFI ourselves too. And as arm64 begin to rises, OVMF was ported there too. With a slight name change - it's called AAVMF, with AAVMF_CODE.fd being the UEFI firmware and AAVMF_VARS.fd being the NVRAM store file. qemu: Allow UEFI paths to be specified at compile time Up until now there are just two ways how to specify UEFI paths to libvirt. The first one is editing qemu.conf, the other is editing qemu_conf.c and recompile which is not that fancy. So, new configure option is introduced: --with-loader-nvram which takes a list of pairs of UEFI firmware and NVRAM store. This way, the compiled in defaults can be passed during compile time without need to change the code itself. 2015-01-29 Ján Tomko Fix syntax-check My commit 08d1ae1 broke syntax-check by adding ATTRIBUTE_UNUSED to the flags parameter. Rename the parameter to unused_flags to bypass the check. 2015-01-29 Ján Tomko Remove flag checking in MacVLanCreate helper stub When compiling without WITH_MACVTAP, we can get: 'unsupported flags (0x1) in function virNetDevMacVLanCreateWithVPortProfile' on an attempt to start a domain. Remove the flag check to reach the more helpful error: Cannot create macvlan devices on this platform https://bugzilla.redhat.com/show_bug.cgi?id=1186928 2015-01-29 Peter Krempa virsh: man: Document behavior of some blkdeviotune's flags when querying --live and --config can't be specified together when querying the configuration, but are valid when setting. The man page was hinting that they are valid always. util: bitmap: Tolerate NULL bitmaps in virBitmapEqual After virBitmapEqual is able to compare NULL bitmaps few bits of code can be cleaned up. 2015-01-29 John Ferlan storage: Check the partition name against provided name https://bugzilla.redhat.com/show_bug.cgi?id=1138516 If the provided volume name doesn't match what parted generated as the partition name, then return a failure. Update virsh.pod and formatstorage.html.in to describe the 'name' restriction for disk pools as well as the usage of the 's . 2015-01-29 John Ferlan storage: When delete extended partition, need to refresh pool When removing a volume that is the extended partition, all the logical volume partitions that exist within the extended partition will also be removed, so we need to refresh the pool to have the updated list 2015-01-29 John Ferlan storage: Adjust how to refresh extended partition disk data During virStorageBackendDiskMakeDataVol processing, if we find an extended partition, then handle it specially when updating the capacity/allocation rather than calling virStorageBackendUpdateVolInfo. As it turns out, once a logical partition exists, any attempt to refresh the pool or after libvirtd restart/reload will result in a failure to open the extended partition device resulting in the inability to start the pool. The downside to this is we will lose the and for the extended partition upon subsequent restart, refresh, reload since the stat() in virStorageBackendUpdateVolTargetInfoFD will not be called. However, since it's really only a container and shouldn't directly be used for storage that seems reasonable. Therefore, only use the existing code that already had a comment about getting the allocation wrong for extended partitions for just the setting of the extended partition data. 2015-01-29 John Ferlan storage: Fix check for partition type for disk backing volumes While checking the existing partitions in virStorageBackendDiskPartFormat, the code would erroneously compare the volume target format type (eg, the virStoragePartedFsType) rather than the source partition type (eg, the virStorageVolTypeDisk) which is set during virStorageBackendDiskReadPartitions. storage: Attempt error recovery in virStorageBackendDiskCreateVol During virStorageBackendDiskCreateVol if virStorageBackendDiskReadPartitions fails, then we were leaving with an error and a partition on the disk for which there was no corresponding volume and used space on the disk which could be reclaimable through direct parted activity. On a subsequent restart, reload, or refresh the volume may magically appear too. storage: Move virStorageBackendDiskDeleteVol Move the API to before virStorageBackendDiskCreateVol in order to be able to call the DeleteVol API when virStorageBackendDiskReadPartitions fails so that we don't by chance leave a partition on the disk. 2015-01-29 Pavel Hrdina libvirt.spec: remove vbox storage and network .so files Commit 55ea7be7 removed separated modules for vbox_network and vbox_storage drivers but forget to update libvirt.spec.in file. This patch will fix rpm build. 2015-01-28 Luyao Huang qemu: fix cannot set graphic passwd via qemuDomainSaveImageDefineXML https://bugzilla.redhat.com/show_bug.cgi?id=1183890 When we try to update a xml to a image file, we will clear the graphics passwd settings, because we do not pass VIR_DOMAIN_XML_SECURE to qemuDomainDefCopy, qemuDomainDefFormatBuf won't format the passwd. Add VIR_DOMAIN_XML_SECURE flag when we call qemuDomainDefCopy in qemuDomainSaveImageUpdateDef. 2015-01-28 Ján Tomko hotplug: only add a chardev to vmdef after monitor call https://bugzilla.redhat.com/show_bug.cgi?id=1161024 This way the device is in vmdef only if ret = 0 and the caller (qemuDomainAttachDeviceFlags) does not free it. Otherwise it might get double freed by qemuProcessStop and qemuDomainAttachDeviceFlags if the domain crashed in monitor after we've added it to vm->def. 2015-01-28 Ján Tomko Split qemuDomainChrInsert into two parts Do the allocation first, then add the actual device. The second part should never fail. This is good for live hotplug where we don't want to remove the device on OOM after the monitor command succeeded. The only change in behavior is that on failure, the vmdef->consoles array is freed, not just the first console. 2015-01-27 Daniel P. Berrange lxc: report veth device indexes to systemd Record the index of each host-side veth device created and report them to systemd, so they show up in machinectl status for the VM. lxc-shell(95449419f969d649d9962566ec42af7d) Since: Fri 2015-01-16 16:53:37 GMT; 3s ago Leader: 28085 (sh) Service: libvirt-lxc; class container Iface: vnet0 Address: fe80::216:3eff:fe00:c317%124 OS: Fedora 21 (Twenty One) Unit: machine-lxc\x2dshell.scope └─28085 /bin/sh 2015-01-27 Daniel P. Berrange lxc: more logging during startup paths Add more logging to the lxc controller and container files to facilitate debugging startup problems. Also make it clear when the container is going to close stdout and thus no longer do any logging. lxc: delay setup of cgroup until we have the init pid Don't create the cgroups ahead of launching the container since there is no need for the limits to apply during initial bootstrap. Create the cgroup after the container PID is known and tell systemd the initpid is the leader, instead of the controller pid. 2015-01-27 Daniel P. Berrange lxc: only write XML once for lxc controller Currently when launching the LXC controller we first write out the plain, inactive XML configuration, then launch the controller, then replace the file with the live status XML configuration. By good fortune this hasn't caused any problems other than some misleading error messages during failure scenarios. This simplifies the code so it only writes out the XML once and always writes the live status XML. To do this we need to handshake with the child process, to make execution pause just before exec() so we can write the XML status with the child PID present. 2015-01-27 Daniel P. Berrange lxc: re-arrange startup synchronization sequence with controller Currently the lxc controller process itself is responsible for daemonizing itself into the background and writing out its pid file. The lxc driver would fork the controller and then attempt to connect to the lxc monitor. This connection would only succeed after the controller has backgrounded itself, setup cgroups and written its pid file, so startup was race free. The problem is that we need to delay create of the cgroups to much later, such that we can tell systemd the container init pid when we create the cgroups. If we delay cgroup creation though the current synchronization won't work. A second problem is that the controller needs the XML config of the guest. Currently we write out the plain virDomainDefPtr XML before starting the controller, and then later replace it with the full virDomainObjPtr status XML. This is kind of gross and also means that the controller doesn't get a record of the live XML config right away. This means it doesn't have a record of the veth device names either and so can't give that info to systemd when creating the cgroups. To address this we change the startup sequencing. The goal is that we want to get the PID as soon as possible, before the LXC controller even starts. So we stop letting the LXC controller daemonize itself, and instead use virCommand's built-in capabilities. This daemonizes and writes the PID before LXC controller is exec'd. So the driver can read the PID as soon as virCommandRun returns. It is no longer safe to connect to the monitor or detect the cgroups though. Fortunately the LXC controller already has a second point of synchronization. Immediately before its event loop starts running, it performs a handshake with the driver. So we move the opening of the monitor connection and cgroup detection after this synchronization point. 2015-01-27 Daniel P. Berrange lxc: don't build pidfile string multiple times Build the pidfile string once when starting a guest and then use the same string thereafter. This will benefit following patches which need the pidfile string in more situations. systemd: don't report an error if the guest is already terminated In many cases where we invoke virSystemdTerminateMachine the process(es) will have already gone away on their own accord. In these cases we log an error message that the machine does not exist. We should catch this particular error and simply ignore it, so we don't pollute the logs. qemu: report TAP device indexes to systemd Record the index of each TAP device created and report them to systemd, so they show up in machinectl status for the VM. 2015-01-27 Ján Tomko Fix shadowed variable warning libvirtd.c: In function 'daemonSetupAccessManager': libvirtd.c:730:18: error: declaration of 'driver' shadows a global declaration [-Werror=shadow] const char **driver = (const char **)config->access_drivers; ^ In file included from libvirtd.c:95:0: ../src/node_device/node_device_driver.h:43:36: error: shadowed declaration is here [-Werror=shadow] extern virNodeDeviceDriverStatePtr driver; ^ 2015-01-27 Chen Hanxiao storage: add a flag to clone files on btrfs When creating a RAW file, we don't take advantage of clone of btrfs. Add a VIR_STORAGE_VOL_CREATE_REFLINK flag to request a reflink copy. 2015-01-27 Chen Hanxiao storage: introduce btrfsCloneFile() for COW copy Add a wrapper for BTRFS_IOC_CLONE ioctl. 2015-01-27 Daniel P. Berrange Removing probing of secondary drivers For stateless, client side drivers, it is never correct to probe for secondary drivers. It is only ever appropriate to use the secondary driver that is associated with the hypervisor in question. As a result the ESX & HyperV drivers have both been forced to do hacks where they register no-op drivers for the ones they don't implement. For stateful, server side drivers, we always just want to use the same built-in shared driver. The exception is virtualbox which is really a stateless driver and so wants to use its own server side secondary drivers. To deal with this virtualbox has to be built as 3 separate loadable modules to allow registration to work in the right order. This can all be simplified by introducing a new struct recording the precise set of secondary drivers each hypervisor driver wants struct _virConnectDriver { virHypervisorDriverPtr hypervisorDriver; virInterfaceDriverPtr interfaceDriver; virNetworkDriverPtr networkDriver; virNodeDeviceDriverPtr nodeDeviceDriver; virNWFilterDriverPtr nwfilterDriver; virSecretDriverPtr secretDriver; virStorageDriverPtr storageDriver; }; Instead of registering the hypervisor driver, we now just register a virConnectDriver instead. This allows us to remove all probing of secondary drivers. Once we have chosen the primary driver, we immediately know the correct secondary drivers to use. 2015-01-27 Daniel P. Berrange don't disable state driver when libvirtd is not built A bunch of code is wrapped in #if WITH_LIBVIRTD in order to enable the virStateDriver to be disabled when libvirtd is not built. Disabling this code doesn't have any real functional benefit beyond removing 1 pointer from the virConnectPtr struct, while having a cost of many more conditionals. Remove all secondary driver private data fields Now all drivers are converted to use their global state directly, there is no need for private data fields for the secondary drivers in virConnectPtr Remove use of interfacePrivateData from udev driver The udev driver can be implemented using global state instead of the connect private data. Remove use of nodeDevicePrivateData from nodeDev driver The node device driver can rely on its global state instead of the connect private data. Remove use of storagePrivateData/networkPrivateData from vbox The vbox driver can use the main hypervisor private data and so does not need to use the storage/network private data fields. Remove use of nwfilterPrivateData from nwfilter driver The nwfilter driver can rely on its global state instead of the connect private data. Remove use of secretPrivateData from secret driver The secret driver can rely on its global state instead of the connect private data. 2015-01-27 Peter Krempa qemu: Fix job handling in qemuDomainSetMetadata The code modifies the domain configuration but doesn't take a MODIFY type job to do so. qemu: Fix job type in qemuDomainGetBlockIoTune The function just queries status so there's no need for a MODIFY type job. qemu: Fix job handling in qemuDomainSetSchedulerParametersFlags The code modifies the domain configuration but doesn't take a MODIFY type job to do so. qemu: Fix job handling in qemuDomainSetMemoryParameters The code modifies the domain configuration but doesn't take a MODIFY type job to do so. 2015-01-27 Peter Krempa qemu: Fix job handling in qemuDomainSetAutostart The code modifies the domain configuration but doesn't take a MODIFY type job to do so. This patch also fixes a few very long lines of code around the touched parts. 2015-01-27 Peter Krempa qemu: Fix job handling in qemuDomainPinEmulator The code modifies the domain configuration but doesn't take a MODIFY type job to do so. qemu: Fix job handling in qemuDomainPinVcpuFlags The domain modifies the domain configuration but doesn't take a MODIFY type job to do it. Post-release version bump for new dev cycle 2015-01-27 Daniel Veillard Release of libvirt-1.2.12 * docs/news.html.in libvirt.spec.in: updated for the release * po/*.po*: regenerated the po 2015-01-27 Michal Privoznik tests: Check for virQEMUDriverConfigNew return value The function may return NULL if something went wrong. In some places in the tests we are not checking the return value rather than accessing the pointer directly resulting in SIGSEGV. 2015-01-26 Ján Tomko Fix a memory leak in virCgroupGetPercpuStats Coverity reports that my commit af1c98e introduced two memory leaks: the cpumap if ncpus == 0 in virCgroupGetPercpuStats and the params array in the test of the function. 2015-01-26 Ján Tomko Use correct location for qcow1 encryption header After the 8-byte size header, there are two one-byte headers and two bytes of padding before the crypt_header field. Our QCOW1_HDR_CRYPT constant did not skip the padding. http://git.qemu.org/?p=qemu.git;a=blob;f=block/qcow.c;h=ece22697#l41 https://bugzilla.redhat.com/show_bug.cgi?id=1185165 2015-01-26 Daniel P. Berrange systemd: avoid string comparisons on dbus error messages Add a virDBusErrorIsUnknownMethod helper so that callers don't need todo string comparisons themselves to detect standard error names. 2015-01-26 Daniel P. Berrange systemd: fix build without dbus The virDBusMethodCall method has a DBusError as one of its parameters. If the caller wants to pass a non-NULL value for this, it immediately makes the calling code require DBus at build time. This has led to breakage of non-DBus builds several times. It is desirable that only the virdbus.c file should need WITH_DBUS conditionals, so we must ideally remove the DBusError parameter from the method. We can't simply raise a libvirt error, since the whole point of this parameter is to give the callers a way to check if the error is one they want to ignore, without having the logs polluted with an error message. So, we add a virErrorPtr parameter which the caller can then either ignore or raise using the new virReportErrorObject method. This new method is distinct from virSetError in that it ensures the logging hooks are run. 2015-01-23 Richard W.M. Jones aarch64: Support versioned machine types. For distros that want to add versioned machine types, they will add (downstream) machine types like "virt-foo-1.2.3". Detect these as MMIO too. 2015-01-23 Erik Skultety qemu: Add check for PCI bridge placement if there are too many PCI devices Previous patch of this series fixed the issue with adding a new PCI bridge when all the slots were reserved by devices with user specified addresses. In case there are still some PCI devices waiting to get a slot reserved by qemuAssignDevicePCISlots, this means a new bus needs to be created along with a corresponding bridge controller. By adding an additional check, this scenario now results in a reasonable error instead of generating wrong qemu command line. 2015-01-23 Erik Skultety qemu: Fix auto-adding PCI bridge when all slots are reserved Commit 93c8ca tried to fix the issue with auto-adding of a PCI bridge controller, but didn't work properly in all scenarios. This patch provides a better fix of the issue when all slots on a PCI bus are reserved by devices with user specified addresses and no additional bridges need to be created. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1132900 2015-01-23 Erik Skultety qemu: move PCI slot assignment for PIIX3, Q35 into a separate function In order to be able to test for fully reserved PCI buses, assignment of PCI slots for integrated devices needs to be moved to a separate function. This also might be a good preparation if we decide to add support for other chipsets as well. 2015-01-23 Erik Skultety qemu: reorder PCI slot assignment functions Move qemuDomainAssignPCIAddresses after the definition of the static function qemuDomainValidateDevicePCISlotsQ35. This lets us define a new static function using qemuDomainValidateDevicePCISlots* and use it in qemuDomainAssignPCIAddresses without a forward declaration. 2015-01-23 Peter Krempa schemas: Move definition of 'hexuint' to basictypes Allow reuse of the type. util: json: Make argument of virJSONValueArraySize const The function doesn't allow to modify the array in any way, thus the argument can be const. qemu: command: Honor const-correctnes in qemuBuildNumaArgStr @def is modified in the function indirectly although it's marked as const. conf: Fix comment mentioning actual type of @multi member of virDevicePCIAddress After refactor to use the virTristateSwitch enum the comment in the struct was not adjusted. 2015-01-23 Mike Latimer Grant access to helpers Apparmor must not prevent access to required helper programs. The following helpers should be allowed to run in unconfined execution mode: - libvirt_parthelper - libvirt_iohelper 2015-01-23 Mike Latimer Fix apparmor issues for tck The network and nwfilter tests contained in the libvirt-TCK testkit can fail unless access to raw network packets is granted. Without this access, the following apparmor error can be seen while running the tests: apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/libvirtd" pid=94731 comm="libvirtd" family="packet" sock_type="raw" protocol=768 2015-01-23 Mike Latimer Fix apparmor issues for Xen In order for apparmor to work properly in Xen environments, the following access rights need to be allowed: - Allow CAP_SYS_PACCT, which is required when resetting some multi-port Broadcom cards by writting to the PCI config space - Allow CAP_IPC_LOCK, which is required to lock/unlock memory. Without this setting, an error 'Resource temporarily unavailable' can be seen while attempting to mmap memory. At the same time, the following apparmor message is seen: apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/libvirtd" pid=2097 comm="libvirtd" pid=2097 comm="libvirtd" capability=14 capname="ipc_lock" - Allow access to distribution specific directories: /usr/{lib,lib64}/xen/bin 2015-01-23 Erik Skultety conf: virDomainDefMaybeAddController tweak return code Previously the function returned either -1 in case of an error or 0 on success. However, we should also distinguish between a case we successfully added a controller and a case there wasn't a need to add any controller 2015-01-23 Erik Skultety qemu: Remove dead code in qemuDomainAssignPCIAddresses revert patch As it turned out, fix of dead code 419a22 changed the affected condition from "never true" to "always true", so better fix would be to change the return code of virDomainMaybeAddController from 0 to 1 if a new bridge has been added, thus distinguishing case when we didn't need to add any controller and case we successfully added one. The return code is changed in the next commit 2015-01-23 Ján Tomko Fix build with older gcc My commit af1c98e4 broke the build on RHEL-6: vircgrouptest.c: In function 'testCgroupGetPercpuStats': vircgrouptest.c:566: error: nested extern declaration of '_gl_verify_function2' [-Wnested-externs] The only thing that needs checking is that the array size is at least EXPECTED_NCPUS, to prevent access beyond the array. We can ensure the minimum size also by specifying the array size upfront. 2015-01-23 Pavel Hrdina esx_vi: fix possible segfault Clang found possible dereference of NULL pointer which is right. Function 'esxVI_LookupTaskInfoByTask' should find a task info. The issue is that we could return 0 and leave 'taksInfo' pointer NULL because if there is no match we simply end the search loop end set 'result' to 0. Every caller count on the fact that if the return value is 0 than it's safe to dereference 'taskInfo'. We should return 0 only in case we found something and the '*taskInfo' is not NULL. xenapi_driver: fix copy-paste typo Clang found that we are passing variable with wrong enum type to 'xenapiCrashExitEnum2virDomainLifecycle' function. This is probably copy-paste typo as the correct variable exists in the code, but it isn't used. 2015-01-23 Ján Tomko Fix virCgroupGetPercpuStats with non-continuous present CPUs Per-cpu stats are only shown for present CPUs in the cgroups, but we were only parsing the largest CPU number from /sys/devices/system/cpu/present and looking for stats even for non-present CPUs. This resulted in: internal error: cpuacct parse error 2015-01-22 Peter Krempa CVE-2015-0236: qemu: Check ACLs when dumping security info from snapshots The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the appropriate permission for it. Found via code inspection while fixing permissions for save images. CVE-2015-0236: qemu: Check ACLs when dumping security info from save image The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the appropriate permission for it. 2015-01-22 Luyao Huang qemu: output error when try to hotplug unsupported console type https://bugzilla.redhat.com/show_bug.cgi?id=1164627 When using 'virsh attach-device' to hotplug an unsupported console type into a qemu guest the attachment would succeed as the command line formatter didn't report error in such case. 2015-01-21 Ján Tomko qemu: format server interface without a listen address https://bugzilla.redhat.com/show_bug.cgi?id=1130390 The listen address is not mandatory for but when it's not specified, we've been formatting it as: -netdev socket,listen=(null):5558,id=hostnet0 which failed with: Device 'socket' could not be initialized Omit the address completely and only format the port in the listen attribute. Also fix the schema to allow specifying a model. 2015-01-21 Jim Fehlig tests: fix xlconfigtest build failure When libvirt is configured --without-xen, building the xlconfigtest fails with CCLD xlconfigtest /usr/lib/gcc/x86_64-linux-gnu/4.7/../../../x86_64-linux-gnu/crt1.o In function `_start': (.text+0x20): undefined reference to `main' collect2: error: ld returned 1 exit status Introduced in commit 4ed5fb91 by too much copy and paste from xmconfigtest. 2015-01-20 Ján Tomko Fix virCgroupNewMachine prototype on non-Linux Commit 318df5a changed the prototype of virCgroupNewMachine without adjusting the stub function for platforms without cgroups. 2015-01-20 Josh Stone network: Let domains be restricted to local DNS This adds a new "localOnly" attribute on the domain element of the network xml. With this set to "yes", DNS requests under that domain will only be resolved by libvirt's dnsmasq, never forwarded upstream. This was how it worked before commit f69a6b987d616, and I found that functionality useful. For example, I have my host's NetworkManager dnsmasq configured to forward that domain to libvirt's dnsmasq, so I can easily resolve guest names from outside. But if libvirt's dnsmasq doesn't know a name and forwards it to the host, I'd get an endless forwarding loop. Now I can set localOnly="yes" to prevent the loop. 2015-01-19 Gary R Hook Make ZFS storage pool XML tests optional Do not run ZFS tests when ZFS is unsupported in the environment. The recent patch b4af40226d09adeaf9e33a1d6594c4e8ce7f771d adds tests to storagepoolxml2xmltest for the optional ZFS feature. When ZFS is not included in the configuration these tests should not / cannot be run. Modify the test source file to check for use of the feature and compile in the tests accordingly. 2015-01-19 Martin Kletzander docs: Fix docs about python bindings package Since the day we removed python bindings from the core repository, the documentation was missing that information. Reported-by: Lingyu Zhu 2015-01-19 Ján Tomko qemu_conf: check for duplicate security drivers Using the same driver multiple times is pointless and it can result in confusing errors: $ virsh start test error: Failed to start domain test error: internal error: security label already defined for VM https://bugzilla.redhat.com/show_bug.cgi?id=1153891 2015-01-19 Ján Tomko Always check return value of qemuDomainObjExitMonitor Depending on the context, either error out if the domain has disappeared in the meantime, or just ignore the value to allow marking the function as ATTRIBUTE_RETURN_CHECK. 2015-01-19 Ján Tomko Fix vmdef usage after domain crash in monitor on device attach https://bugzilla.redhat.com/show_bug.cgi?id=1161024 If the domain crashed while we were in monitor, we cannot rely on the REALLOC done on live definition, since vm->def now points to the persistent definition. Skip adding the attached devices to domain definition if the domain crashed. In AttachChrDevice, the chardev was already added to the live definition and freed by qemuProcessStop in the case of a crash. Skip the device removal in that case. Also skip audit if the domain crashed in the meantime. 2015-01-19 Ján Tomko Fix vmdef usage after domain crash in monitor on device detach https://bugzilla.redhat.com/show_bug.cgi?id=1161024 In the device type-specific functions, exit early if the domain has disappeared, because the cleanup should have been done by qemuProcessStop. Check the return value in processDeviceDeletedEvent and qemuProcessUpdateDevices. Skip audit and removing the device from live def because it has already been cleaned up. 2015-01-19 Ján Tomko Simplify condition for formatting CPU features Commit adff345 added support for features to MODE_HOSTPASSTHROUGH as well. Since we support all modes now, the condition can be eliminated. Add an XML test for host-model CPU with features This was broken in a dowstream build due to a missing backport: https://bugzilla.redhat.com/show_bug.cgi?id=1182448 2015-01-17 Anthony PERARD libxl: Set path to console on domain startup. The path to the pty of a Xen PV console is set only in virDomainOpenConsole. But this is done too late. A call to virDomainGetXMLDesc done before OpenConsole will not have the path to the pty, but a call after OpenConsole will. e.g. of the current issue. Starting a domain with '' Then: virDomainGetXMLDesc(): virDomainOpenConsole() virDomainGetXMLDesc(): The patch intend to have the TTY path on the first call of GetXMLDesc. This is done by setting up the path at domain start up instead of in OpenConsole. https://bugzilla.redhat.com/show_bug.cgi?id=1170743 2015-01-17 Daniel P. Berrange Conditionalize use of -Wno-suggest-attribute=format pragma Many GCC versions don't understand -Wno-suggest-attribute=format so the pragma must only be used when supported 2015-01-17 Cédric Bosdonnat Coverity fix: properly check for 0 ipv6 address. 2015-01-16 Dmitry Guryanov parallels: create container from existing image It's possible to create a container with existing disk image as root filesystem. You need to remove existing disks from PCS VM config and then add a new one, pointing to your image. And then call PrlVm_RegEx with PRNVM_PRESERVE_DISK flag. With this patch you can create such container with something like this for new domain XML config: 2015-01-16 Dmitry Guryanov parallels: allow to add filesystems to container Handle information about filesystems in domain config and add corresponding devices to container via parallels sdk. 2015-01-16 Dmitry Guryanov parallels: commit with PVCF_DETACH_HDD_BUNDLE flag PCS removes disk image from filesystem, if you remove it from config. There is a special flag PVCF_DETACH_HDD_BUNDLE which allow to remove disk only from VM/CT config. If you call virDomainDefine and remove some disk from config it should be preserved, so call PrlVm_CommitEx always with flag PVCF_DETACH_HDD_BUNDLE. 2015-01-16 Dmitry Guryanov parallels: dump info about container filesystems Obtain information about container's filesystems and store it in virDomainDef structure. 2015-01-16 Dmitry Guryanov add ploop fs driver type Ploop is a pseudo device which makeit possible to access to an image in a file as a block device. Like loop devices, but with additional features, like snapshots, write tracker and without double-caching. It used in PCS for containers and in OpenVZ. You can manage ploop devices and images with ploop utility (http://git.openvz.org/?p=ploop). 2015-01-16 Martin Kletzander qemu: Add support for enabling/disabling PMU This is used as a boolean parameter for the '-cpu' option. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178853 2015-01-16 Martin Kletzander docs, schema, conf: Add support for PMU feature Just a new feature that can be turned on/off. https://bugzilla.redhat.com/show_bug.cgi?id=1178853 2015-01-16 John Ferlan network: Resolve Coverity FORWARD_NULL Commit id 'ca481a6f' added virNetworkRouteDefFree which may be called in an error path from lxcAddNetworkRouteDefinition with 'route = NULL'. So just add the (!def) at the top to resolve. 2015-01-16 Daniel P. Berrange virsh: add support for domain XML validation The 'virsh edit' command gets XML validation enabled by default, with a --skip-validate option to disable it. The 'virsh define' and 'virsh create' commands get a --validate option to enable it, to avoid regressions for existing scripts. The quality of error reporting from libxml2 varies depending on the type of XML error made. Sometimes it is quite clear and useful, other times it is obscure & inaccurate. At least the user will see an error now, rather than having their XML modification silently disappear. 2015-01-16 Erik Skultety Add XML test for too many PCI devices on default PCI bus Remove dead code in qemuDomainAssignPCIAddresses We tested for positive return value from virDomainMaybeAddController, but it returns 0 or -1 only resulting in a dead code. 2015-01-16 Erik Skultety qemu: Tweak auto adding PCI bridge controller when extending default PCI bus In case we find out, there are more PCI devices to be connected than there are available slots on the default PCI bus, we automatically add a new bus and a related PCI bridge controller as well. As there are no free slots left on the default PCI bus, PCI bridge controller gets a free slot on a newly created PCI bus which causes qemu to refuse to start the guest. This fix introduces a new function qemuDomainPCIBusFullyReserved which is checked right before we possibly try to reserve a slot for PCI bridge controller. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1132900 2015-01-16 John Ferlan domain_conf: Check errors from virSocketAddrFormat Commit id 'aa2cc721' added calls to virSocketAddrFormat but did not check for a NULL (error) return which could lead to bad output in the XML file. Need to check for NULL return and cause failure. domain_conf: Resolve Coverity RESOURCE_LEAK Commit id 'aa2cc721' added call to virSocketAddrFormat and did not VIR_FREE() the returned memory. 2015-01-16 Cédric Bosdonnat virSocketAddrGetIpPrefix 0.0.0.0 and :: special cases If 0.0.0.0 or :: address is provided, then the returned prefix should be 0, for the default address. Use the network route definitions for domains Move code related to network routes to networkcommon_conf.[ch] Moving code for parsing and formatting network routes to networkcommon_conf helps reusing those routes for domains. The route definition has been hidden to help reducing the number of unnecessary checks in the format function. Move network route definition to networkcommon.rng Moving network route to the network common schema will allow reusing it. Fix ipv6 regex in RNG schemas to match '::' 2015-01-16 Michal Privoznik virNetworkDefUpdateIPDHCPHost: Don't crash when updating network https://bugzilla.redhat.com/show_bug.cgi?id=1182486 When updating a network and adding new ip-dhcp-host entry, the deamon may crash. The problem is, we iterate over existing entries trying to compare MAC addresses to see if there's already an existing rule. However, not all entries are required to have MAC address. For instance, the following is perfectly valid entry: When the checking loop iterates over this, the entry's MAC address is accessed directly. Well, the fix is obvious - check if the address is defined before trying to compare it. 2015-01-16 Daniel P. Berrange Add support for schema validation when passing in XML The virDomainDefineXMLFlags and virDomainCreateXML APIs both gain new flags allowing them to be told to validate XML. This updates all the drivers to turn on validation in the XML parser when the flags are set 2015-01-15 Daniel P. Berrange Add virXMLValidateAgainstSchema helper method Add a helper method that can validate an XML document against an RNG schema Change int to size_t in size var for tap/vhost FDs A number of methods take an int for a parameter that indicates the size of an array. The correct type for array sizes is size_t Log dtrace/systemd probes at INFO level instead of DEBUG Every dtrace/systemd probe also include a libvirt log message. These are logged at level DEBUG currently, which means if you want to see all probes they are drowned by the rest of the DEBUG messages. Since we don't really use the INFO log level for much, it seems reasonable to suggest we log all probes at level INFO. Add systemd/dtrace probes for DBus APIs When debugging libvirt it is helpful to set probes around RPC calls. We already have probes for libvirt's native RPC layer, so it makes sense to add them for the DBus RPC layer too. 2015-01-15 Daniel P. Berrange Add support for systemd-machined CreateMachineWithNetwork systemd-machined introduced a new method CreateMachineWithNetwork that obsoletes CreateMachine. It expects to be given a list of VETH/TAP device indexes for the host side device(s) associated with a container/machine. This falls back to the old CreateMachine method when the new one is not supported. 2015-01-15 Luyao Huang qemu: free priv->origname when qemuMigrationPrepareAny fails https://bugzilla.redhat.com/show_bug.cgi?id=1181182 When we meet error in qemuMigrationPrepareAny and goto cleanup with rc < 0, we forget clear the priv->origname and this will make this vm migrate fail next time because leave a wrong origname in priv, and will Generate a wrong cookie when do migrate next time. This patch will make priv->origname is NULL when migrate fail in target host. 2015-01-15 Ján Tomko Fix vmdef usage while in monitor in qemu process Make local copy of the disk alias in qemuProcessInitPasswords, instead of referencing the one in domain definition, which might get freed if the domain crashes while we're in monitor. Also copy the memballoon period value. 2015-01-15 Ján Tomko Fix vmdef usage while in monitor in BlockStat* APIs Make a local copy of the disk alias instead of pointing to the domain definition, which might get freed if the domain dies while we're in monitor. Also exit early if that happens. 2015-01-15 Ján Tomko Fix vmdef usage while in monitor in qemuDomainHotplugVcpus Exit the monitor right after we've done with it to get the virDomainObjPtr lock back, otherwise we might be accessing vm->def while it's being cleaned up by qemuProcessStop. If the domain crashed while we were in the monitor, exit early instead of changing vm->def which is now the persistent definition. 2015-01-15 Ján Tomko Mark the domain as active in qemuhotplugtest This will allow us to call qemuDomainObjIsActive() in the tested functions to check if the domain has crashed. 2015-01-15 Ján Tomko Check for domain liveness in qemuDomainObjExitMonitor The domain might disappear during the time in monitor when the virDomainObjPtr is unlocked, so the caller needs to check if it's still alive. Since most of the callers are going to need it, put the check inside qemuDomainObjExitMonitor and return -1 if the domain died in the meantime. 2015-01-15 Shivaprasad G Bhat check IOMMU group devices usage when preparing device for vfio passthrough The virsh start fails with qemu error when the hostdevices of the same iommu group are used actively by other vms. It is not clear which hostdev from the same iommu group is used by any of the running guests. User has to go through every guest xml to figure out who is using the hostdev of same iommu group. Solution: Iterate the iommu group of the hostdev and error our neatly in case a device in the same iommu group is busy. Reattach code also does the same kind of check, remove duplicate code as well. 2015-01-15 Shivaprasad G Bhat virpci: Implement virPCIDeviceGetAddress function Basically a getter function which is implemented for accessing the address fields in virPCIDevice. 2015-01-14 Kiarie Kahurani libxl: Add support for parsing/formating Xen XL config Now that xenconfig supports parsing and formatting Xen's XL config format, integrate it into the libxl driver's connectDomainXML{From,To}Native functions. tests: Tests for the xen-xl parser Add disk and spice config tests for the xen_xl config parser 2015-01-14 Jim Fehlig Introduce support for parsing/formatting Xen xl config format Introduce a parser/formatter for the xl config format. Since the deprecation of xm/xend, the VM config file format has diverged as new features are added to libxl. This patch adds support for parsing and formating the xl config format. It supports the existing xm config format, plus adds support for spice graphics and xl disk config syntax. Disk config is specified a bit differently in xl as compared to xm. In xl, disk config consists of comma-separated positional parameters and keyword/value pairs separated by commas. Positional parameters are specified as follows target, format, vdev, access Supported keys for key=value options are devtype, backendtype The positional paramters can also be specified in key/value form. For example the following xl disk config are equivalent /dev/vg/guest-volume,,hda /dev/vg/guest-volume,raw,hda,rw format=raw, vdev=hda, access=rw, target=/dev/vg/guest-volume See $xen_sources/docs/misc/xl-disk-configuration.txt for more details. xl disk config is parsed with the help of xlu_disk_parse() from libxlutil, libxl's utility library. Although the library exists in all Xen versions supported by the libxl virt driver, only recently has the corresponding header file been included. A check for the header is done in configure.ac. If not found, xlu_disk_parse() is declared externally. 2015-01-14 Pavel Hrdina qemu_process: detect updated video ram size values from QEMU QEMU internally updates the size of video memory if the domain XML had provided too low memory size or there are some dependencies for a QXL devices 'vgamem' and 'ram' size. We need to know about the changes and store them into the status XML to not break migration or managedsave through different libvirt versions. The values would be loaded only if the "vgamem_mb" property exists for the device. The presence of the "vgamem_mb" also tells that the "ram_size" and "vram_size" exists for QXL devices. 2015-01-14 Pavel Hrdina qemu_monitor: introduce new function to get QOM path The search is done recursively only through QOM object that has a type prefixed with "child<" as this indicate that the QOM is a parent for other QOM objects. The usage is that you give known device name with starting path where to search. 2015-01-14 Pavel Hrdina qemu_driver: fix setting vcpus for offline domain Commit e3435caf fixed hot-plugging of vcpus with strict memory pinning on NUMA hosts, but unfortunately it also broke updating number of vcpus for offline guests using our API. The issue is that we try to create a cpu cgroup for non-running guest which fails as there are no cgroups for that domain. We should create cgroups and update cpuset.mems only if we are hot-plugging. 2015-01-14 Michal Privoznik qemu, lxc: Warn if setting QoS on unsupported vNIC types https://bugzilla.redhat.com/show_bug.cgi?id=1165993 So, there are still plenty of vNIC types that we don't know how to set bandwidth on. Let's warn explicitly in case user has requested it instead of pretending everything was set. 2015-01-14 Shanzhi Yu qemu: snapshot: inactive external snapshot can't work after libvirtd restart When create inactive external snapshot, after update disk definitions, virDomainSaveConfig is needed, if not after restart libvirtd the new snapshot file definitions in xml will be lost. Reproduce steps: 1. prepare a shut off guest $ virsh domstate rhel7 && virsh domblklist rhel7 shut off Target Source ------------------------------------------------ vda /var/lib/libvirt/images/rhel7.img 2. create external disk snapshot $ virsh snapshot-create rhel7 --disk-only && virsh domblklist rhel7 Domain snapshot 1417882967 created Target Source ------------------------------------------------ vda /var/lib/libvirt/images/rhel7.1417882967 3. restart libvirtd then check guest source file $ service libvirtd restart && virsh domblklist rhel7 Redirecting to /bin/systemctl restart libvirtd.service Target Source ------------------------------------------------ vda /var/lib/libvirt/images/rhel7.img This was first reported by Eric Blake http://www.redhat.com/archives/libvir-list/2014-December/msg00369.html 2015-01-14 Michal Privoznik conf: Increase virNetDevBandwidthParse intelligence There's this function virNetDevBandwidthParse which parses the bandwidth XML snippet. But it's not clever much. For the following XML it allocates the virNetDevBandwidth structure even though it's completely empty: Later in the code there are some places where we check if bandwidth was set or not. And since we obtained pointer from the parsing function we think that it is when in fact it isn't. 2015-01-14 Daniel P. Berrange Give virDomainDef parser & formatter their own flags The virDomainDefParse* and virDomainDefFormat* methods both accept the VIR_DOMAIN_XML_* flags defined in the public API, along with a set of other VIR_DOMAIN_XML_INTERNAL_* flags defined in domain_conf.c. This is seriously confusing & error prone for a number of reasons: - VIR_DOMAIN_XML_SECURE, VIR_DOMAIN_XML_MIGRATABLE and VIR_DOMAIN_XML_UPDATE_CPU are only relevant for the formatting operation - Some of the VIR_DOMAIN_XML_INTERNAL_* flags only apply to parse or to format, but not both. This patch cleanly separates out the flags. There are two distint VIR_DOMAIN_DEF_PARSE_* and VIR_DOMAIN_DEF_FORMAT_* flags that are used by the corresponding methods. The VIR_DOMAIN_XML_* flags received via public API calls must be converted to the VIR_DOMAIN_DEF_FORMAT_* flags where needed. The various calls to virDomainDefParse which hardcoded the use of the VIR_DOMAIN_XML_INACTIVE flag change to use the VIR_DOMAIN_DEF_PARSE_INACTIVE flag. 2015-01-14 Daniel P. Berrange Decouple CPU XML formatting from domain XML public API flags The virCPUDefFormat* methods were relying on the VIR_DOMAIN_XML_* flag definitions. It is not desirable for low level internal functions to be coupled to flags for the public API, since they may need to be called from several different contexts where the flags would not be appropriate. 2015-01-13 Michal Privoznik formatdomaincaps: Correctly format API reference Well, since the link to the virConnectGetDomainCapabilities API is in 
     section we must take special care about the spaces around the
	link.

	Acked-by: Laszlo Ersek 

2015-01-13  Eric Blake  

	qemu: forbid second blockcommit during active commit
	https://bugzilla.redhat.com/show_bug.cgi?id=1135339 documents some
	confusing behavior when a user tries to start an inactive block
	commit in a second connection while there is already an on-going
	active commit from a first connection.  Eventually, qemu will
	support multiple simultaneous block jobs, but as of now, it does
	not; furthermore, libvirt also needs an overhaul before we can
	support simultaneous jobs.  So, the best way to avoid confusing
	ourselves is to quit relying on qemu to tell us about the situation
	(where we risk getting in weird states) and instead forbid a
	duplicate block commit ourselves.

	Note that we are still relying on qemu to diagnose attempts to
	interrupt an inactive commit (since we only track XML of an active
	commit), but as inactive commit is less confusing for libvirt to
	manage, there is less that can go wrong by leaving that detection
	up to qemu.

	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Hoist check for
	active commit to occur earlier outside of conditions.

2015-01-13  Daniel P. Berrange  

	parallels: don't override error message when XML parsing fails
	The virDomainDefParseString method will report a suitable error
	on parsing fail, so don't replace that.

	Fix flags passed to virDomainDefParseString by XenAPI driver
	The XenAPI driver was passing the flags for
	virDomainCreateXML straight into the virDomainDefParseString
	method, even though they expect totally different sets of
	flags. It should have been using VIR_DOMAIN_XML_INACTIVE

	Don't use VIR_DOMAIN_XML_SECURE when parsing XML
	The VIR_DOMAIN_XML_SECURE flag only has effect on the formatting
	of XML so should not be passed to virDomainDefParseNode

	Add stub virDomainDefineXMLFlags impls
	Make sure every virt driver implements virDomainDefineXMLFlags
	by adding a trivial passthrough from the existing impl with
	no flags set.

	Add new virDomainDefineXMLFlags public API
	The virDomainDefineXML method is one of the few that still lacks
	an 'unsigned int flags' parameter. This will be needed for adding
	XML validation to this API. virDomainCreateXML fortunately already
	has flags.

2015-01-13  Luyao Huang  

	conf: fix crash when hotplug a channel chr device with no target
	https://bugzilla.redhat.com/show_bug.cgi?id=1181408

	When we try to hotplug a channel chr device with no target, we
	will get success (which should fail) in virDomainChrDefParseXML,
	because we use goto cleanup this place and return an incomplete
	definition (with no target). In qemuDomainAttachChrDevice,
	we add it to the domain definition, but fail to remove it from
	there when chardev-add fails, because virDomainChrRemove
	matches chardevices according to the target name.
	The device definition is then freed in qemuDomainAttachDeviceFlags,
	leaving a stale pointer in the domain definition.

2015-01-13  Martin Kletzander  

	qemu: Allow enabling/disabling features with host-passthrough
	QEMU supports feature specification with -cpu host and we just skip
	using that.  Since QEMU developers themselves would like to use this
	feature, this patch modifies the code to work.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178850

2015-01-13  Jim Fehlig  

	Revert "src/xenconfig: Xen-xl parser"
	This reverts commit 2c78051a14acfb7aba078d569b1632dfe0ca0853.

	Conflicts:
		src/Makefile.am

2015-01-13  Jim Fehlig  

	Revert "tests: Tests for the xen-xl parser"
	This reverts commit 6b818d3b09f4e74ac2ea1d4020896be1e6871867.

	Revert "libxl: Add support for parsing/formating Xen XL config"
	This reverts commit 4f524212ce614e1ca84b34dd8330a48957c8f823.

	Revert "src/Makefile.am: fix build breaker for xenconfig"
	This reverts commit 703ef9667abf016ef1040eac296a81792b366932.

2015-01-13  Jim Fehlig  

	Revert "build: fix xenconfig VPATH builds"
	This reverts commit 1b21d300691a78f73d94446616a6d1f9fd88991e.

	Conflicts:
		src/Makefile.am

2015-01-13  Jim Fehlig  

	Revert "Revert "src/Makefile.am: fix build breaker for xenconfig""
	This reverts commit e662968fd980158e8f8d8990bb43378dbc3d036a.

	Revert "src/Makefile: move the new xen_xl_disk parser code at the correct place"
	This reverts commit edacdb3d12256af4f6e31ec65c9dd4797fb3aa0d.

	Revert "src/Makefile: Fix parallel build after xen_xl_disk parser introduction"
	This reverts commit 533349ff43ddf091026fbcb0d9a714d9cc570dc7.

	Revert "bootstrap.conf: add check for flex"
	This reverts commit cab767831f74ec72809dacd07cb782a88a097f21.

2015-01-13  Guido Günther  

	lxc: Move setting ifname_guest_actual to virLXCSetupInterfaces
	so it applies to interfaces of type 'direct' too.

	Reported and patch provided by Bastian Blank at

	    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769600

2015-01-12  Michal Privoznik  

	qemuxml2argvtest: Fix test after change of qxl vgamem_mb default
	Well, apparently it's possible for a patch to sneak in through
	review process and break 'make check'. It happened just lately
	with 0e502466acb84a which changed the default of vgamem_mb for
	qxl device. However, there were left some domain XMLs within our
	test suite relying on the old default. These should be updated to
	match the change.

2015-01-12  Daniel Hansel  

	cpu: Bugfix for s390 CPU driver to return a host CPU model
	The curent libvirt CPU driver for s390 does not return a host CPU model.
	This patch returns 'host' according to the other platforms that would
	not decode any CPU model.
	This is an intermediate bugfix due to a discussion on OpenStack mailing
	list. The final patch introducing the CPU model support for s390x will
	exchange the hard-coded decode method.

2015-01-12  John Ferlan  

	virconf: Resolve a possible memory leak in virConfSetValue
	Found this one by inspection... The API claims to "own" the input
	value even in the case of error.  However, in the initial entry
	to the API if the value exists, was STRING, but without a str value
	it just returned without freeing the 'value' which it claims to now
	own.  So I added the virConfFreeValue() call in order to resolve.

	openvz: Check errors from virSocketAddrFormat
	Commit id 'a4e86390' modified the command line to allow --ipadd multiple
	times; however, it did not account for the condition where a NULL is
	returned which will could lead to some interesting errors with multiple
	--ipadd's without parameters.

	openvz: Resolve Coverity RESOURCE_LEAK
	Commit id 'a4e86390' modified the command line to allow --ipadd multiple
	times, which caused Coverity to notice a latent memory leak with the
	'ipAddr' string not being VIR_FREE()'d

2015-01-12  Pavel Hrdina  

	qxl: change the default value for vgamem_mb to 16 MiB
	The default value should be 16 MiB instead of 8 MiB. Only really old
	version of upstream QEMU used the 8 MiB as default for vga framebuffer.

	Without this change if you update your libvirt where we introduced the
	"vgamem" attribute for QXL video device the value will be set to 8 MiB,
	but previously your guest had 16 MiB because we didn't pass any value to
	QEMU command line which means QEMU used its own 16 MiB as default.

	This will affect all users with guest's display resolution higher than
	1920x1080.

2015-01-12  Michal Privoznik  

	docs: Document some -boot option limitations on UEFI
	It was brought to my attention that some -boot options may not
	work with UEFI. For instance, rebootTimeout is very SeaBIOS
	specific,splash logo is not implemented yet on OVMF, and so on.
	We should document this limitation at least.

2015-01-12  Hao Liu  

	virsh: Emit error for VSH_OT_DATA without VSH_OFLAG_REQ
	Commit 6b9964 enforces checking invalid use of VSH_OT_STRING with
	VSH_OFLAG_REQ. This commit tries to do the same thing to stop using
	VSH_OT_DATA without VSH_OFLAG_REQ and also fix existing misuse.

2015-01-12  Guido Günther  

	lxc: Don't crash on NULL ifname_guest_actual
	Reported and patch provided by Bastian Blank at

	    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769600

2015-01-09  Luyao Huang  

	conf: Correctly format controller's driver
	https://bugzilla.redhat.com/show_bug.cgi?id=1179684

	The way that we currently generate the  for  is
	just madness:

	    
	      
	      
	      
    
	    

	It's obvious that we should be aiming at the following:

	    
	      
	      
    
	    

2015-01-09  Ján Tomko  

	safezero: fall back to writing zeroes even when resizing
	Remove the resize flag and use the same code path for all callers.
	This flag was added by commit 18f0316 to allow virStorageFileResize
	use 'safezero' while preserving the behavior.

	Explicitly return -2 when a fallback to a different method should
	be done, to make the code path more obvious.

	Fail immediately when ftruncate fails in the mmap method,
	as we did before commit 18f0316.

2015-01-09  John Ferlan  

	virsh.pod: Update description
	The 'pool-build' command description for --overwrite and --no-overwrite
	indicated usage for only 'filesystem' pools; however, the 'disk' pool
	also supports the flags as of commit id 'afa1029a'. So add a description
	for that usage.

2015-01-09  Eric Blake  

	maint: in src/Makefile.am, $(top_srcdir)/src is verbose
	I noticed this while working on a previous commit.  Why should
	we be calling out '../src/' when it is sufficient to refer to just
	'./'?  Blind copy-and-paste runs rampant in this file :)

	* src/Makefile.am (INCLUDES, *_CFLAGS): Shorten to $(srcdir).

2015-01-09  Pavel Hrdina  

	bootstrap.conf: add check for flex
	We need the flex to generate new xen_xl_disk parser.

2015-01-08  Pavel Hrdina  

	src/Makefile: Fix parallel build after xen_xl_disk parser introduction
	Well, the parallel build doesn't work as there are not dependencies
	set correctly. When running 'make -j' I see this error:

	make[2]: Entering directory '/home/zippy/work/libvirt/libvirt.git/src'
	  GEN      util/virkeymaps.h
	  GEN      locking/lock_protocol.h
	make[2]: *** No rule to make target 'xenconfig/xen_xl_disk.h', needed by 'all'.  Stop.
	make[2]: *** Waiting for unfinished jobs....
	  GEN      lxc/lxc_controller_dispatch.h

	The fix is to correctly set dependencies by letting make know that .c
	and .h are to be generated from .l. Moreover, the section is moved
	closer to the other section which uses it.

2015-01-08  Pavel Hrdina  

	src/Makefile: move the new xen_xl_disk parser code at the correct place

	Revert "src/Makefile.am: fix build breaker for xenconfig"
	This reverts commit 703ef9667abf016ef1040eac296a81792b366932.

2015-01-08  Geoff Hickey  

	vmx: Fix a VMX parsing problem
	VMware ESX does not always set the "serialX.fileType" tag in VMX files. The
	default value for this tag is "device", and when adding a new serial port
	of this type VMware will omit the fileType tag. This caused libvirt to
	fail to parse the VMX file. Fixed by making this tag optional and using
	"device" as a default value. Also updated vmx2xmltest to test for this
	case.

2015-01-08  Eric Blake  

	build: fix xenconfig VPATH builds
	Ever since commit 2c78051 split out a helper library for the sake of
	changing CFLAGS, a VPATH build with xenconfig enabled has failed:

	  CC       xenconfig/libvirt_xenxldiskparser_la-xen_xl_disk.lo
	  ../../src/xenconfig/xen_xl_disk.l:37:21: fatal error: xen_xl.h: No such file or directory
	   # include "xen_xl.h"
	             ^
	  compilation terminated.
	  Makefile:9462: recipe for target 'xenconfig/libvirt_xenxldiskparser_la-xen_xl_disk.lo' failed

	The solution is to tell the build to look for xen_xl.h relative
	to $(srcdir), since we keep that file under version control.

	[Not fixed here - the raw use of -Wno-unused-parameter in CFLAGS
	is NOT portable; ideally, we should be doing a configure test
	and only supplying that argument when we know the compiler supports
	-Wunused-parameter; but that's a patch for another day]

	[Not fixed here - there are still issues with parallel builds hitting
	a race between generating the files and trying to compile/distribute
	them]

	* src/Makefile.am (libvirt_xenxldiskparser_la_CFLAGS): Add another
	include directory.

2015-01-08  Michal Privoznik  

	qemu: Fix system pages handling in 
	In one of my previous commits (311b4a67) I've tried to allow to
	pass regular system pages to . However, there was a
	little bug that wasn't caught. If domain has guest NUMA topology
	defined, qemuBuildNumaArgStr() function takes care of generating
	corresponding command line. The hugepages backing for guest NUMA
	nodes is handled there too. And here comes the bug: the hugepages
	setting from XML is stored in KiB internally, however, the system
	pages size was queried and stored in Bytes. So the check whether
	these two are equal was failing even if it shouldn't.

2015-01-08  Stefan Berger  

	nwfilter: Add support for icmpv6 filtering
	Make use of the ebtables functionality to be able to filter certain
	parameters of icmpv6 packets. Extend the XML parser for icmpv6 types,
	type ranges, codes, and code ranges. Extend the nwfilter documentation,
	schema, and test cases.

	Being able to filter icmpv6 types and codes helps extending the DHCP
	snooper for IPv6 and filtering at least some parameters of IPv6's NDP
	(Neighbor Discovery Protocol) packets. However, the filtering will not
	be as good as the filtering of ARP packets since we cannot
	check on IP addresses in the payload of the NDP packets.

2015-01-07  Ján Tomko  

	Indentation

2015-01-07  Peter Krempa  

	qemu: Don't unref domain after exit from nested async job
	In commit 540c339a2535ec30d79e5ef84d8f50a17bc60723 the whole domain
	reference counting was refactored in the qemu driver. Domain jobs now
	don't need to reference the domain object as they now expect the
	reference from the calling function.

	However, the patch forgot to remove the unref call in case we exit the
	monitor when we were acquiring a nested job. This caused the daemon to
	crash on a subsequent access to the domain object once we've done an
	operation requiring a nested job for a monitor access.

	An easy reproducer case:

	1) Start a vm with qcow disks
	2) virsh snapshot-create-as DOMNAME
	3) virsh dumpxml DOMNAME
	4) daemon crashes in a semi-random spot while accessing a now-removed VM
	object.

	Fortunately, the commit wasn't released yet, so there are no security
	implications.

	Reported-by: Shanzi Yu 

2015-01-07  Luyao Huang  

	conf: Don't format actual network definition in migratable XML
	https://bugzilla.redhat.com/show_bug.cgi?id=1177194

	When migrate a vm, we will generate a xml via qemuDomainDefFormatLive and
	pass this xml to target libvirtd. Libvirt will use the current network
	state in def->data.network.actual to generate the xml, this will make
	migrate failed when we set a network type guest interface use a macvtap
	network as a source in a vm then migrate vm to another host(which has the
	different macvtap network settings: different interface name, bridge name...)

	Add a flag check in virDomainNetDefFormat, if we set a VIR_DOMAIN_XML_MIGRATABLE
	flag when call virDomainNetDefFormat, we won't get the current vm interface
	state.

2015-01-07  Alexander Burluka  

	Parallels: Add VNC hostname setup
	Add missing VNC setup via Parallels SDK.
	Parallels Cloud Server starts one VNC server per domain,
	so we could process only one VNC server definition.
	Network-based listening currently is unimplemented.

2015-01-06  Luyao Huang  

	qemu: Restore old bandwidth rules when setting new fails
	https://bugzilla.redhat.com/show_bug.cgi?id=1177723

	When setting new bandwidth limits via
	virDomainSetInterfaceParameters, the old ones are cleared first.
	However, if setting the new ones fails, the old are already gone
	and interface is left in inconsistent state.  Therefore, right
	before failing we ought to try to restore the old bandwidth.

2015-01-06  Luyao Huang  

	qemu: fix miss goto cleanup in qemuDomainAttachNetDevice
	This place have a wrong logic, maybe forget goto cleanup.
	Also fix some small things.

2015-01-06  Nehal J Wani  

	networkGetDHCPLeases: Remove unnecessary error reporting
	Lack of a lease (whether mac is given or not) is a normal expected
	scenario, since we are already filling in rv with nleases (which is
	okay as 0 if there is no lease).  There is no need to raise an error.

	This fixes:

	> virsh # net-dhcp-leases --mac 00:50:56:c0:00:01  default
	> error: Failed to get leases info for default
	> error: internal error: no lease with matching MAC address: 00:50:56:c0:00:01

2015-01-06  Luyao Huang  

	qemu: use a wrong name for guest panic status
	https://bugzilla.redhat.com/show_bug.cgi?id=1178652

	We will get a warning when we have a guest in paused
	status (caused by kernel panic) and restart libvirtd,
	warning message like this:

	Qemu reported unknown VM status: 'guest-panicked'

	and this seems because we set a wrong status name in
	qemu_monitor.c, and from qemu qapi-schema.json file
	we know this status should named 'guest-panicked'.

2015-01-06  Eric Blake  

	maint: update to latest gnulib
	Another update is required to pick up today's gnulib fix for mingw
	builds (now that gnulib turns on mingw's replacement printf that
	understands %lld, it must also tell the compiler to respect the
	improved definition of PRIdMAX and friends).

	* .gnulib: Update to latest.

2015-01-06  Eric Blake  

	virnetlink: fix build on non-Linux
	Commit 4dc04d3a added virNetlinkGetErrorCode, but forgot to provide
	a fallback, which kills the build on mingw (among others):

	  CCLD     libvirt.la
	  Cannot export virNetlinkGetErrorCode: symbol not defined
	  collect2: error: ld returned 1 exit status

	* src/util/virnetlink.c (virNetlinkGetErrorCode): Provide fallback.

2015-01-06  Cédric Bosdonnat  

	Report error if a driver can't handle multiple IP addresses
	Drivers supporting one and only one IP address raise an error if more IP
	addresses are configured.

	Openvz --ipadd can be provided multiple times
	Vzctl man page says that --ipadd can be provided multiple times to add
	several IP addresses. Looping over the configured ip addresses to add
	one --ipadd for each. This would even handle the multiple IPs handled
	by openvz_conf.c

	LXC: honour network devices link state
	Don't activate LXC network device if  has been set
	in its configuration.

	LXC: use the new net devices routes definition
	Actually set routes in lxc containers if there are defined ones.

	lxc conf2xml: convert lxc.network.ipv[46].gateway

	Domain network devices can now have a  element
	Network interfaces devices and host devices with net capabilities can
	now have IPv4 and/or an IPv6 routes configured.

	lxc conf2xml: convert ip addresses for hostdev NICs

	Allow network capabilities hostdev to configure IP addresses

	lxc conf2xml: convert IP addresses

	LXC: set IP addresses to veth devices in the container
	Uses the new virDomainNetDef ips to set the IP addresses on the network
	interfaces in the container.

	Domain conf: allow more than one IP address for net devices
	Add the possibility to have more than one IP address configured for a
	domain network interface. IP addresses can also have a prefix to define
	the corresponding netmask.

	Renamed virNetDevClearIPv4Address to virNetDevClearIPAddress
	Make clear that virNetDevClearIPv4Address can also handle IPv6
	addresses by changing the name

	virNetDevClearIPv4Address: netlink implementation

	virNetDevAddRoute: implementation using netlink

	Renamed virNetDevSetIPv4Address to virNetDevSetIPAddress
	Renamed virNetDevSetIPv4Address as it also handles IPv6 addresses.

	virNetDevSetIPv4Address: libnl implementation
	Add a default implementation of virNetDevSetIPv4Address using netlink
	and libnl. This avoids requiring /usr/sbin/ip or /usr/sbin/ifconfig
	external binaries.

	Forgot to cleanup ifname_guest* in domain network def parsing

2015-01-06  Cédric Bosdonnat  

	Fix error when starting a container after an error
	The typical case for the problem is starting a domain needing a network
	that isn't started. Even after starting the network, we get an unknown error
	when starting the container.

	This is due to dynamic security label not being removed.

2015-01-06  Daniel P. Berrange  

	maint: fix date in local gnulib patch
	The local gnulib ssize_t.m4.diff patch no longer applied due to
	changed context from the date change.

2015-01-06  Daniel P. Berrange  

	maint: update to latest gnulib
	Sync to latest gnulib to get files updated with 2015 copyright
	date to fix syntax-check

	* .gnulib: update to latest
	* bootstrap: Regenerate from upstream

2015-01-05  Cedric Bosdonnat  

	Teach AppArmor, that /usr/lib64 may exist.
	The apparmor profiles forgot about /usr/lib64 folders, just add lib64
	as a possible alternative to lib in the paths

2015-01-05  Pavel Hrdina  

	src/Makefile.am: fix build breaker for xenconfig
	Commit 2c78051a introduced build breaker with type in Makefile.am by
	specifying wrong header file.

2015-01-05  Chunyan Liu  

	Add tests to xmconfigtest
	Add tests to testing HVM default features (pae, acpi, apic)
	conversion from xm config to libvirt xml. If no pae|acpi|apic
	specified in xm config, after conversion, libvirt xml should
	by default include:
	 
	   
	   
	   
	 

2015-01-05  Chunyan Liu  

	xenconfig: set HVM pae/apic/acpi/ default to 1
	According to xm.config manual, HVM pae|apic|acpi feature default
	is 1 (enabled). But in conversion from xm config to libvirt xml,
	if xm config doesn't contain pae|apic|acpi, it sets default value
	to 0, this causes some problems in HVM guest.

	Update parser codes to set HVM pae|apic|acpi default value to 1
	to match xm config convension.

2015-01-04  Kiarie Kahurani  

	libxl: Add support for parsing/formating Xen XL config
	Now that xenconfig supports parsing and formatting Xen's
	XL config format, integrate it into the libxl driver's
	connectDomainXML{From,To}Native functions.

	tests: Tests for the xen-xl parser
	add tests for the xen_xl config parser

2015-01-04  Kiarie Kahurani  

	src/xenconfig: Xen-xl parser
	Introduce a Xen xl parser

	This parser allows for users to convert the new xl disk format and
	spice graphics config to libvirt xml format and vice versa. Regarding
	the spice graphics config, the code is pretty much straight forward.
	For the disk {formating, parsing}, this parser takes care of the new
	xl format which include positional parameters and key/value parameters.
	In xl format disk config a  consists of parameters separated by
	commas. If the parameters do not contain an '=' they are automatically
	assigned to certain options following the order below

	   target, format, vdev, access

	The above are the only mandatory parameters in the  but there
	are many more disk config options. These options can be specified as
	key=value pairs. This takes care of the rest of the options such as

	  devtype, backend, backendtype, script, direct-io-safe,

	The positional paramters can also be specified in key/value form
	for example

	    /dev/vg/guest-volume,,hda
	    /dev/vg/guest-volume,raw,hda,rw
	    format=raw, vdev=hda, access=rw, target=/dev/vg/guest-volume

	are interpleted to one config.

	In xm format, the above diskspec would be written as

	phy:/dev/vg/guest-volume,hda,w

	The disk parser is based on the same parser used successfully by
	the Xen project for several years now.  Ian Jackson authored the
	scanner, which is used by this commit with mimimal changes.  Only
	the PREFIX option is changed, to produce function and file names
	more consistent with libvirt's convention.

2015-01-04  Kiarie Kahurani  

	src/xenconfig: Export helper functions
	Export helper functions for reuse in getting values
	from a virConfPtr object

2014-12-25  Michal Privoznik  

	capabilities: Format  properly
	The  element under /capabilities/guest/arch/ can have no
	child elements. If that's the case we format:

	        
	        

	instead of simpler:

	        

	This commit fixes that.

2014-12-23  Dmitry Guryanov  

	parallels: report, that cdrom image is raw
	VIR_STORAGE_FILE_AUTO should be used only in xml provided to
	libvirt by user, if I understood correctly. Driver should
	set storage source format to specific disk format in
	*DomainGetXMLDesc.

	CDROMs in PCS use raw image format.

2014-12-23  Martin Kletzander  

	tests: Set up two more overrides for root builders
	There are two more places after commit 3865941b that need to be adapted
	in order to get rid of some test failures when building as root.

	qemu: Fix coverity issues after refcount refactoring

2014-12-23  Stefan Berger  

	test: fix nwfilter tests following changes in virfirewall.c
	Some of the nwfilter tests are now failing since --concurrent shows
	up in the ebtables command. To avoid this, implement a function
	preventing the probing for lock support in the eb/iptables tools
	and use it in the tests.

2014-12-21  Martin Kletzander  

	qemu: completely rework reference counting
	There is one problem that causes various errors in the daemon.  When
	domain is waiting for a job, it is unlocked while waiting on the
	condition.  However, if that domain is for example transient and being
	removed in another API (e.g. cancelling incoming migration), it get's
	unref'd.  If the first call, that was waiting, fails to get the job, it
	unref's the domain object, and because it was the last reference, it
	causes clearing of the whole domain object.  However, when finishing the
	call, the domain must be unlocked, but there is no way for the API to
	know whether it was cleaned or not (unless there is some ugly temporary
	variable, but let's scratch that).

	The root cause is that our APIs don't ref the objects they are using and
	all use the implicit reference that the object has when it is in the
	domain list.  That reference can be removed when the API is waiting for
	a job.  And because each domain doesn't do its ref'ing, it results in
	the ugly checking of the return value of virObjectUnref() that we have
	everywhere.

	This patch changes qemuDomObjFromDomain() to ref the domain (using
	virDomainObjListFindByUUIDRef()) and adds qemuDomObjEndAPI() which
	should be the only function in which the return value of
	virObjectUnref() is checked.  This makes all reference counting
	deterministic and makes the code a bit clearer.

2014-12-21  Martin Kletzander  

	util: Fix possible NULL dereference
	Commit 1a80b97d, which added the virCgroupHasEmptyTasks() function
	forgot that the parameter @cgroup may be NULL and did not check that.

2014-12-21  Claudio Bley  

	maint: update .mailmap
	Add an email alias after updating my email address in commit 738a2ae.

	Fix typo s/interpetation/interpretation/
	Fix the typo in struct virSecurityModel's comment for its doi field.

2014-12-20  Claudio Bley  

	Update my email address in AUTHORS.in

2014-12-20  Claudio Bley  

	docs: split typedef and struct definition for apibuild.py
	The members of struct virSecurityLabel and struct virSecurityModel
	were not shown in the libvirt API docs because the corresponding
	 elements were missing from the libvirt-api.xml.

	The reason is that apibuild.py does not cope well with typedef's
	using inline struct definitions. It fails to associate the comment
	with the typedef and because of this refuses to write out the
	field of the struct.

2014-12-19  Daniel P. Berrange  

	disable vCPU pinning with TCG mode
	Although QMP returns info about vCPU threads in TCG mode, the
	data it returns is mostly lies. Only the first vCPU has a valid
	thread_id returned. The thread_id given for the other vCPUs is
	in fact the main emulator thread. All vCPUs actually run under
	the same thread in TCG mode.

	Our vCPU pinning code is not at all able to cope with this
	so if you try to set CPU affinity per-vCPU you end up with
	wierd errors

	error: Failed to start domain instance-00000007
	error: cannot set CPU affinity on process 24365: Invalid argument

	Since few people will care about the performance of TCG with
	strict CPU pinning, lets just disable that for now, so we get
	a clear error message

	error: Failed to start domain instance-00000007
	error: Requested operation is not valid: cpu affinity is not supported

2014-12-19  Daniel P. Berrange  

	Don't setup fake CPU pids for old QEMU
	The code assumes that def->vcpus == nvcpupids, so when we setup
	fake CPU pids for old QEMU with nvcpupids == 1, we cause the
	later code to read off the end of the array. This has fun results
	like sche_setaffinity(0, ...) which changes libvirtd's own CPU
	affinity, or even better sched_setaffinity($RANDOM, ...) which
	changes the affinity of a random OS process.

2014-12-19  Michal Privoznik  

	qemu: Create memory-backend-{ram,file} iff needed
	Libvirt BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1175397
	QEMU BZ:    https://bugzilla.redhat.com/show_bug.cgi?id=1170093

	In qemu there are two interesting arguments:

	1) -numa to create a guest NUMA node
	2) -object memory-backend-{ram,file} to tell qemu which memory
	region on which host's NUMA node it should allocate the guest
	memory from.

	Combining these two together we can instruct qemu to create a
	guest NUMA node that is tied to a host NUMA node. And it works
	just fine. However, depending on machine type used, there might
	be some issued during migration when OVMF is enabled (see QEMU
	BZ). While this truly is a QEMU bug, we can help avoiding it. The
	problem lies within the memory backend objects somewhere. Having
	said that, fix on our side consists on putting those objects on
	the command line if and only if needed. For instance, while
	previously we would construct this (in all ways correct) command
	line:

	    -object memory-backend-ram,size=256M,id=ram-node0 \
	    -numa node,nodeid=0,cpus=0,memdev=ram-node0

	now we create just:

	    -numa node,nodeid=0,cpus=0,mem=256

	because the backend object is obviously not tied to any specific
	host NUMA node.

2014-12-18  Ján Tomko  

	Remove redundant cleanup in qemuDomainAttachVirtioDiskDevice
	Commit ca91ba7 moved these into the qemuDomainPrepareDisk helper,
	but forgot to remove them from here as well.

2014-12-18  Ján Tomko  

	Fix hotplugging of block device-backed usb disks
	Commit ca91ba7 moved qemuSetupDiskCgroup into the qemuDomainPrepareDisk
	helper, but failed to call it for usb disks.

	https://bugzilla.redhat.com/show_bug.cgi?id=1175668`

2014-12-18  Boris Fiuczynski  

	Buffer size too small when reading sysinfo
	On a system with 160 CPUs the /proc/cpuinfo size grows beyond
	the currently set limit of 10KB causing an internal error.

	This patch increases the buffer size to 1MB.

2014-12-18  Eric Blake  

	qemu: fix memory leak in blockinfo
	Coverity flagged commit 0282ca45 as introducing a memory leak;
	in all my refactoring to make capacity probing conditional on
	whether the image is non-raw, I missed deleting the unconditional
	probe.

	* src/qemu/qemu_driver.c (qemuStorageLimitsRefresh): Drop
	redundant assignment.

2014-12-17  Ján Tomko  

	Fix error message on redirdev caps detection

2014-12-17  John Ferlan  

	logical: Add "--type snapshot" to lvcreate command
	A recent lvm change has resulted in a change for the "default" type of
	logical volume created when the "--virtualsize" or "--V" is supplied on
	the command line (e.g. when the allocation and capacity values of a to
	be created volume differ). It seems that at the very least the following
	change adjusts the default type:

	https://git.fedorahosted.org/cgit/lvm2.git/commit/?id=e0164f21

	and the following may also have some impact.

	https://git.fedorahosted.org/cgit/lvm2.git/commit/?id=87fc3b71

	When using the virsh vol-create-as or vol-create xmlfile commands, the
	result is that libvirt will now create a "thin logical volume" and a
	"thin logical volume pool" rather than just a "thin snapshot logical
	volume". For example the following sequence:

	  # lvcreate --name test -L 2M -V 5M lvm_test
	    Rounding up size to full physical extent 4.00 MiB
	    Rounding up size to full physical extent 8.00 MiB
	    Logical volume "test" created.
	  # lvs lvm_test
	    LV    VG       Attr       LSize Pool  Origin Data%  Meta%  Move Log Cpy%Sync Convert
	    lvol1 lvm_test twi-a-tz-- 4.00m              0.00   0.98
	    test  lvm_test Vwi-a-tz-- 8.00m lvol1        0.00

	compared to the former code which had the following:

	    LV   VG       Attr       LSize  Pool Origin         Data%  Move Log Cpy%Sync Convert
	    test LVM_Test swi-a-s---  4.00m      [test_vorigin]   0.00

	Since libvirt doesn't know how to parse the thin logical volume
	and pool, it will fail to find the newly created volume and pool
	even though it exists in the volume group.

	It cannot find since the command used to find/parse returns a thin volume
	'test' with no associated device, for example the output is:

	  lvol1##UgUwkp-fTFP-C0rc-ufue-xrYh-dkPr-FGPFPx#lvol1_tdata(0)#thin-pool#1#4194304#4194304#4194304#twi-a-tz--
	  test##NcaIoH-4YWJ-QKu3-sJc3-EOcS-goff-cThLIL##thin#0#8388608#4194304#8388608#Vwi-a-tz--

	as compared to the former which had the following:

	      test#[test_vorigin]#Dt5Of3-4WE6-buvw-CWJ4-XOiz-ywOU-YULYw6#/dev/sda3(1300)#linear#1#4194304#4194304#4194304#swi-a-s---

	While it's possible to generate code to handle the new thin lv and pool, this
	patch will add a "--type snapshot" onto the lvcreate command libvirt uses
	in order to "for now" be able to continue to utilize the thin snapshots

2014-12-17  Luyao Huang  

	conf: fix cannot start a guest have a shareable network iscsi hostdev
	https://bugzilla.redhat.com/show_bug.cgi?id=1174569

	There's nothing we need to do for shared iSCSI devices in
	qemuAddSharedHostdev and qemuRemoveSharedHostdev. The iSCSI layer
	takes care about that for us.

2014-12-17  Eric Blake  

	getstats: crawl backing chain for qemu
	Wire up backing chain recursion.  For the first time, it is now
	possible to get libvirt to expose that qemu tracks read statistics
	on backing files, as well as report maximum extent written on a
	backing file during a block-commit operation.

	For a running domain, where one of the two images has a backing
	file, I see the traditional output:

	$ virsh domstats --block testvm2
	Domain: 'testvm2'
	  block.count=2
	  block.0.name=vda
	  block.0.path=/tmp/wrapper.qcow2
	  block.0.rd.reqs=1
	  block.0.rd.bytes=512
	  block.0.rd.times=28858
	  block.0.wr.reqs=0
	  block.0.wr.bytes=0
	  block.0.wr.times=0
	  block.0.fl.reqs=0
	  block.0.fl.times=0
	  block.0.allocation=0
	  block.0.capacity=1310720000
	  block.0.physical=200704
	  block.1.name=vdb
	  block.1.path=/dev/sda7
	  block.1.rd.reqs=0
	  block.1.rd.bytes=0
	  block.1.rd.times=0
	  block.1.wr.reqs=0
	  block.1.wr.bytes=0
	  block.1.wr.times=0
	  block.1.fl.reqs=0
	  block.1.fl.times=0
	  block.1.allocation=0
	  block.1.capacity=1310720000

	vs. the new output:

	$ virsh domstats --block --backing testvm2
	Domain: 'testvm2'
	  block.count=3
	  block.0.name=vda
	  block.0.path=/tmp/wrapper.qcow2
	  block.0.rd.reqs=1
	  block.0.rd.bytes=512
	  block.0.rd.times=28858
	  block.0.wr.reqs=0
	  block.0.wr.bytes=0
	  block.0.wr.times=0
	  block.0.fl.reqs=0
	  block.0.fl.times=0
	  block.0.allocation=0
	  block.0.capacity=1310720000
	  block.0.physical=200704
	  block.1.name=vda
	  block.1.path=/dev/sda6
	  block.1.backingIndex=1
	  block.1.rd.reqs=0
	  block.1.rd.bytes=0
	  block.1.rd.times=0
	  block.1.wr.reqs=0
	  block.1.wr.bytes=0
	  block.1.wr.times=0
	  block.1.fl.reqs=0
	  block.1.fl.times=0
	  block.1.allocation=327680
	  block.1.capacity=786432000
	  block.2.name=vdb
	  block.2.path=/dev/sda7
	  block.2.rd.reqs=0
	  block.2.rd.bytes=0
	  block.2.rd.times=0
	  block.2.wr.reqs=0
	  block.2.wr.bytes=0
	  block.2.wr.times=0
	  block.2.fl.reqs=0
	  block.2.fl.times=0
	  block.2.allocation=0
	  block.2.capacity=1310720000

	I may later do a patch that trims the output to avoid 0 stats,
	particularly for backing files (which are more likely to have
	0 stats, at least for write statistics when no block-commit
	is performed).  Also, I still plan to expose physical size
	information (qemu doesn't expose it yet, so it requires a stat,
	and for block devices, a further open/seek operation).  But
	this patch is good enough without worrying about that yet.

	* src/qemu/qemu_driver.c (QEMU_DOMAIN_STATS_BACKING): New internal
	enum bit.
	(qemuConnectGetAllDomainStats): Recognize new user flag, and pass
	details to...
	(qemuDomainGetStatsBlock): ...here, where we can do longer recursion.
	(qemuDomainGetStatsOneBlock): Output new field.

2014-12-17  Eric Blake  

	getstats: split block stats reporting for easier recursion
	In order to report stats on backing chains, we need to separate
	the output of stats for one block from how we traverse blocks.

	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Split...
	(qemuDomainGetStatsOneBlock): ...into new helper.

2014-12-17  Eric Blake  

	getstats: add new flag for block backing chain
	This patch introduces access to allocation information about
	a backing chain of a live domain.  While querying storage
	volumes for read-only disks could provide some of the details,
	we do NOT want to read() a file while qemu is writing it.
	Also, there is one case where we have to rely on qemu: when
	doing a block commit into a backing file, where that file is
	stored in qcow2 format on a host block device, we want to know
	the current highest write offset into that image, in order to
	know if the disk must be resized larger.  qemu-img does not
	(currently) show this information, and none of the earlier
	block APIs were extensible enough to expose it.  But
	virDomainListGetStats is perfect for the job!

	We don't need a new group of statistics, as the existing block
	group is sufficient.  On the other hand, as existing libvirt
	releases already report 1:1 mapping of block.count to 
	devices, changing the array size could confuse older clients;
	and even with newer clients, the time and memory taken to
	report additional statistics is not always necessary (backing
	files are generally read-only except for block-commit, so while
	read statistics may change, sizing statistics will not).  So
	the choice here is to add a new flag that only newer callers
	will pass, when they are prepared for the additional information.

	This patch introduces the new API, but it will take more
	patches to get it implemented for qemu.

	* include/libvirt/libvirt-domain.h
	(VIR_CONNECT_GET_ALL_DOMAINS_STATS_BACKING): New flag.
	* src/libvirt-domain.c (virConnectGetAllDomainStats): Document it,
	and add a new field when it is in use.
	* tools/virsh-domain-monitor.c (cmdDomstats): Use new flag.
	* tools/virsh.pod (domstats): Document it.

2014-12-17  Eric Blake  

	getstats: prepare for dynamic block.count stat
	A coming patch will make it optionally possible to list backing
	chain block stats; in this mode of operation, block.counts is no
	longer the number of  in the domain, but the number of
	blocks in the array being reported.  We still want block.count
	listed first, but rather than iterate the tree twice (once to
	count, and once to list stats), it's easier to just touch things
	up after the fact.

	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Compute count
	after the fact.

2014-12-17  Eric Blake  

	getstats: report block sizes for offline domains
	The prior refactoring can now be put to use. With the same domain
	as the earlier commit 7b49926 (one qcow2 disk and an empty
	cdrom drive):
	$ virsh domstats --block foo
	Domain: 'foo'
	  block.count=2
	  block.0.name=hda
	  block.0.path=/var/lib/libvirt/images/foo.qcow2
	  block.0.allocation=1309614080
	  block.0.capacity=42949672960
	  block.0.physical=1309671424
	  block.1.name=hdc

	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Use
	qemuStorageLimitsRefresh to report offline statistics.

2014-12-17  Eric Blake  

	qemu: refactor blockinfo data gathering
	Create a helper function that can be reused for gathering block
	info from virDomainListGetStats.

	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Split guts...
	(qemuStorageLimitsRefresh): ...into new helper function.

2014-12-17  Eric Blake  

	qemu: fix bugs in blockstats
	The documentation for virDomainBlockInfo was confusing: it stated
	that 'physical' was the size of the container, then gave an example
	of it being the amount of storage used by a sparse file (that is,
	for a sparse raw image on a regular file, the wording implied
	capacity==physical, while allocation was smaller; but the example
	instead claimed physical==allocation).  Since we use 'physical' for
	the last offset of a block device, we should do likewise for
	regular files.

	Furthermore, the example claimed that for a qcow2 regular file,
	allocation==physical.  At the time the code was first written,
	this was true (qcow2 files were allocated sequentially, and were
	never sparse, so the last sector written happened to also match
	the disk space occupied); but modern qemu does much better and
	can punch holes for a qcow2 with allocation < physical.

	Basically, after this patch, the three fields are now reliably
	mapped as:
	 'capacity' - how much storage the guest can see (equal to
	physical for raw images, determined by image metadata otherwise)
	 'allocation' - how much storage the image occupies (similar to
	what 'du' would report)
	 'physical' - the last offset of the image (similar to what 'ls'
	would report)

	'capacity' can be larger than 'physical' (such as for a qcow2
	image that does not vary much from a backing file) or smaller
	(such as for a qcow2 file with lots of internal snapshots).
	Likewise, 'allocation' can be (slightly) larger than 'physical'
	(such as counting the tail of cluster allocations required to
	round a file size up to filesystem granularity) or smaller
	(for a sparse file).  A block-resize operation changes capacity
	(which, for raw images, also changes physical); many non-raw
	images automatically grow physical and allocation as necessary
	when starting with an allocation smaller than capacity; and even
	when capacity and physical stay unchanged, allocation can change
	when converting sectors from holes to data or back.

	Note that this does not change semantics for qcow2 images stored
	on block devices; there, we still rely on qemu to report the
	highest written extent for allocation.  So using this API to
	track when to extend a block device because a qcow2 image is
	about to exceed a threshold will not see any changes.

	Also, note that virStorageVolInfo is unfortunately limited to
	just 'capacity' and 'allocation' (we can't expand it to add
	'physical', although we can expand the XML to add it there);
	historically, that struct's 'allocation' value has reported
	file size for qcow2 files (what this patch terms 'physical'
	for a domain block device), but disk usage for raw files (what
	this patch terms 'allocation').  So follow-up patches will be
	needed to make storage volumes report the same allocation
	values and get at physical values, where those differ.

	* include/libvirt/libvirt-domain.h (_virDomainBlockInfo): Tweak
	documentation to match saner definition.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): For regular
	files, physical size is capacity, not allocation.

2014-12-17  Eric Blake  

	getstats: rearrange blockinfo gathering
	Ultimately, we want to avoid read()ing a file while qemu is running.
	We still have to open() block devices to determine their physical
	size, but that is safer.  This patch rearranges code to group
	together all code that reads the image, to make it easier for later
	patches to skip the metadata collection when possible.

	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Check for empty
	disk up front.  Place metadata reading next to use.

2014-12-17  Eric Blake  

	getstats: perform recursion in monitor collection
	When requested in a later patch, the QMP command results are now
	examined recursively.  As qemu_driver will eventually have to
	read items out of the hash table as stored by this patch, the
	computation of backing alias string is done in a shared location.

	* src/qemu/qemu_domain.h (qemuDomainStorageAlias): New prototype.
	* src/qemu/qemu_domain.c (qemuDomainStorageAlias): Implement it.
	* src/qemu/qemu_monitor_json.c
	(qemuMonitorJSONGetOneBlockStatsInfo)
	(qemuMonitorJSONBlockStatsUpdateCapacityOne): Perform recursion.
	(qemuMonitorJSONGetAllBlockStatsInfo)
	(qemuMonitorJSONBlockStatsUpdateCapacity): Update callers.

2014-12-17  Eric Blake  

	getstats: prepare monitor collection for recursion
	A future patch will allow recursion into backing chains when
	collecting block stats.  This patch should not change behavior,
	but merely moves out the common code that will be reused once
	recursion is enabled, and adds the parameter that will turn on
	recursion.

	* src/qemu/qemu_monitor.h (qemuMonitorGetAllBlockStatsInfo)
	(qemuMonitorBlockStatsUpdateCapacity): Add recursion parameter,
	although it is ignored for now.
	* src/qemu/qemu_monitor.h (qemuMonitorGetAllBlockStatsInfo)
	(qemuMonitorBlockStatsUpdateCapacity): Likewise.
	* src/qemu/qemu_monitor_json.h
	(qemuMonitorJSONGetAllBlockStatsInfo)
	(qemuMonitorJSONBlockStatsUpdateCapacity): Likewise.
	* src/qemu/qemu_monitor_json.c
	(qemuMonitorJSONGetAllBlockStatsInfo)
	(qemuMonitorJSONBlockStatsUpdateCapacity): Add parameter, and
	split...
	(qemuMonitorJSONGetOneBlockStatsInfo)
	(qemuMonitorJSONBlockStatsUpdateCapacityOne): ...into helpers.
	(qemuMonitorJSONGetBlockStatsInfo): Update caller.
	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Update caller.
	* src/qemu/qemu_migration.c (qemuMigrationCookieAddNBD): Likewise.

2014-12-17  Eric Blake  

	qemu: let blockinfo reuse virStorageSource
	Right now, grabbing blockinfo always calls stat on the disk, then
	opens the image to determine the capacity, using a throw-away
	virStorageSourcePtr.  This has a couple of drawbacks:

	1. We are calling stat and opening a file on every invocation of
	the API.  However, there are cases where the stats should NOT be
	changing between successive calls (if a domain is running, no
	one should be changing the physical size of a block device or raw
	image behind our backs; capacity of read-only files should not
	be changing; and we are the gateway to the block-resize command
	to know when the capacity of read-write files should be changing).
	True, we still have to use stat in some cases (a sparse raw file
	changes allocation if it is read-write and the amount of holes is
	changing, and a read-write qcow2 image stored in a file changes
	physical size if it was not fully pre-allocated).  But for
	read-only images, even this should be something we can remember
	from the previous time, rather than repeating every call.

	2. We want to enhance the power of virDomainListGetStats, by
	sharing code.  But we already have a virStorageSourcePtr for
	each disk, and it would be easier to reuse the common structure
	than to have to worry about the one-off virDomainBlockInfoPtr.

	While this patch does not optimize reuse of information in point
	1, it does get us closer to being able to do so; by updating a
	structure that survives between consecutive calls.

	* src/util/virstoragefile.h (_virStorageSource): Add physical, to
	mirror virDomainBlockInfo; rearrange fields to match public struct.
	(virStorageSourceCopy): Copy the new field.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Store into
	storage source, then copy to block info.

2014-12-17  Eric Blake  

	qemu: refactor blockinfo job handling
	In order for a future patch to virDomainListGetStats to reuse
	some code for determining disk usage of offline domains, we
	need to make it easier to pull out part of the guts of grabbing
	blockinfo.  The current implementation grabs a job fairly late
	in the game, while getstats will already own a job; reordering
	things so that the job is always grabbed up front in both
	functions will make it easier to pull out the common code.
	This patch results in grabbing a job in cases where one was not
	previously needed, but as it is a query job, it should not be
	noticeably slower.

	This patch touches the same code as the fix for CVE-2014-6458
	(commit b799259); in that patch, we avoided hotplug changing
	a disk reference during the time of obtaining a monitor lock
	by copying all data we needed and no longer referencing disk;
	this patch goes the other way and ensures that by holding the
	job, the disk cannot be changed so we no longer need to worry
	about the disk being invalidated across the monitor lock.

	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Rearrange job
	control to be outside of disk information.

2014-12-17  Eric Blake  

	build: fix typo in previous patch
	* src/util/virfile.c (safezero_mmap): Fix missing semicolon.

2014-12-17  Martin Kletzander  

	util: Fix fallocate stubs for mingw build
	When any of the functions modified in commit 214c687b took false branch,
	the function itself used none of its parameters resulting in "unused
	parameter" error.  Rewriting these functions to the stubs we use
	elsewhere should fix the problem.

	qemu: Free saved error in qemuDomainSetVcpusFlags
	Commit e3435caf added cleanup code to qemuDomainSetVcpusFlags() that was
	not supposed to reset the error.  Usual procedure was done, saving the
	error to temporary variable, but it was never free'd, but rather leaked.

	qemu: Add missing goto error in qemuRestoreCgroupState
	Commit af2a1f05 tried clearly separating each condition in
	qemuRestoreCgroupState() for the sake of readability, however somehow
	one condition body was missing.  That means that the body of the next
	condition got executed only if both of there were true, which is
	impossible, thus resulting in a dead code and a logic error.

	conf: Fix invalid condition when parsing storage owner
	In commit d2632d60 we agreed taht we want the parsed uid to properly
	overflow but only to -1, however the value was read into long and then
	wrapped into uid_t.  That meaned it failed on 32-bit systems.

2014-12-17  John Ferlan  

	virstoragefile: Have virStorageFileResize use safezero
	Currently virStorageFileResize() function uses build conditionals to
	choose either the posix_fallocate() or syscall(SYS_fallocate) with no
	fallback in order to preallocate the space in the newly resized file.

	Since the safezero code has a similar set of conditionals modify the
	resize and safezero code in order to allow the resize logic to make use
	of safezero to unify the look/feel of the code paths.

	Add a new boolean (resize) to safezero() to make the optional decision
	whether to try syscall(SYS_fallocate) if the posix_fallocate fails because
	HAVE_POSIX_FALLOCATE is not defined (eg, return -1 and errno == 0).

	Create a local safezero_sys_fallocate in order to handle the resize
	code paths that support that.  If not present, the set errno = ENOSYS
	in order to allow the caller to handle the failure scenarios.

2014-12-17  John Ferlan  

	virfile: Refactor safezero
	Currently build conditionals decide which of two safezero() functions
	should be built - either the posix_fallocate() or mmap() with a fallback
	to a slower safewrite() algorithm in order to preallocate space in a raw file.

	This patch will refactor safezero to utilize static functions for either
	posix_fallocate or mmap/safewrite. The build conditional still exist, but
	are only for shorter sections of code.

	The posix_fallocate path will make use of the ret/errno setting to contain
	the logic for safezero to decide whether it needs to fallback to other
	algorithms. A return of -1 with errno not changed will indicate the conditional
	is not present; otherwise, a return of -1 with errno change indicates the
	call was made and it failed (no functional difference to current algorithm).

	The mmap/safewrite option changes only slightly to handle the ftruncate
	failure for mmap. That is, previously if the ftruncate failed, there was
	no fallback to the slow safewrite option.

2014-12-16  Martin Kletzander  

	conf: Rework virDomainObjListFindByUUID to allow more concurrent APIs
	Currently, when there is an API that's blocking with locked domain and
	second API that's waiting in virDomainObjListFindByUUID() for the domain
	lock (with the domain list locked) no other API can be executed on any
	domain on the whole hypervisor because all would wait for the domain
	list to be locked.  This patch adds new optional approach to this in
	which the domain is only ref'd (reference counter is incremented)
	instead of being locked and is locked *after* the list itself is
	unlocked.  We might consider only ref'ing the domain in the future and
	leaving locking on particular APIs, but that's no tonight's fairy tale.

2014-12-16  Martin Kletzander  

	storage: unify permission formatting
	Volume and pool formatting functions took different approaches to
	unspecified uids/gids.  When unknown, it is always parsed as -1, but one
	of the functions formatted it as unsigned int (wrong) and one as
	int (better).  Due to that, our two of our XML files from tests cannot
	be parsed on 32-bit machines.

	RNG schema needs to be modified as well, but because both
	storagepool.rng and storagevol.rng need same schema for permission
	element, save some space by moving it to storagecommon.rng.

2014-12-16  Martin Kletzander  

	qemu: Fix hotplugging cpus with strict memory pinning
	When hot-plugging a VCPU into the guest, kvm needs to allocate some data
	from the DMA zone, which might be in a memory node that's not allowed in
	cpuset.mems.  Basically the same problem as there was with starting the
	domain and due to which commit 7e72ac787848b7434c9359a57c1e2789d92350f8
	exists.  This patch just extends it to hotplugging as well.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1161540

2014-12-16  Martin Kletzander  

	qemu: Leave cpuset.mems in parent cgroup alone
	Instead of setting the value of cpuset.mems once when the domain starts
	and then re-calculating the value every time we need to change the child
	cgroup values, leave the cgroup alone and rather set the child data
	every time there is new cgroup created.  We don't leave any task in the
	parent group anyway.  This will ease both current and future code.

	qemu: Save numad advice into qemuDomainObjPrivate
	Thanks to that we don't need to drag the pointer everywhere and future
	code will get cleaner.

	qemu: Remove unnecessary qemuSetupCgroupPostInit function

	util: Add virNumaGetHostNodeset
	That function tries its best to create a bitmap of host NUMA nodes.

	util: Add function virCgroupHasEmptyTasks
	That function helps checking whether there's a task in that cgroup.

2014-12-16  Jiri Denemark  

	spec: Fix syntax

2014-12-16  Daniel P. Berrange  

	avoid using deprecated udev logging functions
	In systemd >= 218, the udev_set_log_fn method has been marked
	deprecated and turned into a no-op. Nothing in the udev client
	library will print to stderr by default anymore, so we can
	just stop installing a logging hook for new enough udev.

	spec: Disable -Werror in Fedora RPM builds
	Since we switched to using GIT to apply patches in the RPM spec,
	we automagically also turned on -Werror, since the .git directory
	now exists. We don't want this on in Fedora, since changing
	header files often lead to new warnings being issued. Explicitly
	turn off -Werror for non-RHEL platforms, instead of relying on
	the defaults

2014-12-16  Dmitry Guryanov  

	parallels: fix usage of disk->info.addr.drive structure
	For SCSI and SATA devices controller and unit are used
	to specify drive address. For IDE devices - bus specifies
	IDE bus, becase usually there are 2 IDE buses on IDE
	controller.

	Parallels SDK allows to set drive position by calling
	PrlVmDev_SetStackIndex. Since PCS VMs have only one
	controller of each type, for SATA and SCSI devices it
	simple means position on bus, for IDE devices -
	2 * bus_number + position_on_bus.

	This patch fixes mapping from libvirt's disk->info.addr.drive
	to parallels's 'StackIndex'.

2014-12-16  Dmitry Guryanov  

	parallels: set format for real disk devices
	It seems file format is usually specified event for
	real block devices. So report that file format is
	raw in virDomainGetXMLDesc and add checks for proper
	file format to prlsdkAddDisk.

	parallels: support NULL virDomainVideoAccelDefPtr
	NULL value of virDomainVideoAccelDefPtr means default
	values for video acceleration, so don't report error in
	this case.

2014-12-15  Luyao Huang  

	qemu: Auto generate a controller when attach hostdev and chr device
	https://bugzilla.redhat.com/show_bug.cgi?id=1174154

	When we use attach-device add a hostdev or chr device which have a
	iscsi address or others (just like guest agent, subsys iscsi disk...),
	we will find there is no basic controller for our new attached device.
	Somtimes this will make guest cannot start after we add them (although
	they can start at the second time).

2014-12-15  Laine Stump  

	qemu: add/remove bridge fdb entries as guest CPUs are started/stopped
	When libvirt is managing a bridge's forwarding database (FDB)
	(macTableManager='libvirt'), if we add FDB entries for a new guest
	interface even before the qemu process is created, then in the case of
	a migration any other guest attached to the "destination" bridge will
	have its traffic immediately sent to the destination of the migration
	even while the source domain is still running (and the destination, of
	course, isn't). To make sure that traffic from other guests on the new
	host continues flowing to the old guest until the new one is ready, we
	have to wait until the new guest CPUs are started to add the FDB
	entries.

	Conversely, we need to remove the FDB entries from the bridge any time
	the guest CPUs are stopped; among other things, this will assure
	proper operation during a post-copy migration (which is just the
	opposite of the problem described in the previous paragraph).

2014-12-15  Wang Rui  

	qemu: make persistent update of graphics device supported
	We can change vnc password by using virDomainUpdateDeviceFlags API with
	live flag. But it can't be changed with config flag. Error is reported as
	below.

	error: Operation not supported: persistent update of device 'graphics' is not supported

	This patch supports the graphics arguments changed with config flag.

2014-12-15  Wang Rui  

	qemu: fix alignment of qemuDomainFindGraphics

	qemu: report properer error number when change graphics failed
	It's not supported to change some graphics arguments with '--live'.
	Replace some error code VIR_ERR_INTERNAL_ERROR and VIR_ERR_INVALID_ARG
	with VIR_ERR_OPERATION_UNSUPPORTED.

2014-12-15  Wei Liu  

	xenconfig: fix boot device parsing
	The original code always checked *boot which was in effect boot[0]. It
	should use boot[i].

2014-12-15  Luyao Huang  

	conf: fix virDomainLeaseIndex logic
	https://bugzilla.redhat.com/show_bug.cgi?id=1174096

	When both parameter have lockspaces present, virDomainLeaseIndex
	always returns -1 even there is a lease the same with the one we
	check. This is due to broken logic in 'if-else' statement.

2014-12-15  Michal Privoznik  

	qemu: Allow system pages to 
	https://bugzilla.redhat.com/show_bug.cgi?id=1173507

	It occurred to me that OpenStack uses the following XML when not using
	regular huge pages:

	  
	    
	      
	    
	  

	However, since we are expecting to see huge pages only, we fail to
	startup the domain with following error:

	  libvirtError: internal error: Unable to find any usable hugetlbfs
	  mount for 4 KiB

	While regular system pages are not huge pages technically, our code is
	prepared for that and if it helps OpenStack (or other management
	applications) we should cope with that.

2014-12-15  Luyao Huang  

	conf: Fix libvirtd crash matching hostdev XML
	https://bugzilla.redhat.com/show_bug.cgi?id=1174053

	Introduced by commit id '17bddc46f' - fix a libvirtd crash when
	matching a network iscsi hostdev with a host iscsi hostdev.

	When we use attach-device to coldplug a network iscsi hostdev,
	libvirt will check if there is already a device in XML. But if
	the 'b' is a host iscsi hostdev and 'a' is a network iscsi hostdev,
	then libvirtd will crash in virDomainHostdevMatchSubsysSCSIiSCSI
	because 'b' doesn't have a hostname.

	Add a check in virDomainHostdevMatchSubsys, if the a's protocol
	and b's protocol is not the same.

	Following is the backtrace:

	0  0x00007f850d6bc307 in virDomainHostdevMatchSubsysSCSIiSCSI at conf/domain_conf.c:10889
	1  virDomainHostdevMatchSubsys at conf/domain_conf.c:10911
	2  virDomainHostdevMatch at conf/domain_conf.c:10973
	3  virDomainHostdevFind at conf/domain_conf.c:10998
	4  0x00007f84f6a10560 in qemuDomainAttachDeviceConfig at qemu/qemu_driver.c:7223
	5  qemuDomainAttachDeviceFlags at qemu/qemu_driver.c:7554

2014-12-15  Daniel P. Berrange  

	fix typo in sanlock driver s/VIR_CONF_UONG/VIR_CONF_ULONG/
	fix typo introduced in previous commit

2014-12-15  Michal Privoznik  

	virconf: Introduce VIR_CONF_ULONG
	https://bugzilla.redhat.com/show_bug.cgi?id=1160995

	In our config files users are expected to pass several integer values
	for different configuration knobs. However, majority of them expect a
	nonnegative number and only a few of them accept a negative number too
	(notably keepalive_interval in libvirtd.conf).
	Therefore, a new type to config value is introduced: VIR_CONF_ULONG
	that is set whenever an integer is positive or zero. With this
	approach knobs accepting VIR_CONF_LONG should accept VIR_CONF_ULONG
	too.

2014-12-15  Michal Privoznik  

	virConfType: switch to VIR_ENUM_{DECL,IMPL}
	There's no need to implement ToString() function like we do if we
	can use our shiny macros.

2014-12-15  Michal Privoznik  

	virConfSetValue: Simplify condition
	There's no need for condition of the following form:

	  if (str && STREQ(str, dst))

	since we have STREQ_NULLABLE macro that handles NULL cases.

2014-12-15  Erik Skultety  

	conf: move the check for secondary consoles of targetType serial
	For historical reasons, only the first  element might be of targetType
	serial, but we checked for other consoles of targetType serial in our post-parse
	callback if and only if we knew the first console was serial, otherwise
	the check was skipped.
	This patch moves the check one level up, so first
	the check for secondary console of type serial is performed and then the
	rest of operations continue unchanged.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1170092

2014-12-14  Laine Stump  

	qemu: add a qemuInterfaceStopDevices(), called when guest CPUs stop
	We now have a qemuInterfaceStartDevices() which does the final
	activation needed for the host-side tap/macvtap devices that are used
	for qemu network connections. It will soon make sense to have the
	converse qemuInterfaceStopDevices() which will undo whatever was done
	during qemuInterfaceStartDevices().

	A function to "stop" a single device has also been added, and is
	called from the appropriate place in qemuDomainDetachNetDevice(),
	although this is currently unnecessary - the device is going to
	immediately be deleted anyway, so any extra "deactivation" will be for
	naught. The call is included for completeness, though, in anticipation
	that in the future there may be some required action that *isn't*
	nullified by deleting the device.

	This patch is a part of a more complete fix for:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1081461

2014-12-14  Laine Stump  

	qemu: always call qemuInterfaceStartDevices() when starting CPUs
	The patch that added qemuInterfaceStartDevices() (upstream commit
	82977058f5b1d143a355079900029e9cbfee2fe4) had an extra conditional to
	prevent calling it if the reason for starting the CPUs was
	VIR_DOMAIN_RUNNING_UNPAUSED or VIR_DOMAIN_RUNNING_SAVE_CANCELED.  This
	was put in by the author as the result of a reviewer asking if it was
	necessary to ifup the interfaces in *all* occasions (because these
	were the two cases where the CPU would have already been started (and
	stopped) once, so the interface would already be ifup'ed).

	It turns out that, as long as there is no corresponding
	qemuInterfaceStopDevices() to ifdown the interfaces anytime the CPUs
	are stopped, neglecting to ifup when reason is RUNNING_UNPAUSED or
	RUNNING_SAVE_CANCELED doesn't cause any problems (because it just
	happens that the interface will have already been ifup'ed by a prior
	call when the CPU was previously started for some other reason).

	However, it also doesn't *help*, and there will soon be a
	qemuInterfaceStopDevices() function which *will* ifdown these
	interfaces when the guest CPUs are stopped, and once that is done, the
	interfaces will be left down in some cases when they should be up (for
	example, if a domain is paused and then unpaused).

	So, this patch is removing the condition in favor of always calling
	qemuInterfaeStartDevices() when the guest CPUs are started.

	This patch (and the aforementioned patch) resolve:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1081461

2014-12-13  Martin Kletzander  

	qemu: avoid rare race when undefining domain
	When one domain is being undefined and at the same time started, for
	example, there is a possibility of a rare problem occuring.

	 - Thread 1 does virDomainUndefine(), has the lock, checks that the
	   domain is active and because it's not, calls
	   virDomainObjListRemove().

	 - Thread 2 does virDomainCreate() and tries to lock the domain.

	 - Thread 1 needs to lock domain list in order to remove the domain from
	   it, but must unlock domain first (proper order is to lock domain list
	   first and the domain itself second).

	 - Thread 2 grabs the lock, starts the domain and releases the lock.

	 - Thread 1 grabs the lock and removes the domain from list.

	With this patch:

	 - The undefining domain gets marked as "to undefine" before it is
	    unlocked.

	 - If domain is found in any of the search APIs, it's returned only if
	   it is not marked as "to undefine".  The check is done while the
	   domain is locked.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1150505

2014-12-13  Luyao Huang  

	conf: Ignore device address for model=none usb controller and memballon
	It make no sense at all to have it there.

2014-12-13  Martin Kletzander  

	Post-release version bump for new dev cycle

2014-12-13  Daniel Veillard  

	Release of libvirt-1.2.11
	- docs/news.html.in libvirt.spec.in: update for release
	- po/*.po*: updated localization and regenerated

2014-12-13  Cédric Bosdonnat  

	Avoid getting '-1:-1' in devices cgroup list
	When calling virCgroupAllowAllDevices we get these invalid entries
	in the device cgroup config.
	    b -1:-1 rw
	    c -1:-1 rw
	Check for positive values before outputting the major and minor to
	avoid that.

2014-12-12  Luyao Huang  

	conf: goto error when value of max_sectors is too large
	Output error when we try to set a too large max_sectors.
	Just like queues and cmd_per_lun here.

2014-12-11  Ján Tomko  

	Ignore CPU features without a model for host-passthrough
	This fixes reverting to snapshots created by older libvirt
	and allows libvirt not to lose track of a domain that
	has this in its live status XML (such as a domain
	restored from managedsave)

	https://bugzilla.redhat.com/show_bug.cgi?id=1030793
	https://bugzilla.redhat.com/show_bug.cgi?id=1151885

2014-12-11  Ján Tomko  

	Do not format CPU features without a model
	For host-passthrough CPU we don't honor the CPU
	features specified in the XML, but we allow
	outputting them via the UPDATE_CPU flag for dumpxml,
	this gives user a rough idea of what features the CPU
	might have.

	After restoring a managedsave'd domain, the features
	might end up in the live status XML (in /var/run) without
	the model. This XML cannot be parsed by the daemon after
	restart and the domain might disappear.

	This fix skips formatting the features for HOST_PASSTHROUGH
	when UPDATE_CPU is not specified, so the newly restored domains
	and newly created snapshots won't be affected.

	Note: this doesn't fix existing snapshots or already restored
	running domains.

	https://bugzilla.redhat.com/show_bug.cgi?id=1030793
	https://bugzilla.redhat.com/show_bug.cgi?id=1151885

2014-12-11  Ján Tomko  

	Fix build on mingw
	Add missing ATTRIBUTE_UNUSED markers.

2014-12-11  Francesco Romani  

	qemu: bulk stats: Fix logic in monitor handling
	A logic bug in qemuConnectGetAllDomainStats makes the code mark the
	monitor as available when qemuDomainObjBeginJob fails, instead of when
	it succeeds, as the correct flow requires.

	This patch fixes the check and updates the code documentation
	accordingly.

	Broken by commit 57023c0a3af4af1c547189c1f6712ed5edeb0c0b.

2014-12-11  Luyao Huang  

	dac: Add a new func to get DAC label of a running process
	When using qemuProcessAttach to attach a qemu process,
	the DAC label is not filled correctly.

	Introduce a new function to get the uid:gid from the system
	and fill the label.

	This fixes the daemon crash when 'virsh screenshot' is called:
	https://bugzilla.redhat.com/show_bug.cgi?id=1161831

	It also fixes qemu-attach after the prerequisite of this patch
	(commit f8c1fb3) was pushed out of order.

2014-12-11  Matthew Rosato  

	network: Bring netdevs online later
	Currently, MAC registration occurs during device creation, which is
	early enough that, during live migration, you end up with duplicate
	MAC addresses on still-running source and target devices, even though
	the target device isn't actually being used yet.
	This patch proposes to defer MAC registration until right before
	the guest can actually use the device -- In other words, right
	before starting guest CPUs.

2014-12-10  John Ferlan  

	virsh.pod: Fix typo
	Commit id 'c9ffd3ea9e' updated the descriptions, but pointed at the
	wrong place for the pool-define-as (it should have been pool-create-as)

2014-12-10  Cédric Bosdonnat  

	lxc: give RW access to /proc/sys/net/ipv[46] to containers
	Some programs want to change some values for the network interfaces
	configuration in /proc/sys/net/ipv[46] folders. Giving RW access on them
	allows wicked to work on openSUSE 13.2+.

	Reusing the lxcNeedNetworkNamespace function to tell
	lxcContainerMountBasicFS if the netns is disabled. When no netns is
	set up, then we don't mount the /proc/sys/net/ipv[46] folder RW as
	these would provide full access to the host NICs config.

2014-12-10  John Ferlan  

	viriscsi: Need to sendtargets on Initiator IQN
	https://bugzilla.redhat.com/show_bug.cgi?id=1172015

	The refactoring done as part of commit id '59446096' caused a regression
	for the multi initiator IQN commit '6aabcb5b' because the sendtargets was
	not done on/for the initiator IQN prior to login (or trying to disable
	autologin)

	Prior to that commit, the paths were essentially

	virStorageBackendISCSIStartPool
	    virStorageBackendISCSILogin
	        virStorageBackendISCSIConnection
	            if initiatoriqn
	                virStorageBackendCreateIfaceIQN
	                Issue sendtargets
	                Perform --login
	            else
	                Issue sendtargets
	                Perform --login

	After that commit:

	virStorageBackendISCSIStartPool
	    Issue sendtargets
	    Call virStorageBackendISCSIConnection
	        If initiatoriqn
	            virStorageBackendCreateIfaceIQN
	            Perform --login
	        else
	            Perform --login

	So for non initiator IQN paths, nothing changed. For the initiator path,
	the --login fails as does any attempts to change autologin via "--op update
	--name node.startup --value manual".

2014-12-10  John Ferlan  

	docs: Fix typo in path for storage pool

2014-12-10  Martin Kletzander  

	conf: Ignore device address for guestfwd channel
	It make no sense at all to have it there.

2014-12-10  Wang Rui  

	maint: clean up the unused variable 'caps' in src/qemu/qemu_*.c

2014-12-10  Hao Liu  

	docs: Fix missing curly braces

2014-12-10  Hao Liu  

	storage: Check stderr when matching parted output
	In old version of parted like parted-2.1-25, error message is shown in
	stdout when printing a disk info without disk label.

	    Error: /dev/sda: unrecognised disk label

	This line has been moved to stderr in newer version of parted. So we
	should check both stdout and stderr when locating this message.

	This should fix bug:
	    https://bugzilla.redhat.com/show_bug.cgi?id=1172468

2014-12-10  Martin Kletzander  

	CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats()
	When user doesn't have read access on one of the domains he requested,
	the for loop could exit abruptly or continue and override pointer which
	pointed to locked object.

	This patch fixed two issues at once.  One is that domflags might have
	had QEMU_DOMAIN_STATS_HAVE_JOB even when there was no job started (this
	is fixed by doing domflags |= QEMU_DOMAIN_STATS_HAVE_JOB only when the
	job was acquired and cleaning domflags on every start of the loop.
	Second one is that the domain is kept locked when
	virConnectGetAllDomainStatsCheckACL() fails and continues the loop when
	it didn't end.  Adding a simple virObjectUnlock() and clearing the
	pointer ought to do.

2014-12-10  Dmitry Guryanov  

	parallels: report proper error in Create/Destroy/Suspend e.t.c.
	If we want to perform some operation and domain state is not suitable
	for that operation, we should report error VIR_ERR_OPERATION_INVALID.

	parallels: fix getJobResultHelper
	When PrlJob_GetRetCode sets second argument to
	error value it means sdk function failed and we
	must return error from getJobResultHelper.

	parallels: return PRL_RESULT from waitJob and getJobResult
	Return error code, returned by parallels SDK from
	waitJob and getJobResult, so that caller can handle
	different errors.

	parallels: implement domainUndefine and domainUndefineFlags

	parallels: add cdroms support
	Get cdrom devices list from parallels server in
	prlsdkLoadDomains and add ability to define a domain
	with cdroms.

2014-12-10  Alexander Burluka  

	parallels: Add domainCreateWithFlags() function.
	domainCreateWithFlags function is used by OpenStack/Nova to boot
	an instance.

	parallels: added function virDomainIsActive()
	That function is necessary for proper domain removal
	in openstack/nova.

2014-12-10  Dmitry Guryanov  

	parallels: refactor parallelsDomainDefineXML
	First, we don't need to call prlsdkApplyConfig after
	creating new VM or containers, because it's done in
	functions prlsdkCreateVm and prlsdkCreateCt.

	No need to check, if domain exists in the list after
	prlsdkAddDomain.

	Also organize code, so that we can call virObjectUnlock
	in one place.

2014-12-10  Dmitry Guryanov  

	parallels: create VMs and containers with sdk
	This patch replaces code, which creates domains by
	running prlctl command.

	prlsdkCreateVm/Ct will do prlsdkApplyConfig, because
	we send request to the server only once in this case.

	But prlsdkApplyConfig will be called also from
	parallelsDomainDefineXML function. There is no problem with
	it, parallelsDomainDefineXML will be refactored later.

2014-12-10  Dmitry Guryanov  

	parallels: rewrite parallelsApplyConfig with SDK
	Rewrite code, which applies domain configuration given
	to virDomainDefineXML function to the VM of container
	registered in PCS.

	This code first check if there are unsupported parameters
	in domain XML and if yes - reports error. Some of such
	parameters are not supported by PCS, for some - it's not
	obvious, how to convert them into PCS's corresponding params,
	so let's put off it, and implement only basic params in
	this patch.

2014-12-10  Dmitry Guryanov  

	parallels: reimplement functions, which change domain state
	Change domain state using parallels SDK functions instead of
	prlctl command.

	We don't need to send events from these functions now, becase
	events handler will send them. But we still need to update
	virDomainObj in privconn->domains.

2014-12-10  Alexander Burluka  

	parallels: handle events from parallels server
	Subscribe to events from parallels server. It's
	needed for 2 things: to update cached domains list
	and to send corresponding libvirt events.

	Parallels server sends a lot of different events, in
	this patch we handle only some of them. In the future
	we can handle for example, changes in a host network
	configuration or devices states.

2014-12-10  Dmitry Guryanov  

	parallels: move parallelsDomNotFoundError to parallels_utils.h
	Move macro parallelsDomNotFoundError to file parallels_utils.h, because
	it will be used in parallels_sdk.c.

2014-12-10  Alexander Burluka  

	parallels: get domain info with SDK
	Obtain information about domains using parallels sdk instead of prlctl.
	prlsdkLoadDomains functions behaves as former parallelsLoadDomains with
	NULL as second parameter (name) - it fills parallelsConn.domains list.

	prlsdkLoadDomain is now able to update specified domain by given
	virDomainObjPtr.

2014-12-10  Dmitry Guryanov  

	parallels: move IS_CT macro to parallels_utils.h
	This macro will be used in paralles_sdk.c so move it to common header.

2014-12-10  Guido Günther  

	define NTF_{SELF,MASTER} if undefined
	Older kernel headers lack this definition (e.g. Debian Wheezy's 3.2)

2014-12-09  John Ferlan  

	security: Manage SELinux labels on shared/readonly hostdev's
	https://bugzilla.redhat.com/show_bug.cgi?id=1082521

	Support for shared hostdev's was added in a number of commits, initially
	starting with 'f2c1d9a80' and most recently commit id 'fd243fc4' to fix
	issues with the initial implementation.  Missed in all those changes was
	the need to mimic the virSELinux{Set|Restore}SecurityDiskLabel code to
	handle the "shared" (or shareable) and readonly options when Setting
	or Restoring the SELinux labels.

	This patch will adjust the virSecuritySELinuxSetSecuritySCSILabel to not
	use the virSecuritySELinuxSetSecurityHostdevLabelHelper in order to set
	the label. Rather follow what the Disk code does by setting the label
	differently based on whether shareable/readonly is set.  This patch will
	also modify the virSecuritySELinuxRestoreSecuritySCSILabel to follow
	the same logic as virSecuritySELinuxRestoreSecurityImageLabelInt and not
	restore the label if shared/readonly

2014-12-09  John Ferlan  

	tests: Fix sharable typo

2014-12-09  Luyao Huang  

	conf: forbid negative number in address(like controller, bus, slot...)
	https://bugzilla.redhat.com/show_bug.cgi?id=1171582

	When we edit a negative controller address number to a device,
	some of them will auto generate a controller with invalid index
	number. This will make guest disappear after restart libvirtd.
	Instead of allowing negative number for controller index, we
	should forbid negative number in these place (we did this before,
	but after f18c02ec, virStrToLong_ui changed to allow negative
	number). Therefore switch to virStrToLong_uip in these places.

2014-12-09  Peter Krempa  

	qemu: migration: Unlock vm on failed ACL check in protocol v2 APIs
	Avoid leaving the domain locked on a failed ACL check in
	qemuDomainMigratePerform() and qemuDomainMigrateFinish2().

	Introduced in commit abf75aea247e (Add ACL checks into the QEMU driver).

2014-12-09  Martin Kletzander  

	docs: Fix simple typo s/ a API/ an API/

	build: Move check for XML::XPath into bootstrap
	The module XML::XPath is needed when building from git only (no need to
	have it when building from tarball), so this patch moves the check from
	specfile into bootstrap.conf.

2014-12-09  Eric Blake  

	maint: update to latest gnulib
	Several portability changes, but the one we are most interested in
	is the improvement to bootstrap to detect perl modules.

	This patch doesn't actually change our bootstrap requirements
	(that will be a separate patch), but sets the stage for it.

	* .gnulib: Update to latest.
	* bootstrap: Regenerate from upstream.

2014-12-09  Eric Blake  

	build: fix mingw printing of pid
	Commit c75425734 introduced a compilation failure:

	../../src/access/viraccessdriverpolkit.c: In function 'virAccessDriverPolkitCheck':
	../../src/access/viraccessdriverpolkit.c:137:5: error: format '%d' expects argument of type 'int', but argument 9 has type 'pid_t' [-Werror=format=]
	     VIR_DEBUG("Check action '%s' for process '%d' time %lld uid %d",
	     ^

	Since mingw pid_t is 64 bits, it's easier to just follow what we've
	done elsewhere and cast to a large enough type when printing pids.

	* src/access/viraccessdriverpolkit.c (virAccessDriverPolkitCheck):
	Add cast.

2014-12-09  Eric Blake  

	build: fix unused variable in mingw
	Bug introduced in commit 100b7a72a:

	util/virnetdevbridge.c: In function 'virNetDevBridgePortSetLearning':
	util/virnetdevbridge.c:359:38: error: unused parameter 'enable' [-Werror=unused-parameter]
	                                bool enable)
	                                      ^

	* src/util/virnetdevbridge.c (virNetDevBridgePortSetLearning): Mark
	unused variable.

2014-12-09  Kyle DeFrancia  

	network: don't allow multiple dhcp sections
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=907779

	A  element can exist in only one IPv4 address and one IPv6
	address per network.  This patch enforces that in virNetworkUpdate.

2014-12-09  Laine Stump  

	lxc: always use virDomainNetGetActualBridgeName to get interface's bridge
	lxcProcessSetupInterfaces() used to have a special case for
	actualType='network' (a network with forward mode of route, nat, or
	isolated) to call the libvirt public API to retrieve the bridge being
	used by a network. That is no longer necessary - since all network
	types that use a bridge and tap device now get the bridge name stored
	in the ActualNetDef, we can just always use
	virDomainNetGetActualBridgeName() instead.

2014-12-09  Laine Stump  

	qemu: always use virDomainNetGetActualBridgeName to get interface's bridge
	qemuNetworkIfaceConnect() used to have a special case for
	actualType='network' (a network with forward mode of route, nat, or
	isolated) to call the libvirt public API to retrieve the bridge being
	used by a network. That is no longer necessary - since all network
	types that use a bridge and tap device now get the bridge name stored
	in the ActualNetDef, we can just always use
	virDomainNetGetActualBridgeName() instead.

	(an audit of the two callers to qemuNetworkIfaceConnect() confirms
	that it is never called for any other type of network, so the dead
	code in the else statement (logging an internal error if it is called
	for any other type of network) is eliminated in the process.)

2014-12-09  Laine Stump  

	qemu: setup tap devices for macTableManager='libvirt'
	When libvirt is managing the MAC table of a Linux host bridge, it must
	turn off learning and unicast_flood for each tap device attached to
	that bridge, then add a Forwarding Database (fdb) entry for the tap
	device using the MAC address from the domain interface config.

	Once we have disabled learning and flooding, any packet that has a
	destination MAC address not present in the fdb will be dropped by the
	bridge. This, along with the opportunistic disabling of promiscuous
	mode[*], can result in enhanced network performance. and a potential
	slight security improvement.

	[*] If there is only one device on the bridge with learning/unicast_flood
	enabled, then that device will automatically have promiscuous mode
	disabled. If there are *no* devices with learning/unicast_flood
	enabled (e.g. for a libvirt "route", "nat", or isolated network that
	has no physical device attached), then all non-tap devices will have
	promiscuous mode disabled (tap devices always have promiscuous mode
	enabled, which may be a bug in the kernel, but in practice has 0
	effect).

	None of this has any effect for kernels prior to 3.15 (upstream kernel
	commit 2796d0c648c940b4796f84384fbcfb0a2399db84 "bridge: Automatically
	manage port promiscuous mode"). Even after that, until kernel 3.17
	(upstream commit 5be5a2df40f005ea7fb7e280e87bbbcfcf1c2fc0 "bridge: Add
	filtering support for default_pvid") traffic will not be properly
	forwarded without manually adding vlan table entries. Unfortunately,
	although the presence of the first patch is signalled by existence of
	the "learning" and "unicast_flood" options in sysfs, there is no
	reliable way to query whether or not the system's kernel has the
	second of those patches installed, the only thing that can be done is
	to try the setting and see if traffic continues to pass.

2014-12-09  Laine Stump  

	network: setup bridge devices for macTableManager='libvirt'
	When the bridge device for a network has macTableManager='libvirt' the
	intent is that all kernel management of the bridge's MAC table
	(Forwarding Database, or fdb, in the case of a Linux Host Bridge) be
	disabled, with libvirt handling updates to the table instead. The
	setup required for the bridge itself is:

	1) set the "vlan_filtering" property of the bridge device to 1.

	2) If the bridge has a "Dummy" tap device used to set a fixed MAC
	address on the bridge (which is always the case for a bridge created
	by libvirt, and never the case for a bridge created by the host system
	network config), turn off learning and unicast_flood on this tap (this
	is needed even though this tap is never IFF_UP, because the kernel
	ignores the IFF_UP flag of devices when using their settings to
	automatically decide whether or not to turn off promiscuous mode for
	any attached device).

	(1) is done both for libvirt-created/managed bridges, and for bridges
	that are created by the host system config, while (2) is done only for
	bridges created by libvirt (i.e. for forward modes of nat, routed, and
	isolated bridges)

	There is no attempt to turn vlan_filtering off when destroying the
	network because in the case of a libvirt-created bridge, the bridge is
	about to be destroyed anyway, and in the case of a system bridge, if
	the other devices attached to the bridge could operate properly before
	destroying libvirt's network object, they will continue to operate
	properly (this is similar to the way that libvirt will enable
	ip_forwarding whenever a routed/natted network is started, but will
	never attempt to disable it if they are stopped).

2014-12-09  Laine Stump  

	network: store network macTableManager setting in NetDef actual object
	At the time that the network driver allocates a connection to a
	network, the tap device that will be used hasn't yet been created -
	that will be done later by qemu (or lxc or whoever) - but if the
	network has macTableManager='libvirt', then when we do get around to
	creating the tap device, we will need to add an entry for it to the
	network bridge's fdb (forwarding database) *and* turn off learning and
	unicast_flood for that tap device in the bridge's sysfs settings. This
	means that qemu needs to know both the bridge name as well as the
	setting of macTableManager, so we either need to create a new API to
	retrieve that info, or just pass it back in the ActualNetDef that is
	created during networkAllocateActualDevice. We choose the latter
	method, since it's already done for the bridge device, and it has the
	side effect of making the information available in domain status.

	(NB: in the future, I think that the tap device should actually be
	created by networkAllocateActualDevice(), as that will solve several
	other problems, but that is a battle for another day, and this
	information will still be useful outside the network driver)

2014-12-09  Laine Stump  

	network: save bridge name in ActualNetDef when actualType==network too
	When the actualType of a virDomainNetDef is "network", it means that
	we are connecting to a libvirt-managed network (routed, natted, or
	isolated) which does use a bridge device (created by libvirt). In the
	past we have required drivers such as qemu to call the public API to
	retrieve the bridge name in this case (even though it is available in
	the NetDef's ActualNetDef if the actualType is "bridge" (i.e., an
	externally-created bridge that isn't managed by libvirt). There is no
	real reason for this difference, and as a matter of fact it
	complicates things for qemu. Also, there is another bridge-related
	attribute (macTableManager) that will need to be available in both
	cases, so this makes things consistent.

	In order to avoid problems when restarting libvirtd after an update
	from an older version that *doesn't* store the network's bridgename in
	the ActualNetDef, we also need to put it in place during
	networkNotifyActualDevice() (this function is run for each interface
	of each domain whenever libvirtd is restarted).

	Along with making the bridge name available in the internal object, it
	is also now reported in the  element of the  state
	XML (or the  subelement in the internally-stored format).

	The one oddity about this change is that usually there is a separate
	union for every different "type" in a higher level object (e.g. in the
	case of a virDomainNetDef there are separate "network" and "bridge"
	members of the union that pivots on the type), but in this case
	network and bridge types both have exactly the same attributes, so the
	"bridge" member is used for both type==network and type==bridge.

2014-12-09  Laine Stump  

	conf: new network bridge device attribute macTableManager
	The macTableManager attribute of a network's bridge subelement tells
	libvirt how the bridge's MAC address table (used to determine the
	egress port for packets) is managed. In the default mode, "kernel",
	management is left to the kernel, which usually determines entries in
	part by turning on promiscuous mode on all ports of the bridge,
	flooding packets to all ports when the correct destination is unknown,
	and adding/removing entries to the fdb as it sees incoming traffic
	from particular MAC addresses.  In "libvirt" mode, libvirt turns off
	learning and flooding on all the bridge ports connected to guest
	domain interfaces, and adds/removes entries according to the MAC
	addresses in the domain interface configurations. A side effect of
	turning off learning and unicast_flood on the ports of a bridge is
	that (with Linux kernel 3.17 and newer), the kernel can automatically
	turn off promiscuous mode on one or more of the bridge's ports
	(usually only the one interface that is used to connect the bridge to
	the physical network). The result is better performance (because
	packets aren't being flooded to all ports, and can be dropped earlier
	when they are of no interest) and slightly better security (a guest
	can still send out packets with a spoofed source MAC address, but will
	only receive traffic intended for the guest interface's configured MAC
	address).

	The attribute looks like this in the configuration:

	  
	    test
	    
	    ...

	This patch only adds the config knob, documentation, and test
	cases. The functionality behind this knob is added in later patches.

2014-12-09  Laine Stump  

	util: functions to manage bridge fdb (forwarding database)
	These two functions use netlink RTM_NEWNEIGH and RTM_DELNEIGH messages
	to add and delete entries from a bridge's fdb. The bridge itself is
	not referenced in the arguments to the functions, only the name of the
	device that is attached to the bridge (since a device can only be
	attached to one bridge at a time, and must be attached for this
	function to make sense, the kernel easily infers which bridge's fdb is
	being modified by looking at the device name/index).

	util: new functions for setting bridge and bridge port attributes
	These functions all set/get items in the sysfs for a bridge device.

2014-12-09  Eric Blake  

	getstats: add block.n.path stat
	I'm about to make block stats optionally more complex to cover
	backing chains, where block.count will no longer equal the number
	of  for a domain.  For these reasons, it is nicer if the
	statistics output includes the source path (for local files).
	This patch doesn't add anything for network disks, although we
	may decide to add that later.

	With this patch, I now see the following for the same domain as
	in the previous patch (one qcow2 file, and an empty cdrom drive):
	$ virsh domstats --block foo
	Domain: 'foo'
	  block.count=2
	  block.0.name=hda
	  block.0.path=/var/lib/libvirt/images/foo.qcow2
	  block.1.name=hdc

	* src/libvirt-domain.c (virConnectGetAllDomainStats): Document
	new field.
	* tools/virsh.pod (domstats): Document new field.
	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Return the new
	stat for local files/block devices.
	(QEMU_ADD_NAME_PARAM): Add parameter.
	(qemuDomainGetStatsInterface): Update caller.

2014-12-09  Eric Blake  

	getstats: start giving offline block stats
	I noticed that for an offline domain, 'virsh domstats --block $dom'
	was producing just the domain name, with no stats.  But the older
	'virsh domblkinfo' works just fine on offline domains.  This patch
	starts to get us closer, by at least reporting the disk names for
	an offline domain.

	With this patch, I now see the following for an offline domain
	with one qcow2 disk and an empty cdrom drive:
	$ virsh domstats --block foo
	Domain: 'foo'
	  block.count=2
	  block.0.name=hda
	  block.1.name=hdc

	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Don't short-circuit
	output of block name.

2014-12-09  Eric Blake  

	getstats: improve documentation
	At least with 'virsh domstats --block' on an offline domain, we
	currently output no stats even though we recognize the stat
	category.  Although a later patch will improve this situation,
	it is better to document that this is expected behavior.

	Also, while the current implementation rejects filtering flags
	for virDomainListGetStats, this limitation may be lifted in the
	future and we do not enforce it at the API level.

	* src/libvirt-domain.c (virConnectGetAllDomainStats): Document
	that recognized stats might not be reported.
	(virDomainListGetStats): Likewise, and tweak filtering documentation.

2014-12-09  Eric Blake  

	getstats: avoid memory leak on OOM
	qemuDomainGetStatsBlock() could leak a stats hash table if it
	encountered OOM while populating the virTypedParameters.
	Oddly, the fix doesn't even touch qemuDomainGetStatsBlock :)

	* src/qemu/qemu_driver.c (QEMU_ADD_COUNT_PARAM)
	(QEMU_ADD_NAME_PARAM): Don't return early.
	(qemuDomainGetStatsInterface): Adjust caller.

2014-12-08  Christophe Fergeau  

	docs: Use gender-neutral pronoun in hacking.html.in
	Use 'they' instead of 'he'.

2014-12-08  Martin Kletzander  

	rpc: Report proper close reason
	Whenever client socket was marked as closed for some reason, it could've
	been changed when really closing the connection.  With this patch the
	proper reason is kept since the first time it's marked as closed.

	virsh: Don't reconnect after the command when disconnected
	Each command that needs a connection causes a new connection to be
	made.  Reconnecting after a command failed is pointless, mainly when
	there is no other command to run.  Removeing three lines of code takes
	care of that and keeps virsh working as it should.

2014-12-08  Peter Krempa  

	storage: Fix printing/casting of uid_t/gid_t
	Other parts of libvirt use "%u" for formatting uid/gid and typecast to
	unsigned int. Storage driver used the signed variant.

2014-12-06  Chen Fan  

	docs: network: fix some trivial typos in docs/formatnetwork.html
	this patch fix some weird typos:
	   1. < hostdev>     => 
	   2. < type>        => 
	   3.  => 
	   4. redundant comma
	   5. missing right-half bracket

2014-12-06  John Ferlan  

	virsh: Add adapter options for pool-{create|define}-as
	Add the optional adapter options for pool create/define.  Results in
	either:

	

	or (on one line)

	

	being generated.

2014-12-06  John Ferlan  

	virsh: Add auth options for pool-{create|define}-as
	Add 3 new optional options for the pool-create-as and pool-define-as
	command in order to define the 3 elements required in order to add
	an auth element, such as:

	
	  
	

2014-12-06  John Ferlan  

	virsh.pod: Fix the pool-define-as and pool-create-as description
	Properly format the options and provide meaningful descriptions for
	the various options.

2014-12-06  John Ferlan  

	docs: Fix a couple of typos on the storage pool html
	Fix format of the secret XML in the example. The XML had an extraneous
	"type='iscsi'" (which is used by the  definitions)

	The world wide node name had a typo in the acronym (wwwn).

2014-12-05  Erik Skultety  

	util: check for an illegal character in a XML namespace prefix
	When user tries to insert element metadata providing a namespace
	declaration as well, currently we insert the element without any validation
	check for XML prefix (if provided). The next VM start would then
	fail with parse error. This patch fixes this issue by adding a call to
	xmlValidateNCName function to check for illegal characters in the
	prefix.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1143921

2014-12-05  Daniel P. Berrange  

	Report original error when QMP probing fails with new QEMU
	If probing capabilities via QMP fails, we now have a check
	that prevents us falling back to -help parsing. Unfortunately
	the error message

	  "Failed to probe capabilities for /usr/bin/qemu-kvm:
	   unsupported configuration: QEMU 2.1.2 is too new for help parsing"

	is proving rather unhelpful to the user. We need to be telling
	them why QMP failed (the root cause), rather than they can't
	use -help (the side effect).

	To do this we should capture stderr during QMP probing, and
	if -help parsing then sees a new QEMU version, we know that
	QMP should have worked, and so we can show the messages from
	stderr. The message thus becomes

	  "Failed to probe capabilities for /usr/bin/qemu-kvm:
	   internal error: QEMU / QMP failed: Could not access
	   KVM kernel module: No such file or directory
	   failed to initialize KVM: No such file or directory"

2014-12-05  Shanzhi Yu  

	qemu: snapshot: Forbid internal snapshot with passthrough devices
	When attempting to create internal system checkpoint with a passthrough
	device qemu will report the following error:

	error: operation failed: Error -22 while writing VM

	This patch calls the function to check if migration is possible with
	given VM and thus improves the error to:

	error: Requested operation is not valid: domain has assigned non-USB host devices

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=874418#c19

2014-12-05  Peter Krempa  

	storage: backend: Log uid/gid when initializing storage file backend
	To ease debugging permission problems add uid/gid values to the debug
	message when initializing a storage file backend.

2014-12-05  Michal Privoznik  

	networkValidate: Disallow bandwidth in portgroups too
	https://bugzilla.redhat.com/show_bug.cgi?id=1115292

	In one of the previous commits (eafb53fe) we disallowed
	network-wide bandwidth to some network types. However, we
	forgot about  which can have  too.

2014-12-04  Cole Robinson  

	docs: storage: fix rbd pool indentation

2014-12-04  Peter Krempa  

	qemu: process: Avoid uninitialized use two vars when reconnecting to vm
	3ecebf07110ca8d3413072557f29137943e848e3 breaks the build as it adds a
	way to jump to cleanup before the 'cfg' object is retrieved and 'priv'
	is initialized.

2014-12-04  Daniel P. Berrange  

	Fix handling of whitespae in preprocessor macros for API generator
	The apibuild.py script did not handle whitespace in preprocessor
	macros, so it failed to detect constants declared with '# define'
	instead of '#define'. Since we now correctly indent our public
	header files, we have silently lost all constants from
	libvirt-api.xml. This also caused us to not detect formatting
	errors in constant docs

2014-12-04  Peter Krempa  

	qemu: process: Refactor reconnecting to qemu processes
	Move entering the job into the thread to simplify the program flow. Also
	as the code holds a separate reference to the domain object some
	conditions can be simplified.

	After this patch qemuDomainObjTransferJob is no longer needed so this
	patch removes it.

2014-12-04  Ian Campbell  

	docs: Create html documentation even if XHTML1 DTD is not available to validate
	On a Debian system lacking the w3c-dtd-xhtml package the build fails
	with:

	        $ make -C docs/ formatcaps.html
	        make: Entering directory '/local/scratch/ianc/devel/libvirt.git/docs'
	        Generating formatcaps.html.tmp
	        I/O error : Attempt to load network entity http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd
	        formatcaps.html.in:2: warning: failed to load external entity "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
	        C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
	                                                                                       ^
	        I/O error : Attempt to load network entity http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd
	        ../docs/sitemap.html.in:2: warning: failed to load external entity "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
	        C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
	                                                                                       ^
	        missing XHTML1 DTD
	        rm formatcaps.html.tmp
	        make: Leaving directory '/local/scratch/ianc/devel/libvirt.git/docs'
	        $ ls docs/formatcaps*
	        docs/formatcaps.html.in

	https://www.redhat.com/archives/libvir-list/2009-November/msg00413.html
	suggests that the XHTML1 DTD should not be a hard requirement and the
	docs should be generated but not validated if it is not available.

	Therefore when the DTD is not available arrange for the .html.tmp file
	to be propagated to the .html output.

	Cc: Daniel Veillard 

2014-12-04  Martin Kletzander  

	tests: Fix misplaced parenthesis in qemumonitorjsontest
	When trying clang, it found out that we were comparing sizeof with 0
	even though we wanted to check the return value of memcmp.  That showed
	us that the test was wrong and it needs a fix as well.

2014-12-04  Conrad Meyer  

	drvbhyve: Automatically tear down guest domains on shutdown
	Reboot requires more sophistication and is left as a future work item --
	but at least part of the plumbing is in place.

2014-12-04  Erik Skultety  

	qemu: Fix virsh freeze when blockcopy storage file is removed
	If someone removes blockcopy storage file when still in mirroring phase
	and then requesting blockjob abort using pivot, virsh cmd freezes. This
	is not an issue with older qemu versions which did not support
	asynchronous jobs (which we prefer by default).
	As we have reached the mirroring phase successfully, polling monitor for
	blockjob info always returns 1 and the loop never ends.
	This fix introduces a check for qemuDomainBlockPivot return code, possibly
	skipping the asynchronous waiting completely, if an error occurred and
	asynchronous waiting was the preferred method.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1139567

2014-12-04  John Ferlan  

	docs: More html/docs changes from libvirt.h.in split
	This changes the display from:

	libvirt-storage: APIs for management of storages

	to

	libvirt-storage: APIs for management of storage pools and volumes

	In making that change I expected my build tree html output to be
	regenerated; however, it wasn't because the dependency for the separated
	libvirt-storage.h wasn't there.  It was only present for libvirt.h.in

	So I added each in the order displayed on the docs/html/index.html page

2014-12-04  Pavel Hrdina  

	cpu: fix possible crash in getModels
	Commit 86a15a25 introduced a new cpu driver API 'getModels'. Public API
	allow you to pass NULL for models to get only number of existing models.
	However the new code will crash with segfault so we have to count with
	the possibility that the user wants only the number.

	There is also difference in order of the models gathered by this new API
	as the old approach was inserting the elements to the end of the array
	so we should use 'VIR_APPEND_ELEMENT'.

2014-12-04  Peter Krempa  

	qemu: driver: Reload snapshots and managedsaves prior to reconnecting
	Reconnect to the VM is a possibly long-running job spawned in a separate
	thread. We should reload the snapshot defs and managedsave state prior
	to spawning the thread to avoid blocking of the daemon startup which
	would serialize on the VM lock.

	Also the reloading code would violate the domain job held while
	reconnecting as the loader functions don't create jobs.

2014-12-04  Peter Krempa  

	leaseshelper: Fix incorrect alignment of a switch case
	Introduced in ca6dbdd047d1ed691ccbae72556d85722a5f7a36

	leaseshelper: Skip entries missing expiry time on INIT action
	Coverity pointed out that in other places we always check the return
	value from virJSONValueObjectGetNumberLong() but not in the new addition
	in leaseshelper. To solve the issue and also be more robust in case
	somebody would corrupt the file, skip outputting of the lease entry in
	case the expiry time is missing.

2014-12-04  Luyao Huang  

	storage: fix crash caused by no check return before set close
	https://bugzilla.redhat.com/show_bug.cgi?id=1087104#c5

	When trying to use an invalid offset to virStorageVolUpload(), libvirt
	fails in virFDStreamOpenFileInternal(), although it seems libvirt does
	not check the return in storageVolUpload(), and calls
	virFDStreamSetInternalCloseCb() right after.  But stream doesn't have a
	privateData (is NULL) yet, and the daemon crashes then.

	0  0x00007f09429a9c10 in pthread_mutex_lock () from /lib64/libpthread.so.0
	1  0x00007f094514dbf5 in virMutexLock (m=) at util/virthread.c:88
	2  0x00007f09451cb211 in virFDStreamSetInternalCloseCb at fdstream.c:795
	3  0x00007f092ff2c9eb in storageVolUpload at storage/storage_driver.c:2098
	4  0x00007f09451f46e0 in virStorageVolUpload at libvirt.c:14000
	5  0x00007f0945c78fa1 in remoteDispatchStorageVolUpload at remote_dispatch.h:14339
	6  remoteDispatchStorageVolUploadHelper at remote_dispatch.h:14309
	7  0x00007f094524a192 in virNetServerProgramDispatchCall at rpc/virnetserverprogram.c:437

2014-12-03  Shanzhi Yu  

	virsh: vol-upload disallow negative offset
	Commit 570d0f63 describes disabling negative offset usage for
	vol-upload/download (e.g. cmdVolDownload and cmdVolUpload; however,
	the change was only made to cmdVolDownload. There was no change to
	cmdVolUpload.  This patch adds the same checks for vol-upload.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1087104

2014-12-03  Peter Krempa  

	network: dnsmasq: Don't format lease file path
	Now that we don't use the leases file at all for leases just don't
	format it into the config and use the leaseshelper to do all the
	lifting.

	leaseshelper: Refactor control flow
	Untangle a few conditions into a case statement and improve reporting of
	invaid commands.

2014-12-03  Nehal J Wani  

	leaseshelper: improvements to support all events
	This patch enables the helper program to detect event(s) triggered when
	there is a change in lease length or expiry and client-id. This
	transfers complete control of leases database to libvirt and obsoletes
	use of the lease database file (.leases). That file will
	not be created, read, or written.  This is achieved by adding the option
	--leasefile-ro to dnsmasq and passing a custom env var to leaseshelper,
	which helps us map events related to leases with their corresponding
	network bridges, no matter what the event be.

	Also, this requires the addition of a new non-lease entry in our custom
	lease database: "server-duid". It is required to identify a DHCPv6
	server.

	Now that dnsmasq doesn't maintain its own leases database, it relies on
	our helper program to tell it about previous leases and server duid.
	Thus, this patch makes our leases program honor an extra action: "init",
	in which it sends the known info in a particular format to dnsmasq
	by printing it to stdout.

	The drawback of this change is that upgrade to this new approach does
	not transfer the existing leases for the network if the leaseshelper
	wasn't already used.

2014-12-03  Daniel Hansel  

	cpu-driver: Fix the cross driver function call
	For Intel and PowerPC the implementation is calling a cpu driver
	function across driver layers (i.e. from qemu driver directly to cpu
	driver).
	The correct behavior is to use libvirt API functionality to perform such
	a inter-driver call.

	This patch introduces a new cpu driver API function getModels() to
	retrieve the cpu models. The currect implementation to process the
	cpu_map XML content is transferred to the INTEL and PowerPC cpu driver
	specific API functions.
	Additionally processing the cpu_map XML file is not safe due to the fact
	that the cpu map does not exist for all architectures. Therefore it is
	better to encapsulate the processing in the architecture specific cpu
	drivers.

	Reviewed-by: Boris Fiuczynski 
	Reviewed-by: Viktor Mihajlovski 

2014-12-03  Michal Privoznik  

	qemu_migration: Precreate missing storage
	Based on previous commit, we can now precreate missing volumes. While
	digging out the functionality from storage driver would be nicer, if
	you've seen the code it's nearly impossible. So I'm going from the
	other end:

	1) For given disk target, disk path is looked up.
	2) For the disk path, storage pool is looked up, a volume XML is
	constructed and then passed to virStorageVolCreateXML() which has all
	the knowledge how to create raw images, (encrypted) qcow(2) images,
	etc.

	One of the advantages of this approach is, we don't have to care about
	image conversion - qemu does that for us. So for instance, users can
	transform qcow2 into raw on migration (if the correct XML is passed to
	the migration API).

2014-12-03  Michal Privoznik  

	qemu_migration: Send disk sizes to the other side
	Up 'til now, users need to precreate non-shared storage on migration
	themselves. This is not very friendly requirement and we should do
	something about it. In this patch, the migration cookie is extended,
	so that  section does not only contain NBD port, but info on
	disks being migrated. This patch sends a list of pairs of:

	    

	to the destination. The actual storage allocation is left for next
	commit.

2014-12-03  Michal Privoznik  

	qemuMonitorJSONBlockStatsUpdateCapacity: Don't skip disks
	The function queries the block devices visible to qemu
	('query-block') and parses the qemu's output. The info is
	returned in a hash table which is expected to be pre-filled by
	qemuMonitorJSONGetAllBlockStatsInfo(). However, in the next patch
	we are not going to call the latter function at all, so we should
	make the former function add devices into the hash table if not
	found there.

	storage: Introduce storagePoolLookupByTargetPath
	While this could be exposed as a public API, it's not done yet as
	there's no demand for that yet. Anyway, this is just preparing
	the environment for easier volume creation on the destination.

2014-12-03  John Ferlan  

	Replace virDomainSnapshotFree with virObjectUnref
	Since virDomainSnapshotFree will call virObjectUnref anyway, let's just use
	that directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virInterfaceFree with virObjectUnref
	Since virInterfaceFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virNWFilterFree with virObjectUnref
	Since virNWFilterFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virSecretFree with virObjectUnref
	Since virSecretFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virStreamFree with virObjectUnref
	Since virStreamFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virStoragePoolFree with virObjectUnref
	Since virStoragePoolFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virStorageVolFree with virObjectUnref
	Since virStorageVolFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virNodeDeviceFree with virObjectUnref
	Since virNodeDeviceFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virNetworkFree with virObjectUnref
	Since virNetworkFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virDomainFree with virObjectUnref
	Since virDomainFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	rpc: Replace virXXXFree with virObjectUnref
	Modify the various virXXXFree calls to only call virObjectUnref. Calling
	the public API will reset the last error thus clearing out a pending error.

2014-12-02  Dmitry Guryanov  

	parallels: fix compilation of parallels_storage.c
	virConnect.privateData is void *, so we can't access
	fields of parallelsConn, pointer to which is stored in
	virConnect.privateData. So replace all occurences of
	conn->privateData->storageState with privconn->storageState.

2014-12-02  Ján Tomko  

	Generate a MAC when loading a config instead of package update
	Partially reverts commit 5754dbd.

	The code in the specfile adds a MAC address to every ,
	even for  for which we don't support
	changing MAC addresses.

	Remove it completely. For new networks, we have been adding
	MAC addresses on definition/creation since the commit mentioned above.
	For existing networks (pre-0.9.0), the MAC is added by this commit.

	https://bugzilla.redhat.com/show_bug.cgi?id=1156367

2014-12-02  Ján Tomko  

	Silently ignore MAC in NetworkLoadConfig
	Libvirt's RPMs have been adding it to networks which don't support it.

	https://bugzilla.redhat.com/show_bug.cgi?id=1156367

2014-12-02  Michal Privoznik  

	libvirt.c: Move virDomainGetFSInfo to libvirt-domain.c
	Since our big split of libvirt.c there are only a few functions
	living there. The majority was moved to corresponding subfile,
	e.g. domain functions were moved to libvirt-domain.c. However,
	the patches for virDomainGetFSInfo() and virDomainFSInfoFree()
	introduction were posted prior the big split and merged after.
	This resulted in two domain functions landing in wrong file.
	Move them to the correct one.

2014-12-02  Pavel Hrdina  

	nwfilter: fix crash when adding non-existing nwfilter
	Adding non-existing nwfilter to a network interface device without any
	nwfilter specified will crash libvirt daemon with segfault. The reason is
	that the nwfilter is not found an libvirt will try to restore old
	nwfilter configuration but there is no nwfilter specified.

2014-12-02  Wang Rui  

	conf: fix a comment typo in virDomainVideoDefaultRAM

2014-12-02  Laine Stump  

	conf: replace call to virNetworkFree() with virObjectUnref()
	The function virNetworkObjListExport() in network_conf.c had a call to
	the public API virNetworkFree() which was causing a link error:

	CCLD     libvirt_driver_vbox_network_impl.la
	 ./.libs/libvirt_conf.a(libvirt_conf_la-network_conf.o): In function `virNetworkObjListExport':
	/home/laine/devel/libvirt/src/conf/network_conf.c:4496: undefined reference to `virNetworkFree'

	This would happen when I added

	  #include "network_conf.h"

	into domain_conf.h, then attempted to call a new function from that
	file (and enum converter, similar to virNetworkForwardTypeToString())

	In the end, virNetworkFree() ends up just calling virObjectUnref(obj)
	anyway (after clearing all pending errors, which we probably *don't*
	want to do in the cleanup of a utility function), so this is likely
	more correct than the original code as well.

2014-12-02  Martin Kletzander  

	build, docs: Let make see the dependencies for html/*.html
	Make was not able to realize the dependencies for html/*.html files when
	running 'make -j9 dist'.  All the files are generated together with
	html/index.html, so simply separating them into another variable and
	adding one block into the dependency chain solves the issue.

	docs: Correct invalid hyperlinks
	Since libvirt.h was split into multiple files and similarly
	docs/libvirt-libvirt.html, docs/hvsupport.html have bad hyperlinks.  The
	same happens for all the html.in files that used 
	tag, because page.xsl has no idea where to point the link that's found.

2014-12-02  Eduardo Costa  

	Fix race condition in qemuGetProcessInfo
	There is a race condition between the fopen and fscanf calls
	in qemuGetProcessInfo. If fopen succeeds, there is a small
	possibility that the file no longer exists before reading from it.
	Now, if either fopen or fscanf calls fail, the function will behave
	just as only fopen had failed.

	Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1169055

2014-12-02  John Ferlan  

	libxl: Resolve Coverity CHECKED_RETURN
	Commit id 'cb88d433' refactored the calling sequence to use a thread;
	however, in doing so "lost" the check for if virNetSocketAccept returns
	failure.  Since other code makes that check, Coverity complains. Although
	a false positive, adding back the failure check pacifies Coverity

	domain_conf: Resolve Coverity CHECKED_RETURN
	Commit id '0d36a5d05' modified the code slightly, but removed the
	return value check thus causing Coverity to complain that this call
	was the only one where the return value wasn't checked. Since nothing
	was done previously if there was a failure, just use ignore_value here
	to pacify Coverity

	virhook: Resolve Coverity NULL_RETURNS
	Coverity complains that many other callers to return err from
	virGetLastError() will check if err is not NULL before dereferencing
	it.  Just do the same here for safety.

2014-12-02  John Ferlan  

	hotplug: Resolve Coverity FORWARD_NULL
	Coverity complained that because the cfg->macFilter call checked
	net->ifname != NULL before calling ebtablesRemoveForwardAllowIn, then
	the virNetDevOpenvswitchRemovePort call should have the same check.

	However, if I move the ebtables call prior to the check for TYPE_DIRECT
	(where there is a VIR_FREE(net->ifname)), then it seems Coverity is
	happy.  Since firewall info is tacked on last during setup, removing
	it in the opposite order of initialization seems to be natural anyway

2014-12-01  John Ferlan  

	storage: Add mixed fc_host/scsi_host duplicate adapter source checks
	https://bugzilla.redhat.com/show_bug.cgi?id=1159180

	The virStoragePoolSourceFindDuplicate only checks the incoming definition
	against the same type of pool as the def; however, for "scsi_host" and
	"fc_host" adapter pools, it's possible that either some pool "scsi_host"
	adapter definition is already using the scsi_hostN that the "fc_host"
	adapter definition wants to use or some "fc_host" pool adapter definition
	is using a vHBA scsi_hostN or parent scsi_hostN that an incoming "scsi_host"
	definition is trying to use.

	This patch adds the mismatched type checks and adds extraneous comments
	to describe what each check is determining.

	This patch also modifies the documentation to be describe what scsi_hostN
	devices a "scsi_host" source adapter should use and which to avoid. It also
	updates the parent definition to specifically call out that for mixed
	environments it's better to define which parent to use so that the duplicate
	pool checks can be done properly.

2014-12-01  John Ferlan  

	storage: Move and rename getVhbaSCSIHostParent
	https://bugzilla.redhat.com/show_bug.cgi?id=1159180

	Move the API from the backend to storage_conf and rename it to
	virStoragePoolGetVhbaSCSIHostParent.  A future patch will need to
	use this functionality from storage_conf

2014-12-01  Martin Kletzander  

	conf: Don't redefine virDomainTPMDefPtr

2014-12-01  Luyao Huang  

	qemu: Make pid available for security managers in qemuProcessAttach
	There are some small issue in qemuProcessAttach:

	1.Fix virSecurityManagerGetProcessLabel always get pid = 0,
	move 'vm->pid = pid' before call virSecurityManagerGetProcessLabel.

	2.Use virSecurityManagerGenLabel to get image label.

	3.Fix always set selinux label for other security driver label.

2014-12-01  Martin Kletzander  

	conf: Add device-related code for panic devices
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1169183

	conf: Add device-related code for TPM devices
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1169183

2014-12-01  Erik Skultety  

	qemu: fix block{commit,copy} abort handling
	When a block{commit,copy} job was aborted on a domain, block job handler
	did not process it correctly, leaving a phantom job in the background.
	Any further calls to any blockjob causes "block  still active"
	error. This patch fixes the blockjob handler so that it checks not only
	for VIR_DOMAIN_BLOCK_JOB_FAILED status, but VIR_DOMAIN_BLOCK_JOB_CANCELED
	status as well, followed by our existing cleanup routine.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1135169

2014-12-01  Wang Rui  

	qemu: set jobinfo type to FAILED if job is failed in qemuMigrationRun
	If job is failed in qemuMigrationRun, we expect the jobinfo type as
	FAILED. But jobinfo type won't be updated until entering
	qemuMigrationWaitForCompletion. We should make it updated in all
	conditions. Moreover, we can't use qemuMigrationUpdateJobStatus
	here because job may fail in libvirt, so we can't query job status
	from QEMU.

	qemu: set jobinfo type to CANCELLED if migration is cancelled in all conditions
	The migration job status is traced in qemuMigrationUpdateJobStatus
	which is called in qemuMigrationRun. But if migration is cancelled
	before the trace such as in qemuMigrationDriveMirror, the jobinfo
	type won't be updated to CANCELLED. After this patch, we can get
	jobinfo type CANCELLED if migration is cancelled during drive
	mirror.  Moreover, we can't use qemuMigrationUpdateJobStatus
	because from qemu's point of view it's just the drive mirror being
	cancelled and the migration hasn't even started yet.

2014-12-01  Luyao Huang  

	docs: Fix missing slashes in XML examples
	When I pasted some XML from libvirt.org, I've found a small mistake.

2014-11-28  Michal Privoznik  

	qemu: Don't track quiesced state of FSs
	https://bugzilla.redhat.com/show_bug.cgi?id=1160084

	As of b6d4dad11b (1.2.5) we are trying to keep the status of FSFreeze
	in the guest. Even though I've tried to fixed couple of corner cases
	(6ea54769ba18), it occurred to me just recently, that the approach is
	broken by design. Firstly, there are many other ways to talk to
	qemu-ga (even through libvirt) that filesystems can be thawed (e.g.
	qemu-agent-command) without libvirt noticing. Moreover, there are
	plenty of ways to thaw filesystems without even qemu-ga noticing (yes,
	qemu-ga keeps internal track of FSFreeze status). So, instead of
	keeping the track ourselves, or asking qemu-ga for stale state, it's
	the best to let qemu-ga deal with that (and possibly let guest kernel
	propagate an error).

	Moreover, there's one bug with the following approach, if fsfreeze
	command failed, we've executed fsthaw subsequently. So issuing
	domfsfreeze in virsh gave the following result:

	virsh # domfsfreeze gentoo
	Froze 1 filesystem(s)

	virsh # domfsfreeze gentoo
	error: Unable to freeze filesystems
	error: internal error: unable to execute QEMU agent command 'guest-fsfreeze-freeze': The command guest-fsfreeze-freeze has been disabled for this instance

	virsh # domfsfreeze gentoo
	Froze 1 filesystem(s)

	virsh # domfsfreeze gentoo
	error: Unable to freeze filesystems
	error: internal error: unable to execute QEMU agent command 'guest-fsfreeze-freeze': The command guest-fsfreeze-freeze has been disabled for this instance

2014-11-28  Jiri Denemark  

	Fix usage of virReportSystemError
	virReportSystemError is reserved for reporting system errors, calling it
	with VIR_ERR_* error codes produces error messages that do not make any
	sense, such as

	    internal error: guest failed to start: Kernel doesn't support user
	    namespace: Link has been severed

	We should prohibit wrong usage with a syntax-check rule.

2014-11-28  Martin Kletzander  

	docs: fix simple typo in TPM paragraph

2014-11-27  Martin Kletzander  

	tests: fix documentation for mocking methods
	It looks like it was copy-pasted, so in case anyone wonders what some of
	those methods do without looking at them, and for the sake of
	completeness, fix them.

2014-11-27  Martin Kletzander  

	Revert "ip link needs 'name' in 3.16 to create the veth pair"
	This reverts commit 433b427ff853ab72d32573d415e6ec569b77c7cb.

	The patch was added in order to overcome a bug in iproute2 and since it
	was properly identified as a bug, particularly in openSUSE 13.2, and it
	is being worked on [1], the best solution for libvirt seems to be to
	keep the old behaviour.

	[1] https://bugzilla.novell.com/show_bug.cgi?id=907093

2014-11-27  Jiri Denemark  

	network: Fix upgrade from libvirt older than 1.2.4
	Starting from libvirt-1.2.4, network state XML files moved to another
	directory (see commit b9e95491) and libvirt automatically migrates the
	network state files to a new location. However, the code used
	dirent.d_type which is not supported by all filesystems. Thus, when
	libvirt was upgraded on a host which used such filesystem, network state
	XMLs were not properly moved and running networks disappeared from
	libvirt.

	This patch falls back to lstat() whenever dirent.d_type is DT_UNKNOWN to
	fix this issue.

	https://bugzilla.redhat.com/show_bug.cgi?id=1167145

2014-11-26  Jiri Denemark  

	util: Avoid calling closedir(NULL)

2014-11-25  Eric Blake  

	virsh: document block.n.allocation stat
	Commit 7557ddf added some additional block.* stats to
	virDomainListGetStats, but failed to document them in 'man
	virsh'.  Also, I noticed some inconsistent use of commas.

	* tools/virsh.pod (domstats): Tweak commas, add missing stats.

2014-11-25  Eric Blake  

	dbus: fix arrays of bools
	Commit 2aa167ca tried to fix the DBus interaction code to allow
	callers to use native types instead of 4-byte bools.  But in
	fixing the issue, I missed the case of an arrayref; Conrad Meyer
	shows the following valid complaint issued by clang:

	  CC       util/libvirt_util_la-virdbus.lo
	util/virdbus.c:956:13: error: cast from 'bool *' to 'dbus_bool_t *' (aka 'unsigned int *') increases required alignment from 1 to 4 [-Werror,-Wcast-align]
	            GET_NEXT_VAL(dbus_bool_t, bool_val, bool, "%d");
	            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	util/virdbus.c:858:17: note: expanded from macro 'GET_NEXT_VAL'
	            x = (dbustype *)(*xptrptr + (*narrayptr - 1));              \
	                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 error generated.

	But fixing that points out that we have NEVER supported arrayrefs
	of sub-int types (byte, i16, u16, and now bool).  Again, while raw
	types promote, arrays do not; so the macros HAVE to deal with both
	size possibilities rather than assuming that an arrayref uses the
	same sizing as the promoted raw type.

	Obviously, our testsuite wasn't covering as much as it should have.

	* src/util/virdbus.c (GET_NEXT_VAL): Also fix array cases.
	(SET_NEXT_VAL): Fix uses of sub-int arrays.
	* tests/virdbustest.c (testMessageArray, testMessageArrayRef):
	Test it.

2014-11-25  Wang Rui  

	qemu: add the missing jobinfo type in qemuDomainGetJobInfo
	Commit 6fcddfcd refactored job statistics but missed the jobinfo type updated
	in qemuDomainGetJobInfo. After this patch, we can use virDomainGetJobInfo to
	get jobinfo type again.

2014-11-25  John Ferlan  

	Resolve build breaker
	Commit 'c264eeaa' didn't do the prerequisite 'make syntax-check' before
	pushing. There was a  in the whitespace for the comment.  Replaced
	with spaces and aligned.

	pushed as build breaker since Jenkins complained loudly

2014-11-25  Cédric Bosdonnat  

	lxc: don't unmount subtree if it contains the source of the mount
	The typical case where we had a problem is with such a filesystem
	definition as created by virt-sandbox-service:

	    
	      
	      
	    

	In this case, we don't want to unmount the /var subtree or we may
	loose the access to the source folder.

2014-11-25  Cédric Bosdonnat  

	lxc: be more patient while resolving symlinks
	Resolving symlinks can fail before mounting any file system if one file
	system depends on another being mounted. Symlinks are now resolved in
	two passes:

	  * Before any file system is mounted, but then we are more gentle if
	    the source path can't be accessed
	  * Right before mounting a file system, so that we are sure that we
	    have the resolved path... but then if it can't be accessed we raise
	    an error.

2014-11-25  Cédric Bosdonnat  

	ip link needs 'name' in 3.16 to create the veth pair
	Due to a change (or bug?) in ip link implementation, the command
	    'ip link add vnet0...'
	is forced into
	    'ip link add name vnet0...'
	The changed command also works on older versions of iproute2, just the
	'name' parameter has been made mandatory.

	virt-aa-helper: /etc/libvirt-sandbox/services isn't restricted
	To get virt-sandbox-service working with AppArmor, virt-aa-helper
	needs not to choke on path in /etc/libvirt-sandbox/services.

	virt-aa-helper wasn't running virErrorInitialize
	This turns out to be working by magic but needs to be fixed.

2014-11-25  Pavel Hrdina  

	qemu-command: introduce new vgamem attribute for QXL video device
	Add attribute to set vgamem_mb parameter of QXL device for QEMU. This
	value sets the size of VGA framebuffer for QXL device. Default value in
	QEMU is 8MB so reuse it also in libvirt to not break things.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1076098

2014-11-25  Pavel Hrdina  

	qemu-command: use vram attribute for all video devices
	So far we didn't have any option to set video memory size for qemu video
	devices. There was only the vram (ram for QXL) attribute but it was valid
	only for the QXL video device.

	To provide this feature to users QEMU has a dedicated device attribute
	called 'vgamem_mb' to set the video memory size. We will use the 'vram'
	attribute for setting video memory size for other QEMU video devices.

	For the cirrus device we will ignore the vram value because it has
	hardcoded video size in QEMU.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1076098

2014-11-25  Pavel Hrdina  

	caps: introduce new QEMU capability for vgamem_mb device property
	Allow setting vgamem size for video devices.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1076098

2014-11-25  Pavel Hrdina  

	QXL: fix setting ram and vram values for QEMU QXL device
	QEMU has two different type of QXL display device. The first "qxl-vga"
	is for primary video device and second "qxl" is for secondary video
	device.

	There are also two different ways how to specify those devices on qemu
	command line, the first one and obsolete is using "-vga" option and the
	current new one is using "-device" option. The "-vga" could be used only
	to setup primary video device, so the "-vga qxl" equal to
	"-device qxl-vga". Unfortunately the "-vga qxl" doesn't support setting
	additional parameters for the device and "-global" option must be used
	for this purpose. It's mandatory to use "-global qxl-vga...." to set the
	parameters of primary video device previously defined with "-vga qxl".

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1076098

2014-11-25  Pavel Hrdina  

	video: cleanup usage of vram attribute and update documentation
	The vram attribute was introduced to set the video memory but it is
	usable only for few hypervisors excluding QEMU/KVM and the old XEN
	driver. Only in case of QEMU the vram was used for QXL.

	This patch updates the documentation to reflect current code in libvirt
	and also changes the cases when we will set the default vram attribute.
	It also fixes existing strange default value for VGA devices 9MB to 16MB
	because the video ram should be rounded to power of two.

	The change of default value could affect migrations but I found out that
	QEMU always round the video ram to power of two internally so it's safe
	to change the default value to the next closest power of two and also
	silently correct every domain XML definition. And it's also safe because
	we don't pass the value to QEMU.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1076098

2014-11-25  Pavel Hrdina  

	internal: add macro to round value to the next closest power of 2
	There are two special cases, if the input number is 0 or the number is
	larger then 2^31 (for 32bit unsigned int). For the special cases the
	return value is 0 because they cannot be rounded.

2014-11-25  Chen Hanxiao  

	storage_driver: fix a comment typo
	s/rereshed/refreshed

2014-11-24  Tomoki Sekiyama  

	virsh: expose virDomainGetFSInfo
	Add a "domfsinfo" command that shows a list of filesystems info mounted in
	the guest. For example:

	virsh # domfsinfo vm1
	Mountpoint                           Name     Type     Target
	-------------------------------------------------------------------
	/                                    sda1     ext4     hdc
	/opt                                 dm-2     vfat     vda,vdb
	/mnt/test                            sdb1     xfs      sda

2014-11-24  Tomoki Sekiyama  

	qemu: add test for qemuAgentGetFSInfo
	Add test cases for qemuAgentGetFSInfo, with a sample agent response for
	the qemu-get-fsinfo command and a configuration xml.

	qemu: Implement the qemu driver for virDomainGetFSInfo
	Get mounted filesystems list, which contains hardware info of disks and its
	controllers, from QEMU guest agent 2.2+. Then, convert the hardware info
	to corresponding device aliases for the disks.

	remote: Implement the remote protocol for virDomainGetFSInfo
	Add daemon and driver code to (de-)serialize virDomainFSInfo.

	Implement public API for virDomainGetFSInfo
	virDomainGetFSInfo returns a list of filesystems information mounted in the
	guest, which contains mountpoints, device names, filesystem types, and
	device aliases named by libvirt. This will be useful, for example, to
	specify mountpoints to fsfreeze when taking snapshot of a part of disks.

2014-11-24  Peter Krempa  

	qemu: Emit the guest agent lifecycle event
	Add code to emit the event on change of the channel state and reconnect
	to the qemu process.

	examples: Add support for the guest agent lifecycle event
	Add code to support the event in the object-event example.

2014-11-24  Peter Krempa  

	event: Add guest agent lifecycle event
	As qemu is now able to notify us about change of the channel state used
	for communication with the guest agent we now can more precisely track
	the state of the guest agent.

	To allow notifying management apps this patch implements a new event
	that will be triggered on changes of the guest agent state.

2014-11-24  Jiri Denemark  

	spec: Automatically apply all patches with git
	With this change, any patch declared in libvirt.spec with Patch[0-9]* is
	automatically applied in %prep. Unlike with the standard %patch[0-9]*,
	patches are applied with "git am" to avoid some unexpected results.
	However, as a result of this, all patches must be in the right format
	for "git am" to be able to apply them; they should ideally be generated
	from git using "git format-patch".

2014-11-24  Peter Krempa  

	qemu: process: Refresh virtio channel guest state when connecting to mon
	Use data provided by "query-chardev" to refresh the guest frontend state
	of virtio channels.

2014-11-24  Peter Krempa  

	qemu: chardev: Extract more information about character devices
	Improve the monitor function to also retrieve the guest state of
	character device (if provided) so that we can refresh the state of
	virtio-serial channels and perhaps react to changes in the state in
	future patches.

	This patch changes the returned data from qemuMonitorGetChardevInfo to
	return a structure containing the pty path and the state for all the
	character devices.

	The change to the testsuite makes sure that the data is parsed
	correctly.

2014-11-22  Jim Fehlig  

	libxl: destroy domain in migration finish phase on failure
	This patch contains three domain cleanup improvements in the migration
	finish phase, ensuring a domain is properly disposed when a failure is
	detected or the migration is cancelled.

	The check for virDomainObjIsActive is moved to libxlDomainMigrationFinish,
	where cleanup can occur if migration failed and the domain is inactive.

	The 'cleanup' label was missplaced in libxlDomainMigrationFinish, causing
	a migrated domain to remain in the event of an error or cancelled migration.

	In cleanup, the domain was not removed from the driver's list of domains.

2014-11-22  Jim Fehlig  

	libxl: start domain paused on migration dst
	During the perform phase of migration, the domain is started on
	the dst host in a running state if VIR_MIGRATE_PAUSED flag is not
	specified.  In the finish phase, the domain is also unpaused if
	VIR_MIGRATE_PAUSED flag is unset.  I've noticed this second unpause
	fails if the domain was already unpaused following the perform phase.

	This patch changes the perform phase to always start the domain
	paused, and defers unpausing, if requested, to the finish phase.
	Unpausing should occur in the finish phase anyhow, where the domain
	can be properly destroyed if the perform phase fails and migration
	is cancelled.

2014-11-22  Jim Fehlig  

	libxl: acquire job in migration finish phase
	Moving data reception of the perform phase of migration to a
	thread introduces a race with the finish phase, where checking
	if the domain is active races with the thread finishing the
	perform phase.  The race is easily solved by acquiring a job in
	the finish phase, which must wait for the perform phase job to
	complete.

	While wrapping the finish phase in a job, noticed the virDomainObj
	was being unlocked in a callee - libxlDomainMigrationFinish.  Move
	the unlocking to libxlDomainMigrateFinish3Params, where the lock
	is acquired.

2014-11-22  Jim Fehlig  

	libxl: Receive migration data in a thread
	The libxl driver receives migration data within an IO callback invoked
	by the event loop, effectively disabling the event loop while migration
	occurs.

	This patch moves receving of the migration data to a thread.  The
	incoming connection is still accepted in the IO callback, but control
	is immediately returned to the event loop after spawning the thread.

2014-11-22  Ian Campbell  

	libxl: Allow libxl to find pygrub binary.
	Specifying an explicit path to pygrub (e.g. BINDIR "/pygrub") only works if
	Xen and libvirt happen to be installed to the same prefix. A more flexible
	approach is to simply specify "pygrub" which will cause libxl to use the
	correct path which it knows (since it is built with the same prefix as pygrub).

	This is particular problematic in the Debian packaging, since the Debian Xen
	package relocates pygrub into a libexec dir, however I think this change makes
	sense upstream.

2014-11-21  Peter Krempa  

	storage: rbd: Implement support for passing config file option
	To be able to express some use cases of the RBD backing with libvirt, we
	need to be able to specify a config file for the RBD client to qemu as
	that is one of the commonly used options.

2014-11-21  Peter Krempa  

	storage: rbd: qemu: Add support for specifying internal RBD snapshots
	Some storage systems have internal support for snapshots. Libvirt should
	be able to select a correct snapshot when starting a VM.

	This patch adds a XML element to select a storage source snapshot for
	the RBD protocol which supports this feature.

2014-11-21  Peter Krempa  

	storage: Allow parsing of RBD backing strings when building backing chain
	As we now have a common function to parse backing store string for RBD
	backing store we can reuse it in the backing store walker so that we
	don't fail on files backed by RBD storage.

	This patch also adds a few tests to verify that the parsing works as
	expected.

2014-11-21  Peter Krempa  

	util: storagefile: Split out parsing of NBD string into a separate func
	Split out the code so that the function looks homogenous after adding
	more protocol specific parsers.

	util: split out qemuParseRBDString into a common helper
	To allow reuse this non-trivial parser code in the backing store parser
	this part of the command line parser needs to be split out into a
	separate funciton.

	tests: Reflow the expected output from RBD disk test
	Addition of tested cases to the test will be more obvious.

2014-11-21  Peter Krempa  

	qemu: Refactor qemuBuildNetworkDriveURI to take a virStorageSourcePtr
	Instead of splitting out various fields, pass the complete structure and
	let the function pick various things of it.

	As one of the callers isn't using virStorageSourcePtr to store the data,
	this patch adds glue code that fills the data into a dummy
	virStorageSourcePtr before calling the func.

	This change will help when adding new fields that need output processing
	in the future.

2014-11-21  Peter Krempa  

	util: storage: Copy hosts of a storage file only if they exist
	If there are no hosts for a storage source virStorageSourceCopy and
	virStorageSourceNewFromBackingRelative would try to copy them anyways.
	As the success of virStorageNetHostDefCopy is determined by returning
	a pointer and malloc of 0 elements might return NULL according to the
	implementation, the result of the copy function may vary.

	Fix this by copying the hosts array only if there are hosts defined.

2014-11-21  Peter Krempa  

	util: storage: Add notice for extension of struct virStorageSource
	As we now have a deep copy function for struct virStorageSource add a
	notice that extensions of the structure require also appropriate changes
	to the virStorageSourceCopy func.

	util: buffer: Clarify scope of the escape operation in virBufferEscape
	The escaping is applied only to the string, not the format argument.
	State this fact in the docs.

	test: virstoragetest: Add testing of network disk details
	To be able to fully test parsing of networked storage strings we need to
	add a few fields for: hostname, protocol and auth string.

	docs: domain: Move docs for storage hosts under the  element
	The docs describing the  element that are under the 
	element in the XML document were incorrectly placed under the 
	element. Move them to the correct place.

2014-11-21  Martin Kletzander  

	virsh: sync domdisplay help and manual

2014-11-21  Peter Krempa  

	qemu: Add handling for VSERPORT_CHANGE event
	New qemu added a new event that is emitted when a virtio serial channel
	is opened in the guest OS. This allows us to update the state of the
	port in the output-only XML element.

	This patch implements the monitor callbacks and necessary handlers to
	update the state in the definition.

2014-11-21  Peter Krempa  

	conf: Add channel state for virtio channels to the XML
	To track state of virtio channels this patch adds a new output-only
	attribute called 'state' to the  element of virtio channels.

	This will be later populated with the guest state of the channel.

2014-11-21  Peter Krempa  

	qemu: monitor: Rename and improve qemuMonitorGetPtyPaths
	To unify future additions that require information from "query-chardev"
	rename qemuMonitorGetPtyPaths and friends to qemuMonitorGetChardevInfo
	and move the allocation of the returned hash into the top level
	function.

2014-11-21  Peter Krempa  

	test: xml2xml: Print full filenames if xml2xml test fails
	To simplify looking for a problem instrument the XML comparator function
	with possibility to print the filename of the failed/expected XML
	output.

	This is necessary as the VIR_TEST_DIFFERENT macro possibly tests two XML
	files for the inactive/active state and the resulting error may not be
	obvious.

2014-11-21  Peter Krempa  

	conf: Annotate source enums for character device struct members
	Add a comment to track which values may be present in certain members of
	a struct _virDomainChrDef.

	qemu: process: report useful error if alias formatting fails
	When retrieving the paths for PTY devices the alias gets formatted into
	a static string. If it doesn't fit we wouldn't report an error.

2014-11-21  Chen Fan  

	docs: fix a typo in formatdomain.html

2014-11-21  Peter Krempa  

	storage: qemu: Fix security labelling of new image chain elements
	When creating a disk image snapshot the libvirt code would blindly copy
	the parents label to the newly created image. This runs into problems
	when you start a VM from an image hosted on NFS (or other storage system
	that doesn't support selinux labels) and the snapshot destination is on
	a storage system that does support selinux labels. Libvirt's code in
	that case generates a different security label for the image hosted on
	NFS. This label is valid only for NFS images and doesn't allow access in
	case of a locally stored image.

	To fix this issue libvirt needs to refrain from copying security
	information in cases where the default domain seclabel is a better
	choice.

	This patch repurposes the now unused @force argument of
	virStorageSourceInitChainElement to denote whether a copy of the
	security labelling stuff should be attempted or not. This allows to
	fine-control the copy operation for cases where we need to keep the
	label of the old disk vs. the cases where we need to keep the label
	unset to use the default domain imagelabel.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1151718

2014-11-20  Eric Blake  

	build: fix build when not using dbus
	Commit c0e7022 breaks on a machine that lacks dbus headers:

	In file included from util/virdbus.c:24:0:
	util/virdbuspriv.h:31:3: error: unknown type name 'dbus_int16_t'

	* src/util/virdbuspriv.h (DBusBasicValue): Only provide fallback
	when dbus is compiled.

2014-11-20  Eric Blake  

	build: avoid 32-bit failure on older gcc
	On 32-bit platforms with old gcc (hello RHEL 5 gcc 4.1.2), the
	build fails with:
	virsh-domain.c: In function 'cmdBlockCopy':
	virsh-domain.c:2172: warning: comparison is always false due to limited range of data type

	Adjust the code to silence the warning.

	* tools/virsh-domain.c (cmdBlockCopy): Pacify RHEL 5 gcc.

2014-11-20  John Ferlan  

	storage: Add thread to refresh for createVport
	https://bugzilla.redhat.com/show_bug.cgi?id=1152382

	When libvirt create's the vport (VPORT_CREATE) for the vHBA, there isn't
	enough "time" between the creation and the running of the following
	backend->refreshPool after a backend->startPool in order to find the LU's.
	Population of LU's happens asynchronously when udevEventHandleCallback
	discovers the "new" vHBA port.  Creation of the infrastructure by udev
	is an iterative process creating and discovering actual storage devices and
	adjusting the environment.

	Because of the time it takes to discover and set things up, the backend
	refreshPool call done after the startPool call will generally fail to
	find any devices. This leaves the newly started pool appear empty when
	querying via 'vol-list' after startup. The "workaround" has always been
	to run pool-refresh after startup (or any time thereafter) in order to
	find the LU's. Depending on how quickly run after startup, this too may
	not find any LUs in the pool. Eventually though given enough time and
	retries it will find something if LU's exist for the vHBA.

	This patch adds a thread to be executed after the VPORT_CREATE which will
	attempt to find the LU's without requiring the external run of refresh-pool.
	It does this by waiting for 5 seconds and searching for the LU's. If any
	are found, then the thread completes; otherwise, it will retry once more
	in another 5 seconds.  If none are found in that second pass, the thread
	gives up.

	Things learned while investigating this... No need to try and fill the
	pool too quickly or too many times. Over the course of creation, the udev
	code may 'add', 'change', and 'delete' the same device. So if the refresh
	code runs and finds something, it may display it only to have a subsequent
	refresh appear to "lose" the device. The udev processing doesn't seem to
	have a way to indicate that it's all done with the creation processing of a
	newly found vHBA. Only the Lone Ranger has silver bullets to fix everything.

2014-11-20  John Ferlan  

	storage: Fix issue finding LU's when block doesn't exist
	Fix a problem in the getBlockDevice and processLU where retval initialized
	to zero causing some failures to erroneously continue through to the
	virStorageBackendSCSINewLun with an attempt to find a path for "/dev/(null)".
	This would fail approximately 10 seconds later with debug message:

	virStorageBackendSCSINewLun:203 :
	     No stable path found for '/dev/(null)' in '/dev/disk/by-path'

	The root cause of the issue is for many /sys/bus/scsi/devices/
	there is no "block*" device found for the vHBA's, where "" are
	the various paths created for the vHBA, such as "17:0:0:0", "17:0:1:0",
	"17:0:2:0", "17:0:3:0", etc.  If the block device isn't found, then the
	directory should just be ignored rather than attempting to process it.

	The bug was that in getBlockDevice the assumption was "block" would exist
	and either getNewStyleBlockDevice or getOldStyleBlockDevice would fill in
	@block_device. However, if 'block*' doesn't exist, then the code returned
	NULL for block_device *and* a good (zero) retval value.  This caused the
	processLU code to attempt the virStorageBackendSCSINewLun which failed
	"at some point in time" in the future.

	After this change - on test system the refresh-pool didn't have a noticable
	pause of about 20 seconds - it completed within a second since no longer
	was there an attempt/need to find "/dev/(null)".

	Additionally, the virStorageBackendSCSIFindLU's shouldn't be declaring
	found unless the processLU actually returns success. This will be
	important in the followup patch which relies on whether a LU was found.

2014-11-20  Nehal J Wani  

	docs: Remove references to unused libvirt-libvirt.html
	The libvirt-libvirt.html file is no longer generated so
	should not be referenced by the Makefile.am

2014-11-20  Eric Blake  

	build: fix build with older dbus headers
	Compilation on a RHEL 5 host failed, due to the older dbus headers
	present on that machine, and triggered by commit 2aa167ca:

	util/virdbus.c: In function 'virDBusMessageIterDecode':
	util/virdbus.c:952: error: 'DBusBasicValue' undeclared (first use in this function)

	* m4/virt-dbus.m4 (LIBVIRT_CHECK_DBUS): Check for DBusBasicValue.
	* src/util/virdbuspriv.h (DBusBasicValue): Provide fallback.

2014-11-20  Giuseppe Scrivano  

	rpc: do not fail if the pid of the connecting process is not set
	getsockopt(sock->fd, SOL_SOCKET, SO_PEERCRED, ...) sets the pid to 0
	when the process that opens the connection is in another container.

2014-11-20  Eric Blake  

	util: don't log failure when older iptables lacks -w
	Commit dc33e6e4 caused older platforms like Fedora 20 to emit
	scary log messages at startup:

	2014-11-19 23:12:58.800+0000: 28906: error : virCommandWait:2532 : internal error: Child process (/usr/sbin/iptables -w -L -n) unexpected exit status 2: iptables v1.4.19.1: unknown option "-w"
	Try `iptables -h' or 'iptables --help' for more information.

	Since we are probing and expect to handle the case where -w is not
	supported, we should not let virCommand log it as an error.

	* src/util/virfirewall.c (virFirewallCheckUpdateLock): Handle
	non-zero status ourselves.

2014-11-20  Jiri Denemark  

	qemu: Really fix crash in tunnelled migration
	Oops, I forgot to squash one more instance of the same check in the
	previous commit (v1.2.10-144-g52691f9).

	https://bugzilla.redhat.com/show_bug.cgi?id=1147331

2014-11-20  Erik Skultety  

	virsh: Fix msg: blockjob is aborted from another client
	When a block{pull, copy, commit} is aborted via keyboard interrupt,
	the job is properly canceled followed by proper error message.
	However, when the job receives an abort from another client connected
	to the same domain, the error message incorrectly indicates that
	a blockjob has been finished successfully, though the abort request
	took effect. This patch introduces a new blockjob abort handler, which
	is registered when the client calls block{copy,commit,pull} routine,
	providing its caller the status of the finished blockjob.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1135442

2014-11-20  Jiri Denemark  

	qemu: Fix crash in tunnelled migration
	Any attempt to start a tunnelled migration with libvirtd that supports
	RDMA migration (specifically commit v1.2.8-226-ged22a47) crashes
	libvirtd on the destination host.

	The crash is inevitable because qemuMigrationPrepareAny is always called
	with NULL protocol in case of tunnelled migration.

	https://bugzilla.redhat.com/show_bug.cgi?id=1147331

2014-11-20  Eric Blake  

	maint: use portable shell
	Reported in https://bugzilla.redhat.com/show_bug.cgi?id=1165827;
	dash complains:

	checking for pkcheck... /usr/bin/pkcheck
	checking whether pkcheck supports uid value... yes
	./configure: 63906: test: xno: unexpected operator
	checking for dtrace... no

	* configure.ac: Use '=' not '==' in test.

2014-11-20  Michal Privoznik  

	qemu: Drop OVMF whitelist
	As discussed on the upstream list, it's better not to make this
	kind of predictions in libvirt. It may happen that qemu learns
	how to enable OVMF on other architectures too and we shouldn't
	try to chase that.

	qemu: Support OVMF on armv7l aarch64 guests
	Currently, we are whitelisting architectures, that we know how to run
	OVMF on. So far, only x86_64 was enabled. However, looking at qemu
	code, the same commandline can be used to enable OVMF for armv7l and
	aarch64.

2014-11-19  Eric Blake  

	maint: forbid 'int foo = true'
	I noticed this while working on qemuDomainGetBlockInfo.  Assigning
	a bool value to an int variable compiles fine, but raises red flags
	on the maintenance front as it becomes too easy to assign -1 or 2
	or any other non-bool value to the same variable.

	* cfg.mk (sc_prohibit_int_assign_bool): New rule.
	* src/conf/snapshot_conf.c (virDomainSnapshotRedefinePrep): Fix
	offenders.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo)
	(qemuDomainSnapshotCreateXML): Likewise.
	* src/test/test_driver.c (testDomainSnapshotAlignDisks):
	Likewise.
	* src/util/vircgroup.c (virCgroupSupportsCpuBW): Likewise.
	* src/util/virpci.c (virPCIDeviceBindToStub): Likewise.
	* src/util/virutil.c (virIsCapableVport): Likewise.
	* tools/virsh-domain-monitor.c (cmdDomMemStat): Likewise.
	* tools/virsh-domain.c (cmdBlockResize, cmdScreenshot)
	(cmdInjectNMI, cmdSendKey, cmdSendProcessSignal)
	(cmdDetachInterface): Likewise.

2014-11-19  Eric Blake  

	virdbus: don't force users to pass int for bool values
	Use of an 'int' to represent a 'bool' value is confusing.  Just
	because dbus made the mistake of cementing their 4-byte wire
	format of dbus_bool_t into their API doesn't mean we have to
	repeat the mistake.  With a little bit of finesse, we can
	guarantee that we provide a large-enough value to the DBus
	code, while still copying only the relevant one-byte bool
	to the client code, and isolate the rest of our code base from
	the DBus stupidity.

	* src/util/virdbus.c (GET_NEXT_VAL): Add parameter.
	(virDBusMessageIterDecode): Adjust all clients.
	* src/util/virpolkit.c (virPolkitCheckAuth): Use nicer type.
	* tests/virdbustest.c (testMessageSimple, testMessageStruct):
	Test new behavior.

2014-11-19  Chen Hanxiao  

	storage: wrap storage_driver.c to 80 columns

2014-11-19  Yohan BELLEGUIC  

	vbox: fix a bug in _machineStateInactive
	This function returned non-inactive domains instead of active
	domains.  This broke virConnectNumOfDefinedDomains() and
	virConnectListDefinedDomains() functions.

2014-11-19  Anirban Chakraborty  

	network: Add network bandwidth support to ethernet interfaces
	Ethernet interfaces in libvirt currently do not support bandwidth setting.
	For example, following xml file for an interface will not apply these
	settings to corresponding qdiscs.

	    
	      
	      
	      

	Device pci_0000_00_19_0 dettached

	Domain test started

	Device attached successfully

	error: Failed to start domain test2
	error: Requested operation is not valid: PCI device 0000:00:19.0 is in use by domain test

	[ -- 1th time --]
	Device pci_0000_00_19_0 re-attached

	[ -- 2th time --]
	Device pci_0000_00_19_0 re-attached

	[ -- 3th time --]
	Device pci_0000_00_19_0 re-attached

	[ -- 4th time --]
	Device pci_0000_00_19_0 re-attached

	[ -- 5th time --]
	Device pci_0000_00_19_0 re-attached

	clean up
	Domain test destroyed

	Device pci_0000_00_19_0 re-attached

	The patch also fixes another problem, there won't be error like
	"qemuDomainReAttachHostdevDevices: Not reattaching active
	device 0000:00:19.0" in daemon log if some device is in active.
	As pciResetDevice and pciReattachDevice won't be called for
	the device anymore. This is sensible as we already reported
	error when preparing the device if it's active. Blindly trying
	to pciResetDevice & pciReattachDevice on the device and getting
	an error is just redundant.

2011-12-15  Osier Yang  

	qemu: Honor the original properties of PCI device when detaching
	This patch fixes two problems:
	    1) The device will be reattached to host even if it's not
	       managed, as there is a "pciDeviceSetManaged".
	    2) The device won't be reattached to host with original
	       driver properly. As it doesn't honor the device original
	       properties which are maintained by driver->activePciHostdevs.

2011-12-15  Wen Congyang  

	spec: fix inverted logic on sanlock
	Commit d336dbdb tried to refactor sanlock to avoid building it
	on RHEL for architectures where it is not available, but used
	the wrong conditional.

	* libvirt.spec.in (with_sanlock): Use %ifarch, not %ifnarch.

2011-12-14  KAMEZAWA Hiroyuki  

	virsh: support multifunction in attach-disk
	PCI  can be specified by attach-disk but multifunction cannot
	be specified. Add --multifunction support.

2011-12-14  Eric Blake  

	docs: tweak 'virsh edit' wording
	I was wondering why 'virsh edit' didn't support the same
	'--inactive' option as 'virsh dumpxml'; reading the source
	code showed that --inactive was already implied, and that
	the only way to alter a running guest rather than affecting
	next boot is by hot-plugging individual devices, or by
	something complex like saving the guest and modifying the
	save image.

	* tools/virsh.pod (define, edit): Mention behavior when guest is
	already running.

2011-12-14  Peter Krempa  

	python: Fix export of virDomainSnapshotListChildrenNames
	Commit f2013c9dd1ce468b8620ee35c232a93ef7026fb0 added implementation of
	virDomainSnapshotListChildrenNames override export, but registration of
	the newly exported function was not added.

	 *python/libvirt-override.c: - register export of function

2011-12-14  Lei Li  

	Provide a helper method virDomainLiveConfigHelperMethod
	This chunk of code below repeated in several functions, factor it into
	a helper method virDomainLiveConfigHelperMethod to eliminate duplicated code
	based on Eric and Adam's suggestion. I have tested it for all the
	relevant APIs changed.

2011-12-13  Peter Krempa  

	virsh: Print error message if argument parsing fails for cmdNodesuspend
	If parsing of arguments failed, virsh did silently exit returning and
	error state, but not specifying the possible problem.

	 * tools/virsh: cmdNodesuspend: - error handling added

2011-12-13  Alex Jia  

	tests: plug memory leak on linuxTestNodeInfo
	Detected by valgrind. Leak introduced in commit 82ff25e.

	* tests/nodeinfotest.c: avoid memory leak on nodeinfo test case.

	* how to reproduce?
	  % cd tests && valgrind -v --leak-check=full ./nodeinfotest

	* actual valgrind result:

	==22147== 65 bytes in 1 blocks are definitely lost in loss record 14 of 29
	==22147==    at 0x4A0610F: realloc (vg_replace_malloc.c:525)
	==22147==    by 0x330D6FED94: __vasprintf_chk (in /lib64/libc-2.12.so)
	==22147==    by 0x426697: virVasprintf (stdio2.h:199)
	==22147==    by 0x426757: virAsprintf (util.c:1695)
	==22147==    by 0x41585F: linuxTestNodeInfo (nodeinfotest.c:108)
	==22147==    by 0x416B21: virtTestRun (testutils.c:141)
	==22147==    by 0x4157EA: mymain (nodeinfotest.c:140)
	==22147==    by 0x416217: virtTestMain (testutils.c:696)
	==22147==    by 0x330D61ECDC: (below main) (in /lib64/libc-2.12.so)
	==22147==
	==22147== LEAK SUMMARY:
	==22147==    definitely lost: 65 bytes in 1 blocks
	==22147==    indirectly lost: 0 bytes in 0 blocks
	==22147==      possibly lost: 0 bytes in 0 blocks
	==22147==    still reachable: 126,126 bytes in 1,341 blocks

2011-12-13  Osier Yang  

	storage: Fix a potential crash when creating vol object
	If the vol object is newly created, it increases the volumes count,
	but doesn't decrease the volumes count when do cleanup. It can
	cause libvirtd to crash when one trying to free the volume objects
	like:
	    for (i = 0; i < pool->volumes.count; i++)
	        virStorageVolDefFree(pool->volumes.objs[i]);

	It's more reliable if we add the newly created vol object in the
	end.

2011-12-13  Eric Blake  

	docs: document 
     elements in one place
	Improve the documentation of what forms a valid 
     element,
	since these elements appear in numerous devices.

	* docs/formatdomain.html.in (elementsAddress): New section.
	(elementsControllers, elementsUSB, elementsNICS, elementsInput)
	(elementsHub, elementsCharChannel, elementsSound): Refer to it.

2011-12-13  Eric Blake  

	build: follow directory install conventions
	Commit 4d9e51f6 fixed a 'make uninstall' failure, but failed
	to follow other conventions already present in src/Makefile.am.
	In particular, we prefer MKDIR_P over mkdir -p, and should
	have a matching rmdir during uninstall for every directory
	created during install (the idea being that uninstall in a
	DESTDIR should be clean, while installation in the final
	system should not fail with non-empty directories left behind).

	* tools/Makefile.am (install-sysconfig, install-initscript)
	(install-systemd): Use MKDIR_P.
	(uninstall-sysconfig, uninstall-initscript, uninstall-systemd):
	Also remove directories.
	* daemon/Makefile.am (install-data-local, install-data-polkit)
	(install-logrotate, install-sysconfig, install-sysctl)
	(install-init-redhat, install-init-upstart, install-init-systemd)
	(install-data-sasl): Use MKDIR_P.
	(uninstall-data-polkit, uninstall-sysconfig, uninstall-sysctl)
	(uninstall-init-redhat, uninstall-init-upstart)
	(uninstall-init-systemd): Also remove directory.
	(uninstall-logrotate): New rule.
	(uninstall-local): Add uninstall-logrotate.

2011-12-12  Jiri Denemark  

	qemu: Disable EOF processing during qemuDomainDestroy
	When destroying a domain qemuDomainDestroy kills its qemu process and
	starts a new job, which means it unlocks the domain object and locks it
	again after some time. Although the object is usually unlocked for a
	pretty short time, chances are another thread processing an EOF event on
	qemu monitor is able to lock the object first and does all the cleanup
	by itself. This leads to wrong shutoff reason and lifecycle event detail
	and virDomainDestroy API incorrectly reporting failure to destroy an
	inactive domain.

	Reported by Charlie Smurthwaite.

2011-12-12  Michal Privoznik  

	virsh: Free returned MIME type string
	In terms of documentation to virDomainScreenshot, caller MUST free
	returned value. But virsh was not.

2011-12-12  Osier Yang  

	Maint: Update AUTHORs
	Add Rommer in.

2011-12-12  Rommer  

	storage: Activate/deactivate logical volumes only on local node
	Current "-ay | -an" has problems on pool starting/refreshing if
	the volumes are clustered. Rommer has posted a patch to list 2
	months ago.

	https://www.redhat.com/archives/libvir-list/2011-October/msg01116.html

	But IMO we shouldn't skip the inactived vols. So this is a squashed
	patch by Rommer.

2011-12-12  Josh Durgin  

	security: don't try to label network disks
	Network disks don't have paths to be resolved or files to be checked
	for ownership. ee3efc41e6233e625aa03003bf3127319ccd546f checked this
	for some image label functions, but was partially reverted in a
	refactor.  This finishes adding the check to each security driver's
	set and restore label methods for images.

2011-12-12  Dave Allan  

	Fix make uninstall
	Make uninstall currently fails with the following message:

	rmdir /etc/sasl2/
	rmdir: failed to remove `/etc/sasl2/': Directory not empty

	That's fine (correct in fact) so force the command to return success
	with || :

2011-12-10  Laine Stump  

	test: replace deprecated "fedora-13" machine with "pc-0.13"
	One of the xml tests in the test suite was created using a
	now-deprecated qemu machine type ("fedora-13", which was only ever
	valid for Fedora builds of qemu). Although strictly speaking it's not
	necessary to replace it with an actual supported qemu machine type
	(since the xml in question is never actually sent to qemu), this patch
	changes it to the actually-supported "pc-0.13" just for general
	tidiness. (Also, on some Fedora builds which contain a special patch
	to rid the world of "fedora-13", having it mentioned in the test suite
	will cause make check to fail.)

2011-12-10  Laine Stump  

	network: don't add iptables rules for externally managed networks
	This patch addresses https://bugzilla.redhat.com/show_bug.cgi?id=760442

	When a network has any forward type other than route, nat or none, the
	network configuration should be done completely external to libvirt -
	libvirt only uses these types to allow configuring guests in a manner
	that isn't tied to a specific host (all the host-specific information,
	in particular interface names, port profile data, and bandwidth
	configuration is in the network definition, and the guest
	configuration only references it).

	Due to a bug in the bridge network driver, libvirt was adding iptables
	rules for networks with forward type='bridge' etc. any time libvirtd
	was restarted while one of these networks was active.

	This patch eliminates that error by only "reloading" iptables rules if
	forward type is route, nat, or none.

2011-12-10  Michael Ellerman  

	qemu: Prepare to cater for more general address assignment
	Currently qemuDomainAssignPCIAddresses() is called to assign addresses
	to PCI devices.

	We need to do something similar for devices with spapr-vio addresses.
	So create one place where address assignment will be done, that is
	qemuDomainAssignAddresses().

2011-12-10  Michael Ellerman  

	qemu: Add address in qemuBuildChrDeviceStr() on pseries
	For the PPC64 pseries machine type we need to add address information
	for the spapr-vty device.

	qemu: Use spapr-vscsi on pseries machine type
	On the PPC64 pseries machine type we need to use the spapr-vscsi device
	rather than an lsi.

2011-12-10  Eric Blake  

	network: allow '-' in model name
	In QEMU PPC64 we have a network device called "spapr-vlan". We can specify
	this using the existing syntax for network devices, however libvirt
	currently rejects "spapr-vlan" in virDomainNetDefParseXML() because of
	the "-". Fix the code to accept "-".

	* src/conf/domain_conf.c (virDomainNetDefParseXML): Allow '-' in
	model name, and be more efficient.
	* docs/schemas/domaincommon.rng: Limit valid model names to match code.
	Based on a patch by Michael Ellerman.

2011-12-10  Michal Privoznik  

	threadpool: Use while loop on virCondWait
	instead of simple 'if' statement as virCondWait can return
	even if associated condition was not signaled.

	threads: Document spurious wakeups on virCondWait

2011-12-10  Alex Jia  

	virsh: plug memory leak on cmdDomblklist
	Detected by valgrind. Leak introduced in commit 88a993b:

	* tools/virsh.c: fix memory leak on cmdDomblklist.

	* how to reproduce?
	  % valgrind -v --leak-check=full virsh domblklist 

	* actual valgrind result:

	==6573== 1,836 bytes in 1 blocks are definitely lost in loss record 110 of 124
	==6573==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==6573==    by 0x330D71497D: xdr_string (in /lib64/libc-2.12.so)
	==6573==    by 0x4D26CED: xdr_remote_nonnull_string (remote_protocol.c:30)
	==6573==    by 0x4D28138: xdr_remote_domain_get_xml_desc_ret (remote_protocol.c:1418)
	==6573==    by 0x4D3C0C2: virNetMessageDecodePayload (virnetmessage.c:382)
	==6573==    by 0x4D3279F: virNetClientProgramCall (virnetclientprogram.c:382)
	==6573==    by 0x4D0D50B: callWithFD (remote_driver.c:4339)
	==6573==    by 0x4D0D5AB: call (remote_driver.c:4360)
	==6573==    by 0x4D16EAF: remoteDomainGetXMLDesc (remote_client_bodies.h:861)
	==6573==    by 0x4CF9F4F: virDomainGetXMLDesc (libvirt.c:4098)
	==6573==    by 0x4154D9: cmdDomblklist (virsh.c:1722)
	==6573==    by 0x4149E2: vshCommandRun (virsh.c:16365)
	==6573==
	==6573== 46,009 (352 direct, 45,657 indirect) bytes in 1 blocks are definitely lost in loss record 123 of 124
	==6573==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==6573==    by 0x3318286DC6: xmlXPathNewContext (in /usr/lib64/libxml2.so.2.7.6)
	==6573==    by 0x4C79AE2: virXMLParseHelper (xml.c:779)
	==6573==    by 0x415512: cmdDomblklist (virsh.c:1726)
	==6573==    by 0x4149E2: vshCommandRun (virsh.c:16365)
	==6573==    by 0x427743: main (virsh.c:17867)
	==6573==
	==6573== LEAK SUMMARY:
	==6573==    definitely lost: 2,188 bytes in 2 blocks
	==6573==    indirectly lost: 45,657 bytes in 332 blocks
	==6573==      possibly lost: 0 bytes in 0 blocks
	==6573==    still reachable: 128,034 bytes in 1,364 blocks
	==6573==         suppressed: 0 bytes in 0 blocks

2011-12-10  Stefan Berger  

	fix error when parsing ppc64 models on x86 host
	When parsing ppc64 models on an x86 host an out-of-memory error message is displayed due
	to it checking for retcpus being NULL. Fix this by removing the check whether retcpus is NULL
	since we will realloc into this variable.
	Also in the X86 model parser display the OOM error at the location where it happens.

2011-12-10  Stefan Berger  

	fix memory leak in src/nodeinfo.c
	Fix memory leak:

	==27534== 24 bytes in 1 blocks are definitely lost in loss record 207 of 530
	==27534==    at 0x4A05E46: malloc (vg_replace_malloc.c:195)
	==27534==    by 0x38EC26EC37: vasprintf (in /lib64/libc-2.13.so)
	==27534==    by 0x4E998E6: virVasprintf (util.c:1677)
	==27534==    by 0x4E999F1: virAsprintf (util.c:1695)
	==27534==    by 0x4F1EAAC: nodeGetInfo (nodeinfo.c:593)
	==27534==    by 0x47948F: qemuCapsInitCPU (qemu_capabilities.c:855)
	==27534==    by 0x4796B1: qemuCapsInit (qemu_capabilities.c:915)
	==27534==    by 0x456550: qemuCreateCapabilities (qemu_driver.c:245)
	==27534==    by 0x4578C4: qemudStartup (qemu_driver.c:580)
	==27534==    by 0x4F20886: virStateInitialize (libvirt.c:852)
	==27534==    by 0x420E55: daemonRunStateInit (libvirtd.c:1156)
	==27534==    by 0x4E94C56: virThreadHelper (threads-pthread.c:157)

	Mark this leaked variable as const char * when it is passed into another
	function.

2011-12-09  Michal Privoznik  

	threadpool: Don't wait on condition if pool has no workers
	Pool creates new workers dynamically. However, it is possible
	for a pool to have no workers. If we want to free that pool,
	we don't want to wait on quit condition as it will never be
	signaled.

2011-12-09  Jiri Denemark  

	bridge: Fix forward delay APIs
	Due to copy&paste error in c1df2c14b590b3d68b707aa4f3a570f95a6bc548,
	virNetDevBridge[SG]etSTPDelay APIs were accessing wrong file.

2011-12-09  Peter Krempa  

	cpu: Add cpu flags supported by newest qemu
	Add support for newly supported Intel cpu features. Newly supported
	flags are: pclmuldq, dtes64, smx, fma, pdcm, movbe, xsave, osxsave and
	avx. This adds support for Intel's Sandy Bridge platform.

	virsh: return correct value from cmdDomIfGetLink
	Reported by Alex Jia . Function cmdDomIfGetLink did not
	set a success return value on success path.

2011-12-09  Stefan Berger  

	Pass the VM's UUID into the nwfilter subsystem
	A preparatory patch for DHCP snooping where we want to be able to
	differentiate between a VM's interface using the tuple of
	. We assume that MAC addresses could
	possibly be re-used between different networks (VLANs) thus do not only
	want to rely on the MAC address to identify an interface.

	At the current 'final destination' in virNWFilterInstantiate I am leaving
	the vmuuid parameter as ATTRIBUTE_UNUSED until the DHCP snooping patches arrive.
	(we may not post the DHCP snooping patches for 0.9.9, though)

	Mostly this is a pretty trivial patch. On the lowest layers, in lxc_driver
	and uml_conf, I am passing the virDomainDefPtr around until I am passing
	only the VM's uuid into the NWFilter calls.

2011-12-09  Stefan Berger  

	nwfilter: cleanup return codes in nwfilter subsystem
	This patch cleans up return codes in the nwfilter subsystem.

	Some functions in nwfilter_conf.c (validators and formatters) are
	keeping their bool return for now and I am converting their return
	code to true/false.

	All other functions now have failure return codes of -1 and success
	of 0.

	[I searched for all occurences of ' 1;' and checked all 'if ' and
	adapted where needed. After that I did a grep for 'NWFilter' in the source
	tree.]

2011-12-09  Alex Jia  

	virsh: plug memory leak on cmdDomIfGetLink() sucessful path
	Detected by valgrind. Leak introduced in commit dc675f3:

	* tools/virsh.c: fix memory leak on cmdDomIfGetLink.

	* how to reproduce?
	  % valgrind -v --leak-check=full virsh domif-getlink  0

	* actual valgrind result:

	==13102== 18 bytes in 1 blocks are definitely lost in loss record 9 of 47
	==13102==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==13102==    by 0x322A6A67DD: xmlStrndup (in /usr/lib64/libxml2.so.2.7.6)
	==13102==    by 0x414892: cmdDomIfGetLink (virsh.c:1538)
	==13102==    by 0x4136A2: vshCommandRun (virsh.c:16363)
	==13102==    by 0x4253FB: main (virsh.c:17865)
	==13102==
	==13102== LEAK SUMMARY:
	==13102==    definitely lost: 18 bytes in 1 blocks
	==13102==    indirectly lost: 0 bytes in 0 blocks
	==13102==      possibly lost: 0 bytes in 0 blocks
	==13102==    still reachable: 127,888 bytes in 1,361 blocks
	==13102==         suppressed: 0 bytes in 0 blocks

2011-12-09  Alex Jia  

	virsh: plug memory leak on cmdBlkdeviotune() sucessful path
	Detected by valgrind. Leak introduced in commit e9bd9a0:

	* tools/virsh.c: fix memory leak on cmdBlkdeviotune.

	* how to reproduce?
	  % valgrind -v --leak-check=full virsh blkdeviotune  

	* actual valgrind result:

	==12759== 576 bytes in 1 blocks are definitely lost in loss record 18 of 29
	==12759==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==12759==    by 0x42134E: _vshCalloc.clone.2 (virsh.c:422)
	==12759==    by 0x4217CB: cmdBlkdeviotune (virsh.c:6364)
	==12759==    by 0x4136A2: vshCommandRun (virsh.c:16363)
	==12759==    by 0x4253FB: main (virsh.c:17865)
	==12759==
	==12759== LEAK SUMMARY:
	==12759==    definitely lost: 576 bytes in 1 blocks
	==12759==    indirectly lost: 0 bytes in 0 blocks
	==12759==      possibly lost: 0 bytes in 0 blocks
	==12759==    still reachable: 126,964 bytes in 1,342 blocks
	==12759==         suppressed: 0 bytes in 0 blocks

2011-12-09  Eric Blake  

	maint: allow bootstrap in a sandbox
	Jiri Denemark reported an instance of bootstrapping libvirt
	failing when run inside a sandbox, traced to rpm trying to
	access /var/ which was not permitted by the sandbox.

	Alex Jia reported that 0.9.8-rc1 failed to bootstrap if patch(1)
	is not installed.

	* bootstrap.conf (buildreq): Avoid rpm call if python-config
	exists.  Also, require patch, in case we have gnulib-local diffs.

2011-12-09  Laine Stump  

	test: fix potential lock corruption in test driver
	In some error situations, the function testDomainRestoreFlags() could
	unlock the test driver mutex without first locking it. This patch
	moves the lock operation earlier, so that it occurs before any
	potential jump down to the unlock call.

	I found this problem while auditing the test driver lock usage to
	determine the cause of a hang while running the following test:

	  cd tests; while true; do printf x; ./undefine; done

	This patch *does not* solve that problem, but we now understand its
	actual source, and danpb is working on a patch.

2011-12-09  Eric Blake  

	spec: fix logic bug in deciding to turn on cgconfig
	https://bugzilla.redhat.com/show_bug.cgi?id=738725

	Commit ecd8725 tried to silence a spurious warning on the initial
	libvirt install, and commit ba6cbb1 tried to fix up the logic to the
	correct Fedora version, but the warning was still present due to a
	logic bug: since %{fedora} and %{rhel} are never simulatanously
	set, then 0%{rhel} <= 6 made the %if always true.  Checking for
	minimum versions (via >=) is okay, but checking for maximum versions
	(via <=) requires a prerequisite test that the platform being tested
	is non-zero.

	Also fix a bogus setting of with_libxl (although we previously
	hard-code with_libxl to 0 for rhel earlier in the file, so this
	was not as severe a bug).

	* libvirt.spec.in (with_cgconfig): Don't enable cgconfig on F16.

2011-12-09  Eric Blake  

	spec: make it easier to autoreconf when building rpm
	Over time, Fedora and RHEL RPMs have often backported upstream
	patches that touched configure.ac and/or Makefile.am; this
	necessitates rerunning the autotools for the patch to be effective.
	Making this a one-liner spec tweak will make it easier for future
	backports to pull patches without having to find all the places
	to touch to properly use the autotools.  Meanwhile, there have been
	historical instances where an update in the autotools caused FTBFS
	situations, so this is not on by default.

	* libvirt.spec.in (enable_autotools): New variable, default off.
	(BuildRequires): Conditionally add autotools.
	(%build): Conditionally use them before configure.
	* mingw32-libvirt.spec.in: Likewise.

2011-12-08  Daniel P. Berrange  

	When checking nttyFDs to see if it is != 1, be sure to use '1' and not '-1'
	* src/lxc/lxc_controller.c: Fix check for tty count

2011-12-08  Daniel P. Berrange  

	Fix installation of libvirt-guests.service
	The installation rules for the libvirt-guests.service were
	totally broken

	 - Installing in the wrong location
	 - The location was not overridable
	 - The install-systemd rule was not invoked anywhere
	 - The install-systemd rule was not invoking install-initscript
	   which it depends on
	 - The installed service file lacked a .service extension

	* tools/Makefile.am: Fix install of libvirt-guests.service

2011-12-08  Daniel P. Berrange  

	Ensure to prefix %{buildroot} when overriding systemd install location
	The %makeinstall macro does not set DESTDIR, instead of explicitly
	prefixes %{buildroot} onto all paths. Thus we need to do the same
	when setting the systemd unit dir

	* libvirt.spec.in: Prefix %{buildroot} onto %{unitdir}

2011-12-08  Bharata B Rao  

	Add ppc64 specific definitions to domain.rng
	ppc64 as new arch type and pseries as new machine type are
	added under  ...  .

2011-12-08  Prerna Saxena  

	Clean up qemuBuildCommandLine to remove x86-specific
	 assumptions from generic code.

	This implements the minimal set of changes needed in libvirt to launch a
	PowerPC-KVM based guest.
	It removes x86-specific assumptions about choice of serial driver backend
	from generic qemu guest commandline generation code.
	It also restricts the ACPI capability to be available for an x86 or
	x86_64 domain.
	This is not a complete solution -- it still does not guarantee libvirt
	the capability to flag non-supported options in guest XML. (Eg, an ACPI
	specification in a PowerPC guest XML will still get processed, even
	though qemu-system-ppc64 does not support it while qemu-system-x86_64 does.)
	This drawback exists because libvirt falls back on qemu to query supported
	features, and qemu '-h' blindly lists all capabilities -- irrespective
	of whether they are available while emulating a given architecture or not.
	The long-term solution would be for qemu to list out capabilities based
	on architecture and platform -- so that libvirt can cleanly make out what
	devices are supported on an arch (say 'ppc64') and platform (say, 'mac99').

2011-12-08  Prerna Saxena  

	Add support for ppc64 qemu
	This enables libvirt to select the correct qemu binary (qemu-system-ppc64)
	for a guest vm based on arch 'ppc64'.
	Also, libvirt is enabled to correctly parse the list of supported PowerPC
	CPUs, generated by running 'qemu-system-ppc64 -cpu ?'

	Acked-by: Stefan Berger 

2011-12-08  Prerna Saxena  

	Modify the tests/nodeinfotest.c to use sysfs in addition
	 to proc/cpuinfo

	This patch creates a new sysfs hierarchy under
	tests/nodeinfodata/linux-nodeinfo-sysfs-test-1.
	Output files and /proc/cpuinfo files are also respectively added for
	both x86 and ppc64.

2011-12-08  Prerna Saxena  

	Use sysfs to gather host topology, in place of
	 /proc/cpuinfo

	Libvirt at present depends on /proc/cpuinfo to gather host
	details such as CPUs, cores, threads, etc. This is an architecture-
	dependent approach. An alternative is to use 'Sysfs', which provides
	a platform-agnostic interface to parse host CPU topology.

2011-12-08  Christophe Fergeau  

	maint: move my name to commiters
	Since I have commit rights on libvirt-glib, I can also push to
	libvirt, Eric Blake told to move my name up to committers to better
	reflect reality.

2011-12-08  Daniel Veillard  

	Release of libvirt-0.9.8
	* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
	* po/*.po*: fetched localization update and regenerated

2011-12-08  Eric Blake  

	spec: don't use chkconfig --list
	https://bugzilla.redhat.com/show_bug.cgi?id=694403 reports that
	the specfile is incorrectly checking for a running libvirt-guests
	service.  For example,

	$ LC_ALL=es_ES chkconfig --list libvirt-guests
	libvirt-guests 	  0:desactivado		 1:desactivado	   2:desactivado     3:activo	 4:activo  5:activo	    6:desactivado

	will fail to find 5:on, even though it is active.  But chkconfig
	already has a mode where you can silently use the exit status to
	check for an active service.

	* libvirt.spec.in (%post): Use simpler chkconfig options, to avoid
	issues with localization.

2011-12-08  Eric Blake  

	build: fix build with older libxml2
	On RHEL 5, with libxml2-2.6.26, the build failed with:
	virsh.c: In function 'vshNodeIsSuperset':
	virsh.c:11951: warning: implicit declaration of function 'xmlChildElementCount'

	(or if warnings aren't errors, a link failure later on).

	* src/util/xml.h (virXMLChildElementCount): New prototype.
	* src/util/xml.c (virXMLChildElementCount): New function.
	* src/libvirt_private.syms (xml.h): Export it.
	* tools/virsh.c (vshNodeIsSuperset): Use it.

2011-12-08  Daniel P. Berrange  

	Fix updating of haveTheBuck in RPC client to be race-free
	When one thread passes the buck to another thread, it uses
	virCondSignal to wake up the target thread. The variable
	'haveTheBuck' is not updated in a race-free manner when
	this occurs. The current thread sets it to false, and the
	woken up thread sets it to true. There is a window where
	a 3rd thread can come in and grab the buck.

	Even if this didn't lead to crashes & deadlocks, this would
	still result in unfairness in the buckpassing algorithm.

	A better solution is to *never* set haveTheBuck to false
	when we're passing the buck. Only set it to false when there
	is no further thread waiting for the buck.

	* src/rpc/virnetclient.c: Only set haveTheBuck to false
	  if no thread is waiting

2011-12-08  Daniel P. Berrange  

	Revert fd066925440ba48acc95d8f31b2c98b1cc9d582d
	Commit fd066925440ba48acc95d8f31b2c98b1cc9d582d tried to fix
	a race condition in

	  commit fa9595003d043df9f2efe95521c00898cef27106
	  Author: Daniel P. Berrange 
	  Date:   Fri Nov 11 15:28:41 2011 +0000

	    Explicitly track whether the buck is held in remote client

	Unfortunately there is a second race condition whereby the
	event loop can trigger due to incoming data to read. Revert
	this fix, so a complete fix for the problem can be cleanly
	applied

	* src/rpc/virnetclient.c: Revert fd066925440ba48acc95d8f31b2c98b1cc9d582d

2011-12-08  Jim Fehlig  

	Prevent crash of libvirtd when attaching to existing qemu process
	With security_driver set to "none" in /etc/libvirt/qemu.conf,
	libvirtd would crash when attempted to attach to an existing
	qemu process.  Only copy the security model if it actually exists.

2011-12-08  Christophe Fergeau  

	Add documentation for 

	Fix typo in virDomainResume API doc
	It's referring to virSuspendDomain instead of
	virDomainSuspend.

2011-12-07  Jiri Denemark  

	qemu: Ignore shutdown event from destroyed domain
	During virDomainDestroy, QEMU may emit SHUTDOWN event as a response to
	SIGTERM and since domain object is still locked, the event is processed
	after the domain is destroyed. We need to ignore this event in such case
	to avoid changing domain state from shutoff to shutdown.

2011-12-07  Osier Yang  

	npiv: Expose fabric_name outside
	This patch is to expose the fabric_name of fc_host class, which
	might be useful for users who wants to known which fabric the
	(v)HBA connects to.

	The patch also adds the missed capabilities' XML schema of scsi_host,
	(of course, with fabric_wwn added), and update the documents
	(docs/formatnode.html.in)

2011-12-07  Daniel P. Berrange  

	Conditionalize daemonPath decl for Win32 which lacks UNIX sockets

2011-12-07  Daniel P. Berrange  

	Improve error reporting when libvirtd is not installed
	Currently if you try to connect to a local libvirtd when
	libvirtd is not in $PATH, you'll get an error

	  error: internal error invalid use of command API

	This is because remoteFindDaemonPath() returns NULL, which
	causes us to pass NULL into virNetSocketConnectUNIX which
	in turn causes us to pass NULL into virCommandNewArgList.

	Adding missing error checks improves this to

	  error: internal error Unable to locate libvirtd daemon in $PATH

	* src/remote/remote_driver.c: Report error if libvirtd
	  cannot be found
	* src/rpc/virnetsocket.c: Report error if caller requested
	  spawning of daemon, but provided no binary path

2011-12-06  Eric Blake  

	spec: fix sanlock dependency
	* libvirt.spec.in (with_sanlock): On RHEL, don't force sanlock
	on architectures where it isn't available.

2011-12-06  Eric Blake  

	spec: add dmidecode as prereq
	https://bugzilla.redhat.com/show_bug.cgi?id=754909 complains that
	because libvirt didn't require dmidecode, that the logs are noisy
	and virConnectGetSysinfo needlessly fails.  Even 'virt-what' requires
	dmidecode, so it's not that onerous of a dependency.  We may be
	able to drop this in the future when we move to parsing sysfs data,
	but for now, listing the dependency will help matters.

	* libvirt.spec.in (Requires): Sort Requires before BuildRequires.
	Add dmidecode.

2011-12-06  Eric Blake  

	build: reduce warnings from older gcc
	Older gcc warns (on every file!) that -Wabi and -Wdeprecated only
	make sense on C++ projects.  Newer gcc accepts these warnings for
	C, but it is not clear that they can do anything useful, so it
	is easier to just drop the warnings altogether.

	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Silence
	-Wabi and -Wdeprecated on older gcc.
	Reported by Peter Krempa.

2011-12-06  Jiri Denemark  

	examples: Update event tests for shutdown event

2011-12-05  Daniel P. Berrange  

	Fix incorrect symbols for virtime.h module breaking Mingw32
	The Mingw32 linker highlighted that the symbols for virtime.h
	declared in libvirt_private.syms were incorrect

	* src/libvirt_private.syms: Fix virtime.h symbols

2011-12-05  Jiri Denemark  

	qemu: Rework handling of shutdown event
	When QEMU guest finishes its shutdown sequence, qemu stops virtual CPUs
	and when started with -no-shutdown waits for us to kill it using
	SGITERM. Since QEMU is flushing its internal buffers, some time may pass
	before QEMU actually dies. We mistakenly used "paused" state (and
	events) for this which is quite confusing since users may see a domain
	going to pause while they expect it to shutdown. Since we already have
	"shutdown" state with "the domain is being shut down" semantics, we
	should use it for this state.

	However, the state didn't have a corresponding event so I created one
	and called its detail as VIR_DOMAIN_EVENT_SHUTDOWN_FINISHED (guest OS
	finished its shutdown sequence) with the intent to add
	VIR_DOMAIN_EVENT_SHUTDOWN_STARTED in the future if we have a
	sufficiently capable guest agent that can notify us when guest OS starts
	to shutdown.

2011-12-05  Guido Günther  

	remote_driver: don't fail if keepalive check fails
	Otherwise connections to older libvirt abort with:

	$ virsh -c qemu+ssh://host.example.com/system list
	error: invalid connection pointer in virDrvSupportsFeature
	error: failed to connect to the hypervisor

	Tested against 0.8.3 and 0.9.8-rc2.

2011-12-05  Jiri Denemark  

	Add support for QEMU 1.0

2011-12-05  Peter Krempa  

	python: Expose binding for virNodeGetMemoryStats()
	This patch adds binding for virNodeGetMemoryStats method of libvirtd.
	Return value is represented as a python dictionary mapping field
	names to values.

	python: Expose binding for virNodeGetCPUStats()
	This patch adds binding for virNodeGetCPUStats method of libvirtd.
	Return value is represented as a python dictionary mapping field names
	to values.

2011-12-04  Eric Blake  

	maint: fix improper use of 'an'
	https://bugzilla.redhat.com/show_bug.cgi?id=648855 mentioned a
	misuse of 'an' where 'a' is proper; that has since been fixed,
	but a search found other problems (some were a spelling error for
	'and', while most were fixed by 'a').

	* daemon/stream.c: Fix grammar.
	* src/conf/domain_conf.c: Likewise.
	* src/conf/domain_event.c: Likewise.
	* src/esx/esx_driver.c: Likewise.
	* src/esx/esx_vi.c: Likewise.
	* src/rpc/virnetclient.c: Likewise.
	* src/rpc/virnetserverprogram.c: Likewise.
	* src/storage/storage_backend_fs.c: Likewise.
	* src/util/conf.c: Likewise.
	* src/util/dnsmasq.c: Likewise.
	* src/util/iptables.c: Likewise.
	* src/xen/xen_hypervisor.c: Likewise.
	* src/xen/xend_internal.c: Likewise.
	* src/xen/xs_internal.c: Likewise.
	* tools/virsh.c: Likewise.

2011-12-04  Eric Blake  

	build: require more tools from maintainers
	We want our tarballs to be complete - this means that any
	generated file that gets shipped as part of the tarball so that
	ordinary users don't have to rebuild it must be something
	that the maintainer can generate.  There have been various
	reports of random build failures when using libvirt.git
	instead of a tarball, and often it is due to missing a
	maintainer-specific tool to produce one of these generated
	files.  This patch raises the bar for what you must have
	installed to build libvirt.git, but does not impact what
	you can get away with for building tarballs.

	Note: It still remains possible to do a successful 'make dist'
	without these tools, when starting from a release tarball.

	* bootstrap.conf (buildreq): Add tools that maintainers need for a
	successful 'make dist' from a fresh git checkout.

2011-12-04  Eric Blake  

	command: handle empty buffer argument correctly
	virBufferContentAndReset (intentionally) returns NULL for a buffer
	with no content, but it is feasible to invoke a command with an
	explicit empty string.

	* src/util/command.c (virCommandAddEnvBuffer): Reject empty string.
	(virCommandAddArgBuffer): Allow explicit empty argument.
	* tests/commandtest.c (test9): Test it.
	* tests/commanddata/test9.log: Adjust.

2011-12-04  Eric Blake  

	build: fix build on Cygwin
	The RPC fixups needed on Linux are also needed on cygwin, and
	worked without further tweaking to the list of fixups.  Also,
	unlike BSD, Cygwin exports 'struct ifreq', but unlike Linux,
	Cygwin lacks the ioctls that we were using 'struct ifreq' to
	access.  This patch allows compilation under cygwin.

	* src/rpc/genprotocol.pl: Also perform fixups on cygwin.
	* src/util/virnetdev.c (HAVE_STRUCT_IFREQ): Also require AF_PACKET
	definition.
	* src/util/virnetdevbridge.c (virNetDevSetupControlFull): Only
	compile if SIOCBRADDBR works.

2011-12-03  Eric Blake  

	build: fix build at -O2 on rawhide
	I had previously tested commit 059d746 with -O intentionally omitted
	from my CFLAGS; but that means that I missed out on this warning
	from gcc 4.6.2 when optimizations are enabled:

	util/buf.c: In function 'virBufferGetIndent':
	util/buf.c:86:1: error: function might be candidate for attribute 'pure' [-Werror=suggest-attribute=pure]

	While it is probably a good idea to add the attributes and silence
	this warning, it's also invasive; 'make -k' found more than 75 such
	complaints.  And it doesn't help that gcc 4.6.2 is still buggy
	(coreutils reported a case where gcc 4.6.2 incorrectly suggested
	marking a function pure that incremented a global variable; fixed
	in gcc 4.7).  So the best fix for now is to disable the warning.

	It also doesn't help that I stumbled across another problem - gcc
	documents that -Wsuggest-attribute=pure only warns if you use -O,
	or if you use -fipa-pure-const.  But in practice, when I omitted -O
	but added -fipa-pure-const, the warnings are fickle - I got warnings
	for simple compilation that disappeared when I also added -fPIC.
	And the way libtool compiles things is with -fPIC first, then without
	-fPIC but with errors sent to /dev/null - which meant that without
	disabling -Wsuggest-attribute=pure, I got a compile error with no
	message.  :(  See http://debbugs.gnu.org/cgi/bugreport.cgi?bug=10197

	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Silence
	-Wsuggest-attribute warnings for now.

2011-12-03  Serge Hallyn  

	apparmor: allow tunnelled migrations.
	The pathname for the pipe for tunnelled migration is unresolvable.  The
	libvirt apparmor driver therefore refuses access, causing migration to
	fail.  If we can't resolve the path, the worst that can happen is that
	we should have given permission to the file but didn't.  Otherwise
	(especially since this is a /proc/$$/fd/N file) the file is already open
	and libvirt won't be refused access by apparmor anyway.

	Also adjust virt-aa-helper to allow access to the
	*.tunnelmigrate.dest.name files.

	For more information, see https://launchpad.net/bugs/869553.

2011-12-02  Peter Krempa  

	client: Check if other thread claims it has the buck before claiming it.
	Originaly, the code checked if another client is the queue and infered
	ownership of the buck from that. Commit fa9595003d043df9f2efe95521c008
	added a separate variable to track the buck. That caused, that a new
	call might enter claiming it has the buck, while another thread was
	signalled to take the buck. This ends in two threads claiming they hold
	the buck and entering poll(). This happens due to a race on waking up
	threads on the client lock mutex.

	This caused multi-threaded clients to hang, most prominently visible and
	reproducible on python based clients, like virt-manager.

	This patch causes threads, that have been signalled to take the buck to
	re-check if buck is held by another thread.

2011-12-02  Stefan Berger  

	Update of filters to handle multiple IP addresses
	With fragments borrowed from David Steven's previous submission and some
	further modifications:

	A set of modifications to filters to handle multiple IP addresses
	(and MAC addresses) per interface.

	Also:
	- enable DHCP traffic from VM to any DHCP server
	- will require an update to a libvirt-tck data file

2011-12-02  Eric Blake  

	virsh: translate net-info help
	Reported by kato.tomoyuki@jp.fujitsu.com at
	https://bugzilla.redhat.com/show_bug.cgi?id=749564

	* tools/virsh.c (info_network_info): Mark string for translation.

2011-12-02  Eric Blake  

	maint: typo fixes
	Many of these were mentioned by Yuri Chornoivan in:
	https://bugzilla.redhat.com/show_bug.cgi?id=669506

	* src/esx/esx_vi.c (esxVI_WaitForTaskCompletion): Fix spelling.
	* src/conf/netdev_vport_profile_conf.c
	(virNetDevVPortProfileParse): Likewise.
	* src/xen/xend_internal.c (xenDaemonDomainSetVcpusFlags):
	Likewise.
	* src/xen/xm_internal.c (xenXMDomainSetVcpusFlags): Likewise.
	* src/esx/esx_util.c (esxUtil_ResolveHostname): Likewise.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemBuild): Likewise.
	* daemon/libvirtd.conf: Likewise.
	* src/util/logging.c (virLogMessage): Likewise.
	* src/uml/uml_conf.c (umlBuildCommandLineNet): Likewise.
	* src/vmx/vmx.c (virVMXFormatEthernet): Likewise.

2011-12-02  Eric Blake  

	build: update to latest gnulib
	* .gnulib: Update to latest, for improved 'make syntax-check' and
	compiler warnings.
	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS):
	Re-silence -Wformat-nonliteral.
	* cfg.mk (_test_script_regex): Recognize our test scripts.
	* gnulib/local/lib/*.diff: Drop, now that gnulib has this.
	* tests/virsh-optparse: Fix use of compare.
	* tests/virsh-schedinfo: Likewise.

2011-12-02  Eric Blake  

	build: properly skip tests
	I got this failure on FreeBSD:

	shunloadtest.c: In function 'main':
	shunloadtest.c:150: error: 'EXIT_AM_SKIP' undeclared (first use in this function)

	but inspection showed several other problems, all fixed here.

	* tests/domainsnapshotxml2xmltest.c [!WITH_QEMU]: Ensure
	EXIT_AM_SKIP is defined.
	* tests/esxutilstest.c [!WITH_ESX]: Likewise.
	* tests/openvzutilstest.c [!WITH_OPENVZ]: Likewise.
	* tests/qemuargv2xmltest.c [!WITH_QEMU]: Likewise.
	* tests/qemuhelptest.c [!WITH_QEMU]: Likewise.
	* tests/qemuxml2argvtest.c [!WITH_QEMU]: Likewise.
	* tests/qemuxml2xmltest.c [!WITH_QEMU]: Likewise.
	* tests/qemuxmlnstest.c [!WITH_QEMU]: Likewise.
	* tests/shunloadtest.c [!linux]: Likewise.
	* tests/vmx2xmltest.c [!WITH_VMX]: Likewise.
	* tests/xml2vmxtest.c [!WITH_VMX]: Likewise.

2011-12-02  Daniel P. Berrange  

	Avoid crash in shunloadtest
	For unknown reasons, the shunloadtest will crash on Fedora 16
	inside dlopen()

	 (gdb) bt
	 #0  0x00000000000050e6 in ?? ()
	 #1  0x00007ff61a77b9d5 in floor () from /lib64/libm.so.6
	 #2  0x00007ff61e522963 in _dl_relocate_object () from /lib64/ld-linux-x86-64.so.2
	 #3  0x00007ff61e5297e6 in dl_open_worker () from /lib64/ld-linux-x86-64.so.2
	 #4  0x00007ff61e525006 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
	 #5  0x00007ff61e52917a in _dl_open () from /lib64/ld-linux-x86-64.so.2
	 #6  0x00007ff61e0f6f26 in dlopen_doit () from /lib64/libdl.so.2
	 #7  0x00007ff61e525006 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
	 #8  0x00007ff61e0f752f in _dlerror_run () from /lib64/libdl.so.2
	 #9  0x00007ff61e0f6fc1 in dlopen@@GLIBC_2.2.5 () from /lib64/libdl.so.2
	 #10 0x0000000000400a15 in main (argc=, argv=) at shunloadtest.c:105

	Changing from RTLD_NOW to RTLD_LAZY avoids this problem,
	but quite possibly does not fix the root cause.

	* shunloadtest.c: s/NOW/LAZY/

2011-12-02  Daniel P. Berrange  

	Fix build for platforms lacking struct ifreq
	This ought to fix the build if you have net/if.h but do
	not have struct ifreq

	* configure.ac: Check for struct ifreq in net/if.h
	* src/util/virnetdev.c: Conditionalize to avoid use of
	  struct ifreq if it does not exist

2011-12-02  Eric Blake  

	build: fix 'make dist' without dtrace
	probes.h can only be generated on Linux, and then only with dtrace
	installed.  If it is part of the tarball, then either 'make dist'
	will fail if you don't have that setup, or we would have to start
	keeping probes.h in libvirt.git.  Since we only need it to be
	generated when dtrace is in use, it's better to avoid shipping
	it in the first place, and avoid tracking it in git.

	Meanwhile, there is a build dependency - since the RPC code is
	generated, it can be built early; but when dtrace is enabled, we
	must ensure probes.h is built even earlier.  Commit 1afcfbdd tried
	to fix this, but did so in a way that added probes.h into the
	tarball, and broke VPATH as well.  Commit ecbca767 fixed VPATH,
	but didn't fix the more fundamental problem.  This patch solves
	the issue by adding a dependency instead.

	Tested with 'make dist' in a clean VPATH builds, for both
	'./configure --without-dtrace' and './configure --with-dtrace';
	all configurations were able to correctly build a tarball, and
	the dtrace configuration no longer sticks probes.h in the tarball.

	* src/Makefile.am (REMOTE_DRIVER_GENERATED): Don't ship probes.h;
	rather, make it a dependency.

2011-12-01  Lei Li  

	Fix a logic error for setting block I/O
	Fix a logic error, the initial value of ret = -1, if just set --config,
	it will goto endjob directly without doing its really job here.

2011-12-01  Daniel P. Berrange  

	Don't use undocumented __isleap macro
	The glibc time.h header has an undocumented __isleap macro
	that we are using. Since it is undocumented & does not appear
	on any other OS, stop using it and just define the macro in
	libvirt code instead.

	* src/util/virtime.c: Remove __isleap usage

2011-12-01  Michal Privoznik  

	virsh: Allow other escape characters for console
	Currently virsh supports only ^] as escape character for console.
	However, some users might want to use something else. This patch
	creates such ability by specifying '-e' switch on virsh command
	line.

2011-12-01  Peter Krempa  

	bridge_driver: Don't define network if XML contains more IPv4 adreses.
	Only one IPv4 DHCP definition is supported. Originally the code checked
	for a multiple definition and returned an error, but the new domain
	definition was already added to networks. This patch moves the check
	before the newly defined network is added to active networks.

	 *src/network/bridge_driver.c: networkDefine(): - move multiple IPv4
	                                                  addresses check before
	                                                  definition is used.

2011-12-01  Eric Blake  

	spec: mark directories in /var/run as ghosts
	We have several directories that are created on the fly, and which
	only contain state relevant to a running libvirtd process (all
	located in /var/run).  Since the directories are created as needed,
	and make no sense without a running libvirtd, we want them deleted
	if libvirt is uninstalled.  And in F15 and newer, /var/run is on
	tmpfs (forcing us to recreate on the fly); which means that someone
	trying to verify a complete rpm will fail if the directory does not
	currently exist because libvirtd has not been started since boot.
	The solution, then, is to mark the directories as %ghost, so that
	rpm knows that we own them and will clean it up if libvirt is
	uninstalled, but will no longer create the directory for us at
	install, nor complain at verify time if the directory does not exist.

	See https://bugzilla.redhat.com/show_bug.cgi?id=656611.

	* libvirt.spec.in (%files): Add %ghost to temporary directories
	that we don't install, but want cleaned up on libvirt removal.

2011-12-01  Jiri Denemark  

	virsh: Fix possible deadlock when virsh is about to exit
	Not only was ctl->quit accessed without a mutex but unfortunately,
	virEventAddTimeout only interrupts the poll when event loop is running
	so the hack needs to add a timeout that will make next poll return
	immediately without blocking.

2011-12-01  Alex Jia  

	util: Plug memory leak on virNetDevMacVLanCreateWithVPortProfile() error path
	Detected by Coverity. Leak introduced in commit 90074ec.

2011-12-01  Alex Jia  

	util: Plug memory leak on virNetDevBridgeGet() sucessful path
	Detected by Coverity. Leak introduced in commit c1df2c1.

	Two bugs here:
	1. memory leak on successful parse
	2. failure to parse still returned success

2011-12-01  Alex Jia  

	uml: Plug memory leak on umlStartVMDaemon() error path
	Detected by Coverity.  Leak introduced in commit 8866eed.

	Two bugs here:
	1. logfd wasn't closed on all return paths
	2. if we failed to mark a domain autodestroy, then the domain
	was not made transient but we still returned success

2011-12-01  Alex Jia  

	rpc: Plug memory leak on virNetClientSendInternal() error path
	Detected by Coverity. Leak introduced in commit 673adba.

	Two separate bugs here:
	1. call was not freed on all error paths
	2. virCondDestroy was called even if virCondInit failed

2011-12-01  Alex Jia  

	conf: Plug memory leak on virDomainDefParseXML() error path
	Detected by Coverity. Leak introduced in commit 0873b68.

	qemu: Plug memory leak onqemuProcessWaitForMonitor() error path
	Detected by Coverity. Leak introduced in commit 109efd7.

2011-12-01  Prerna Saxena  

	Add PPC cpu driver.
	To add support for running libvirt on PowerPC, a CPU driver for the
	PowerPC platform must be added.
	Most generic cpu driver routines such as CPU compare, decode, etc
	are based on CPUID comparison and are not relevant for non-x86
	platforms.
	Here, we introduce stubs for relevant PowerPC routines invoked by libvirt.

2011-12-01  Hu Tao  

	qemu: filter blkio 0-device-weight at two other places
	filter 0-device-weight when:

	  - getting blkio parameters with --config
	  - starting up a domain

	When testing with blkio, I found these issues:

	  (dom is down)
	  virsh blkiotune dom --device-weights /dev/sda,300,/dev/sdb,500
	  virsh blkiotune dom --device-weights /dev/sda,300,/dev/sdb,0
	  virsh blkiotune dom
	  weight         : 800
	  device_weight  : /dev/sda,200,/dev/sdb,0

	  # issue 1: shows 0 device weight of /dev/sdb that may confuse user

	  (continued)
	  virsh start dom

	  # issue 2: If /dev/sdb doesn't exist, libvirt refuses to bring the
	  # dom up because it wants to set the device weight to 0 of a
	  # non-existing device. Since 0 means no weight-limit, we really don't
	  # have to set it.

2011-12-01  Eric Blake  

	qemu: amend existing table of device weights
	Prior to this patch, for a running dom, the commands:

	$ virsh blkiotune dom --device-weights /dev/sda,502,/dev/sdb,498
	$ virsh blkiotune dom --device-weights /dev/sda,503
	$ virsh blkiotune dom
	weight         : 500
	device_weight  : /dev/sda,503

	claim that /dev/sdb no longer has a non-default weight, but
	directly querying cgroups says otherwise:

	$ cat /cgroup/blkio/libvirt/qemu/dom/blkio.weight_device
	8:0     503
	8:16    498

	After this patch, an explicit 0 is required to remove a device path
	from the XML, and omitting a device path that was previously
	specified leaves that device path untouched in the XML, to match
	cgroups behavior.

	* src/qemu/qemu_driver.c (parseBlkioWeightDeviceStr): Rename...
	(qemuDomainParseDeviceWeightStr): ...and use correct type.
	(qemuDomainSetBlkioParameters): After parsing string, modify
	rather than replacing existing table.
	* tools/virsh.pod (blkiotune): Tweak wording.

2011-12-01  Eric Blake  

	conf: reject duplicate paths in device weights
	The next patch will make it possible to have virDomainSetBlkioParameters
	leave device weights unchanged if they are not mentioned in the incoming
	string, but this only works if the list of block weights does not allow
	duplicate paths.  Technically, a user can still confuse libvirt by
	passing alternate spellings that resolve to the same device, but it
	is not worth worrying about working around that kind of abuse.

	* src/conf/domain_conf.c (virDomainDefParseXML): Require unique
	paths.

2011-12-01  Hu Tao  

	virsh: fix setting weight and device-weights at the same time
	When setting both blkio weight and device-weights at the same time, the weight
	is lost. Fix it.

2011-12-01  Lei Li  

	Add tests for blkdeviotune

	Support virDomain{Set, Get}BlockIoTune in the python API
	Python support for both setting and getting block I/O throttle.

	Enable the blkdeviotune command in virsh
	Support virsh command blkdeviotune. Can set or query a block disk
	I/O throttle setting.

	Implement virDomain{Set, Get}BlockIoTune for the qemu driver
	Implement the block I/O throttle setting and getting support to qemu
	driver.

	Support block I/O throttle in XML
	Enable block I/O throttle for per-disk in XML, as the first
	per-disk IO tuning parameter.

	Add virDomain{Set, Get}BlockIoTune support to the remote driver
	Support Block I/O Throttle setting and query to remote driver.

2011-11-30  Daniel P. Berrange  

	Fix leak build config file path
	* src/libvirt.c: Free user directory path

2011-11-30  Daniel P. Berrange  

	Remove time APIs from src/util/util.h
	The virTimestamp and virTimeMs functions in src/util/util.h
	duplicate functionality from virtime.h, in a non-async signal
	safe manner. Remove them, and convert all code over to the new
	APIs.

	* src/util/util.c, src/util/util.h: Delete virTimeMs and virTimestamp
	* src/lxc/lxc_driver.c, src/qemu/qemu_domain.c,
	  src/qemu/qemu_driver.c, src/qemu/qemu_migration.c,
	  src/qemu/qemu_process.c, src/util/event_poll.c: Convert to use
	  virtime APIs

2011-11-30  Daniel P. Berrange  

	Make logging async signal safe wrt time stamp generation
	Use the new virTimeStringNowRaw() API for generating log timestamps
	in an async signal safe manner

	* src/util/logging.c: Use virTimeStringNowRaw

2011-11-30  Daniel P. Berrange  

	Add internal APIs for dealing with time
	The logging APIs need to be able to generate formatted timestamps
	using only async signal safe functions. This rules out using
	gmtime/localtime/malloc/gettimeday(!) and much more.

	Introduce a new internal API which is async signal safe.

	  virTimeMillisNowRaw replacement for gettimeofday. Uses clock_gettime
	                      where available, otherwise falls back to the unsafe
	                      gettimeofday

	  virTimeFieldsNowRaw  replacements for gmtime(), convert a timestamp
	  virTimeFieldsThenRaw into a broken out set of fields. No localtime()
	                       replacement is provided, because converting to
	                       local time is not practical with only async signal
	                       safe APIs.

	  virTimeStringNowRaw  replacements for strftime() which print a timestamp
	  virTimeStringThenRaw into a string, using a pre-determined format, with
	                       a fixed size buffer (VIR_TIME_STRING_BUFLEN)

	For each of these there is also a version without the Raw postfix
	which raises a full libvirt error. These versions are not async
	signal safe

	* src/Makefile.am, src/util/virtime.c, src/util/virtime.h: New files
	* src/libvirt_private.syms: New APis
	* configure.ac: Check for clock_gettime in -lrt
	* tests/virtimetest.c, tests/Makefile.am: Test new APIs

2011-11-30  Daniel P. Berrange  

	Remove obsolete virGetPMCapabilities sym from private symbols file
	Fix the build on Mingw32 by removing the now obsolete
	virGetPMCapabilities symbol from the private exports file

	* src/libvirt_private.syms: Remove virGetPMCapabilities

2011-11-30  Daniel P. Berrange  

	Don't mark suspend as active until we know it is running
	If suspend failed for some reason (e.g. too short duration) then
	subsequent attempts to trigger suspend were rejected because we
	had already marked a suspend as being in progress

	* src/util/virnodesuspend.c: Don't mark suspend as active
	  until we've successfully triggered it

2011-11-30  Daniel P. Berrange  

	Add suspend info to Xen, LXC and UML hypervisor capabilities
	* src/lxc/lxc_conf.c, src/uml/uml_conf.c,
	  src/xen/xen_hypervisor.c: Initialize suspend capabilities
	* tests/xencapsdata/*xml: Add empty powermgmt capabilities

2011-11-30  Daniel P. Berrange  

	Remove pointless strdup in node suspend code
	The command name for the suspend action does not need to be
	strdup'd. The constant string can be used directly. This
	also means the code can be trivially rearranged to make the
	switch clearer

	* src/util/virnodesuspend.c: Remove strdup of cmdString

2011-11-30  Daniel P. Berrange  

	Do lazy init of host PM features
	To avoid probing the host power management features on any
	call to virInitialize, only initialize the mutex in
	virNodeSuspendInit. Do lazy load of the supported PM target
	mask when it is actually needed

	* src/util/virnodesuspend.c: Lazy init of supported features

2011-11-30  Daniel P. Berrange  

	Remove powerMgmt_valid field from capabilities struct
	If we ensure that virNodeSuspendGetTargetMask always resets
	*bitmask to zero upon failure, there is no need for the
	powerMgmt_valid field.

	* src/util/virnodesuspend.c: Ensure *bitmask is zero upon
	  failure
	* src/conf/capabilities.c, src/conf/capabilities.h: Remove
	  powerMgmt_valid field
	* src/qemu/qemu_capabilities.c: Remove powerMgmt_valid

2011-11-30  Daniel P. Berrange  

	Add export of node suspend capabilities APIs
	* src/libvirt_private.syms: Export virNodeSuspendSupportsTarget
	  and virNodeSuspendGetTargetMask

2011-11-30  Daniel P. Berrange  

	Move suspend capabilities APIs out of util.h into virnodesuspend.c
	The node suspend capabilities APIs should not have been put into
	util.[ch]. Instead move them into virnodesuspend.[ch]

	* src/util/util.c, src/util/util.h: Remove suspend capabilities APIs
	* src/util/virnodesuspend.c, src/util/virnodesuspend.h: Add
	  suspend capabilities APIs
	* src/qemu/qemu_capabilities.c: Include virnodesuspend.h

2011-11-30  Daniel P. Berrange  

	Rename suspend capabilities APIs
	Rename virGetPMCapabilities to virNodeSuspendGetTargetMask and
	virDiscoverHostPMFeature to virNodeSuspendSupportsTarget.

	* src/util/util.c, src/util/util.h: Rename APIs
	* src/qemu/qemu_capabilities.c, src/util/virnodesuspend.c: Adjust
	  for new names

2011-11-30  Daniel P. Berrange  

	Sanitize virDiscoverHostPMFeature to return a boolean
	Since virDiscoverHostPMFeature is just checking one feature,
	there is no reason for it to return a bitmask. Change it to
	return a boolean

	* src/util/util.c, src/util/util.h: Make virDiscoverHostPMFeature
	  return a boolean

2011-11-30  Daniel P. Berrange  

	Move the virHostPMCapability enum helpers into capabilities.c
	The virHostPMCapability enum helper was declared in util.h
	but implemented in capabilities.c, which is in a completely
	separate library at link time. Move the declaration into the
	capabilities.c file and rename it to match normal conventions

	* src/util/util.h: Remove virHostPMCapability enum decl
	* src/conf/capabilities.c: Add virCapsHostPMTarget enum

2011-11-30  Daniel P. Berrange  

	Fix capabilities XML to use generic terms for suspend targets
	The capabilities XML uses the x86 specific terms 'S3', 'S4'
	and 'Hybrid-Syspend'. Switch it to use the same terminology
	as the API constants and virsh options, eg 'suspend_mem'
	'suspend_disk' and 'suspend_hybrid'

	* docs/formatcaps.html.in, docs/schemas/capability.rng,
	  src/conf/capabilities.c: Rename suspend constants

2011-11-30  Daniel P. Berrange  

	Remove internal only virHostPMCapability enum
	The internal virHostPMCapability enum just duplicates the
	public virNodeSuspendTarget enum, but with different names.

	* src/util/util.c: Use VIR_NODE_SUSPEND_TARGET constants
	* src/util/util.h: Remove virHostPMCapability enum
	* src/conf/capabilities.c: Use VIR_NODE_SUSPEND_TARGET_LAST

2011-11-30  Daniel P. Berrange  

	Fix values of PM target type constants
	The VIR_NODE_SUSPEND_TARGET constants are not flags, so they
	should just be assigned straightforward incrementing values.

	* include/libvirt/libvirt.h.in: Change VIR_NODE_SUSPEND_TARGET
	  values
	* src/util/virnodesuspend.c: Fix suspend target checks

2011-11-30  Alex Jia  

	util: avoid null deref on qcowXGetBackingStore
	Detected by Coverity. the only case is caller passes a NULL to 'format' variable,
	then taking 'if (format)' false branch, the function qcow2GetBackingStoreFormat
	will directly dereferences the NULL 'format' pointer variable.

2011-11-30  Alex Jia  

	virsh: correct return value error
	Fix cmdDomblklist to return 'true' on success instead of '0'

	https://bugzilla.redhat.com/show_bug.cgi?id=758590

2011-11-30  Lei Li  

	Add new API virDomain{Set, Get}BlockIoTune
	This patch add new pulic API virDomainSetBlockIoTune and
	virDomainGetBlockIoTune.

2011-11-30  Hu Tao  

	blkiotune: add qemu support for blkiotune.device_weight
	Implement setting/getting per-device blkio weights in qemu,
	using the cgroups blkio.weight_device tunable.

2011-11-30  Hu Tao  

	blkiotune: add interface for blkiotune.device_weight
	This adds per-device weights to .  Note that the
	cgroups implementation only supports weights per block device,
	and not per-file within the device; hence this option must be
	global to the domain definition rather than tied to individual
	/ entries:

	
	  
	    
	      /path/to/block
	      1000
	    
	  
	..

	This patch also adds a parameter --device-weights to virsh command
	blkiotune for setting/getting blkiotune.weight_device for any
	hypervisor that supports it.  All  entries under
	 are concatenated into a single string attribute under
	virDomain{Get,Set}BlkioParameters, named "device_weight".

2011-11-30  Eric Blake  

	qemu: fix blkiotune --live --config
	Without this,  'virsh blkiotune --live --config --weight=n'
	only affected live.

	* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Allow
	setting both configurations at once.

2011-11-30  Eric Blake  

	qemu, lxc: drop redundant checks
	After the previous patch, there are now some redundant checks.

	* src/qemu/qemu_driver.c (qemudDomainGetVcpuPinInfo)
	(qemuGetSchedulerParametersFlags): Drop checks now guaranteed by
	libvirt.c.
	* src/lxc/lxc_driver.c (lxcGetSchedulerParametersFlags):
	Likewise.

2011-11-30  Eric Blake  

	API: prevent query of --live and --config at once
	Drivers were inconsistent when presented both --live and --config
	at once.  For example, within qemu, getting memory parameters
	favored live, getting blkio tuning favored config, and getting
	scheduler parameters errored out.  Also, some, but not all,
	attempts to mix flags on query were filtered at the virsh level.
	We shouldn't have to duplicate efforts in every client app, nor
	in every driver.  So, it is simpler to just enforce that the two
	flags cannot both be used at once on query operations, which has
	precedent in libvirt.c, and which matches the documentation of
	virDomainModificationImpact.

	* src/libvirt.c (virDomainGetMemoryParameters)
	(virDomainGetBlkioParameters)
	(virDomainGetSchedulerParametersFlags, virDomainGetVcpuPinInfo):
	Borrow sanity checking from virDomainGetVcpusFlags.

2011-11-30  Eric Blake  

	build: fix typo in last patch
	* src/remote_protocol-structs: Use correct RPC name.

2011-11-29  Osier Yang  

	block_resize: Update test file for RPC
	Pushed under build failure rule.

	block_resize: Expose the new API to virsh

2011-11-29  Osier Yang  

	block_resize: Implement qemu driver method
	It requires the domain is running, otherwise fails. Resize to a lower
	size is supported, but should be used with extreme caution.

	In order to prohibit the "size" overflowing after multiplied by
	1024. We do checking in the codes. For QMP mode, the default units
	is Bytes, the passed size needs to be multiplied by 1024, however,
	for HMP mode, the default units is "Megabytes", the passed "size"
	needs to be divided by 1024 then.

2011-11-29  Osier Yang  

	block_resize: Implement qemu monitor functions
	Implements functions for both HMP and QMP mode.

	For HMP mode, qemu uses "M" as the units by default, so the passed "sized"
	is divided by 1024.

	For QMP mode, qemu uses "Bytes" as the units by default, the passed "sized"
	is multiplied by 1024.

	All of the monitor functions return -1 on failure, 0 on success, or -2 if
	not supported.

2011-11-29  Osier Yang  

	block_resize: Wire up the remote protocol

2011-11-29  Osier Yang  

	block_resize: Define the new API
	The new API is named as "virDomainBlockResize", intending to add
	support for qemu monitor command "block_resize" (both HMP and QMP).

	Similar with APIs like "virDomainSetMemoryFlags", the units for
	argument "size" is kilobytes.

2011-11-29  Michal Privoznik  

	bandwidth: Fix funky identation

2011-11-29  Jiri Denemark  

	virsh: Fix typos in man page

	lxc: Fix suspend/resume with freezer cgroup

2011-11-29  Osier Yang  

	examples: Correct the example command to use testnode.xml
	 * s/-connection/-c/
	 * Removes the redundant '/'.
	 * Add "absolute" so that it's more clear.

	Pushed under trivial rule.

2011-11-29  Srivatsa S. Bhat  

	Add virsh command to initiate suspend on the host
	Add a new command 'nodesuspend' to perform a timed suspend on the host.

2011-11-29  Srivatsa S. Bhat  

	Implement the core API to suspend/resume the host
	Add the core functions that implement the functionality of the API.
	Suspend is done by using an asynchronous mechanism so that we can return
	the status to the caller before the host gets suspended. This asynchronous
	operation is achieved by suspending the host in a separate thread of
	execution. However, returning the status to the caller is only best-effort,
	but not guaranteed.

	To resume the host, an RTC alarm is set up (based on how long we want to
	suspend) before suspending the host. When this alarm fires, the host
	gets woken up.

	Suspend-to-RAM operation on a host running Linux can take upto more than 20
	seconds, depending on the load of the system. (Freezing of tasks, an operation
	preceding any suspend operation, is given up after a 20 second timeout).
	And Suspend-to-Disk can take even more time, considering the time required
	for compaction, creating the memory image and writing it to disk etc.
	So, we do not allow the user to specify a suspend duration of less than 60
	seconds, to be on the safer side, since we don't want to prematurely declare
	failure when we only had to wait for some more time.

2011-11-29  Srivatsa S. Bhat  

	Add the remote protocol implementation for virNodeSuspendForDuration
	Implement the remote protocol for virNodeSuspendForDuration() API.

	Add a public API to invoke suspend/resume on the host
	Implement the public definitions for the new API
	virNodeSuspendForDuration() which will be subsequently used to
	do a timed suspend on the host.

	Add 'Hybrid-Suspend' power management discovery for the host
	Some systems support a feature known as 'Hybrid-Suspend', apart from the
	usual system-wide sleep states such as Suspend-to-RAM (S3) or Suspend-to-Disk
	(S4). Add the functionality to discover this power management feature and
	export it in the capabilities XML under the  tag.

2011-11-29  Jiri Denemark  

	rpc: Really send non-blocking calls while waiting for another call
	When another thread was dispatching while we wanted to send a
	non-blocking call, we correctly queued the call and woke up the thread
	but the thread just threw the call away since it forgot to recheck if
	its socket was writable.

2011-11-29  Michal Privoznik  

	virsh: Don't traverse childless nodes in vshNodeIsSuperset
	If both nodes do not have any children, we pass zero to
	virBitmapAlloc which returns NULL. In turn we report OOM error
	and return false (meaning nodes are different). This is not true.

2011-11-29  Christian Franke  

	virnetsocket: pass XAUTORITY for ssh connection
	When spawning an ssh connection, the environment variables
	DISPLAY, SSH_ASKPASS, ... are passed. However XAUTHORITY,
	which is necessary if the .Xauthority is in a non default
	place, was not passed.

2011-11-29  Lorin Hochstein  

	conf: make virt-xml-validate work with vbox domains
	virt-xml-validate fails when run on a domain XML file of type 'vbox'.

	For failing test case, see https://bugzilla.redhat.com/show_bug.cgi?id=757097

	This patch updates the XML schema to accept all valid hypervisor
	types, as well as dropping hypervisor types that are not in use
	by the current code base.

2011-11-28  Michal Privoznik  

	conf: Improve incorrect root element error messages
	When user pass wrong root element, it is not 'internal error' and
	we can give him hint what we are expecting.

2011-11-28  Daniel P. Berrange  

	Refactor initial LXC mem tune / device ACL code
	To make lxcSetContainerResources smaller, pull the mem tune
	and device ACL setup code out into separate methods

	* src/lxc/lxc_controller.c: Introduce lxcSetContainerMemTune
	  and lxcSetContainerDeviceACL

2011-11-28  Daniel P. Berrange  

	Add support for blkio tuning of LXC containers
	* src/lxc/lxc_controller.c: Refactor setting of initial blkio
	  tuning parameters
	* src/lxc/lxc_driver.c: Enable live change of blkio tuning

	Add support for CPU quota/period to LXC driver
	* src/lxc/lxc_driver.c: Support changing quota/period for LXC
	  containers
	* src/lxc/lxc_controller.c: Set initial quota/period at startup

2011-11-28  Daniel P. Berrange  

	Support CPU placement in LXC driver
	While LXC does not have the concept of VCPUS, so we can't do
	per-VCPU pCPU placement, we can support the VM level CPU
	placement. Todo this simply set the CPU affinity of the LXC
	controller at startup. All child processes will inherit this
	affinity.

	* src/lxc/lxc_controller.c: Set process affinity

2011-11-28  Daniel P. Berrange  

	Support NUMA memory placement for LXC containers
	Use numactl to set NUMA memory placement for LXC containers

	* src/lxc/lxc_controller.c: Support NUMA memory placement

2011-11-25  Michal Privoznik  

	storage: Refetch file status after open
	This partly reverts my previous patch f88de3eb. We need to
	get file status after open, as given path could have been symlink,
	so fstat() will operate on different file than lstat().

2011-11-25  Paolo Bonzini  

	util: fix thinko in runIO
	When aligning you need to clear the bits in the mask and leave the
	others aside.  Likely this code has never run, and will never run.

2011-11-25  Michal Privoznik  

	storage: Skip socket and fifo on pool-start
	If pool directory contains special files like FIFO or sockets
	we want to skip those on pool-start or pool-refresh otherwise
	open() will get an error.

	conf: Don't drop console definition on domain restart
	One of my latest patches 2e37bf42d28d8bb5d045b206587c64643c64d02a
	copy serial console definition. On domain shutdown we save this
	info into state XML. However, later on the daemon start we simply
	drop this info and since we are not re-reading qemu log,
	vm->def->consoles[0] does not get populated with copy. Therefore
	we need to avoid dropping console definition if it is just alias
	for serial console.

2011-11-24  Jiri Denemark  

	Fix version numbers for isAlive and setKeepAlive driver APIs

	build: Properly generate and check virkeepaliveprotocol-structs
	This fixes make dist broken by recent keepalive series

	examples: Use virConnectOpenAuth in events-c

	qemu: Cancel p2p migration when connection breaks
	If a connection to destination host is lost during peer-to-peer
	migration (because keepalive protocol timed out), we won't be able to
	finish the migration and it doesn't make sense to wait for qemu to
	transmit all data. This patch automatically cancels such migration
	without waiting for virDomainAbortJob to be called.

	qemu: Add support for keepalive messages during p2p migration

	Add keepalive support into domain-events examples

	Implement virConnectIsAlive in all drivers

	Introduce virConnectIsAlive API
	This API can be used to check if the socket associated with
	virConnectPtr is still open or it was closed (probably because keepalive
	protocol timed out). If there the connection is local (i.e., no socket
	is associated with the connection, it is trivially always alive.

	Implement keepalive protocol in remote driver

	Add support for async close of client RPC socket

	Implement keepalive protocol in libvirt daemon

	virsh: Always run event loop
	Since virsh already implements event loop, it has to also run it. So far
	the event loop was only running during virsh console command.

	Introduce virConnectSetKeepAlive
	virConnectSetKeepAlive public API can be used by a client connecting to
	remote server to start using keepalive protocol. The API is handled
	directly by remote driver and not transmitted over the wire to the
	server.

	Implement common keepalive handling
	These APIs are used by both client and server RPC layer to handle
	processing of keepalive messages.

	Define keepalive protocol
	The keepalive program has two procedures: PING, and PONG.
	Both are used only in asynchronous messages and the sender doesn't wait
	for any reply. However, the party which receives PING messages is
	supposed to react by sending PONG message the other party, but no
	explicit binding between PING and PONG messages is made. For backward
	compatibility neither server nor client are allowed to send keepalive
	messages before checking that remote party supports them.

	rpc: Add some debug messages to virNetClient

	rpc: Fix handling of non-blocking calls that could not be sent
	When virNetClientIOEventLoop is called for a non-blocking call and not
	even a single byte can be sent from this call without blocking, we
	properly reported that to the caller which properly frees the call. But
	we never removed the call from a call queue.

	rpc: Fix a typo in virNetClientSendNonBlock documentation

	rpc: Pass the buck only to the first available thread

2011-11-24  Stefan Berger  

	nwfilter: remove virConnectPtr from internal API calls
	Remove the virConnectPtr from the nwfilter's internal API calls as
	far as possible.

2011-11-23  Peter Krempa  

	qemu: Avoid dereference of NULL pointer
	If something fails while initializing qemu job object in
	qemuDomainObjPrivateAlloc(), memory to the private pointer is freed, but
	after that, the pointer is still dereferenced, which may result in a
	segfault.

	* qemuDomainObjPrivateAlloc() - Don't dereference NULL pointer.

2011-11-23  Eric Blake  

	qemu: fix a const-correctness issue
	Generally, functions which return malloc'd strings should be typed
	as 'char *', not 'const char *', to make it obvious that the caller
	is responsible to free things.  free(const char *) fails to compile,
	and although we have a cast embedded in VIR_FREE to work around poor
	code that frees const char *, it's better to not rely on that hack.

	* src/qemu/qemu_driver.c (qemuDiskPathToAlias): Change return type.
	(qemuDomainBlockJobImpl): Update caller.

2011-11-23  Eric Blake  

	API: prefer 'disk' over 'block' or 'path'
	Given that we can now handle the target's disk shorthand, in addition
	to an absolute path to the file or block device used on the host,
	the term 'disk' fits a bit better as the parameter name than 'path'.

	* include/libvirt/libvirt.h.in: Update some parameter names.
	* src/libvirt.c (virDomainBlockStats, virDomainBlockStatsFlags)
	(virDomainBlockPeek, virDomainGetBlockInfo, virDomainBlockJobAbort)
	(virDomainGetBlockJobInfo, virDomainBlockJobSetSpeed)
	(virDomainBlockPull): Likewise.

2011-11-23  Eric Blake  

	blockstats: support lookup by path in blockstats
	Commit 89b6284f made it possible to pass either a source name or
	the target device to most API demanding a disk designation, but
	forgot to update the documentation.  It also failed to update
	virDomainBlockStats to take both forms. This patch fixes both the
	documentation and the remaining function.

	Xen continues to use just device shorthand (that is, I did not
	implement path lookup there, since xen does not track a domain_conf
	to quickly tie a path back to the device shorthand).

	* src/libvirt.c (virDomainBlockStats, virDomainBlockStatsFlags)
	(virDomainGetBlockInfo, virDomainBlockPeek)
	(virDomainBlockJobAbort, virDomainGetBlockJobInfo)
	(virDomainBlockJobSetSpeed, virDomainBlockPull): Document
	acceptable disk naming conventions.
	* src/qemu/qemu_driver.c (qemuDomainBlockStats)
	(qemuDomainBlockStatsFlags): Allow lookup by source name.
	* src/test/test_driver.c (testDomainBlockStats): Likewise.

2011-11-23  Michal Privoznik  

	nwfilter: Initialize virNWFilterAddIpAddrForIfname return variable
	Latest nwfilter patch ad6c67cf introduced uninitialized return
	value. This was spotted by 4.6.2 gcc.

2011-11-23  Daniel P. Berrange  

	Fix disabling of virtual port profile code on old hosts
	The WITH_VIRTUALPORT macro is defined to 0 when disabled, not
	left undefined. So #if must be used instead of #ifdef

	* src/util/virnetdevvportprofile.c: s/#ifdef/#if/

2011-11-23  Daniel P. Berrange  

	Fix uninitialized variable in NWfilter IP learning code
	* src/nwfilter/nwfilter_learnipaddr.c: Initialize ret variable

2011-11-23  Michal Prívozník  

	virsh: Increase device-detach intelligence
	Up to now users have to give a full XML description on input when
	device-detaching. If they omitted something it lead to unclear
	error messages (like generated MAC wasn't found, etc.).
	With this patch users can specify only those information which
	specify one device sufficiently precise. Remaining information is
	completed from domain.

2011-11-23  Stefan Berger  

	Enable detection of multiple IP addresses
	In preparation of DHCP Snooping and the detection of multiple IP
	addresses per interface:

	The hash table that is used to collect the detected IP address of an
	interface can so far only handle one IP address per interface. With
	this patch we extend this to allow it to handle a list of IP addresses.

	Above changes the returned variable type of virNWFilterGetIpAddrForIfname()
	from char * to virNWFilterVarValuePtr; adapt all existing functions calling
	this function.

2011-11-23  Eli Qiao  

	fix error message when using wrong URI alias

	When configuring a URI alias like this in 'libvirt.conf':

	uri_aliases = [
	  "jj#j=qemu+ssh://root@127.0.0.1/system",
	  "sleet=qemu+ssh://root@sleet.cloud.example.com/system",
	]
	virsh -c jj#j

	It will show this error message:
	'no connection driver available for No connection for URI jj#j'
	Actually,we expect this message below:
	Malformed 'uri_aliases' config entry 'jj#j=qemu+ssh://root@127.0.0.1/system', aliases may only contain 'a-Z, 0-9, _, -'

	Give this patch to fix this error.

2011-11-23  Stefan Berger  

	Pass additional parameter into applyDHCPOnly function
	In preparation for the DHCP Snooping code:
	Pass an additional parameter into the applyDHCPOnly function
	of the 'techdriver'.

2011-11-23  Stefan Berger  

	nwfilter: use shell variable to invoke 'ip(6)tables' command
	Introduce a shell variable 'IBT' to invoke the ip(6)tables command.

	Tested with libvirt-tck.

2011-11-23  Stefan Berger  

	nwfilter: use shell variable to invoke 'ebtables' command
	Introduce a shell variable 'EBT' to invoke the ebtables command.
	Hard-code the used ebtables table to '-t nat'.

	Tested with libvirt-tck.

2011-11-23  Stefan Berger  

	Improve error reporting of failures to apply filtering rules
	Display the executed command and failure message if a command failed to
	execute.

	Add documentation for STP filtering support
	Add documentation for the STP filtering support. Describe the XML attributes
	that are supported.

	Add test cases for STP traffic filtering
	This patch adds a few test cases for the XML parsing of STP filtering nodes.

	Add support for STP filtering
	This patch adds support for filtering of STP (spanning tree protocol) traffic
	to the parser and makes us of the ebtables support for STP filtering. This code
	now enables the filtering of traffic in chains with prefix 'stp'.

	Add a 'mac' chain
	With hunks borrowed from one of David Steven's previous patches, we now
	add the capability of having a 'mac' chain which is useful to filter
	for multiple valid MAC addresses.

2011-11-23  Eric Blake  

	docs: fix grammar of capabilities
	* docs/formatcaps.html.in: Avoid run-on sentence, wrap lines.

2011-11-22  Daniel P. Berrange  

	Add strings.h include to capabilities.h for ffs() function prototype
	On Mingw32 the ffs() function was not declared due to missing header
	include

	* src/conf/capabilities.c: The ffs() function lives in strings.h

2011-11-22  Osier Yang  

	build: Update AUTHORS
	Add Chang Liu to the AUTHORS' list.

2011-11-22  Chang Liu  

	storage: Fallback to use lvchange first if lvremove fails
	virStorageBackendLogicalDeleteVol() could not remove the lv with error
	"could not remove open logical volume" sometimes. Generally it's caused
	by the volume is still active, even if lvremove tries to remove it with
	option "--force".

	This patch is to fix it by disbale the lv first using "lvchange -aln"
	and "lvremove -f" afterwards if the direct "lvremove -f" failed.

2011-11-22  Srivatsa S. Bhat  

	Export KVM Host Power Management capabilities
	This patch exports KVM Host Power Management capabilities as XML so that
	higher-level systems management software can make use of these features
	available in the host.

	The script "pm-is-supported" (from pm-utils package) is run to discover if
	Suspend-to-RAM (S3) or Suspend-to-Disk (S4) is supported by the host.
	If either of them are supported, then a new tag "" is
	introduced in the XML under the  tag.

	However in case the query to check for power management features succeeded,
	but the host does not support any such feature, then the XML will contain
	an empty  tag. In the event that the PM query itself
	failed, the XML will not contain any "power_management" tag.

	To use this, new APIs could be implemented in libvirt to exploit power
	management features such as S3/S4.

2011-11-22  Eric Blake  

	conf: don't modify cpu set string during parsing
	None of the callers cared if str was updated to point to the next
	byte after the parsed cpuset; simplifying this results in quite
	a few code simplifications.  Additionally, virCPUDefParseXML was
	strdup()'ing a malloc()'d string; avoiding a memory copy resulted
	in less code.

	* src/conf/domain_conf.h (virDomainCpuSetParse): Alter signature.
	* src/conf/domain_conf.c (virDomainCpuSetParse): Don't modify str.
	(virDomainVcpuPinDefParseXML, virDomainDefParseXML): Adjust
	callers.
	* src/conf/cpu_conf.c (virCPUDefParseXML): Likewise.
	* src/xen/xend_internal.c (sexpr_to_xend_topology): Likewise.
	* src/xen/xm_internal.c (xenXMDomainPinVcpu): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxpr): Likewise.
	* src/xenxs/xen_xm.c (xenParseXM): Likewise.

2011-11-22  Roopa Prabhu  

	qemu: don't release network actual device twice
	For direct attach devices, in qemuBuildCommandLine, we seem to be freeing
	actual device on error path (with networkReleaseActualDevice). But the actual
	device is not deleted.

	qemuProcessStop eventually deletes the direct attach device and releases
	actual device. But by the time qemuProcessStop is called qemuBuildCommandLine
	has already freed actual device, leaving stray macvtap devices behind on error.
	So the simplest fix is to remove the networkReleaseActualDevice in
	qemuBuildCommandLine. This patch does just that.

2011-11-21  Michal Privoznik  

	qemu: Copy console definition from serial
	Now, when we support multiple consoles per domain,
	the vm->def->console[0] can still remain an alias
	for vm->def->serial[0]; However, we need to copy
	it's source definition as well otherwise we'll regress
	on virDomainOpenConsole.

2011-11-21  Daniel P. Berrange  

	Fix distribution of .syms files for previous commit
	* src/Makefile.am: Remove libvirt_bridge.syms and libvirt_macvtap.syms
	  from EXTRA_DIST. Add libvirt_dbus.syms

2011-11-21  Daniel P. Berrange  

	Fix build on Mingw32 wrt export of virNetServerGetDBusConn
	Mingw32 complains if you request export of a symbol which does
	not in fact exist.

	* src/libvirt_bridge.syms, src/libvirt_macvtap.syms: Delete
	  obsolete files
	* src/libvirt_private.syms: Remove virNetServerGetDBusConn
	* src/libvirt_dbus.syms: Add virNetServerGetDBusConn

2011-11-21  Osier Yang  

	storage: Skips backingStore of virtual snapshot lv
	lvs outputs "[$lvname_vorigin]" for the virtual snapshot lv
	(created with "--virtualsize"), and the original device pointed
	by "$lvname_vorigin" is just for lvm internal use, one should
	never use it.

	Per lvm's nameing rules, "[" is not valid as part of the vg/lv name.
	(man 8 lvm).

	
	VALID NAMES
	The following characters are valid for VG and LV names: a-z A-Z 0-9 + _
	. -

	VG and LV names cannot begin with a hyphen.   There  are  also  various
	reserved  names that are used internally by lvm that can not be used as
	LV or VG names.  A VG cannot be called anything that exists in /dev/ at
	the time of creation, nor can it be called '.' or '..'.  A LV cannot be
	called '.' '..' 'snapshot' or 'pvmove'. The LV name may also  not  con‐
	tain the strings '_mlog' or '_mimage'
	

	So we can skip the set the lv's backingStore by checking if the name
	begins with a "[".

2011-11-19  Stefan Berger  

	Add documentation for VLAN filtering support
	Add documentation for the VLAN filtering support. Describe the XML attributes
	that are supported.

	Add test cases for VLAN traffic filtering
	This patch adds a few test cases for the XML parsing of VLAN filtering nodes.

	Add support for VLAN filtering
	This patch adds support for filtering of VLAN (802.1Q) traffic to the
	parser and makes us of the ebtables support for VLAN filtering. This code
	now enables the filtering of traffic in chains with prefix 'vlan'.

2011-11-19  Jim Fehlig  

	Don't copy sexpr node value that is an empty string
	Xen4.1 initializes some unspecified sexpr config items to an empty
	string, unlike previous Xen versions that would leave the item unset.
	E.g. the kernel item for an HVM guest (non-direct kernel boot):

	Xen4.0 and earlier
	  ...
	  (image
	    (hvm
	      (kernel )
	  ...

	Xen4.1
	  ...
	  (image
	    (hvm
	      (kernel '')
	  ...

	The empty string for kernel causes some grief in subsequent parsing
	where existence of specified kernel is checked, e.g.

	  if (!def->os.kernel)
	  ...

	This patch solves the problem in sexpr_node_copy() by not copying
	a node containing an empty string.

2011-11-19  Eric Blake  

	tests: avoid xend ABRT crash report
	I installed the xen development packages on my non-Xen F16 machine
	in order to compile-test xen code and ensure we don't break things
	on that front, but being a non-xen machine, /usr/sbin/xend is
	obviously not running.  Unfortunately, xen-4.1.2-1.fc16 has a bug
	where merely trying to probe xend status on a non-xen kernel causes
	xend to issue an ABRT crash report:

	https://bugzilla.redhat.com/show_bug.cgi?id=728696

	Even though libvirt (correctly) skips the test, the xend crash report
	is unnecessary noise.  Fix this by first filtering out non-xen
	kernels even before attempting to probe xend.  The test still runs
	and passes on a RHEL 5 xen kernel after this patch.

	* tests/reconnect.c (mymain): Skip xend probe on non-xen kernel.
	* tests/statstest.c (mymain): Likewise.

2011-11-19  Eric Blake  

	build: fix compile error with no macvtap
	Since commit 6ec8288a, compilation has failed on RHEL 5:

	util/virnetdevmacvlan.c:672: error: conflicting types for 'virNetDevMacVLanCreateWithVPortProfile'

	* src/util/virnetdevmacvlan.c
	(virNetDevMacVLanCreateWithVPortProfile): Add missing parameter.

2011-11-19  Hu Tao  

	enable cgroup cpuset by default
	This prepares for subsequent patches which introduce dependence
	on cgroup cpuset. Enable cgroup cpuset by default so users don't
	have to modify configuration file before encountering a cpuset
	error.

2011-11-19  Eric Blake  

	build: fix accidental POTFILES.in regression
	The original patch for commit 4789fb2 considered renaming a file,
	then backed out the name change, but forgot to back out the POTFILES.in
	change, resulting in 'make syntax-check' failure.

2011-11-19  Eric Blake  

	tests: test recent hash addition
	Excercise the new hash API, to ensure we avoid regressions.

	* tests/hashtest.c (testHashGetItems): New test.

2011-11-19  Stefan Berger  

	Add test cases for parsing of list values
	This patch adds test cases for parsing of parameters with
	multiple occurrances of the same name.

2011-11-19  Stefan Berger  

	Extend NWFilter parameter parser to cope with lists of values
	This patch modifies the NWFilter parameter parser to support multiple
	elements with the same name and to internally build a list of items.
	An example of the XML looks like this:

	        
	        
	        

	The list of values is then stored in the newly introduced data type
	virNWFilterVarValue.

	The XML formatter is also adapted to print out all items in alphabetical
	order sorted by 'name'.

	This patch also fixes a bug in the XML schema on the way.

2011-11-19  Stefan Berger  

	Create rules for each member of a list
	This patch extends the NWFilter driver for Linux (ebiptables) to create
	rules for each member of a previously introduced list. If for example
	an attribute value (internally) looks like this:

	IP = [10.0.0.1, 10.0.0.2, 10.0.0.3]

	then 3 rules will be generated for a rule accessing the variable 'IP',
	one for each member of the list. The effect of this is that this now
	allows for filtering for multiple values in one field. This can then be
	used to support for filtering/allowing of multiple IP addresses per
	interface.

	An iterator is introduced that extracts each member of a list and
	puts it into a hash table which then is passed to the function creating
	a rule. For the above example the iterator would cause 3 loops.

2011-11-19  Stefan Berger  

	Rework value part of name-value pairs
	NWFilters can be provided name-value pairs using the following
	XML notation:

	      
	        
	        
	      

	The internal representation currently is so that a name is stored as a
	string and the value as well. This patch now addresses the value part of it
	and introduces a data structure for storing a value either as a simple
	value or as an array for later support of lists.

	This patch adjusts all code that was handling the values in hash tables
	and makes it use the new data type.

2011-11-19  Stefan Berger  

	Documentation about chains' priorities, lists of elements etc.
	This patch adds several aspects of documentation about the network filtering
	system:

	- chains, chains' priorities and chains' default priorities
	- talks about lists of elements, i.e., a variable assigned multiple values
	  (part of already ACK-ed series)
	- already mentions the vlan, stp and mac chains added later on
	  (https://www.redhat.com/archives/libvir-list/2011-October/msg01238.html)
	- mentions limitations of vlan filtering (when sent by VM) on Linux systems

2011-11-19  Stefan Berger  

	Add test cases
	Add test case for the chain names with known prefixes and the chain
	priority.

2011-11-19  Stefan Berger  

	Interleave jumping into chains with filtering rules in 'root' table
	The previous patch extends the priority of filtering rules into negative
	numbers. We now use this possibility to interleave the jumping into
	chains with filtering rules to for example create the 'root' table of
	an interface with the following sequence of rules:

	Bridge chain: libvirt-I-vnet0, entries: 6, policy: ACCEPT
	-p IPv4 -j I-vnet0-ipv4
	-p ARP -j I-vnet0-arp
	-p ARP -j ACCEPT
	-p 0x8035 -j I-vnet0-rarp
	-p 0x835 -j ACCEPT
	-j DROP

	The '-p ARP -j ACCEPT' rule now appears between the jumps.
	Since the 'arp' chain has been assigned priority -700 and the 'rarp'
	chain -600, the above ordering can now be achieved with the following
	rule:

	  
	    
	  

	This patch now sorts the commands generating the above shown jumps into
	chains and interleaves their execution with those for generating rules.

2011-11-19  Stefan Berger  

	Extend rule priorities into negative numbers
	So far rules' priorities have only been valid in the range [0,1000].
	Now I am extending their priority into the range [-1000, 1000] for subsequently
	being able to sort rules and the access of (jumps into) chains following
	priorities.

2011-11-19  Stefan Berger  

	Enable chains with names having a known prefix
	This patch enables chains that have a known prefix in their name.
	Known prefixes are: 'ipv4', 'ipv6', 'arp', 'rarp'. All prefixes
	are also protocols that can be evaluated on the ebtables level.

	Following the prefix they will be automatically connected to an interface's
	'root' chain and jumped into following the protocol they evaluate, i.e.,
	a table 'arp-xyz' will be accessed from the root table using

	ebtables -t nat -A  -p arp -j I--arp-xyz

	thus generating a 'root' chain like this one here:

	Bridge chain: libvirt-O-vnet0, entries: 5, policy: ACCEPT
	-p IPv4 -j O-vnet0-ipv4
	-p ARP -j O-vnet0-arp
	-p 0x8035 -j O-vnet0-rarp
	-p ARP -j O-vnet0-arp-xyz
	-j DROP

	where the chain 'arp-xyz' is accessed for filtering of ARP packets.

2011-11-19  Stefan Berger  

	Extend the filter XML to support priorities of chains
	This patch extends the filter XML to support priorities of chains
	in the XML. An example would be:

	
	[...]
	

	The permitted values for priorities are [-1000, 1000].
	By setting the priority of a chain the order in which it is accessed
	from the interface root chain can be influenced.

2011-11-19  Stefan Berger  

	Use the actual names of chains in data structure
	Use the name of the chain rather than its type index (enum).
	This pushes the later enablement of chains with user-given names
	into the XML parser. For now we still only allow those names that
	are well known ('root', 'arp', 'rarp', 'ipv4' and 'ipv6').

2011-11-19  Stefan Berger  

	Use scripting for cleaning and renaming of chains
	Use scripts for the renaming and cleaning up of chains. This allows us to get
	rid of some of the code that is only capable of renaming and removing chains
	whose names are hardcoded.

	A shell function 'collect_chains' is introduced that is given the name
	of an ebtables chain and then recursively determines the names of all
	chains that are accessed from this chain and its sub-chains using 'jumps'.

	The resulting list of chain names is then used to delete all the found
	chains by first flushing and then deleting them.

	The same function is also used for renaming temporary filters to their final
	names.

	I tested this with the bash and dash as script interpreters.

2011-11-19  Stefan Berger  

	Make filter creation in root table more flexible
	Use the previously introduced chain priorities to sort the chains for access
	from an interface's 'root' table and have them created in the proper order.
	This gets rid of a lot of code that was previously creating the chains in a
	more hardcoded way.

	To determine what protocol a filter is used for evaluation do prefix-
	matching, i.e., the filter 'arp' is used to filter for the 'arp' protocol,
	'ipv4' for the 'ipv4' protocol and 'arp-xyz' will also be used to filter
	for the 'arp' protocol following the prefix 'arp' in its name.

2011-11-19  Stefan Berger  

	Introduce an internal priority for chains
	For better handling of the sorting of chains introduce an internally used
	priority. Use a lookup table to store the priorities. For now their actual
	values do not matter just that the values cause the chains to be properly
	sorted through changes in the following patches. However, the values are
	chosen as negative so that once they are sorted along with filtering rules
	(whose priority may only be positive for now) they will always be instantiated
	before them (lower values cause instantiation before higher values). This
	is done to maintain backwards compatibility.

	Add function to get hash table's key/value pairs
	Add a function to the virHashTable for getting an array of the hash table's
	key-value pairs and have the keys (optionally) sorted.

2011-11-19  Daniel P. Berrange  

	Add support for systemd init service
	This patch adds support for a systemd init service for libvirtd
	and libvirt-guests. The libvirtd.service is *not* written to use
	socket activation, since we want libvirtd to start on boot so it
	can do guest auto-start.

	The libvirt-guests.service is pretty lame, just exec'ing the
	original init script for now. Ideally we would factor out the
	functionality, into some shared tool.

	Instead of

	  ./configure --with-init-script=redhat

	You can now do

	  ./configure --with-init-script=systemd

	Or better still:

	  ./configure --with-init-script=systemd+redhat

	We can also now support install of the upstart init script

	* configure.ac: Add systemd, and systemd+redhat options to
	  --with-init-script option
	* daemon/Makefile.am: Install systemd services
	* daemon/libvirtd.sysconf: Add note about unused env variable
	  with systemd
	* daemon/libvirtd.service.in: libvirtd systemd service unit
	* libvirt.spec.in: Add scripts to installing systemd services
	  and migrating from legacy init scripts
	* tools/Makefile.am: Install systemd services
	* tools/libvirt-guests.init.sh: Rename to tools/libvirt-guests.init.in
	* tools/libvirt-guests.service.in: systemd service unit

2011-11-19  Daniel P. Berrange  

	Add support for interfaces with type=direct to LXC
	Support creation of macvlan devices for LXC containers. Do not
	allow setting of bandwidth controls or vport profiles due to the
	complication that there is no host side visible device to work
	with.

	* src/lxc/lxc_driver.c: Support type=direct interfaces

2011-11-19  Daniel P. Berrange  

	Allow creation of plain macvlan devices
	Update virNetDevMacVLanCreateWithVPortProfile to allow creation
	of plain macvlan devices, as well as macvtap devices. The former
	is useful for LXC containers

	* src/qemu/qemu_command.c: Explicitly request a macvtap device
	* src/util/virnetdevmacvlan.c, src/util/virnetdevmacvlan.h: Add
	  new flag to allow switching between macvlan and macvtap
	  creation

2011-11-19  Daniel P. Berrange  

	Refactor LXC network setup to allow future enhancements
	The current lxcSetupInterfaces() method directly performs setup
	of the bridge devices. Since it will shortly need to also create
	macvlan devices, move the bridge related code into a separate
	method

	* src/lxc/lxc_driver.c: Split lxcSetupInterfaces() to create a
	  new lxcSetupInterfaceBridge()

2011-11-19  Daniel P. Berrange  

	Add missing 'const' annotations for internal domain conf helpers
	The virDomainNetGetActualBridgeName and virDomainNetGetActualDirectDev
	methods both return strings that point to data in the virDomainDefPtr
	struct, and should therefore not be freed. The return values should
	thus be 'const char *' not 'char *'.

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Mark const
	* src/network/bridge_driver.c: Update to use a const char *

2011-11-19  Daniel P. Berrange  

	Fix up ordering of private symbols file
	Fix ordering of symbols after re-arranging network device
	management API source files

	* src/libvirt_private.syms: Fix ordering

2011-11-19  Daniel P. Berrange  

	Move ifaceMacvtapLinkDump and ifaceGetNthParent functions
	Move the ifaceMacvtapLinkDump and ifaceGetNthParent functions
	into virnetdevvportprofile.c since they are specific to that
	code. This avoids polluting the headers with the Linux specific
	netlink data types

	* src/util/interface.c, src/util/interface.h: Move
	  ifaceMacvtapLinkDump and ifaceGetNthParent functions and delete
	  remaining file
	* src/util/virnetdevvportprofile.c: Add ifaceMacvtapLinkDump
	  and ifaceGetNthParent functions
	* src/network/bridge_driver.c, src/nwfilter/nwfilter_gentech_driver.c,
	  src/nwfilter/nwfilter_learnipaddr.c, src/util/virnetdevmacvlan.c:
	  Remove include of interface.h

2011-11-19  Daniel P. Berrange  

	Move functions for dealing with physical/virtual devices
	Move virNetDevIsVirtualFunction, virNetDevGetVirtualFunctionIndex
	and virNetDevGetPhysicalFunction to virnetdev.c

	* src/util/interface.c, src/util/interface.h, src/util/virnetdev.c,
	  src/util/virnetdev.h: Move APIs

2011-11-19  Daniel P. Berrange  

	Rename APIs for dealing with virtual/physical functions
	Rename ifaceIsVirtualFunction to virNetDevIsVirtualFunction,
	ifaceGetVirtualFunctionIndex to virNetDevGetVirtualFunctionIndex
	and ifaceGetPhysicalFunction to virNetDevGetPhysicalFunction

	* src/util/interface.c, src/util/interface.h: Rename APIs
	* src/util/virnetdevvportprofile.c: Update for API rename

2011-11-19  Daniel P. Berrange  

	Move virNetDevValidateConfig to virnetdev.c
	* src/util/interface.c, src/util/interface.h: Remove virNetDevValidateConfig
	* src/util/virnetdev.c, src/util/virnetdev.h: Add virNetDevValidateConfig

2011-11-19  Daniel P. Berrange  

	Rename ifaceCheck to virNetDevValidateConfig
	Rename the ifaceCheck method to virNetDevValidateConfig and change
	so that it always raises an error and returns -1 on error.

	* src/util/interface.c, src/util/interface.h: Rename ifaceCheck
	  to virNetDevValidateConfig
	* src/nwfilter/nwfilter_gentech_driver.c,
	  src/nwfilter/nwfilter_learnipaddr.c: Update for API rename

2011-11-19  Daniel P. Berrange  

	Move virNetDevGetIPv4Address to virnetdev.c
	Move the virNetDevGetIPv4Address function to virnetdev.c

	* util/interface.c, util/interface.h: Remove virNetDevGetIPv4Address
	* util/virnetdev.c, util/virnetdev.h: Add virNetDevGetIPv4Address

2011-11-19  Daniel P. Berrange  

	Rename ifaceGetIPAddress to virNetDevGetIPv4Address
	To match up with the existing virNetDevSetIPv4Address, rename
	ifaceGetIPAddress to virNetDevGetIPv4Address

	* util/interface.h, util/interface.c: Rename API
	* network/bridge_driver.c: Update for API rename

2011-11-19  Daniel P. Berrange  

	Move virNetDevGetIndex & virNetDevGetVLanID to virnetdev.c
	Move virNetDevGetIndex & virNetDevGetVLanID to virnetdev.c to
	suit their functional purpose

	* util/interface.c, util/interface.h: Remove virNetDevGetIndex &
	  virNetDevGetVLanID
	* util/virnetdev.c, util/virnetdev.h: Add virNetDevGetIndex &
	  virNetDevGetVLanID

2011-11-19  Daniel P. Berrange  

	Rename ifaceGetIndex and ifaceGetVLAN
	Rename the ifaceGetIndex method to virNetDevGetIndex and
	ifaceGetVlanID to virNetDevGetVLanID. Also change the error
	reporting behaviour to always raise errors and return -1 on
	failure

	* util/interface.c, util/interface.h: Rename ifaceGetIndex
	  and ifaceGetVLAN
	* nwfilter/nwfilter_gentech_driver.c, nwfilter/nwfilter_learnipaddr.c,
	  nwfilter/nwfilter_learnipaddr.c, util/virnetdevvportprofile.c: Update
	  for API renames and error handling changes

2011-11-19  Daniel P. Berrange  

	Move MAC address replacement functions to virnetdev.c
	Move virNetDevReplaceMacAddress and virNetDevRestoreMacAddress
	to the virnetdev.c file where they naturally belong

	* util/interface.c, util/interface.h: Remove
	  virNetDevReplaceMacAddress and virNetDevRestoreMacAddress
	* util/virnetdev.c, util/virnetdev.h: Add
	  virNetDevReplaceMacAddress and virNetDevRestoreMacAddress

2011-11-19  Daniel P. Berrange  

	Rename interface MAC address replacement APIs
	Rename ifaceReplaceMacAddress to virNetDevReplaceMacAddress
	and ifaceRestoreMacAddress to virNetDevRestoreMacAddress.

	* util/interface.c, util/interface.h, util/virnetdevmacvlan.c:
	  Rename APIs

2011-11-19  Daniel P. Berrange  

	Move the low level macvlan creation APIs
	Move the low level macvlan creation APIs into the
	virnetdevmacvlan.c file where they more naturally
	belong

	* util/interface.c, util/interface.h: Remove virNetDevMacVLanCreate
	  and virNetDevMacVLanDelete
	* util/virnetdevmacvlan.c, util/virnetdevmacvlan.h: Add
	  virNetDevMacVLanCreate and virNetDevMacVLanDelete

2011-11-19  Daniel P. Berrange  

	Rename low level macvlan creation APIs
	Rename ifaceMacvtapLinkAdd to virNetDevMacVLanCreate and
	ifaceLinkDel to virNetDevMacVLanDelete. Strictly speaking
	the latter isn't restricted to macvlan devices, but that's
	the only use libvirt has for it.

	* util/interface.c, util/interface.h,
	  util/virnetdevmacvlan.c: Rename APIs

2011-11-19  Daniel P. Berrange  

	Rename high level macvlan creation APIs
	Rename virNetDevMacVLanCreate to virNetDevMacVLanCreateWithVPortProfile
	and virNetDevMacVLanDelete to virNetDevMacVLanDeleteWithVPortProfile

	To make way for renaming the other macvlan creation APIs in
	interface.c

	* util/virnetdevmacvlan.c, util/virnetdevmacvlan.h,
	  qemu/qemu_command.c, qemu/qemu_hotplug.c, qemu/qemu_process.c:
	  Rename APIs

2011-11-19  Daniel P. Berrange  

	Rename and split the macvtap.c file
	Rename the macvtap.c file to virnetdevmacvlan.c to reflect its
	functionality. Move the port profile association code out into
	virnetdevvportprofile.c. Make the APIs available unconditionally
	to callers

	* src/util/macvtap.h: rename to src/util/virnetdevmacvlan.h,
	* src/util/macvtap.c: rename to src/util/virnetdevmacvlan.c
	* src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h:
	  Pull in vport association code
	* src/Makefile.am, src/conf/domain_conf.h, src/qemu/qemu_conf.c,
	  src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update include
	  paths & remove conditional compilation

2011-11-19  Daniel P. Berrange  

	Rename Macvtap management APIs
	In preparation for code re-organization, rename the Macvtap
	management APIs to have the following patterns

	  virNetDevMacVLanXXXXX     - macvlan/macvtap interface management
	  virNetDevVPortProfileXXXX - virtual port profile management

	* src/util/macvtap.c, src/util/macvtap.h: Rename APIs
	* src/conf/domain_conf.c, src/network/bridge_driver.c,
	  src/qemu/qemu_command.c, src/qemu/qemu_command.h,
	  src/qemu/qemu_driver.c, src/qemu/qemu_hotplug.c,
	  src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
	  src/qemu/qemu_process.h: Update for renamed APIs

2011-11-19  Daniel P. Berrange  

	Fix use of uninitialized variable in QEMU driver

2011-11-18  Bharata B Rao  

	qemu: Generate -numa option
	Add routines to generate -numa QEMU command line option based on
	 ...  XML specifications.

2011-11-18  Bharata B Rao  

	XML definitions for guest NUMA and parsing routines
	This patch adds XML definitions for guest NUMA specification and contains
	routines to parse the same. The guest NUMA specification looks like this:

	
	        ...
	        
	        
	                
	                
	        
	        ...
	

2011-11-18  Eric Blake  

	snapshot: refuse to generate names for non-regular backing files
	For whatever reason, the kernel allows you to create a regular
	file named /dev/sdc.12345; although this file will disappear the
	next time devtmpfs is remounted.  If you let libvirt generate
	the name of the external snapshot for a disk image originally
	using the block device /dev/sdc, then the domain will be rendered
	unbootable once the qcow2 file is lost on the next devtmpfs
	remount.  In this case, the user should have used 'virsh
	snapshot-create --xmlfile' or 'virsh snapshot-create-as --diskspec'
	to specify the name for the qcow2 file in a sane location, rather
	than relying on libvirt generating a name that is most likely to
	be wrong.  We can help avoid naive mistakes by enforcing that
	the user provide the external name for any backing file that is
	not a regular file.

	* src/conf/domain_conf.c (virDomainSnapshotAlignDisks): Only
	generate names if backing file exists as regular file.
	Reported by MATSUDA Daiki.

2011-11-17  Jim Fehlig  

	Fix build with polkit0
	I missed adding virNetServerGetDBusConn() to libvirtd_private.syms
	in commit b8adfcc6, which didn't cause a problem in 0.9.6 but
	results in this build error in 0.9.7

	libvirtd-remote.o: In function `remoteDispatchAuthPolkit':
	remote.c:(.text+0x188dd): undefined reference to `virNetServerGetDBusConn'

2011-11-17  Jim Fehlig  

	Revert commit 0f590c62
	As noted by Daniel Berrange [1], the proper fix for the older
	PolicyKit build issue is to add virNetServerGetDBusConn to
	libvirt_private.syms.  Revert unnecessary changes to
	daemon/Makefile.am

	[1] https://www.redhat.com/archives/libvir-list/2011-November/msg00852.html

2011-11-17  Laine Stump  

	virsh: add iface-bridge and iface-unbridge commands
	One of the top questions by libvirt users is how to create a host
	bridge device so that guests can be directly on the physical
	network. There are several example documents that explain how to do
	this manually, but following them often results in confusion and
	failure. virt-manager does a good job of creating a bridge based on an
	existing network device, but not everyone wants to use virt-manager.

	This patch adds a new command, iface-bridge that makes it just about
	as simple as possible to create a new bridge device based on an
	existing ethernet/vlan/bond device (including associating IP
	configuration with the bridge rather than the now-attached device),
	and start that new bridge up ready for action, eg:

	    virsh iface-bridge eth0 br0

	For symmetry's sake, it also adds a command to remove a device from a
	bridge, restoring the IP config to the now-unattached device:

	    virsh iface-unbridge br0

	(I had a short debate about whether to do "iface-unbridge eth0"
	instead, but that would involve searching through all bridge devices
	for the one that contained eth0, which seems like a bit too much
	trouble).

	NOTE: These two commands require that the netcf library be available
	on the host. Hopefully this will provide some extra incentive for
	people using suse, debian, ubuntu, and other similar systems to polish
	up (and push downstream) the ports to those distros recently pushed to
	the upstream netcf repo by Dan Berrange. Anyone interested in helping
	with that effort in any way should join the netcf-devel mailing list
	(subscription info at
	https://fedorahosted.org/mailman/listinfo/netcf-devel)

	During creation of the bridge, it's possible to specify whether or not
	the STP protocol should be started up on the bridge and, if so, how
	many seconds the bridge should squelch traffic from newly added
	devices while learning new topology (defaults are stp='on' and
	delay='0', which seems to usually work best for bridges used in the
	context of libvirt guests).

	There is also an option to not immediately start the bridge (and a
	similar option to not immediately start the un-attached device after
	destroying the bridge. Default is to start the new device, because in
	the case of iface-unbridge not starting is strongly discouraged as it
	will leave the system with no network connectivity on that interface
	(because it's necessary to destroy/undefine the bridge device before
	the unattached device can be defined), and it seemed better to make
	the option for iface-bridge behave consistently.

	NOTE TO THOSE TRYING THESE COMMANDS FOR THE FIRST TIME: to guard
	against any "unexpected" change to configuration, it is advisable to
	issue an "virsh iface-begin" command before starting any interface
	config changes, and "virsh iface-commit" only after you've verified
	that everything is working as you expect. If something goes wrong,
	you can always run "virsh iface-rollback" or reboot the system (which
	should automatically do iface-rollback).

	Aside from adding the code for these two functions, and the two
	entries into the command table, the only other change to virsh.c was
	to add the option name to vshCommandOptInterfaceBy(), because the
	iface-unbridge command names its interface option as "bridge".

	virsh.pod has also been updated with short descriptions of these two
	new commands.

2011-11-16  Hu Tao  

	fix a bug in remoteSerializeTypedParameters
	This is a fatal typo believed to be very likely to happen when using
	both i and j at the same time for indexing.

2011-11-16  Daniel P. Berrange  

	Don't return a fatal error if receiving unexpected stream data
	Due to the asynchronous nature of streams, we might continue to
	receive some stream packets from the server even after we have
	shutdown the stream on the client side. These should be discarded
	silently, rather than raising an error in the RPC layer.

	* src/rpc/virnetclient.c: Discard stream data silently

2011-11-16  Daniel P. Berrange  

	Fix handling of stream EOF
	Very occasionally the sequence of events from poll would result
	in getting a HANGUP on its own, instead of a HANGUP+READABLE
	at the same time. In the former case we would send back an error
	event to the client, but never send the empty packet to indicate
	EOF.

2011-11-16  Daniel P. Berrange  

	Allow non-blocking message sending on virNetClient
	Add a new virNetClientSendNonBlock which returns 2 on
	full send, 1 on partial send, 0 on no send, -1 on error

	If a partial send occurs, then a subsequent call to any
	of the virNetClientSend* APIs will finish any outstanding
	I/O.

	TODO: the virNetClientEvent event handler could be used
	to speed up completion of partial sends if an event loop
	is present.

	* src/rpc/virnetsocket.h, src/rpc/virnetsocket.c: Add new
	  virNetSocketHasPendingData() API to test for cached
	  data pending send.
	* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Add new
	  virNetClientSendNonBlock() API to send non-blocking API

2011-11-16  Daniel P. Berrange  

	Refactor code for enabling/disabling I/O callback in remote client
	* src/rpc/virnetclient.c: Add helper for setting I/O callback events

2011-11-16  Daniel P. Berrange  

	Split virNetClientSend into 2 methods
	Stop multiplexing virNetClientSend for two different purposes,
	instead add virNetClientSendWithReply and virNetClientSendNoReply

	* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Replace
	  virNetClientSend with virNetClientSendWithReply and
	  virNetClientSendNoReply
	* src/rpc/virnetclientprogram.c, src/rpc/virnetclientstream.c:
	  Update for new API names

2011-11-16  Daniel P. Berrange  

	Refactor code for passing the buck in the remote client
	Remove some duplication by pulling the code for passing the
	buck out into a helper method

	* src/rpc/virnetclient.c: Introduce virNetClientIOEventLoopPassTheBuck

2011-11-16  Daniel P. Berrange  

	Explicitly track whether the buck is held in remote client
	Instead of inferring whether the buck is held from the waitDispatch
	pointer, use an explicit 'bool haveTheBuck' field

	* src/rpc/virnetclient.c: Explicitly track the buck

2011-11-16  Daniel P. Berrange  

	Remove all linked list handling from remote client event loop
	Directly messing around with the linked list is potentially
	dangerous. Introduce some helper APIs to deal with list
	manipulating the list

	* src/rpc/virnetclient.c: Create linked list handlers

2011-11-16  Eli Qiao  

	util: Add netdev helper functions to private symbols

2011-11-16  Sage Weil  

	qemu/rbd: improve rbd device specification
	This improves the support for qemu rbd devices by adding support for a few
	key features (e.g., authentication) and cleaning up the way in which
	rbd configuration options are passed to qemu.

	An  member of the disk source xml specifies how librbd should
	authenticate. The username attribute is the Ceph/RBD user to authenticate as.
	The usage or uuid attributes specify which secret to use. Usage is an
	arbitrary identifier local to libvirt.

	The old RBD support relied on setting an environment variable to
	communicate information to qemu/librbd.  Instead, pass those options
	explicitly to qemu.  Update the qemu argument parsing and tests
	accordingly.

2011-11-16  Jim Fehlig  

	Fix build with polkit0
	I missed adding libvirt_driver_remote.la to libvirtd_LDADD in
	commit b8adfcc6, which didn't cause a problem in 0.9.6 but
	results in this build error in 0.9.7

	libvirtd-remote.o: In function `remoteDispatchAuthPolkit':
	remote.c:(.text+0x188dd): undefined reference to `virNetServerGetDBusConn'

2011-11-16  Stefan Berger  

	Fix strchr call triggering gcc 4.3 & 4.4 bug
	Replacing the strchr call with two variables through a strstr call.
	Calling strchr with two variables triggers a gcc 4.3/4.4
	bug when used in combination with -Wlogical-op and at least -O1.

	maint: fix build
	include stdint.h to fix the build

2011-11-15  Daniel P. Berrange  

	Remove ifaceSetMac and ifaceGetMac APIs
	The ifaceSetMac and ifaceGetMac APIs duplicate the functionality
	of the virNetDevSetMAC and virNetDevGetMAC APIs, but returning
	errno's instead of raising errors.

	* src/util/interface.c, src/util/interface.h: Remove
	  ifaceSetMac and ifaceGetMac APIs, adjusting callers
	  for new error behaviour

2011-11-15  Daniel P. Berrange  

	Remove ifaceUp, ifaceDown, ifaceCtrl & ifaceIsUp APIs
	The ifaceUp, ifaceDown, ifaceCtrl & ifaceIsUp APIs can be replaced
	with calls to virNetDevSetOnline and virNetDevIsOnline

	* src/util/interface.c, src/util/interface.h: Delete ifaceUp,
	  ifaceDown, ifaceCtrl & ifaceIsUp
	* src/nwfilter/nwfilter_gentech_driver.c, src/util/macvtap.c:
	  Update to use virNetDevSetOnline and virNetDevIsOnline

2011-11-15  Daniel P. Berrange  

	Move LXC veth.c code into shared utility APIs
	Move the virNetDevSetName and virNetDevSetNamespace APIs out
	of LXC's veth.c and into virnetdev.c.

	Move the remaining content of the file to src/util/virnetdevveth.c

	* src/lxc/veth.c: Rename to src/util/virnetdevveth.c
	* src/lxc/veth.h: Rename to src/util/virnetdevveth.h
	* src/util/virnetdev.c, src/util/virnetdev.h: Add
	  virNetDevSetName and virNetDevSetNamespace
	* src/lxc/lxc_container.c, src/lxc/lxc_controller.c,
	  src/lxc/lxc_driver.c: Update include paths

2011-11-15  Daniel P. Berrange  

	Rename the LXC veth management APIs and delete duplicated APIs
	The src/lxc/veth.c file contains APIs for managing veth devices,
	but some of the APIs duplicate stuff from src/util/virnetdev.h.
	Delete thed duplicate APIs and rename the remaining ones to
	follow virNetDevVethXXXX

	* src/lxc/veth.c, src/lxc/veth.h: Rename APIs & delete duplicates
	* src/lxc/lxc_container.c, src/lxc/lxc_controller.c,
	  src/lxc/lxc_driver.c: Update for API renaming

2011-11-15  Daniel P. Berrange  

	Split src/util/network.{c,h} into 5 pieces
	The src/util/network.c file is a dumping ground for many different
	APIs. Split it up into 5 pieces, along functional lines

	 - src/util/virnetdevbandwidth.c: virNetDevBandwidth type & helper APIs
	 - src/util/virnetdevvportprofile.c: virNetDevVPortProfile type & helper APIs
	 - src/util/virsocketaddr.c: virSocketAddr and APIs
	 - src/conf/netdev_bandwidth_conf.c: XML parsing / formatting
	   for virNetDevBandwidth
	 - src/conf/netdev_vport_profile_conf.c: XML parsing / formatting
	   for virNetDevVPortProfile

	* src/util/network.c, src/util/network.h: Split into 5 pieces
	* src/conf/netdev_bandwidth_conf.c, src/conf/netdev_bandwidth_conf.h,
	  src/conf/netdev_vport_profile_conf.c, src/conf/netdev_vport_profile_conf.h,
	  src/util/virnetdevbandwidth.c, src/util/virnetdevbandwidth.h,
	  src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h,
	  src/util/virsocketaddr.c, src/util/virsocketaddr.h: New pieces
	* daemon/libvirtd.h, daemon/remote.c, src/conf/domain_conf.c,
	  src/conf/domain_conf.h, src/conf/network_conf.c,
	  src/conf/network_conf.h, src/conf/nwfilter_conf.h,
	  src/esx/esx_util.h, src/network/bridge_driver.c,
	  src/qemu/qemu_conf.c, src/rpc/virnetsocket.c,
	  src/rpc/virnetsocket.h, src/util/dnsmasq.h, src/util/interface.h,
	  src/util/iptables.h, src/util/macvtap.c, src/util/macvtap.h,
	  src/util/virnetdev.h, src/util/virnetdevtap.c,
	  tools/virsh.c: Update include files

2011-11-15  Daniel P. Berrange  

	Fix error reporting in port profile parsing/formatting APIs
	The virtual port profile parsing/formatting APIs do not
	correctly handle unknown profile type strings/numbers.
	They behave as a no-op, instead of raising an error

	* src/util/network.c, src/util/network.h: Fix error
	  handling of port profile APIs
	* src/conf/domain_conf.c, src/conf/network_conf.c: Update
	  for API changes

2011-11-15  Daniel P. Berrange  

	Rename virVirtualPortProfileParams & APIs
	Rename the virVirtualPortProfileParams struct to be
	virNetDevVPortProfile, and rename the APIs to match
	this prefix.

	* src/util/network.c, src/util/network.h: Rename port profile
	  APIs
	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/conf/network_conf.c, src/conf/network_conf.h,
	  src/network/bridge_driver.c, src/qemu/qemu_hotplug.c,
	  src/util/macvtap.c, src/util/macvtap.h: Update for
	  renamed APIs/structs

2011-11-15  Stefan Berger  

	maint: Add Michael Wood as an author
	Add Michael Wood  as an author.

2011-11-15  Michael Wood  

	PATCH: Fix build without MACVTAP
	Hi

	Commit c31d23a78715f1144c73862c46ab0436de8b5e85 removed the "conn"
	parameter from qemuPhysIfaceConnect(), but it's still used if
	WITH_MACVTAP is false.  Also, it's still mentioned in the comment
	above the function:

	/**
	 * qemuPhysIfaceConnect:
	 * @def: the definition of the VM (needed by 802.1Qbh and audit)
	 * @conn: pointer to virConnect object
	 * @driver: pointer to the qemud_driver
	 * @net: pointer to he VM's interface description with direct device type
	 * @qemuCaps: flags for qemu
	 *
	 * Returns a filedescriptor on success or -1 in case of error.
	 */
	int
	qemuPhysIfaceConnect(virDomainDefPtr def,
	                     struct qemud_driver *driver,
	                     virDomainNetDefPtr net,
	                     virBitmapPtr qemuCaps,
	                     enum virVMOperationType vmop)
	{
	    int rc;
	#if WITH_MACVTAP
	[...]
	#else
	    (void)def;
	    (void)conn;
	    (void)net;
	    (void)qemuCaps;
	    (void)driver;
	    (void)vmop;
	    qemuReportError(VIR_ERR_INTERNAL_ERROR,
	                    "%s", _("No support for macvtap device"));
	    rc = -1;
	#endif
	    return rc;
	}

	--
	Michael Wood 

	From f4fc43b4111a4c099395c55902e497b8965e2b53 Mon Sep 17 00:00:00 2001
	From: Michael Wood 
	Date: Sat, 12 Nov 2011 13:37:53 +0200
	Subject: [PATCH] Fix build without MACVTAP.

2011-11-15  Guido Günther  

	storage: forbid rebuilding existing disk storage pools
	which would blow away all volumes. Honor VIR_STORAGE_POOL_BUILD_OVERWRITE
	to force a rebuild.

	This was caught by libvirt-tck's storage/110-disk-pool.t.

2011-11-12  Eric Blake  

	API: add trivial qemu support for VIR_TYPED_PARAM_STRING
	Qemu will be the first driver to make use of a typed string in the
	next round of additions.  Separate out the trivial addition.

	* src/qemu/qemu_driver.c (qemudSupportsFeature): Advertise feature.
	(qemuDomainGetBlkioParameters, qemuDomainGetMemoryParameters)
	(qemuGetSchedulerParametersFlags, qemudDomainBlockStatsFlags):
	Allow typed strings flag where trivially supported.

2011-11-12  Eric Blake  

	API: remote support for VIR_TYPED_PARAM_STRING
	Send and receive string typed parameters across RPC.  This also
	completes the back-compat mentioned in the previous patch - the
	only time we have an older client talking to a newer server is
	if RPC is in use, so filtering out strings during RPC prevents
	returning an unknown type to the older client.

	* src/remote/remote_protocol.x (remote_typed_param_value): Add
	another union value.
	* daemon/remote.c (remoteDeserializeTypedParameters): Handle
	strings on rpc.
	(remoteSerializeTypedParameters): Likewise; plus filter out
	strings when replying to older clients.  Adjust callers.
	* src/remote/remote_driver.c (remoteFreeTypedParameters)
	(remoteSerializeTypedParameters)
	(remoteDeserializeTypedParameters): Handle strings on rpc.
	* src/rpc/gendispatch.pl: Properly clean up typed arrays.
	* src/remote_protocol-structs: Update.
	Based on an initial patch by Hu Tao, with feedback from
	Daniel P. Berrange.

2011-11-12  Eric Blake  

	API: add VIR_TYPED_PARAM_STRING
	This allows strings to be transported between client and server
	in the context of name-type-value virTypedParameter functions.
	For compatibility,

	    o new clients will not send strings to old servers, based on
	      a feature check
	    o new servers will not send strings to old clients without the
	      flag VIR_TYPED_PARAM_STRING_OKAY; this will be enforced at
	      the RPC layer in the next patch, so that drivers need not
	      worry about it in general.  The one exception is that
	      virDomainGetSchedulerParameters lacks a flags argument, so
	      it must not return a string; drivers that forward that
	      function on to virDomainGetSchedulerParametersFlags will
	      have to pay attention to the flag.
	    o the flag VIR_TYPED_PARAM_STRING_OKAY is set automatically,
	      based on a feature check (so far, no driver implements it),
	      so clients do not have to worry about it

	Future patches can then enable the feature on a per-driver basis.

	This patch also ensures that drivers can blindly strdup() field
	names (previously, a malicious client could stuff 80 non-NUL bytes
	into field and cause a read overrun).

	* src/libvirt_internal.h (VIR_DRV_FEATURE_TYPED_PARAM_STRING): New
	driver feature.
	* src/libvirt.c (virTypedParameterValidateSet)
	(virTypedParameterSanitizeGet): New helper functions.
	(virDomainSetMemoryParameters, virDomainSetBlkioParameters)
	(virDomainSetSchedulerParameters)
	(virDomainSetSchedulerParametersFlags)
	(virDomainGetMemoryParameters, virDomainGetBlkioParameters)
	(virDomainGetSchedulerParameters)
	(virDomainGetSchedulerParametersFlags, virDomainBlockStatsFlags):
	Use them.
	* src/util/util.h (virTypedParameterArrayClear): New helper
	function.
	* src/util/util.c (virTypedParameterArrayClear): Implement it.
	* src/libvirt_private.syms (util.h): Export it.
	Based on an initial patch by Hu Tao, with feedback from
	Daniel P. Berrange.

2011-11-12  Eli Qiao  

	util: fix compile error on debian
	Add virnetdev.h,virnetdevbridge.h,virnetdevtap.h to private symbols,
	since debian linker no longer allows transitive link resolution

2011-11-12  Eric Blake  

	qemu: fix domjobabort regression
	This reverts commit ef1065cf5ac; see also this bug report:
	https://bugzilla.redhat.com/show_bug.cgi?id=751900

	In qemu 0.15.1 and earlier, during migration to file, the
	qemu_savevm_state_begin and qemu_savevm_state_iterate methods
	will both process as much migration data as possible until either

	  1. The file descriptor returns EAGAIN
	  2. The bandwidth rate limit is reached

	If we set the rate limit to ULONG_MAX, test 2 never becomes true. We're
	passing a plain file descriptor to QEMU and POSIX does not support EAGAIN on
	regular files / block devices, so test 1 never becomes true either.

	In the 'virsh save --bypass-cache' case, we pass a pipe instead of a
	regular fd, but using a pipe adds I/O overhead, so always passing a
	pipe just so qemu can see EAGAIN doesn't seem nice.

	The ultimate fix needs to come from qemu - background migration must
	respect asynchronous abort requests, or else periodically return
	control to the main handling loop without an EAGAIN and without
	waiting to hit an insanely large amount of data.  But until a
	version of qemu is fixed to support "unlimited" data rates while
	still allowing cancellation, the best we can do is avoid the
	automatic use of unlimited rates from within libvirt (users can
	still explicitly change the migration rates, if they are aware that
	they are giving up the ability to cancel a job).

	Reverting the lone use of QEMU_DOMAIN_FILE_MIG_BANDWIDTH_MAX is
	the simplest patch; this slows migration back down to a default
	32M/sec cap, but also ensures that the main qemu processing loop
	will still be responsive to cancellation requests.  Hopefully
	upstream qemu will provide us a means of safely using unlimited
	speed, including a runtime probe of that capability.

	* src/qemu/qemu_migration.c (qemuMigrationToFile): Revert attempt
	to use unlimited migration bandwidth when migrating to file.

2011-11-12  Hu Tao  

	fix two bugs in bridge_driver.c
	steps to reproduce:

	1. having a network xml file(named default.xml) like this one:

	
	  default
	  c5322c4c-81d0-4985-a363-ad6389780d89
	  
	  
	  
	    
	      
	    
	  
	

	in /etc/libvirt/qemu/networks/, and mark it as autostart:

	$ ls -l /etc/libvirt/qemu/networks/autostart
	total 0
	lrwxrwxrwx 1 root root 14 Oct 12 14:02 default.xml -> ../default.xml

	2. start libvirtd and the device virbr0 is not automatically up.

	The reason is that the function virNetDevExists is now returns 1 if
	the device exists, comparing to the former one returns 0 if the device
	exists. But with only this fix will cause a segmentation fault(the same
	steps as above)  that is fixed by the second chunk of code.

2011-11-12  Eric Blake  

	build: drop useless dirent.h includes
	* .gnulib: Update to latest, for improved syntax-check.
	* src/lxc/lxc_container.c (includes): Drop unused include.
	* src/network/bridge_driver.c: Likewise.
	* src/node_device/node_device_linux_sysfs.c: Likewise.
	* src/openvz/openvz_driver.c: Likewise.
	* src/qemu/qemu_conf.c: Likewise.
	* src/storage/storage_backend_iscsi.c: Likewise.
	* src/storage/storage_backend_mpath.c: Likewise.
	* src/uml/uml_conf.c: Likewise.
	* src/uml/uml_driver.c: Likewise.

2011-11-12  Eric Blake  

	xenapi: remove unused variable
	  CC     libvirt_driver_xenapi_la-xenapi_driver.lo
	xenapi/xenapi_driver.c: In function 'xenapiDomainGetVcpus':
	xenapi/xenapi_driver.c:1209:21: error: variable 'cpus' set but not used [-Werror=unused-but-set-variable]

	* src/xenapi/xenapi_driver.c (xenapiDomainGetVcpus): Silence
	compiler warning.

2011-11-11  Eric Blake  

	maint: use mailmap, not AUTHORS, for secondary addresses
	* AUTHORS: Move Stefan's second entry...
	* .mailmap: ...here.

2011-11-11  Stefan Berger  

	maint: fix make syntax-check
	Add my 2nd email to the list of AUTHORS to get 'make syntax-check'
	to pass.

2011-11-11  Stefan Berger  

	Remove code instantiating filters on direct interfaces
	Remove the code that instantiates network filters on direct type
	of interfaces. The parser already does not accept it.

2011-11-10  Daniel P. Berrange  

	Disable numactl on ARM architectures too
	* libvirt.spec.in: Disable numactl on ARM

	Add libvirt confdir to files section in mingw32 spec
	* mingw32-libvirt.spec.in: Ensure we own the confdir

2011-11-10  Eric Blake  

	nwfilter: simplify execution of ebiptables scripts
	It's not worth even worrying about a temporary file, unless we
	ever expect the script to exceed maximum command-line argument
	length limits.

	* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesExecCLI):
	Run the commands as an argument to /bin/sh, rather than worrying
	about a temporary file.
	(ebiptablesWriteToTempFile): Delete unused function.

2011-11-10  Eric Blake  

	nwfilter: avoid failure with noexec /tmp
	If /tmp is mounted with the noexec flag (common on security-conscious
	systems), then nwfilter will fail to initialize, because we cannot
	run any temporary script via virRun("/tmp/script"); but we _can_
	use "/bin/sh /tmp/script".  For that matter, using /tmp risks collisions
	with other unrelated programs; we already have /var/run/libvirt as a
	dedicated temporary directory for use by libvirt.

	* src/nwfilter/nwfilter_ebiptables_driver.c
	(ebiptablesWriteToTempFile): Use internal directory, not /tmp;
	drop attempts to make script executable; and detect close error.
	(ebiptablesExecCLI): Switch to virCommand, and invoke the shell to
	read the script, rather than requiring an executable script.

2011-11-10  Daniel P. Berrange  

	Adjust naming of network device bandwidth management APIs
	Rename virBandwidth to virNetDevBandwidth, and virRate to
	virNetDevBandwidthRate.

	* src/util/network.c, src/util/network.h: Rename bandwidth
	  structs and APIs
	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/conf/network_conf.c, src/conf/network_conf.h,
	  src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/qemu/qemu_command.c, src/util/macvtap.c,
	  src/util/macvtap.h, tools/virsh.c: Update for API changes.

2011-11-10  Daniel P. Berrange  

	Santize naming of socket address APIs
	The socket address APIs in src/util/network.h either take the
	form  virSocketAddrXXX, virSocketXXX or virSocketXXXAddr.

	Sanitize this so everything is virSocketAddrXXXX, and ensure
	that the virSocketAddr parameter is always the first one.

	* src/util/network.c, src/util/network.h: Santize socket
	  address API naming
	* src/conf/domain_conf.c, src/conf/network_conf.c,
	  src/conf/nwfilter_conf.c, src/network/bridge_driver.c,
	  src/nwfilter/nwfilter_ebiptables_driver.c,
	  src/nwfilter/nwfilter_learnipaddr.c,
	  src/qemu/qemu_command.c, src/rpc/virnetsocket.c,
	  src/util/dnsmasq.c, src/util/iptables.c,
	  src/util/virnetdev.c, src/vbox/vbox_tmpl.c: Update for
	  API renaming

2011-11-10  Daniel P. Berrange  

	Split bridge.h into three separate files
	Following the renaming of the bridge management APIs, we can now
	split the source file into 3 corresponding pieces

	 * src/util/virnetdev.c: APIs for any type of network interface
	 * src/util/virnetdevbridge.c: APIs for bridge interfaces
	 * src/util/virnetdevtap.c: APIs for TAP interfaces

	* src/util/virnetdev.c, src/util/virnetdev.h,
	  src/util/virnetdevbridge.c, src/util/virnetdevbridge.h,
	  src/util/virnetdevtap.c, src/util/virnetdevtap.h: Copied
	  from bridge.{c,h}
	* src/util/bridge.c, src/util/bridge.h: Split into 3 pieces
	* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/openvz/openvz_driver.c, src/qemu/qemu_command.c,
	  src/qemu/qemu_conf.h, src/uml/uml_conf.c, src/uml/uml_conf.h,
	  src/uml/uml_driver.c: Update #include directives

2011-11-10  Daniel P. Berrange  

	Remove usage of brctl command line tool
	Convert the virNetDevBridgeSetSTP and virNetDevBridgeSetSTPDelay
	to use ioctls instead of spawning brctl.

	Implement the virNetDevBridgeGetSTP and virNetDevBridgeGetSTPDelay
	methods which were declared in the header but never existed

	* src/util/bridge.c: Convert to use bridge ioctls instead of brctl

2011-11-10  Daniel P. Berrange  

	Add an API for retrieving the MAC address of an interface
	* src/util/bridge.c, src/util/bridge.h: Add virNetDevGetMAC

2011-11-10  Daniel P. Berrange  

	Expose MTU management APIs
	The MTU management APIs are useful to other code inside libvirt,
	so should be exposed as non-static APIs.

	* src/util/bridge.c, src/util/bridge.h: Expose virNetDevSetMTU,
	  virNetDevSetMTUFromDevice & virNetDevGetMTU

2011-11-10  Daniel P. Berrange  

	Turn two int parameters into bools in bridge APIs
	* src/util/bridge.c, src/util/bridge.h: s/int/bool/ in
	  virNetDevSetOnline and virNetDevBridgeSetSTP

2011-11-10  Daniel P. Berrange  

	Rename all brXXXX APIs to follow new convention
	The existing brXXX APIs in src/util/bridge.h are renamed to
	follow one of three different conventions

	 - virNetDevXXX       - operations for any type of interface
	 - virNetDevBridgeXXX - operations for bridge interfaces
	 - virNetDevTapXXX    - operations for tap interfaces

	* src/util/bridge.h, src/util/bridge.c: Rename all APIs
	* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/qemu/qemu_command.c, src/uml/uml_conf.c,
	  src/uml/uml_driver.c: Update for API renaming

2011-11-10  Daniel P. Berrange  

	Make all brXXX APIs raise errors, instead of returning errnos
	Currently every caller of the brXXX APIs has to store the returned
	errno value and then raise an error message. This results in
	inconsistent error messages across drivers, additional burden on
	the callers and makes the error reporting inaccurate since it is
	hard to distinguish different scenarios from 1 errno value.

	* src/util/bridge.c: Raise errors instead of returning errnos
	* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/qemu/qemu_command.c, src/uml/uml_conf.c,
	  src/uml/uml_driver.c: Remove error reporting code

2011-11-10  Daniel P. Berrange  

	Remove 'brControl' object
	The bridge management APIs in src/util/bridge.c require a brControl
	object to be passed around. This holds the file descriptor for the
	control socket. This extra object complicates use of the API for
	only a minor efficiency gain, which is in turn entirely offset by
	the need to fork/exec the brctl command for STP configuration.

	This patch removes the 'brControl' object entirely, instead opening
	the control socket & closing it again within the scope of each method.

	The parameter names for the APIs are also made to consistently use
	'brname' for bridge device name, and 'ifname' for an interface
	device name. Finally annotations are added for non-NULL parameters
	and return check validation

	* src/util/bridge.c, src/util/bridge.h: Remove brControl object
	  and update API parameter names & annotations.
	* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/uml/uml_conf.h, src/uml/uml_conf.c, src/uml/uml_driver.c,
	  src/qemu/qemu_command.c, src/qemu/qemu_conf.h,
	  src/qemu/qemu_driver.c: Remove reference to 'brControl' object

2011-11-10  Eric Blake  

	build: fix mingw build of gnulib openpty
	Commit f7bd00c12 pulled in a gnulib module that fails to compile
	on mingw.  Work around it while waiting for an upstream gnulib fix.

	* gnulib/local/lib/pty.in.h (openpty): Provide forward
	declarations of opaque structs not present on mingw.
	* gnulib/local/lib/openpty.c (openpty): Provide stub for mingw.

2011-11-10  Eric Blake  

	build: allow for local gnulib diffs
	Commit f7bd00c12 pulled in a gnulib module that fails to compile
	on mingw.  While it would be nice to pull in a newer version of
	.gnulib that fixes this, it is difficult to backport any .gnulib
	update to older releases.  So, it makes sense to take advantage
	of gnulib-tool's ability to support local diffs, where we can
	apply specific diffs in our use of gnulib without waiting for
	upstream gnulib to pick up those changes, as well as avoiding
	a wholesale .gnulib update.  The existence of local diffs will
	also make it easier to backport fixes against a tarball (as long
	as a tarball and libvirt.git share the same .gnulib commit, then
	the tarball can be patched by applying the same local diffs as
	a post-release libvirt.git commit, without having to rerun an
	entire gnulib-tool bootstrap).

	This patch introduces the framework for supporting local diffs,
	without actually introducing any.

	* bootstrap.conf (local_gl_dir): New variable.
	* autogen.sh (bootstrap_hash): Hash any local diffs, to force a
	re-bootstrap if just diffs change.
	* cfg.mk (_update_required): Likewise.

2011-11-09  Alex Jia  

	lxc: free error object to avoid memory leak
	Detected by Coverity. Leak introduced in commit 9d201a5.

	* src/lxc/lxc_driver.c: Clean up on failure.

2011-11-09  Alex Jia  

	lxc: free 'ttyFDs' array on return from lxcVmStart
	Detected by Coverity. Leak introduced in commit 0f31f7b.

	* src/lxc/lxc_driver.c: Clean up on failure.

2011-11-09  Osier Yang  

	qemu: Fix improper error message for disk detaching
	s/virDomainDeviceTypeToString/virDomainDiskDeviceTypeToString/

	Report by Xu He Jie 

	virsh: Add VSH_OFLAG_EMPTY_OK for attach-disk command
	As the description of removing CDROM media from
	  http://wiki.libvirt.org/page/QEMUSwitchToLibvirt#eject_DEV

	Add flag 'VSH_OFLAG_EMPTY_OK' to the option 'source' of attach-disk

	Then avoid outputting  in the XML if 'source' was empty,
	rather than trusting libvirt domain_conf.c to understand an empty
	string.

2011-11-08  Daniel Veillard  

	Release of libvirt-0.9.7
	* confiure.ac docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: update localizations and rebuilt

2011-11-08  Eric Blake  

	build: fix build on platforms without ptsname_r
	MacOS lacks ptsname_r, and gnulib doesn't (yet) provide it.
	But we can avoid it altogether, by using gnulib openpty()
	instead.  Note that we do _not_ want the pt_chown module;
	gnulib uses it only to implement a replacement openpty() if
	the system lacks both openpty() and granpt(), but all
	systems that we currently port to either have at least one of
	openpty() and/or grantpt(), or lack ptys altogether.  That is,
	we aren't porting to any system that requires us to deal with
	the hassle of installing a setuid pt_chown helper just to use
	gnulib's ability to provide openpty() on obscure platforms.

	* .gnulib: Update to latest, for openpty fixes
	* bootstrap.conf (gnulib_modules): Add openpty, ttyname_r.
	(gnulib_tool_option_extras): Exclude pt_chown module.
	* src/util/util.c (virFileOpenTty): Rewrite in terms of openpty
	and ttyname_r.
	* src/util/util.h (virFileOpenTtyAt): Delete dead prototype.

2011-11-07  Daniel P. Berrange  

	Add missing defaultConsoleTargetType callback for AppArmour
	Every instance of virCapsPtr must have the defaultConsoleTargetType
	field set.

	* src/security/virt-aa-helper.c: Add defaultConsoleTargetType to
	  virCapsPtr

2011-11-07  Daniel P. Berrange  

	Fix sending/receiving of FDs when stream returns EAGAIN
	The code calling sendfd/recvfd was mistakenly assuming those
	calls would never block. They can in fact return EAGAIN and
	this is causing us to drop the client connection when blocking
	ocurrs while sending/receiving FDs.

	Fixing this is a little hairy on the incoming side, since at
	the point where we see the EAGAIN, we already thought we had
	finished receiving all data for the packet. So we play a little
	trick to reset bufferOffset again and go back into polling for
	more data.

	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Update
	  virNetSocketSendFD/RecvFD to return 0 on EAGAIN, or 1
	  on success
	* src/rpc/virnetclient.c: Move decoding of header & fds
	  out of virNetClientCallDispatch and into virNetClientIOHandleInput.
	  Handling blocking when sending/receiving FDs
	* src/rpc/virnetmessage.h: Add a 'donefds' field to track
	  how many FDs we've sent / received
	* src/rpc/virnetserverclient.c: Handling blocking when
	  sending/receiving FDs

2011-11-05  Eric Blake  

	build: silence compiler warning on BSD
	Building on 64-bit FreeBSD 8.2 complained about a cast between
	a pointer and a smaller integer.  Going through an intermediate
	cast shuts up the compiler.

	* src/util/threads-pthread.c (virThreadSelfID): Silence a warning.

2011-11-05  Eric Blake  

	build: fix linking on BSD
	While building on FreeBSD (and after fixing a ptsname_r link error),
	I got this failure:

	./.libs/libvirt_util.a(libvirt_util_la-threads.o)(.text+0x240): In function `virThreadCreate':
	util/threads-pthread.c:185: undefined reference to `pthread_create'

	It turns out that gnulib used only pthread_join for LIB_PTHREAD,
	but on FreeBSD, libc provides that (as a stub function); whereas
	the more complex pthread_create really does require -pthread,
	which gnulib tracked under [LT]LIBMULTITHREAD.

	* configure.ac (LIBS): Check LIBMULTITHREAD alongside LIB_PTHREAD.
	* src/Makefile.am (THREAD_LIBS): New variable.
	(libvirt_util_la_LIBADD, libvirt_lxc_LDADD): Use it.

2011-11-05  Laine Stump  

	remote: fix mingw32 build
	tty is initialized, and later set in code that is compiled for all
	platforms, but is only used in a section that's inside #ifndef WIN32.

2011-11-04  Eric Blake  

	lxc: avoid use-after-free
	I got this weird failure:

	error: Failed to start domain simple
	error: internal error cannot mix caller fds with blocking execution

	and tracked it down to a use-after-free - virCommandSetOutputFD
	was storing the address of a stack-local variable, which then
	went out of scope before the virCommandRun that dereferenced it.

	Bug introduced in commit 451cfd05 (0.9.2).

	* src/lxc/lxc_driver.c (lxcBuildControllerCmd): Move log fd
	registration...
	(lxcVmStart): ...to caller.

2011-11-04  Daniel P. Berrange  

	Fix naming of constant for disk event
	All constants related to events should have a prefix of
	VIR_DOMAIN_EVENT_

	* include/libvirt/libvirt.h.in, src/qemu/qemu_domain.c:
	  Rename VIR_DOMAIN_DISK_CHANGE_MISSING_ON_START to
	  VIR_DOMAIN_EVENT_DISK_CHANGE_MISSING_ON_START

2011-11-04  Jiri Denemark  

	conf: Don't free uninitialized pointer
	This causes libvirtd to crash when both  and  are used in one domain XML. Introduced by
	5fa3d775a9f8cdb3423373eb084219aaf778df11

2011-11-04  Eric Blake  

	build: fix deep VPATH builds
	I ran into the following build failure:
	$ mkdir -p build1 build2/a/very/deep/hierarcy
	$ cd build2/a/very/deep/hierarcy
	$ ../../../../../configure && make
	$ cd ../../../../build1
	$ ../configure && make
	...
	../../src/remote/remote_protocol.c:7:55: fatal error: ../../../../../src/remote/remote_protocol.h: No such file or directory

	Turns out that we were sometimes generating the remote_protocol.c
	file with information from the VPATH build, which is bad, since
	any file shipped in the tarball should be idempotent no matter how
	deep the VPATH build tree that created it.

	* src/rpc/genprotocol.pl: Don't embed VPATH into generated file.

2011-11-04  Philipp Hahn  

	doc: Add  capability.
	Allow /capabilities/guest/features/deviceboot.

2011-11-03  Eric Blake  

	lxc: use common code for process cleanup
	Based on a Coverity report - the return value of waitpid() should
	always be checked, to avoid problems with leaking resources.

	* src/lxc/lxc_controller.c (lxcControllerRun): Use simpler virPidAbort.

2011-11-03  Daniel P. Berrange  

	Fix default console type setting
	The default console type may vary based on the OS type. ie a Xen
	paravirt guests wants a 'xen' console, while a fullvirt guests
	wants a 'serial' console.

	A plain integer default console type in the capabilities does
	not suffice. Instead introduce a callback that is passed the
	OS type.

	* src/conf/capabilities.h: Use a callback for default console
	  type
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Use callback
	  for default console type. Add missing LXC/OpenVZ console types.
	* src/esx/esx_driver.c, src/libxl/libxl_conf.c,
	  src/lxc/lxc_conf.c, src/openvz/openvz_conf.c,
	  src/phyp/phyp_driver.c, src/qemu/qemu_capabilities.c,
	  src/uml/uml_conf.c, src/vbox/vbox_tmpl.c,
	  src/vmware/vmware_conf.c, src/xen/xen_hypervisor.c,
	  src/xenapi/xenapi_driver.c: Set default console type callback

2011-11-03  Daniel P. Berrange  

	Set aliases for LXC/UML console devices
	To allow virDomainOpenConsole to access non-primary consoles,
	device aliases are required to be set. Until now only the QEMU
	driver has done this. Update LXC & UML to set aliases for any
	console devices

	* src/lxc/lxc_driver.c, src/uml/uml_driver.c: Set aliases
	  for console devices

2011-11-03  Daniel P. Berrange  

	Default console target type with no  element
	When no  element was set at all, the default console
	target type was not being honoured

	* src/conf/domain_conf.c: Set default target type for consoles
	  with no 

2011-11-03  Daniel P. Berrange  

	Add support for multiple consoles in LXC
	Currently the LXC controller only supports setup of a single
	text console. This is wired up to the container init's stdio,
	as well as /dev/console and /dev/tty1. Extending support for
	multiple consoles, means wiring up additional PTYs to /dev/tty2,
	/dev/tty3, etc, etc. The LXC controller is passed multiple open
	file handles, one for each console requested.

	* src/lxc/lxc_container.c, src/lxc/lxc_container.h: Wire up
	  all the /dev/ttyN links required to symlink to /dev/pts/NN
	* src/lxc/lxc_container.h: Open more container side /dev/pts/NN
	  devices, and adapt event loop to handle I/O from all consoles
	* src/lxc/lxc_driver.c: Setup multiple host side PTYs

2011-11-03  Daniel P. Berrange  

	Rewrite LXC I/O forwarding to use main event loop
	The current I/O code for LXC uses a hand crafted event loop
	to forward I/O between the container & host app, based on
	epoll to handle EOF on PTYs. This event loop is not easily
	extensible to add more consoles, or monitor other types of
	file descriptors.

	Remove the custom event loop and replace it with a normal
	libvirt event loop. When detecting EOF on a PTY, disable
	the event watch on that FD, and fork off a background thread
	that does a edge-triggered epoll() on the FD. When the FD
	finally shows new incoming data, the thread re-enables the
	watch on the FD and exits.

	When getting EOF from a read() on the PTY, the existing code
	would do waitpid(WNOHANG) to see if the container had exited.
	Unfortunately there is a race condition, because even though
	the process has closed its stdio handles, it might still
	exist.

	To deal with this the new event loop uses a SIG_CHILD handler
	to perform the waitpid only when the container is known to
	have actually exited.

	* src/lxc/lxc_controller.c: Rewrite the event loop to use
	  the standard APIs.

2011-11-03  Daniel P. Berrange  

	Fix crash formatting virtio console
	qemuBuildVirtioSerialPortDevStr was mistakenly accessing the
	target.name field in the virDomainChrDef object for chardevs
	belonging to a console. Those chardevs only have port set,
	and if there's > 1 console, the > 1port number results in
	trying to access a target.name with address 0x1

	* src/qemu/qemu_command.c: Fix target.name handling and
	  make code more robust wrt error reporting

	* src/qemu/qemu_command.c: Conditionally access target.name

2011-11-03  Daniel P. Berrange  

	Allow multiple consoles per virtual guest
	While Xen only has a single paravirt console, UML, and
	QEMU both support multiple paravirt consoles. The LXC
	driver can also be trivially made to support multiple
	consoles. This patch extends the XML to allow multiple
	 elements in the XML. It also makes the UML
	and QEMU drivers support this config.

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Allow
	  multiple  devices
	* src/lxc/lxc_driver.c, src/xen/xen_driver.c,
	  src/xenxs/xen_sxpr.c, src/xenxs/xen_xm.c: Update for
	  internal API changes
	* src/security/security_selinux.c, src/security/virt-aa-helper.c:
	  Only label consoles that aren't a copy of the serial device
	* src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
	  src/qemu/qemu_process.c, src/uml/uml_conf.c,
	  src/uml/uml_driver.c: Support multiple console devices
	* tests/qemuxml2xmltest.c, tests/qemuxml2argvtest.c: Extra
	  tests for multiple virtio consoles. Set QEMU_CAPS_CHARDEV
	  for all console /channel tests
	* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-auto.args,
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args
	  tests/qemuxml2argvdata/qemuxml2argv-console-virtio.args: Update
	  for correct chardev syntax
	* tests/qemuxml2argvdata/qemuxml2argv-console-virtio-many.args,
	  tests/qemuxml2argvdata/qemuxml2argv-console-virtio-many.xml: New
	  test file

2011-11-03  Daniel P. Berrange  

	Remove translations in socket test case
	The test case errors should not be translated since they're only
	targetted at developers, not users.

	* tests/virnetsockettest.c: Remove error reporting with translations

2011-11-03  Guido Günther  

	virnetsockettest: Use a temporary directory in /tmp
	to avoid exceeding UNIX_PATH_MAX

	Use ENAMETOOLONG if the the socket path is longer than UNIX_PATH_MAX

2011-11-03  Eric Blake  

	xen: allow getting < max typed parameters
	Allow the user to call with nparams too small, per API documentation.

	* src/xen/xen_hypervisor.c (xenHypervisorGetSchedulerParameters):
	Allow fewer than max.
	* src/xen/xend_internal.c (xenDaemonGetSchedulerParameters):
	Likewise.

2011-11-03  Eric Blake  

	test: drop redundant check
	libvirt.c guarantees that nparams is non-zero for scheduler parameters.

	* src/test/test_driver.c (testDomainGetSchedulerParamsFlags): Drop
	redundant check.  Avoid strcpy.

2011-11-03  Eric Blake  

	lxc: allow getting < max typed parameters
	Allow the user to call with nparams too small, per API documentation.
	Also, libvirt.c filters out nparams of 0 for scheduler parameters.

	* src/lxc/lxc_driver.c (lxcDomainGetMemoryParameters): Allow fewer
	than max.
	(lxcGetSchedulerParametersFlags): Drop redundant check.

2011-11-03  Eric Blake  

	libxl: allow getting < max typed parameters
	Allow the user to call with nparams too small, per API documentation.

	* src/libxl/libxl_driver.c
	(libxlDomainGetSchedulerParametersFlags): Allow fewer than max.

2011-11-03  Eric Blake  

	esx: allow getting < max typed parameters
	Allow the user to call with nparams too small, per API documentation.

	* src/esx/esx_driver.c (esxDomainGetMemoryParameters): Drop
	redundant check.
	(esxDomainGetSchedulerParametersFlags): Allow fewer than max.

2011-11-03  Eric Blake  

	API: document scheduler parameter names
	Document the parameter names that will be used by
	virDomain{Get,Set}SchedulerParameters{,Flags}, rather than
	hard-coding those names in each driver, to match what is
	done with memory, blkio, and blockstats parameters.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SCHEDULER_CPU_SHARES)
	(VIR_DOMAIN_SCHEDULER_VCPU_PERIOD)
	(VIR_DOMAIN_SCHEDULER_VCPU_QUOTA, VIR_DOMAIN_SCHEDULER_WEIGHT)
	(VIR_DOMAIN_SCHEDULER_CAP, VIR_DOMAIN_SCHEDULER_RESERVATION)
	(VIR_DOMAIN_SCHEDULER_LIMIT, VIR_DOMAIN_SCHEDULER_SHARES): New
	field name macros.
	* src/qemu/qemu_driver.c (qemuSetSchedulerParametersFlags)
	(qemuGetSchedulerParametersFlags): Use new defines.
	* src/test/test_driver.c (testDomainGetSchedulerParamsFlags)
	(testDomainSetSchedulerParamsFlags): Likewise.
	* src/xen/xen_hypervisor.c (xenHypervisorGetSchedulerParameters)
	(xenHypervisorSetSchedulerParameters): Likewise.
	* src/xen/xend_internal.c (xenDaemonGetSchedulerParameters)
	(xenDaemonSetSchedulerParameters): Likewise.
	* src/lxc/lxc_driver.c (lxcSetSchedulerParametersFlags)
	(lxcGetSchedulerParametersFlags): Likewise.
	* src/esx/esx_driver.c (esxDomainGetSchedulerParametersFlags)
	(esxDomainSetSchedulerParametersFlags): Likewise.
	* src/libxl/libxl_driver.c (libxlDomainGetSchedulerParametersFlags)
	(libxlDomainSetSchedulerParametersFlags): Likewise.

2011-11-02  Daniel P. Berrange  

	Fix off-by-one printing month in logging code
	The field 'mon' in 'struct tm' gives months 0-11, where as
	humans tend to expect months 1-12. Thus the month number
	needing adjusting by 1

	* src/util/logging.c: Use human friendly month number

2011-11-02  Daniel P. Berrange  

	Add missing param initialization in qemuDomainBlockStatsFlags
	* src/qemu/qemu_driver.c: Fix use of uninitialized 'params'

2011-11-02  Wen Congyang  

	fix crash when starting network
	commit 27908453 introduces a regression, and it will
	cause libvirt crashed when starting network.

	The reason is that tapfd may be NULL, but we dereference
	it without checking whether it is NULL.

2011-11-02  Eric Blake  

	qemu: allow getting < max typed parameters
	Since all virTypedParameter APIs allow us to return the number
	of slots we actually populated, we should allow the user to
	call with nparams too small (without overrunning their array)
	or too large (ignoring the tail of the array that we can't fill),
	rather than requiring that they get things exactly right.

	Making this change will make it easier for a future patch to
	introduce VIR_TYPED_PARAM_STRING, with filtering in libvirt.c
	rather than in every single driver, since users already have
	to be prepared for *nparams to be smaller on exit than on entry.

	* src/qemu/qemu_driver.c (qemuDomainGetBlkioParameters)
	(qemuDomainGetMemoryParameters): Allow variable nparams on entry.
	(qemuGetSchedulerParametersFlags): Drop redundant check.
	(qemudDomainBlockStats, qemudDomainBlockStatsFlags): Rename...
	(qemuDomainBlockStats, qemuDomainBlockStatsFlags): ...to this.
	Don't return unavailable stats.

2011-11-02  Eric Blake  

	docs: improve typed parameter documentation
	virDomainBlockStatsFlags was missing a check that was present in
	virDomainGetMemoryParameters.  Additionally, I found that the
	existing descriptions were a bit hard to read.  A later patch
	will fix qemu to return fewer than max parameters if @nparams
	was too small on input.

	* src/libvirt.c (virDomainGetMemoryParameters)
	(virDomainGetBlkioParameters, virDomainGetSchedulerParameters)
	(virDomainGetSchedulerParametersFlags):
	Tweak documentation wording.
	(virDomainBlockStatsFlags): Likewise, and add sanity check.

2011-11-02  Daniel P. Berrange  

	Don't overwrite error message during VM cleanup
	If an LXC VM fails to start, quite a few cleanup paths will
	result in the original error message being overwritten. Some
	other cleanup paths also forgot to actually terminate the VM.

	* src/lxc/lxc_driver.c: Ensure VM is terminated on startup
	  failure and preserve original error

2011-11-02  Daniel P. Berrange  

	Add support for probing filesystem with libblkid
	The LXC code for mounting container filesystems from block devices
	tries all filesystems in /etc/filesystems and possibly those in
	/proc/filesystems. The regular mount binary, however, first tries
	using libblkid to detect the format. Add support for doing the same
	in libvirt, since Fedora's /etc/filesystems is missing many formats,
	most notably ext4 which is the default filesystem Fedora uses!

	* src/Makefile.am: Link libvirt_lxc to libblkid
	* src/lxc/lxc_container.c: Probe filesystem format with libblkid

2011-11-02  Daniel P. Berrange  

	Fix error message when failing to detect filesystem
	If we looped through /etc/filesystems trying to mount with each
	type and failed all options, we forget to actually raise an
	error message.

	* src/lxc/lxc_container.c: Raise error if unable to detect
	  the filesystems. Also fix existing error message

2011-11-02  Daniel P. Berrange  

	Workaround for broken kernel autofs mounts
	The kernel automounter is mostly broken wrt to containers. Most
	notably if you start a new filesystem namespace and then attempt
	to unmount any autofs filesystem, it will typically fail with a
	weird error message like

	  Failed to unmount '/.oldroot/sys/kernel/security':Too many levels of symbolic links

	Attempting to detach the autofs mount using umount2(MNT_DETACH)
	will also fail with the same error. Therefore if we get any error on
	unmount()ing a filesystem from the old root FS when starting a
	container, we must immediately break out and detach the entire
	old root filesystem (ignoring any mounts below it).

	This has the effect of making the old root filesystem inaccessible
	to anything inside the container, but at the cost that the mounts
	live on in the kernel until the container exits. Given that SystemD
	uses autofs by default, we need LXC to be robust this scenario and
	thus this tradeoff is worthwhile.

	* src/lxc/lxc_container.c: Detach root filesystem if any umount
	  operation fails.

2011-11-02  Daniel P. Berrange  

	Correctly handle '*' in /etc/filesystems
	The /etc/filesystems file can contain a '*' on the last line to
	indicate that /proc/filessystems should be tried next. We have
	a check that this '*' only occurs on the last line. Unfortunately
	when we then start reading /proc/filesystems, we mistakenly think
	we've seen '*' in /proc/filesystems and fail

	* src/lxc/lxc_container.c: Skip '*' validation when we're reading
	  /proc/filesystems

2011-11-02  Daniel P. Berrange  

	Ensure errno is valid when returning from lxcContainerWaitForContinue
	Only some of the return paths of lxcContainerWaitForContinue will
	have set errno. In other paths we need to set it manually to avoid
	the caller getting a random stale errno value

	* src/lxc/lxc_container.c: Set errno in lxcContainerWaitForContinue

2011-11-02  Daniel P. Berrange  

	Create /var/lib/libvirt/filesystems for LXC trees
	We already have a /var/lib/libvirt/images for OS install images.
	We need a separate /var/lib/libvirt/filesystems for OS install
	trees, since SELinux labelling will be different

	* libvirt.spec.in: Add /var/lib/libvirt/filesystems
	* src/Makefile.am: Create /var/lib/libvirt/filesystems

2011-11-02  Matthias Bolte  

	esx: Support folders in the path of vpx:// connection URIs
	Allow the datacenter and compute resource parts of the path
	to be prefixed with folders. Therefore, the way the path is
	parsed has changed. Before, it was split in 2 or 3 items and
	the items' meanings were determined by their positions. Now
	the path can have 2 or more items and the the vCenter server
	is asked whether a folder, datacenter of compute resource
	with the specified name exists at the current hierarchy level.

	Before the datacenter and compute resource lookup automatically
	traversed folders during lookup. This is logic got removed
	and folders have to be specified explicitly.

	The proper datacenter path including folders is now used when
	accessing a datastore over HTTPS. This makes virsh dumpxml
	and define work for datacenters in folders.

	https://bugzilla.redhat.com/show_bug.cgi?id=732676

2011-11-02  Patrice LACHANCE  

	esx: Support vSphere 5.x
	And virtual hardware version 8.

2011-11-02  Wen Ruo Lv  

	Fix URI alias prefix matching
	with /etc/libvirt/libvirt.conf below:
	uri_aliases = [
	  "hail=qemu:///system",
	  "sleet=qemu+ssh://root 9 115 122 57/system",
	  "sam=qemu+unix:///system?socket=/var/run/libvirt/libvirt-sock",
	]
	Neither "virsh -c hailly" nor "hai" should result in matching "hail=qemu:///system"

	Fix URI alias prefix matching when connecting

2011-11-02  Eric Blake  

	docs: fix typo in / example
	* docs/formatdomain.html.in: Use dev, not def.
	Reported by Alexander Biryukov.

2011-11-01  Michal Privoznik  

	ServerClient: Flush cached data
	If daemon is using SASL it reads client data into a cache. This cache is
	big (usually 65KB) and can thus contain 2 or more messages. However,
	on socket event we can dispatch only one message. So if we read two
	messages at once, the second will not be dispatched as the socket event
	goes away with filling the cache.
	Moreover, when dispatching the cache we need to remember to take care
	of client max requests limit.

2011-11-01  Daniel P. Berrange  

	Fix storage pool source comparison to avoid comparing with self
	If we are comparing storage pools we must skip comparing with
	ourself, so that re-defining an existing pool works

	* conf/storage_conf.c: Skip self when comparing

2011-11-01  Sage Weil  

	qemu: pass virConnectPtr into Domain{Attach,Detach}*
	The qemu RBD driver needs access to the conn in order to get the secret
	needed for connecting to the ceph cluster.

2011-11-01  Alex Jia  

	qemu: plug memory leak
	Detected by Coverity. Leak introduced in commit 6cabc0b.

	* src/qemu/qemu_command.c: Clean up on failure.

2011-11-01  Matthias Bolte  

	python: Fix documentation of virStream recv
	This was fixed in be757a3f7baf93b for libvirt.c.

2011-10-31  Michal Privoznik  

	startupPolicty: Minor cleanups
	This patch does some cleanups to my previous startupPolicy patchset.

2011-10-30  Osier Yang  

	qemu: Restore the original states of PCI device when restarting daemon
	To support "managed" mode of host PCI device, we record the original
	states (unbind_from_stub, remove_slot, and reprobe) so that could
	reattach the device to host with original driver. But there is no XML
	for theses attrs, and thus after daemon is restarted, we lose the
	original states. It's easy to reproduce:

	    1) virsh start domain
	    2) virsh attach-device dom hostpci.xml (in 'managed' mode)
	    3) service libvirtd restart
	    4) virsh destroy domain

	    You will see the device won't be bound to the original driver
	if there was one.

	This patch is to solve the problem by introducing internal XML
	(won't be dumped to user, only dumped to status XML). The XML is:
	    
	      
	      
	      
	    

	Which will be child node of ....
	(only for PCI device).

	A new struct "virDomainHostdevOrigStates" is introduced for the XML,
	and the according members are updated when preparing the PCI device.
	And function "qemuUpdateActivePciHostdevs" is modified to honor
	the original states. Use of qemuGetPciHostDeviceList is removed
	in function "qemuUpdateActivePciHostdevs", and the "managed" value of
	the device config is honored by the change. This fixes another problem
	alongside:

	    qemuGetPciHostDeviceList set the device as "managed" force
	    regardless of whether the device is configured as "managed='yes'"
	    or not in XML, which is not right.

2011-10-30  Matthias Bolte  

	vbox: Add support for VirtualBox 4.1
	Deal with the incompatible changes in the VirtualBox 4.1 API.

	INetworkAdapter has its different AttachTo* method replaced by
	a settable attachmentType property.

	The maximum number of network adapters is now requestable per
	chipset type.

	The OpenMedium method got a bool parameter to request opening
	a medium under a new IID.

2011-10-30  Matthias Bolte  

	vbox: Support shared folders
	Shared folders are handled as filesystems and can also be hotplugged.

2011-10-30  Matthias Bolte  

	xenapi: Improve error reporting in xenapiOpen once again
	privP->session->error_description is a list and in order to get the
	complete error message all parts of the list should be concatenated.
	xenapiSessionErrorHandler does this when its third parameter is NULL.
	The current code discards all but the first part of the error message
	resulting in a potentially incomplete error message.

	This partly reverts 006be75ee214f9b4, that tried to avoid reporting
	a (null) in the error message. The actual problem is more general in
	returnErrorFromSession that might return NULL if there is no error.

	Make sure that returnErrorFromSession return non-NULL always. Also
	don't skip the last error message part.

2011-10-29  Roopa Prabhu  

	macvtap: Fix error return value convention/inconsistencies
	- changed some return 1's to return -1
	- changed if (rc) error checks to if (rc < 0)
	- fixed some other minor convention violations

	I might have missed some. Can fix in another patch or can respin

	Reported-by: Eric Blake 
	Reported-by: Laine Stump 

2011-10-29  Josh Durgin  

	Use a common xml type for ceph secret usage.
	The types used in domaincommon.rng and secret.rng should be the same.

	Move genericName to basictypes.rng, then drop redundant types now
	that secret.rng uses basictypes.rng.

2011-10-29  Xu He Jie  

	pci address conflict when virtio disk with drive type
	When using the xml as below:
	------------------------------------------------------
	
	  /home/soulxu/data/work-code/qemu-kvm/x86_64-softmmu/qemu-system-x86_64
	    
	    
	    
	    
	    
    
	  
	  
	  
	  
    
	  
	  
	    
    
	  
	
	------------------------------------------------------

	Then can't startup qemu, the error message as below:
	virsh # start test-vm
	error: Failed to start domain test-vm
	error: internal error process exited while connecting to monitor: qemu-system-x86_64: -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3: PCI: slot 3 function 0 not available for virtio-balloon-pci, in use by virtio-blk-pci
	qemu-system-x86_64: -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3: Device 'virtio-balloon-pci' could not be initialized

	So adding check for bus type and address type. Only the address of pci type support by virtio bus.

2011-10-29  Eric Blake  

	secret: fix bad patch application
	In hand-applying Josh and Sage's patch, I missed out on a break.

	* src/conf/secret_conf.c (virSecretDefFree): Fix my botch.

2011-10-29  Josh Durgin  

	storage: add auth to virDomainDiskDef
	Add additional fields to let you specify the how to authenticate with a disk.
	The secret to use may be referenced by a usage string or a UUID, i.e.:

	
	 
	

	or

	
	 
	

2011-10-29  Sage Weil  

	secret: add Ceph secret type
	Add a new secret type to store a Ceph authentication key. The name
	is simply an identifier for easy human reference.

	The xml looks like this:

	
	 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f
	 
	   mycluster_admin
	 
	

2011-10-29  Alex Jia  

	qemu: plug memory leak
	Leak introduced in commit c1bc3d89.
	Detected by valgrind:

	==18462== 1,100 bytes in 1 blocks are definitely lost in loss record 183 of 184
	==18462==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==18462==    by 0x4A06167: realloc (vg_replace_malloc.c:525)
	==18462==    by 0x4AADBB: virReallocN (memory.c:161)
	==18462==    by 0x4A975E: virBufferGrow (buf.c:117)
	==18462==    by 0x4A9D92: virBufferVasprintf (buf.c:290)
	==18462==    by 0x4A9EF7: virBufferAsprintf (buf.c:263)
	==18462==    by 0x429488: qemuBuildControllerDevStr (qemu_command.c:1993)
	==18462==    by 0x42C4B6: qemuBuildCommandLine (qemu_command.c:3803)
	==18462==    by 0x41A604: testCompareXMLToArgvHelper (qemuxml2argvtest.c:124)
	==18462==    by 0x41BB81: virtTestRun (testutils.c:141)
	==18462==    by 0x416DFF: mymain (qemuxml2argvtest.c:369)
	==18462==    by 0x41B277: virtTestMain (testutils.c:696)
	==18462==
	==18462== LEAK SUMMARY:
	==18462==    definitely lost: 1,100 bytes in 1 blocks
	==18462==    indirectly lost: 0 bytes in 0 blocks

	* src/qemu/qemu_command.c (qemuBuildCommandLine): Clean up on success.

2011-10-28  Eric Blake  

	qemu: avoid leaking uninit data from hotplug to dumpxml
	Detected by Coverity.  The fix in 2c27dfa didn't catch all bad
	instances of memcpy().  Thankfully, on further analysis, all of
	the problematic uses are only triggered by old qemu that lacks
	-device.

	* src/qemu/qemu_hotplug.c (qemuDomainAttachPciDiskDevice)
	(qemuDomainAttachNetDevice, qemuDomainAttachHostPciDevice): Init
	all fields since monitor only populates some of them.

2011-10-28  Ryota Ozaki  

	util: Fix virUUIDGeneratePseudoRandomBytes
	It forgets to move a pointer to a buffer for UUID and as a result
	fills only the first byte of the buffer.

2011-10-28  Daniel P. Berrange  

	Implement RPC driver support for virDomainOpenGraphics
	Since it needs to access file descriptors passed in the msg,
	the RPC driver for virDomainOpenGraphics needs to be manually
	implemented.

	* daemon/remote.c: RPC server dispatcher
	* src/remote/remote_driver.c: RPC client dispatcher
	* src/remote/remote_protocol.x: Define protocol

2011-10-28  Daniel P. Berrange  

	Extend RPC server to allow FD passing
	The RPC server classes are extended to allow FDs to be received
	from clients with calls. There is not currently any way for a
	procedure to pass FDs back to the client with replies

	* daemon/remote.c, src/rpc/gendispatch.pl: Change virNetMessageHeaderPtr
	  param to virNetMessagePtr in dispatcher impls
	* src/rpc/virnetserver.c, src/rpc/virnetserverclient.c,
	  src/rpc/virnetserverprogram.c, src/rpc/virnetserverprogram.h:
	  Extend to support FD passing

2011-10-28  Daniel P. Berrange  

	Add client side support for FD passing
	Extend the RPC client code to allow file descriptors to be sent
	to the server with calls, and received back with replies.

	* src/remote/remote_driver.c: Stub extra args
	* src/libvirt_private.syms, src/rpc/virnetclient.c,
	  src/rpc/virnetclient.h, src/rpc/virnetclientprogram.c,
	  src/rpc/virnetclientprogram.h: Extend APIs to allow
	  FD passing

2011-10-28  Daniel P. Berrange  

	Extend RPC protocol to allow FD passing
	Define two new RPC message types VIR_NET_CALL_WITH_FDS and
	VIR_NET_REPLY_WITH_FDS. These message types are equivalent
	to VIR_NET_CALL and VIR_NET_REPLY, except that between the
	message header, and payload there is a 32-bit integer field
	specifying how many file descriptors have been passed.

	The actual file descriptors are sent/recv'd out of band.

	* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h,
	  src/libvirt_private.syms: Add support for handling
	  passed file descriptors
	* src/rpc/virnetprotocol.x: Extend protocol for FD
	  passing

2011-10-28  Daniel P. Berrange  

	Add APIs for virNetSocket for sending/receiving file descriptors
	Add APIs to the virNetSocket object, to allow file descriptors
	to be sent/received over UNIX domain socket connections

	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h,
	  src/libvirt_private.syms: Add APIs for FD send/recv

2011-10-28  Daniel P. Berrange  

	Wire up QEMU implementation for virDomainOpenGraphics
	The QEMU monitor command 'add_client' can be used to connect to
	a VNC or SPICE graphics display. This allows for implementation
	of the virDomainOpenGraphics API

	* src/qemu/qemu_driver.c: Implement virDomainOpenGraphics
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Add binding for 'add_client' command

2011-10-28  Daniel P. Berrange  

	Extend graphics event to include UNIX socket
	Not all VNC/SPICE servers use a TCP socket for their connections.
	It is possible to configure a UNIX socket server. The graphics
	event must thus include a UNIX socket address type.

	* include/libvirt/libvirt.h.in: Add UNIX socket address type
	  for graphics event
	* src/qemu/qemu_monitor_json.c: Add 'unix' string to address
	  type enum

2011-10-28  Daniel P. Berrange  

	Introduce the virDomainOpenGraphics API
	The virDomainOpenGraphics API allows a libvirt client to pass in
	a file descriptor for an open socket pair, and get it connected
	to the graphics display of the guest. This is limited to working
	with local libvirt hypervisors connected over a UNIX domain
	socket, since it will use UNIX FD passing

	* include/libvirt/libvirt.h.in: Define virDomainOpenGraphics
	* src/driver.h: Define driver for virDomainOpenGraphics
	* src/libvirt_public.syms, src/libvirt.c: Entry point for
	  virDomainOpenGraphics
	* src/libvirt_internal.h: VIR_DRV_FEATURE_FD_PASSING

2011-10-28  Daniel P. Berrange  

	Remove trailing whitespace from all xfig files
	The 5th line of every xfig file has 'Letter   ' which
	annoys GITs trailing-whitespace commit hook. Hand edit
	the files to remove that trailing whitespace

	* docs/*.fig: Remove trailing whitespace

2011-10-28  Daniel P. Berrange  

	Add documentation about migration.
	This adds a page documenting many aspects of migration:

	 - The types of migration (managed direct, p2p, unmanaged direct)
	 - Data transports (native, tunnelled)
	 - Migration URIs
	 - Config file handling
	 - Example scenarios

	* libvirt.css: Rules for data tables and diagrams
	* Makefile.am: Include extra png/fig files
	* migration-managed-direct.fig, migration-managed-direct.png,
	  migration-managed-direct.png, migration-managed-p2p.png,
	  migration-native.fig, migration-native.png,
	  migration-tunnel.fig, migration-tunnel.png,
	  migration-unmanaged-direct.fig, migration-unmanaged-direct.png:
	  Diagrams of migration
	* migration.html.in, sitemap.html.in: New migration doc

2011-10-28  Ryota Ozaki  

	virsh: Fix error message on vol-create-from failure
	If vol-create-from is failed due to 'input volume not found',
	virsh outputs like this:
	  $ sudo virsh vol-create-from testpool test-vol.xml test.img
	  error: failed to get vol 'test.img', specifying --pool might help
	  error: Storage volume not found: no storage vol with matching path
	However, '--pool' is incorrect because it is already specified as
	second argument ('testpool' in this case). It should be "--inputpool".

	The patch fixes this by using pooloptname, which will be "inputpool"
	in this case and "pool" in other cases, as error message.

2011-10-28  Tyler Coumbes  

	bridge: modify for use when sVirt is enabled with qemu
	This refactors the TAP creation code out of brAddTap into a new
	function brCreateTap to allow it to be used on its own. I have also
	changed ifSetInterfaceMac to brSetInterfaceMac and exported it since
	it is will be needed by code outside of util/bridge.c in the next
	patch.

	 AUTHORS                 |    1 +
	 src/libvirt_bridge.syms |    2 +
	 src/util/bridge.c       |  116 +++++++++++++++++++++++++++++++----------------
	 src/util/bridge.h       |    9 ++++
	 4 files changed, 89 insertions(+), 39 deletions(-)

2011-10-28  Jiri Denemark  

	Use virXMLSaveFile when writing XML config

	Introduce virXMLSaveFile as a wrapper for virFileRewrite
	Every time we write XML into a file we call virEmitXMLWarning to write a
	warning that the file is automatically generated. virXMLSaveFile
	simplifies this into a single step and makes rewriting existing XML file
	safe by using virFileRewrite internally.

	Introduce virFileRewrite for safe file rewrite
	When saving config files we just overwrite old content of the file. In
	case something fails during that process (e.g. disk gets full) we lose
	both old and new content. This patch makes the process more robust by
	writing the new content into a separate file and only if that succeeds
	the original file is atomically replaced with the new one.

2011-10-27  Daniel P. Berrange  

	Add a systemtap script for watching QEMU monitor interactions
	This change adds some systemtap/dtrace probes to the QEMU monitor
	client code. In particular it allows watching of all operations
	for a VM

	* examples/systemtap/qemu-monitor.stp: Watch all monitor commands
	* src/Makefile.am: Passing libdir/bindir/sbindir to dtrace2systemtap.pl
	* src/dtrace2systemtap.pl: Accept libdir/bindir/sbindir as args
	  and look for '# binary:' comment to mark probes against libvirtd
	  vs libvirt.so
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor_json.c,
	  src/qemu/qemu_monitor_text.c: Add probes for key functions

2011-10-27  Peter Krempa  

	lxc: Revert zeroing count of allocated items if VIR_REALLOC_N fails
	Previous commit clears number of items alocated in lxcSetupLoopDevices
	if VIR_REALLOC_N fails. In that case, the pointer is not NULL, and
	causes leaking FDs that have been allocated.

	 *  src/lxc/lxc_controller.c: revert zeroing array size

2011-10-27  Daniel P. Berrange  

	Fix typo in virFileAccessibleAs
	* src/util/util.c: s/git_t/gid_t/ in parameter list of virFileAccessibleAs

2011-10-27  Alex Jia  

	lxc: avoid null deref on lxcSetupLoopDevices failure
	If the function lxcSetupLoopDevices(def, &nloopDevs, &loopDevs) failed,
	the variable loopDevs will keep a initial NULL value, however, the
	function VIR_FORCE_CLOSE(loopDevs[i]) will directly deref it.

	This patch also fixes returning a bogous number of devices from
	lxcSetupLoopDevices on an error path.

	* rc/lxc/lxc_controller.c: fixed a null pointer dereference.

2011-10-27  Alex Jia  

	lxc: avoid missing '{' in the function
	Cppcheck detected a syntaxError on lxcDomainInterfaceStats.

	* src/lxc/lxc_driver.c: fixed missing '{' in the function lxcDomainInterfaceStats.

2011-10-27  Eric Blake  

	qemu: simplify use of HAVE_YAJL
	Rather than making all clients of monitor commands that are JSON-only
	check whether yajl support was compiled in, it is simpler to just
	avoid setting the capability bit up front if we can't use the capability.

	* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags): Only set
	capability bit if we also have yajl library to use it.
	* src/qemu/qemu_driver.c (qemuDomainReboot): Drop #ifdefs.
	* src/qemu/qemu_process.c (qemuProcessStart): Likewise.
	* tests/qemuhelptest.c (testHelpStrParsing): Pass test even
	without yajl.
	* tests/qemuxml2argvtest.c (mymain): Simplify use of json flag.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-*.args:
	Update expected results to match.

2011-10-27  Eric Blake  

	snapshot: minor cleanups from reviewing indentation
	Break some long lines, and use more efficient functions when possible,
	such as relying on virBufferEscapeString to skip output on a NULL arg.
	Ensure that output does not embed newlines, since auto-indent won't
	work in those situations.

	* src/conf/domain_conf.c (virDomainTimerDefFormat): Break output lines.
	(virDomainDefFormatInternal, virDomainDiskDefFormat)
	(virDomainActualNetDefFormat, virDomainNetDefFormat)
	(virDomainHostdevDefFormat): Minor cleanups.

2011-10-27  Eric Blake  

	snapshot: simplify indentation of disk encryption xml
	Use auto-indent in more places.

	* src/conf/storage_encryption_conf.h (virStorageEncryptionFormat):
	Drop parameter.
	* src/conf/storage_encryption_conf.c (virStorageEncryptionFormat)
	(virStorageEncryptionSecretFormat): Simplify with auto-indent.
	* src/conf/domain_conf.c (virDomainDiskDefFormat): Adjust caller.
	* src/conf/storage_conf.c (virStorageVolTargetDefFormat): Likewise.

2011-10-27  Eric Blake  

	snapshot: simplify indentation of nwfilter
	Fixing this involved some refactoring of common code out of
	domain_conf and nwfilter_conf into nwfilter_params.

	* src/conf/nwfilter_params.h (virNWFilterFormatParamAttributes):
	Adjust signature.
	* src/conf/nwfilter_params.c (_formatParameterAttrs)
	(virNWFilterFormatParamAttributes): Adjust indentation handling,
	and handle filterref here.
	(formatterParam): Delete unused struct.
	* src/conf/domain_conf.c (virDomainNetDefFormat): Adjust caller.
	* src/conf/nwfilter_conf.c (virNWFilterIncludeDefFormat): Likewise.

2011-10-27  Eric Blake  

	storage: avoid null deref on qemu-img failure
	Detected by Coverity.  Only possible if qemu-img gives bogus output,
	but we might as well be robust.

	* src/storage/storage_backend.c
	(virStorageBackendQEMUImgBackingFormat): Check for strstr failure.

2011-10-27  Eric Blake  

	build: avoid RHEL 5 build failure on LXC
	Per the discussion here, LXC on RHEL 5 makes no sense.
	https://www.redhat.com/archives/libvir-list/2011-September/msg01169.html

	* configure.ac (with_lxc): Reject RHEL 5.x LXC as too old.

2011-10-25  Eric Blake  

	build: use gnulib fdatasync
	Commit 1726a73 hacked around MacOS' lack of fdatasync, since
	gnulib did not have it at the time.  But now that we use newer
	gnulib, we can avoid the hack.

	* bootstrap.conf (gnulib_modules): Add fdatasync.
	* configure.ac (AC_CHECK_FUNCS_ONCE): Drop our own check.

2011-10-25  Daniel P. Berrange  

	Add REMOTE_PROC_DOMAIN_EVENT_DISK_CHANGE to remote_protocol-structs
	* src/remote_protocol-structs: Add new event

2011-10-25  Stefan Berger  

	nwfilter: extend schema to support new targets
	Extend the nwfilter schema to support the continue and return targets.

2011-10-25  Michal Privoznik  

	util: Add virFileAccessibleAs to private symbols
	Commit 458b7099b2e791b58f1286002974927d3e8bcc80 introduced this
	function. However it was not added into libvirt_private.syms so
	the compilation may not succeed on some hosts.

	startupPolicy: Emit event on disk source dropping
	If a disk source gets dropped because it is not accessible,
	mgmt application might want to be informed about this. Therefore
	we need to emit an event. The event presented in this patch
	is however a bit superset of what written above. The reason is simple:
	an intention to be easily expanded, e.g. on 'user ejected disk
	in guest' events. Therefore, callback gets source string and disk alias
	(which should be unique among a domain) and reason (an integer);

	qemu: implement startupPolicy
	This patch implements on_missing feature in qemu driver.
	Upon qemu startup process an accessibility of CDROMs
	and floppy disks is checked. The source might get dropped
	if unavailable and on_missing is set accordingly.
	No event is emit thought. Look for follow up patch.

	qemu: Move device alias assigning before command line construction
	This patch is rather cosmetic as it only moves device alias
	assignation from command line construction just before that.
	However, it is needed in connotation of previous and next patch.

	util: Create virFileAccessibleAs function
	This function checks if a given path is accessible under
	given uid and gid.

2011-10-25  Michal Privoznik  

	conf: Introduce optional startupPolicy attribute for cdrom and floppy
	This attribute says what to do with cdrom (or floppy) if
	the source is missing. It accepts:
	- mandatory - fail if missing for any reason (the default)
	- requisite - fail if missing on boot up, drop if missing on
	              migrate/restore/revert
	- optional  - drop if missing at any start attempt.

	However, this patch introduces only XML part of this new
	functionality.

2011-10-25  Eric Blake  

	storage: make previous leak less likely to regress
	Splitting into two functions allows the user to call the right
	function, rather than having to remember that a *Free function is
	an exception to the rule.

	* src/conf/storage_conf.h (virStoragePoolSourceClear): New function.
	* src/libvirt_private.syms (storage_conf.h): Export it.
	* src/conf/storage_conf.c (virStoragePoolSourceFree): Split...
	(virStoragePoolSourceClear): ...into new function.
	(virStoragePoolDefFree, virStoragePoolDefParseSourceString):
	Update callers.
	* src/test/test_driver.c (testStorageFindPoolSources): Likewise.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemNetFindPoolSourcesFunc)
	(virStorageBackendFileSystemNetFindPoolSources): Likewise.
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIFindPoolSources): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalFindPoolSources): Likewise.

2011-10-25  Eric Blake  

	storage: plug iscsi memory leak
	Detected by Coverity.  virStoragePoolSourceFree does not free the
	actual passed-in pointer.  A bigger patch would be to rename it
	virStoragePoolSourceClear to match behavior, or even split it into
	two functions depending on needed behavior; but this is the minimal
	fix to the one location out of eight that leaked memory.

	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIFindPoolSources): Free memory.

2011-10-25  Eric Blake  

	waitpid: improve safety
	Based on a report by Coverity.  waitpid() can leak resources if it
	fails with EINTR, so it should never be used without checking return
	status.  But we already have a helper function that does that, so
	use it in more places.

	* src/lxc/lxc_container.c (lxcContainerAvailable): Use safer
	virWaitPid.
	* daemon/libvirtd.c (daemonForkIntoBackground): Likewise.
	* tests/testutils.c (virtTestCaptureProgramOutput, virtTestMain):
	Likewise.
	* src/libvirt.c (virConnectAuthGainPolkit): Simplify with virCommand.

2011-10-25  Eric Blake  

	qemu: avoid leaking uninit data from hotplug to dumpxml
	Detected by Coverity.  Both text and JSON monitors set only the
	bus and unit fields, which means driveAddr.controller spends
	life as garbage on the stack, and is then memcpy()'d into the
	in-memory representation which the user can see via dumpxml.

	* src/qemu/qemu_hotplug.c (qemuDomainAttachSCSIDisk): Only copy
	defined fields.

2011-10-24  Ryota Ozaki  

	virsh: Fix vol-info's 'Type' output
	We have a new vol type "dir" in addition to "file" and "block", but
	virsh doesn't know it. Fix it.

	Additionally, the patch lets virsh output "unknown" if not matched
	any of them.

2011-10-21  Ryota Ozaki  

	docs: Document filesystem type='block' for LXC
	Commit 77791dc0e allows LXC to use a host block device as a guest
	filesystem, but it isn't documented yet.

2011-10-21  David L Stevens  

	support continue/return targets in nwfilter
		This patch adds support for "continue" and "return" actions
	in filter rules.

2011-10-21  Eric Blake  

	snapshot: simplify indentation of network xml
	More simplifications possible due to auto-indent.  Also,
	 within  was only using 6 instead of 8 spaces.

	* src/util/network.h (virVirtualPortProfileFormat)
	(virBandwidthDefFormat): Alter signature.
	* src/util/network.c (virVirtualPortProfileFormat)
	(virBandwidthDefFormat): Alter indentation.
	(virBandwidthChildDefFormat): Tweak to make use easier.
	* src/conf/network_conf.c (virPortGroupDefFormat)
	(virNetworkDefFormat): Adjust callers.
	* src/conf/domain_conf.c (virDomainNetDefFormat): Likewise.
	(virDomainActualNetDefFormat): Likewise, and fix bandwidth
	indentation.

2011-10-21  Eric Blake  

	snapshot: simplify indentation of cpu features
	Auto-indent makes life a bit easier; this patch also drops unused
	arguments and replaces a misspelled flag name with two entry points
	instead, so that callers don't have to worry about how much spacing
	is present when embedding cpu elements.

	* src/conf/cpu_conf.h (virCPUFormatFlags): Delete.
	(virCPUDefFormat): Drop unused argument.
	(virCPUDefFormatBuf): Alter signature.
	(virCPUDefFormatBufFull): New prototype.
	* src/conf/cpu_conf.c (virCPUDefFormatBuf): Split...
	(virCPUDefFormatBufFull): ...into new function.
	(virCPUDefFormat): Adjust caller.
	* src/conf/domain_conf.c (virDomainDefFormatInternal): Likewise.
	* src/conf/capabilities.c (virCapabilitiesFormatXML): Likewise.
	* src/cpu/cpu.c (cpuBaselineXML): Likewise.
	* tests/cputest.c (cpuTestCompareXML): Likewise.

2011-10-21  Eric Blake  

	snapshot: simplify indentation of sysinfo
	The improvements to virBuffer, along with a paradigm shift to pass
	the original buffer through rather than creating a second buffer,
	allow us to shave off quite a few lines of code.

	* src/util/sysinfo.h (virSysinfoFormat): Alter signature.
	* src/util/sysinfo.c (virSysinfoFormat, virSysinfoBIOSFormat)
	(virSysinfoSystemFormat, virSysinfoProcessorFormat)
	(virSysinfoMemoryFormat): Change indentation parameter.
	* src/conf/domain_conf.c (virDomainSysinfoDefFormat): Adjust
	caller.
	* src/qemu/qemu_driver.c (qemuGetSysinfo): Likewise.

2011-10-21  Eric Blake  

	snapshot: test domainsnapshot indentation
	Add a test for the simple parts of my indentation changes, and
	fix the fallout.

	* tests/domainsnapshotxml2xmltest.c: New test.
	* tests/Makefile.am (domainsnapshotxml2xmltest_SOURCES): Build it.
	* src/conf/domain_conf.c (virDomainSnapshotDefFormat): Avoid NULL
	deref, match documented order.
	* src/conf/domain_conf.h (virDomainSnapshotDefFormat): Add const.
	* tests/domainsnapshotxml2xmlout/all_parameters.xml: Tweak output.
	* tests/domainsnapshotxml2xmlout/disk_snapshot.xml: Likewise.
	* tests/domainsnapshotxml2xmlout/full_domain.xml: Likewise.
	* .gitignore: Exempt new binary.

2011-10-21  Eric Blake  

	snapshot: indent domain xml when nesting
	 is the first public instance of  being
	used as a sub-element, although we have two other private uses
	(runtime state, and migration cookie).  Although indentation has
	no effect on XML parsing, using it makes the output more consistent.

	This uses virBuffer auto-indentation to obtain the effect, for all
	but the portions of  that are not generated a line at a
	time into the same virBuffer.  Further patches will clean up the
	remaining problems.

	* src/conf/domain_conf.h (virDomainDefFormatInternal): New prototype.
	* src/conf/domain_conf.c (virDomainDefFormatInternal): Export.
	(virDomainObjFormat, virDomainSnapshotDefFormat): Update callers.
	* src/libvirt_private.syms (domain_conf.h): Add new export.
	* src/qemu/qemu_migration.c (qemuMigrationCookieXMLFormat): Use
	new function.
	(qemuMigrationCookieXMLFormatStr): Update caller.

2011-10-21  Eric Blake  

	virbuf: add auto-indentation support
	Rather than having to adjust all callers in a chain to deal with
	indentation, it is nicer to have virBuffer do auto-indentation.

	* src/util/buf.h (_virBuffer): Increase size.
	(virBufferAdjustIndent, virBufferGetIndent): New prototypes.
	* src/libvirt_private.syms (buf.h): Export new functions.
	* src/util/buf.c (virBufferAdjustIndent, virBufferGetIndent): New
	functions.
	(virBufferSetError, virBufferAdd, virBufferAddChar)
	(virBufferVasprintf, virBufferStrcat, virBufferURIEncodeString):
	Implement auto-indentation.
	* tests/virbuftest.c (testBufAutoIndent): Test it.
	(testBufInfiniteLoop): Don't rely on internals.
	Idea by Daniel P. Berrange.

2011-10-21  Eric Blake  

	virbuf: more detailed error reporting
	The next patch wants to add some sanity checking, which would
	be a different error than ENOMEM.  Many existing callers blindly
	report OOM failure if virBuf reports an error, and this will be
	wrong in the (unlikely) case that they actually had a usage error
	instead; but since the most common error really is ENOMEM, I'm
	not going to fix all callers.  Meanwhile, new discriminating
	callers can react differently depending on what failure happened.

	* src/util/buf.c (virBufferSetError): Add parameter.
	(virBufferGrow, virBufferVasprintf, virBufferEscapeString)
	(virBufferEscapeSexpr, virBufferEscapeShell): Adjust callers.

2011-10-21  Eric Blake  

	virbuf: improve testsuite reporting
	I had some temporary test failures while working on virbuf
	improvements in later patches, with output that looked like:

	Expected [<]
	Actual [  <]

	which is pretty hard to figure out.  Adding an Offset designation
	made it much easier to find which particular '<' was at the
	wrong indentation, to fix the right part of the code.

	* tests/testutils.c (virtTestDifference): Make it easier to
	diagnose test failures.

2011-10-21  Eric Blake  

	virbuf: fix const-correctness
	Although the compiler wasn't complaining (since it was the pointer,
	rather than what was being pointed to, that was actually const), it
	looks quite suspicious to call a function with an argument labeled
	const when the nature of the pointer (virBufferPtr) is hidden behind
	a typedef.  Dropping const makes the function declarations easier
	to read.

	* src/util/buf.h: Drop const from all functions that modify buffer
	argument.
	* src/util/buf.c (virBufferSetError, virBufferAdd)
	(virBufferContentAndReset, virBufferFreeAndReset)
	(virBufferAsprintf, virBufferVasprintf, virBufferEscapeString)
	(virBufferEscapeSexpr, virBufferEscape): Fix fallout.

2011-10-21  Laine Stump  

	docs: fix incorrect info about routed networks
	In a recent expansion of the documentation on network forward modes, I
	incorrectly stated that incoming sessions to guests on routed networks
	were blocked. This is true for guests on NATed networks, but not
	routed. This patch corrects that error, and adds a pointer to the
	nwfilter page for those who do want to restrict incoming sessions to
	hosts on routed networks.

2011-10-21  tangchen  

	qemu: allow json in domxml-to-native
	There is a little difference between the output of domxml-to-native and the actual commandline.
	No matter qemu is in control or readline mode, domxml-to-native always converts it to readline mode.

	That is because the parameter "monitor_json" for qemuBuildCommandLine() is always set to false
	in qemuDomainXMLToNative().

2011-10-21  Eric Blake  

	docs: document managed=yes of hostdev passthrough
	Clarify some of the effects of managed passthrough  devices;
	with recent changes (commit d093547), a nodedev-reattach is only needed
	to pair up to an explicit nodedev-dettach (but beware that older
	virt-manager has a bug where it uses explicit nodedev-dettach under the
	hood when using the gui to hotplug a hostdev device).

	* docs/formatdomain.html.in: Mention reattach.
	* tools/virsh.pod (nodedev): Mention managed mode.

2011-10-20  Daniel P. Berrange  

	Fix virFileOpenTty definition on Win32
	Stub out a complete impl of virFileOpenTty to avoid unused
	parameter warnings

	* src/util/util.c: Fix virFileOpenTty on Win32

2011-10-20  Hu Tao  

	support setting bandwidth from virsh attach-interface
	Adds two options, inbound and outbound, to attach-interface to set
	bandwidth when attaching interfaces

2011-10-20  Serge E. Hallyn  

	lxc: use hand-rolled code in place of unlockpt and grantpt
	The glibc ones (intentionally) cannot handle ptys opened in a
	devpts not mounted at /dev/pts.

	Drop the (un-exported, unused) virFileOpenTtyAt.

2011-10-20  Eric Blake  

	build: ignore test executable
	* .gitignore: Add exemption.

2011-10-19  Philipp Hahn  

	qemu: Test name-space handling
	Add test cases for parsing the qemu-name-space.
	This is based on qemuxml2argv{test,data/}, but can not reside in
	qemuxml2argv{test,data/} because ...

	1. qemuxmlns-qemu-ns-domain.xml is not schema-valid and breaks
	domainschematest. The test is still important to detect xmlns:qemu
	bindings to a name-space other than
	http://libvirt.org/schemas/domain/qemu/1.0

	2. they break qemuxml2xml, because the xmlns:qemu binding is moved to
	the top-level  element when converting from argv to xml.

2011-10-19  Philipp Hahn  

	qemu: Fix name-space handling
	The XML parser for the qemu specific extensions expects the qemu name-space
	to be bound to the 'qemu' prefix. This is too strict, since the name of the
	name-space-prefix is only meant as an internal lookup key. Only the associated
	URI is relevant.
	...
	  
	  ...
	

	...
	  
	  ...
	

	
	  
	  ...
	

	Remove the test for checking the name-space binding on the top-level 
	element. Registering the name-space with XPath is enough.

2011-10-19  Xu He Jie  

	compile: fix undefined reference to gnutls_x509_crt_get_dn with gcc-4.6.1
	When I compile libvirt with gcc-4.6.1 in ubuntu 11.10, got error as below:

	  CCLD   libvirtd
	/usr/bin/ld: ../src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_migration.o): undefined reference to symbol 'gnutls_x509_crt_get_dn@@GNUTLS_1_4'
	/usr/bin/ld: note: 'gnutls_x509_crt_get_dn@@GNUTLS_1_4' is defined in DSO /usr/lib/x86_64-linux-gnu/libgnutls.so so try adding it to the linker command line
	/usr/lib/x86_64-linux-gnu/libgnutls.so: could not read symbols: Invalid operation
	collect2: ld returned 1 exit status
	make[3]: *** [libvirtd] Error 1

	It can compile with gcc-4.5.2 in ubuntu 11.04, but it can not compile with gcc-4.6.1 in ubuntu 11.10.

	I didn't find reason. Does Anyone know the reason or the different between gcc-4.5.2 and gcc-4.6.1?

	I still provide a patch for this. Just make it is working now.

2011-10-19  Daniel P. Berrange  

	Replace virBufferAdd with virBufferAddLit for const string
	The statement

	        virBufferAdd(buf, "''", 2);

	triggers a syntax-check warning

	* src/util/buf.c: Replace virBufferAdd with virBufferAddLit

2011-10-19  Philipp Hahn  

	documentation: trivial spelling fix

2011-10-19  Daniel P. Berrange  

	Allow for URI aliases when connecting to libvirt
	This adds support for a libvirt client configuration file
	either /etc/libvirt/libvirt.conf for privileged clients,
	or $HOME/.libvirt/libvirt.conf for unprivileged clients.

	It allows one parameter

	 uri_aliases = [
	   "hail=qemu+ssh://root@hail.cloud.example.com/system",
	   "sleet=qemu+ssh://root@sleet.cloud.example.com/system",
	 ]

	Any call to virConnectOpen with a non-NULL URI will first
	attempt to match against the uri_aliases list. An application
	can disable this by using VIR_CONNECT_NO_ALIASES

	* docs/uri.html.in: Document URI aliases
	* include/libvirt/libvirt.h.in: Add VIR_CONNECT_NO_ALIASES
	* libvirt.spec.in, mingw32-libvirt.spec.in: Add /etc/libvirt/libvirt.conf
	* src/Makefile.am: Install default config file
	* src/libvirt.c: Add support for URI aliases
	* src/remote/remote_driver.c: Don't try to handle URIs
	  with no scheme and which clearly are not paths
	* src/util/conf.c: Don't raise error on virConfFree(NULL)
	* src/xen/xen_driver.c: Don't raise error on URIs
	  with no scheme

2011-10-19  Daniel P. Berrange  

	Add support for autodestroy of guests to the LXC and UML drivers
	We recently added support for VIR_DOMAIN_START_AUTODESTROY and
	an impl to the QEMU driver. It is very desirable to support in
	other drivers, so this adds it to LXC and UML

	* src/lxc/lxc_conf.h, src/lxc/lxc_driver.c,
	  src/uml/uml_conf.h, src/uml/uml_driver.c: Wire up autodestroy
	  functions

2011-10-19  Guido Günther  

	Use virBufferEscapeShell in cmdEcho

	qemu: replace qemuMonitorEscapeShell by virBufferEscapeShell

	virBufferEscapeShell: Emit quotes for the empty string
	Make the empty string return '' to match cmdEcho's behavior.

2011-10-19  Eric Blake  

	snapshot: detect when qemu lacks disk-snapshot support
	Noticed when testing new libvirt against old qemu that lacked the
	snapshot_blkdev HMP command.  Libvirt was mistakenly treating the
	command as successful, and re-writing the domain XML to use the
	just-created 0-byte file, rendering the domain broken on restart.

	* src/qemu/qemu_monitor_text.c (qemuMonitorTextDiskSnapshot):
	Notice another possible error message.
	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive): Don't keep 0-byte file
	on failure.

2011-10-18  Guido Günther  

	virBufferEscapeShell: Fix escaping of single quotes.
	When checking if we need to escape a single quote we were looking at the
	character after the quote instead of at the quote itself.

2011-10-18  Xu He Jie  

	compile: Add a missing function 'pciDeviceListFind' to libvirt_private.syms
	compile error:
	./src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_hostdev.o): In function `qemuPrepareHostdevPCIDevices':
	/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:183: undefined reference to `pciDeviceListFind'
	/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:230: undefined reference to `pciDeviceListFind'
	./src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_hostdev.o): In function `qemuGetActivePciHostDeviceList':
	/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:102: undefined reference to `pciDeviceListFind'
	./src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_hostdev.o): In function `qemuDomainReAttachHostdevDevices':
	/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:370: undefined reference to `pciDeviceListFind'

2011-10-18  Osier Yang  

	qemu: Do not wait if the PCI device is not managed when reattaching
	Waiting for qemu-kvm cleaning up the PCI bar(s) mapping with long time
	while the device is not managed is just waste of time.

2011-10-18  Jim Fehlig  

	Add AHCI support to qemu driver
	Tested with multiple AHCI controllers and multiple disks attached
	to a controller. E.g.,

	    
	      
	      
	      
	      
    
	    
	    
	      
	      
	      
	      
    
	    
	    
	      
	      
	      
	      
    
	    
	    
	      
    
	    
	    
	      
    
	    

2011-10-18  Eric Blake  

	snapshot: implement LIST_LEAVES flag in esx
	Relatively straight-forward filtering.

	* src/esx/esx_vi.h (esxVI_GetNumberOfSnapshotTrees)
	(esxVI_GetSnapshotTreeNames): Add parameter.
	* src/esx/esx_vi.c (esxVI_GetNumberOfSnapshotTrees)
	(esxVI_GetSnapshotTreeNames): Allow leaf filtering.
	* src/esx/esx_driver.c (esxDomainSnapshotNum)
	(esxDomainSnapshotListNames, esxDomainSnapshotNumChildren)
	(esxDomainSnapshotListChildrenNames): Pass new flag through.

2011-10-18  Philipp Hahn  

	Fix virt-sanlock-cleanup documentation
	The referenced page does not exist, but locking.html has a section about
	sanlock.

2011-10-17  Jiri Denemark  

	Fix VPATH build
	probes.h is generated in build directory; setting a dependency on
	probes.h from source directory doesn't work well in VPATH builds. Caused
	by commit 1afcfbdda0cac112faa61f74ec943e46aa43f2f5

	qemu: Relax -no-shutdown check to [0.14.0, 0.15.0]
	The patch that fixes SIGTERM handling with -no-shutdown was taken into
	0.15.1 stable release of qemu.

2011-10-17  Philipp Hahn  

	Fix two comments related to error handling

2011-10-15  Wen Congyang  

	build: fix 'make dist' error
	When I run 'make dist', I receive the following error messages:
	make[1]: Entering directory `/home/wency/source/libvirt/src'
	  GEN    remote/remote_protocol.h
	  GEN    remote/remote_protocol.c
	  GEN    remote/qemu_protocol.h
	  GEN    remote/qemu_protocol.c
	  GEN    remote/qemu_client_bodies.h
	  CC     libvirt_driver_remote_la-remote_protocol.lo
	In file included from ./remote/remote_protocol.h:16,
	                 from ./remote/remote_protocol.c:7:
	/internal.h:249:23: error: probes.h: No such file or directory
	make[1]: *** [libvirt_driver_remote_la-remote_protocol.lo] Error 1
	make[1]: Leaving directory `/home/wency/source/libvirt/src'
	make: *** [distdir] Error 1

	The reason is that we use probes.h before generating it.

2011-10-15  Roopa Prabhu  

	Add missing strdup return value check
	Check strdup return value and fail if error

2011-10-15  Osier Yang  

	qemu: Honor the orginal PCI dev properties when reattaching
	BZ# https://bugzilla.redhat.com/show_bug.cgi?id=736214

	The problem is caused by the original info of domain's PCI dev is
	maintained by qemu_driver->activePciHostdevs list, (E.g. dev->reprobe,
	which stands for whether need to reprobe driver for the dev when do
	reattachment). The fields (dev->reprobe, dev->unbind_from_stub, and
	dev->remove_slot) are initialized properly when preparing the PCI
	device for managed attachment. However, when do reattachment, it
	construct a complete new "pciDevice" without honoring the original
	dev info, and thus the dev won't get the original driver or can get
	other problem.

	This patch is to fix the problem by get the devs from list
	driver->activePciHostdevs.

	Tested with following 3 scenarios:
	  * the PCI was bound to some driver not pci-stub before attaching

	    result: the device will be bound to the original driver

	  * the PCI was bound to pci-stub before attaching

	    result: no driver reprobing, and still bound to pci-stub

	  * The PCI was not bound to any driver

	    result: no driver reprobing, and still not bound to any driver.

2011-10-15  Roopa Prabhu  

	macvtap: avoid invalid free
	Commit 0472f39 plugged a leak, but introduced another bug:

	Actually looks like physfndev is conditionally allocated in getPhysfnDev
	Its better to modify getPhysfnDev to allocate physfndev every time.

2011-10-15  Laine Stump  

	docs: fix network XML documentation
	A few people have attempted to use the new forwarding modes with older
	versions of libvirt. The docs where the modes are described have
	always stated the minimum required libvirt version, but the examples
	at the end didn't, which I believe is what has caused the confusion.

	Similarly, the section on portgroups now has a version tag added at
	the beginning.

	I also noticed that there was no example of defining a  hostname,
	so I added one, as well as making the domain name example more
	recognizable (by adding ".com" to the domain).

2011-10-15  Jiri Denemark  

	Clarify semantics of virDomainMigrate2
	Explicitly disallow conflicts between domain name from dxml and dname.

2011-10-15  Osier Yang  

	qemu: Do not reattach PCI device used by other domain when shutdown
	When failing on starting a domain, it tries to reattach all the PCI
	devices defined in the domain conf, regardless of whether the devices
	are still used by other domain. This will cause the devices to be deleted
	from the list qemu_driver->activePciHostdevs, thus the devices will be
	thought as usable even if it's not true. And following commands
	nodedev-{reattach,reset} will be successful.

	How to reproduce:
	  1) Define two domains with same PCI device defined in the confs.
	  2) # virsh start domain1
	  3) # virsh start domain2
	  4) # virsh nodedev-reattach $pci_device

	You will see the device will be reattached to host successfully.
	As pciDeviceReattach just check if the device is still used by
	other domain via checking if the device is in list driver->activePciHostdevs,
	however, the device is deleted from the list by step 2).

	This patch is to prohibit the bug by:
	  1) Prohibit a domain starting or device attachment right at
	     preparation period (qemuPrepareHostdevPCIDevices) if the
	     device is in list driver->activePciHostdevs, which means
	     it's used by other domain.

	  2) Introduces a new field for struct _pciDevice, (const char *used_by),
	     it will be set as the domain name at preparation period,
	     (qemuPrepareHostdevPCIDevices). Thus we can prohibit deleting
	     the device from driver->activePciHostdevs if it's still used by
	     other domain when stopping the domain process.

	* src/pci.h (define two internal functions, pciDeviceSetUsedBy and
	    pciDevceGetUsedBy)
	* src/pci.c (new field "const char *used_by" for struct _pciDevice,
	    implementations for the two new functions)
	* src/libvirt_private.syms (Add the two new internal functions)
	* src/qemu_hostdev.h (Modify the definition of functions
	    qemuPrepareHostdevPCIDevices, and qemuDomainReAttachHostdevDevices)
	* src/qemu_hostdev.c (Prohibit preparation and don't delete the
	    device from activePciHostdevs list if it's still used by other domain)
	* src/qemu_hotplug.c (Update function usage, as the definitions are
	    changed)

2011-10-14  Philipp Hahn  

	Xen: Fake versions in xencapstest
	virInitialize() → xenRegister() → xenhypervisorInit() determines the
	version of the Hypervisor. This breaks xencapstest when building as root
	on a dom0 system, since xenHypervisorBuildCapabilities() adds the "hap"
	and "viridian" features based on the detected version.

	Add an optional parameter to xenhypervisorInit() to disable automatic
	detection of the Hypervisor version. The passed in arguments are used
	instead.

2011-10-14  Philipp Hahn  

	Xen: move versions to struct
	Calling virInitialize() → xenRegister() → xenhypervisorInit() directly
	opens a connection to the Xen Hypervisor, which breaks some unit tests.

	Move all static variables into a struct to make it easier to override
	them when testing.

2011-10-14  Eric Blake  

	esx: drop dead code to silence Coverity
	Coverity detected that the only way to get to the cleanup label
	is if objectSpec had been successfully allocated, so the null
	check was dead code.

	* src/esx/esx_vi.c (esxVI_LookupObjectContentByType): Drop
	redundant null check.

2011-10-14  Jiri Denemark  

	util: Fix typo in virGetHostname description

2011-10-14  Daniel P. Berrange  

	Fix syntax problem in mingw32-libvirt.spec.in
	When defining macros, you can't put comments on the end of the
	line because they will get included in the macro definition

	* mingw32-libvirt.spec.in: Fix comment about hyperv

2011-10-14  Eric Blake  

	macvtap: plug memory leak for 802.1Qbh
	Detected by Coverity.  Leak present since commit ca3b22b.

	* src/util/macvtap.c (doPortProfileOp8021Qbh): Release device name.

2011-10-14  Eric Blake  

	qemu: plug memory leak on migration
	Detected by Coverity.  Leak introduced in commit 72de0d2.

	* src/qemu/qemu_migration.c (qemuMigrationCookieGraphicsXMLParse):
	Clean up on success.

2011-10-14  Eric Blake  

	conf: plug memory leak on error
	Detected by Coverity.  Leak present since commit 874e65a; and
	while commit d50bb45 tried to fix the issue, it missed a path.

	* src/conf/domain_conf.c (virDomainDefParseBootXML): Always clean
	up useserial.

2011-10-14  Guido Günther  

	Use virBufferEscapeShell in virNetSocketNewConnectSSH
	to escape the netcat command since it's passed to the shell. Adjust
	expected test case output accordingly.

	Add virBufferEscapeShell
	Escape strings so they're safe to pass to the shell. It's based on
	virsh's cmdEcho.

2011-10-14  Guido Günther  

	Autodetect if the remote nc command supports the -q option
	Based on a patch by Marc Deslauriers 

	RH: https://bugzilla.redhat.com/show_bug.cgi?id=562176
	Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/517478
	Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573172

2011-10-14  Eric Blake  

	storage: plug memory leak on error
	Detected by Coverity.  Present since commit 82c1740.

	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalMakeVol): Fix leak.

2011-10-14  Jiri Denemark  

	util: Make getaddrinfo failure nonfatal in virGetHostname
	Setting a hostname that cannot be resolved is not the best configuration
	but since virGetHostname only calls getaddrinfo to get host's canonical
	name and we do not fail if the returned canonical name is NULL or
	"localhost", there is no reason why we should fail if getaddrinfo itself
	fails.

	qemu: Make sure BeginJob is always followed by EndJob
	Otherwise we can end up with a dangling job that can only be cleared by
	restarting libvirtd.

	qemu: Log debug messages when changing job
	Log debug messages anytime we call *BeginJob* or *EndJob* so that it's
	easier to spot incorrect usage of domain job APIs.

2011-10-14  Eric Blake  

	qemu: fix text block info parsing
	Detected by Coverity.  p (the pointer to the string) is always true;
	when in reality, we wanted to know whether the integer value of the
	just-parsed string is '0' or '1'.  Logic bug since commit b1b5b51.

	* src/qemu/qemu_monitor_text.c (qemuMonitorTextGetBlockInfo): Set
	results to proper value.

2011-10-14  Eric Blake  

	qemu: avoid text monitor null deref
	Detected by Coverity.  If, for some reason, our text monitor input
	does not match our assumptions, we end up incrementing p while it
	is NULL, then dereferencing the pointer 0x1, which will fault.

	* src/qemu/qemu_monitor_text.c
	(qemuMonitorTextGetBlockStatsParamsNumber): Rewrite to avoid
	deref of strchr failure.  Fix indentation.

2011-10-14  Eric Blake  

	qemu: check for json allocation failure
	Detected by Coverity.  Introduced in commit b1b5b51.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockInfo):
	Avoid null dereference.

2011-10-14  Eric Blake  

	build: add compiler attributes to virUUIDParse
	Coverity complained that most, but not all, clients of virUUIDParse
	were checking for errors.  Silence those coverity warnings by
	explicitly marking the cases where we trust the input, and fixing
	one instance that really should have been checking.  In particular,
	this silences a rather large percentage of the warnings I saw on my
	most recent Coverity analysis run.

	* src/util/uuid.h (virUUIDParse): Enforce rules.
	* src/util/uuid.c (virUUIDParse): Drop impossible check; at least
	Coverity will detect if we break rules and pass NULL.
	* src/xenapi/xenapi_driver.c (xenapiDomainCreateXML)
	(xenapiDomainLookupByID, xenapiDomainLookupByName)
	(xenapiDomainDefineXML): Ignore return when we trust data source.
	* src/vbox/vbox_tmpl.c (nsIDtoChar, vboxIIDToUUID_v3_x)
	(vboxCallbackOnMachineStateChange)
	(vboxCallbackOnMachineRegistered, vboxStoragePoolLookupByName):
	Likewise.
	* src/node_device/node_device_hal.c (gather_system_cap): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxpr): Check for errors.

2011-10-14  Marc-André Lureau  

	virFDStream: close also given errfd (fd leak)
	In virFDStreamOpenFileInternal(), a errfd pipe is opened by
	virCommandRunAsync() and given to virFDStreamOpenInternal().

	It seems virFDStream should close errfd, just like the other
	fd it is given.

	This fixes screenshots leaking FDs:
	http://bugzilla.redhat.com/show_bug.cgi?id=745761

2011-10-14  Eric Blake  

	command: avoid fd leak on failure
	virCommandTransferFD promises that the fd is no longer owned by
	the caller.  Normally, we want the fd to remain open until the
	child runs, but in error situations, we must close it earlier.

	* src/util/command.c (virCommandTransferFD): Close fd now if we
	can't track it to close later.
	(virCommandKeepFD): Adjust helper to make this easier.

2011-10-13  Serge E. Hallyn  

	Fix typo in lxc_controller
	s/Mouting/Mounting.

2011-10-13  Eric Blake  

	spec: mingw cleanups
	* libvirt.spec.in (%configure): Drop unused %{one} macro.
	* mingw32-libvirt.spec.in (%{rhel}): Compile ESX but not HyperV on
	mingw build for RHEL.
	(%build): Make configure honor spec conditionals.  Reorder to
	match libvirt.spec.
	* autobuild.sh (mingw): Update list to match.
	Suggested by Daniel P. Berrange.

2011-10-13  Eric Blake  

	build: update to latest gnulib
	358 changes; most probably have no impact on libvirt, but we
	might as well stay current.

	* .gnulib: Update to latest.

2011-10-13  Michal Privoznik  

	qemu: Check for domain being active on successful job acquire
	As this is needed. Although some functions check for domain
	being active before obtaining job, we need to check it after,
	because obtaining job unlocks domain object, during which
	a state of domain can be changed.

2011-10-13  Michal Privoznik  

	events: Propose a separate lock for event queue
	Currently, push & pop from event queue (both server & client side)
	rely on lock from higher levels, e.g. on driver lock (qemu),
	private_data (remote), ...; This alone is not sufficient as not
	every function that interacts with this queue can/does lock,
	esp. in client where we have a different approach, "passing
	the buck".

	Therefore we need a separate lock just to protect event queue.

	For more info see:
	https://bugzilla.redhat.com/show_bug.cgi?id=743817

2011-10-13  Michal Privoznik  

	qemu: Implement VIR_DUMP_RESET
	This patch extends qemudDomainCoreDump so it supports new VIR_DUMP_RESET
	flag. If this flag is set, domain is reset on successful dump. However,
	this is needed to be done after we start CPUs.

	virDomainCoreDump: Introduce VIR_DUMP_RESET flag
	This flag is intended to allow user to do so called system reset
	after dump, instead of sending ACPI reboot event.

2011-10-13  Philipp Hahn  

	example: Support debug output and loop switch
	Add support for enabling debug output via command line option.
	Allow to toggle the loop implementation between pure-Python and
	native-C.

	example: Redirect --help output to stdout/stderr
	When --help is requested, print usage() to stdout.
	When an illegal option is passed, print usage to stderr.

	example: Fix argument handling
	sys.argv contains the original command line arguments, while args only
	contains the arguments not handled by getopt(). Currently this is no
	problem since --help is the only command line option passable, which
	terminates the process, so the code is never reached. Any option added
	in the future will reveal the bug.

2011-10-13  Eric Blake  

	snapshot: implement LIST_LEAVES flag in qemu
	With the recent refactoring of qemu snapshot relationships, it
	is now trivial to filter on leaves.

	* src/conf/domain_conf.c (virDomainSnapshotObjListCount)
	(virDomainSnapshotObjListCopyNames): Handle new flag.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotListNames)
	(qemuDomainSnapshotNum, qemuDomainSnapshotListChildrenNames)
	(qemuDomainSnapshotNumChildren): Pass new flag through.

2011-10-13  Eric Blake  

	snapshot: add API for filtering by leaves
	Counterpart to --roots.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_LIST_LEAVES):
	New flag.
	* src/libvirt.c (virDomainSnapshotNum, virDomainSnapshotListNames)
	(virDomainSnapshotNumChildren)
	(virDomainSnapshotListChildrenNames): Document it.
	* tools/virsh.c (cmdSnapshotList): Expose it.
	* tools/virsh.pod (snapshot-list): Document --leaves.

2011-10-13  Philipp Hahn  

	xen: Return tap2 for tap2 disks
	For some versions of Xen the difference between "tap" and "tap2" is
	important. When converting back from xen-sxpr to libvirt-xml, that
	information is lost, which breaks re-defining the domain using that
	data.

	Explicitly return "tap2" for disks defined as "device/tap2".

2011-10-13  Philipp Hahn  

	xen: fix PyGrub boot device order
	When PyGrub is used as the bootloader in Xen, it gets passed the first
	bootable disk. Xend supports a "bootable"-flag for this, which isn't
	explicitly supported by libvirt.
	When converting libvirt-xml to xen-sxpr the "bootable"-flag gets
	implicitly set by xen.xend.XenConfig.device_add() for the first disk
	(marked as "Compat hack -- mark first disk bootable").
	When converting back xen-sxpr to libvirt-xml, the disks are returned in
	the internal order used by Xend ignoring the "bootable"-flag, which
	loses the original order. When the domain is then re-defined, the order
	of disks is changed, which breaks PyGrub, since a different disk gets
	passed.

	When converting xen-sxpr to libvirt-xml, use the "bootable"-flag to
	determine the first disk.

	This isn't perfect, since several disks can be marked as bootable using
	the Xend-API, but that is not supported by libvirt. In all known cases
	relevant to libvirt exactly one disk is marked as bootable.

2011-10-13  Philipp Hahn  

	tests: Add support for skipping tests
	AM_TESTS has support for skipping tests, while the C-implementation
	virtTestRun() does not support that feature.

	Print "_" or "SKIP" in verbose mode for tests returning EXIT_AM_SKIP=77.

2011-10-13  Harsh Prateek Bora  

	Introduce  under  to support open-by-handle
	VirtFS allows the user to choose between path/handle based fs driver.
	As of now, libvirt hardcoded path based driver only. This patch provides
	a solution to allow user to choose between path/handle based fs driver.

	Sample:

	    
	      
	      
	      
	    

	    
	      
	      
	      
	    

2011-10-13  Sage Weil  

	buf: implement generic virBufferEscape
	Implement a generic helper to escape a given set of characters with a
	leading '\'.  Generalizes virBufferEscapeSexpr().

2011-10-12  Osier Yang  

	daemon: Always advertise libvirtd service
	This is a regression introduced by new RPC codes, previously
	we advertise the service via ssh even if the daemon doesn't
	listen on TLS port (TCP is not choosed). Now the service is
	only advertised when it listens on TLS or TCP port. This breaks
	upper layer apps which intends to discover the service, such
	as virt-manager.

2011-10-12  Eric Blake  

	snapshot: drop dead parameters
	The previous optimizations lead to some follow-on cleanups.

	* src/conf/domain_conf.c (virDomainSnapshotForEachChild)
	(virDomainSnapshotForEachDescendant): Drop dead parameter.
	(virDomainSnapshotActOnDescendant)
	(virDomainSnapshotObjListNumFrom)
	(virDomainSnapshotObjListGetNamesFrom): Update callers.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotNumChildren)
	(qemuDomainSnapshotListChildrenNames, qemuDomainSnapshotDelete):
	Likewise.
	* src/conf/domain_conf.h: Update prototypes.

2011-10-12  Eric Blake  

	snapshot: take advantage of new relations
	Among other improvements, virDomainSnapshotForEachDescendant is
	changed from iterative O(n^2) to recursive O(n).  A bit better
	than the O(n^3) implementation in virsh snapshot-list!

	* src/conf/domain_conf.c (virDomainSnapshotObjListNum)
	(virDomainSnapshotObjListNumFrom)
	(virDomainSnapshotObjeListGetNames, virDomainSnapshotForEachChild)
	(virDomainSnapshotForEachDescendant): Optimize.
	(virDomainSnapshotActOnDescendant): Tweak.
	(virDomainSnapshotActOnChild, virDomainSnapshotMarkDescendant):
	Delete, now that they are unused.

2011-10-12  Eric Blake  

	snapshot: track qemu snapshot relations
	Maintain the parent/child relationships of all qemu snapshots.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Populate
	relationships after loading.
	(qemuDomainSnapshotCreateXML): Set relations on creation; tweak
	redefinition to reuse existing object.
	(qemuDomainSnapshotReparentChildren, qemuDomainSnapshotDelete):
	Clear relations on delete.

2011-10-12  Eric Blake  

	snapshot: framework for more efficient relation traversal
	No one was using virDomainSnapshotHasChildren, but that was an
	O(n) function.  Exposing and tracking a bit more metadata for each
	snapshot will allow the same query to be made with an O(1) query
	of the member field.  For single snapshot operations (create,
	delete), callers can be trusted to maintain the metadata themselves,
	but for reloading, we can't compute parents as we go since there
	is no guarantee that parents were parsed before children, so we also
	provide a function to refresh the relationships, and which can
	be used to detect if the user has ignored our warnings and been
	directly modifying files in /var/lib/libvirt/qemu/snapshot.  This
	patch only adds metadata; later patches will actually use it.

	This layout intentionally hardcodes the size of each snapshot struct,
	by tracking sibling pointers, rather than having to deal with the
	headache of yet more memory management by directly sticking a
	dynamically sized child[] on each parent.

	* src/conf/domain_conf.h (_virDomainSnapshotObj)
	(_virDomainSnapshotObjList): Add members.
	(virDomainSnapshotUpdateRelations, virDomainSnapshotDropParent):
	New prototypes.
	(virDomainSnapshotHasChildren): Delete.
	* src/conf/domain_conf.c (virDomainSnapshotSetRelations)
	(virDomainSnapshotUpdateRelations, virDomainSnapshotDropParent):
	New functions.
	(virDomainSnapshotHasChildren): Drop unused function.
	* src/libvirt_private.syms (domain_conf): Update exports.

2011-10-12  Eric Blake  

	snapshot: use correct qmp monitor command
	To date, JSON disk snapshots worked by accident, as they were always
	using hmp fallback due to a typo in commit e702b5b not picking up
	on the (intentional) difference in command names between the two
	monitor protocols.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskSnapshot):
	Spell QMP command correctly.
	Reported by Luiz Capitulino.

2011-10-12  Eric Blake  

	snapshot: virsh shorthand for operating on current snap
	Rather than having to do:

	$ virsh snapshot-revert dom $(virsh snapshot-current dom --name)

	I thought it would be nice to do:

	$ virsh snapshot-revert dom --current

	I didn't add 'virsh snapshot-dumpxml --current' since we already have
	'virsh snapshot-current' for the same task.  snapshot-list accepted
	a name but did not require it, and that remains the case, with
	--current serving in place of that name.  For all other commands,
	name used to be required, and can now be replaced by --current;
	I intentionally made it so that omitting both --current and a name
	is an error (having the absence of a name imply --current seems
	just a bit too magic, so --current must be explicit).  I also had
	to keep snapshot-edit backwards-compatible, as the only command
	that already had a --current argument alongside a name, which still
	works to both edit a named snapshot and make it current.

	* tools/virsh.c (vshLookupSnapshot): New helper function.
	(cmdSnapshotEdit, cmdSnapshotList, cmdSnapshotParent)
	(cmdSnapshotDelete, cmdDomainSnapshotRevert): Use it, adding an
	option where needed.
	* tools/virsh.pod (snapshot-delete, snapshot-edit)
	(snapshot-list, snapshot-parent, snapshot-revert): Document
	use of --current.
	(snapshot-dumpxml): Mention alternative.

2011-10-12  Eric Blake  

	build: fix mingw build without sasl
	Detected by autogen.sh on a cross-mingw build:

	Creating library file: .libs/libvirt.dll.a
	Cannot export virNetSASLContextCheckIdentity: symbol not defined
	Cannot export virNetSASLContextNewServer: symbol not defined
	...

	* src/libvirt_private.syms (virnetsaslcontext.h): Move symbols...
	* src/libvirt_sasl.syms: ...to new file.
	* src/Makefile.am (USED_SYM_FILES) [HAVE_SASL]: Use new file.
	(EXTRA_DIST): Ship it.

2011-10-12  Eric Blake  

	build: fix 'make rpm'
	Since commit ddf3bd3, 'make rpm' failed with:

	RPM build errors:
	    File not found: /home/remote/eblake/rpmbuild/BUILDROOT/libvirt-0.9.6-1.fc14.eblake1318366440.x86_64/usr/share/systemtap/tapset/libvirtd.stp

	* libvirt.spec.in (with_dtrace): Match installed .stp files.

2011-10-12  Eric Blake  

	build: fix 'make distcheck'
	I got these distcheck failures with sanlock enabled:

	ERROR: files left in build directory after distclean:
	./tools/virt-sanlock-cleanup
	./src/locking/qemu-sanlock.conf

	* src/Makefile.am (DISTCLEANFILES) [HAVE_SANLOCK]: Clean built
	file.
	* tools/Makefile.am (DISTCLEANFILES): Likewise.

2011-10-12  Eric Blake  

	build: ship helper scripts
	Otherwise, 'make rpm' fails with:

	  GEN    libvirt_qemu.def
	make[2]: *** No rule to make target `dtrace2systemtap.pl', needed by `libvirt_probes.stp'.  Stop.

	* src/Makefile.am (EXTRA_DIST): Add recent script additions.

2011-10-12  Dan Horák  

	disable xenlight for non-Xen platforms
	when building libvirt in Fedora/s390x I've found that xenlight needs to
	be explicitly disabled in the spec file. Configure properly sets the
	library as non-existent, but the %files section still wants to package
	the 3 /var/*/libvirt/libxl directories. See also
	https://bugzilla.redhat.com/show_bug.cgi?id=745020

2011-10-12  Eric Blake  

	build: fix 'make check' linkage with dtrace
	Building on Linux with dtrace enabled was failing 'make check':

	  CCLD   nodeinfotest
	../src/.libs/libvirt_test.a(libvirt_net_rpc_client_la-virnetclient.o): In function `virNetClientNew':
	/home/remote/eblake/libvirt/src/rpc/virnetclient.c:162: undefined reference to `libvirt_rpc_client_new_semaphore'

	On looking further, I see some earlier warnings emitted from libtool:

	*** Warning: Linking the shared library libvirt.la against the non-libtool
	*** objects  probes.o is not portable!

	Since src/probes.o is only built on Linux, and even then, only when
	dtrace is enabled, this failure does not affect other platforms, and
	despite libtool warning that it is not generally portable, it is not
	a problem for our use-case in libvirt.la.  But it turns out that while
	libtool is willing to jam raw .o files into an installed shared
	library (libvirt.la becomes libvirt.so), it is NOT willing to jam
	the same .o file into the convenience library libvirt_test.la.
	Perhaps this is a bug in libtool, but even if we get libtool fixed,
	libvirt must continue to build on platforms with older libtool.  So,
	the fix is the same as we are already using for the libvirt_lxc
	executable - don't rely on the .o file being in the convenience
	library, but instead use LDADD to pull it in directly.

	* tests/Makefile.am (PROBES_O): New macro.
	(LDADDS): Use it to fix link errors.

2011-10-12  Jiri Denemark  

	build: Fix VPATH build with new probes

2011-10-11  Daniel P. Berrange  

	Fix deps for probes.o to ensure correct build ordering

2011-10-11  Daniel P. Berrange  

	Update examples for probing with systemtap
	This removes the old example for legacy probes and adds two
	new scripts demonstrating many of the new probe point facilities.

	The rpc-monitor.stp script will print out friendly details of all
	RPC traffic between a libvirt client/server. This is incredibly
	useful in seeing what RPC calls are being made, and also debugging
	problems in the RPC protocol code

	The events.stp script will print out lots of info about the poll
	event loop, which is useful for debugging event handling problems

	* examples/systemtap/events.stp, examples/systemtap/rpc-monitor.stp:
	  New examples
	* examples/systemtap/client.stp: Remove obsolete example

2011-10-11  Daniel P. Berrange  

	Rewrite all the DTrace/SystemTAP probing
	The libvirtd daemon had a few crude system tap probes. Some of
	these were broken during the RPC rewrite. The new modular RPC
	code is structured in a way that allows much more effective
	tracing. Instead of trying to hook up the original probes,
	define a new set of probes for the RPC and event code.

	The master probes file is now src/probes.d.  This contains
	probes for virNetServerClientPtr, virNetClientPtr, virSocketPtr
	virNetTLSContextPtr and virNetTLSSessionPtr modules. Also add
	probes for the poll event loop.

	The src/dtrace2systemtap.pl script can convert the probes.d
	file into a libvirt_probes.stp file to make use from systemtap
	much simpler.

	The src/rpc/gensystemtap.pl script can generate a set of
	systemtap functions for translating RPC enum values into
	printable strings. This works for all RPC header enums (program,
	type, status, procedure) and also the authentication enum

	The PROBE macro will automatically generate a VIR_DEBUG
	statement, so any place with a PROBE can remove any existing
	manual DEBUG statements.

	* daemon/libvirtd.stp, daemon/probes.d: Remove obsolete probing
	* daemon/libvirtd.h: Remove probe macros
	* daemon/Makefile.am: Remove all probe buildings/install
	* daemon/remote.c: Update authentication probes
	* src/dtrace2systemtap.pl, src/rpc/gensystemtap.pl: Scripts
	  to generate STP files
	* src/internal.h: Add probe macros
	* src/probes.d: Master list of probes
	* src/rpc/virnetclient.c, src/rpc/virnetserverclient.c,
	  src/rpc/virnetsocket.c, src/rpc/virnettlscontext.c,
	  src/util/event_poll.c: Insert probe points, removing any
	  DEBUG statements that duplicate the info

2011-10-11  Daniel P. Berrange  

	Fix missing lock calls on virNetTLSContextRef
	The virNetTLSContextRef API forgot to acquire/release the lock
	while changing ctxt->refs

	* src/rpc/virnettlscontext.c: Add lock calls

2011-10-11  Daniel P. Berrange  

	Refactor TLS to facilitate dynamic probing
	Pull the call to gnutls_x509_crt_get_dn up into a higher function
	so that the 'dname' variable will be available for probe points

	* src/rpc/virnettlscontext.c: Pull gnutls_x509_crt_get_dn up
	  one level

2011-10-11  Daniel P. Berrange  

	Add virSocketRef API to facilitate dynamic probing
	Instead of directly manipulating sock->refs, add a virSocketRef
	API

	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add virSocketRef

2011-10-11  Daniel P. Berrange  

	If receiving a stream error, mark EOF on the stream
	If we receive an error on the stream, set the EOF marker so
	that any further (bogus) incoming data is dropped.

	* src/rpc/virnetclientstream.c: Set EOF on stream

2011-10-11  Daniel P. Berrange  

	Make libvirt.so include the RPC server code
	To avoid static linking libvirtd to the RPC server code, which
	then prevents sane introduction of DTrace probes, put it all
	in the libvirt.so, and export it

	* daemon/Makefile.am: Don't link to RPC libraries
	* src/Makefile.am: Link all RPC libraries to libvirt.so
	* src/libvirt_private.syms: Export all RPC functions

2011-10-11  Eric Blake  

	snapshot: implement snapshot children listing in esx
	It was fairly trivial to return snapshot listing based on a
	point in the hierarchy, rather than starting at all roots.

	* src/esx/esx_driver.c (esxDomainSnapshotNumChildren)
	(esxDomainSnapshotListChildrenNames): New functions.

2011-10-11  Eric Blake  

	snapshot: implement snapshot children listing in qemu
	Not too hard to wire up.  The trickiest part is realizing that
	listing children of a snapshot cannot use SNAPSHOT_LIST_ROOTS,
	and that we overloaded that bit to also mean SNAPSHOT_LIST_DESCENDANTS;
	we use that bit to decide which iteration to use, but don't want
	the existing counting/listing functions to see that bit.

	* src/conf/domain_conf.h (virDomainSnapshotObjListNumFrom)
	(virDomainSnapshotObjListGetNamesFrom): New prototypes.
	* src/conf/domain_conf.c (virDomainSnapshotObjListNumFrom)
	(virDomainSnapshotObjListGetNamesFrom): New functions.
	* src/libvirt_private.syms (domain_conf.h): Export them.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotNumChildren)
	(qemuDomainSnapshotListChildrenNames): New functions.

2011-10-11  Eric Blake  

	snapshot: remote protocol for snapshot children
	Very mechanical.  I'm so glad we've automated the generation of things,
	compared to what it was in 0.8.x days, where this would be much longer.

	* src/remote/remote_protocol.x
	(REMOTE_PROC_DOMAIN_SNAPSHOT_NUM_CHILDREN)
	(REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_CHILDREN_NAMES): New rpcs.
	(remote_domain_snapshot_num_children_args)
	(remote_domain_snapshot_num_children_ret)
	(remote_domain_snapshot_list_children_names_args)
	(remote_domain_snapshot_list_children_names_ret): New structs.
	* src/remote/remote_driver.c (remote_driver): Use it.
	* src/remote_protocol-structs: Update.

2011-10-11  Eric Blake  

	snapshot: virsh fallback for snapshot-list --descendants --from
	Given a list of snapshots and their parents, finding all descendants
	requires a hairy traversal.  This code is O(n^3); it could maybe be
	made to scale O(n^2) with the use of a hash table, but that costs more
	memory.  Hopefully there aren't too many people with a hierarchy
	so large as to approach REMOTE_DOMAIN_SNAPSHOT_LIST_NAMES_MAX (1024).

	* tools/virsh.c (cmdSnapshotList): Add final fallback.

2011-10-11  Eric Blake  

	snapshot: virsh fallback for snapshot-list --from children
	Iterating over one level of children requires parsing all snapshots
	and their parents; a bit of code shuffling makes it pretty easy
	to do this as well.

	* tools/virsh.c (cmdSnapshotList): Add another fallback.

2011-10-11  Eric Blake  

	snapshot: virsh fallback for snapshot-list --tree --from
	Emulating --from requires grabbing the entire list of snapshots
	and their parents, and recursively iterating over the list from
	the point of interest - but we already do that for --tree.  This
	turns on emulation for that situation.

	* tools/virsh.c (__vshControl): Rename member.
	(vshReconnect, cmdConnect, vshGetSnapshotParent): Update clients.
	(cmdSnapshotList): Add fallback.

2011-10-11  Eric Blake  

	snapshot: virsh snapshot-list and children
	Sometimes, we only care about one branch of the snapshot hierarchy.
	Make it easier to list a single branch, by using the new APIs.

	Technically, I could emulate these new virsh options on old servers
	by doing a complete dump, then scraping xml to filter out just the
	snapshots that I care about, but I didn't want to do that in this patch.

	* tools/virsh.c (cmdSnapshotList): Add --from, --descendants.
	* tools/virsh.pod (snapshot-list): Document them.

2011-10-11  Eric Blake  

	snapshot: new virDomainSnapshotListChildrenNames API
	The previous API addition allowed traversal up the hierarchy;
	this one makes it easier to traverse down the hierarchy.

	In the python bindings, virDomainSnapshotNumChildren can be
	generated, but virDomainSnapshotListChildrenNames had to copy
	from the hand-written example of virDomainSnapshotListNames.

	* include/libvirt/libvirt.h.in (virDomainSnapshotNumChildren)
	(virDomainSnapshotListChildrenNames): New prototypes.
	(VIR_DOMAIN_SNAPSHOT_LIST_DESCENDANTS): New flag alias.
	* src/libvirt.c (virDomainSnapshotNumChildren)
	(virDomainSnapshotListChildrenNames): New functions.
	* src/libvirt_public.syms: Export them.
	* src/driver.h (virDrvDomainSnapshotNumChildren)
	(virDrvDomainSnapshotListChildrenNames): New callbacks.
	* python/generator.py (skip_impl, nameFixup): Update lists.
	* python/libvirt-override-api.xml: Likewise.
	* python/libvirt-override.c
	(libvirt_virDomainSnapshotListChildrenNames): New wrapper function.

2011-10-11  Eric Blake  

	docs: fix html bug
	 doesn't exist.  Introduced in commit 4bb4109f.

	* docs/formatdomain.html.in: Use correct end tag.

2011-10-11  Guido Günther  

	xen_xs: Guard against set but empty kernel argument
	On xen 4.1 I observed configurations that look like:

	(image
	    (hvm
	        (kernel '')
	        (loader '/foo/bar')
	))

	The kernel element is there but unset. This leads to an empty 
	element in the XML and even worse makes us skip the boot order parsing
	and therefore not emit a  element which breaks CD
	booting.

2011-10-11  Guido Günther  

	xen: add error handling to UUID parsing
	otherwise a missing UUID in a domain config just shows:

	error: An error occurred, but the cause is unknown

	Now we have:

	error: configuration file syntax error: config value uuid was missing

2011-10-11  Eric Blake  

	maint: typo fixes
	I noticed a couple typos in recent commits, and fixed the remaining
	instances of them.

	* docs/internals/command.html.in: Fix spelling errors.
	* include/libvirt/libvirt.h.in (virConnectDomainEventCallback):
	Likewise.
	* python/libvirt-override.py (virEventAddHandle): Likewise.
	* src/lxc/lxc_container.c (lxcContainerChild): Likewise.
	* src/util/hash.c (virHashCreateFull): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalMakeVol): Likewise.
	* src/esx/esx_driver.c (esxFormatVMXFileName): Likewise.
	* src/vbox/vbox_tmpl.c (vboxIIDIsEqual_v3_x): Likewise.

2011-10-11  Eric Blake  

	snapshot: avoid accidental renames with snapshot-edit
	I was a bit surprised that 'virsh snapshot-edit dom name' silently
	allowed me to clone things, while still telling me the old name,
	especially since other commands like 'virsh edit dom' reject rename
	attempts (*).  This fixes things to be more explicit (**).

	(*) Technically, 'virsh edit dom' relies on virDomainDefineXML
	behavior, which rejects attempts to mix a new name with existing
	uuid or new uuid with existing name, but you can create a new
	domain by changing both uuid and name.  On the other hand, while
	snapshot-edit --clone is a true clone, creating a new domain
	would also have to decide whether to clone snapshot metadata,
	managed save, and any other secondary data related to the domain.
	Domain renames are not trivial either.

	(**) Renaming or creating a clone is still a risky proposition -
	for offline snapshots and system checkpoints, if the new name
	does not match an actual name recorded in the qcow2 internal
	snapshots, then you cannot revert to the new checkpoint.  But it
	is assumed that anyone using the new virsh flags knows what they
	are doing, and can deal with the fallout caused by a rename/clone;
	that is, we can't completely prevent a user from shooting
	themselves in the foot, so much as we are making the default
	action less risky.

	* tools/virsh.c (cmdSnapshotEdit): Add --rename, --clone.
	* tools/virsh.pod (snapshot-edit): Document them.

2011-10-11  Eric Blake  

	snapshot: sort snapshot-list --tree
	Otherwise, the results are not repeatable.

	* tools/virsh.c (cmdSnapshotList): Print tree in predictable order.

2011-10-10  Osier Yang  

	storage: Do not use comma as seperator for lvs output
	* src/storage/storage_backend_logical.c:

	If a logical vol is created as striped. (e.g. --stripes 3),
	the "device" field of lvs output will have multiple fileds which are
	seperated by comma. Thus the RE we write in the codes will not
	work well anymore. E.g. (lvs output for a stripped vol, uses "#" as
	seperator here):

	test_stripes##fSLSZH-zAS2-yAIb-n4mV-Al9u-HA3V-oo9K1B#\
	/dev/sdc1(10240),/dev/sdd1(0)#42949672960#4194304

	The RE we use:

	    const char *regexes[] = {
	        "^\\s*(\\S+),(\\S*),(\\S+),(\\S+)\\((\\S+)\\),(\\S+),([0-9]+),?\\s*$"
	    };

	Also the RE doesn't match the "devices" field of striped vol properly,
	it contains multiple "device path" and "offset".

	This patch mainly does:
	    1) Change the seperator into "#"
	    2) Change the RE for "devices" field from "(\\S+)\\((\\S+)\\)"
	       into "(\\S+)".
	    3) Add two new options for lvs command, (segtype, stripes)
	    4) Extend the RE to match the value for the two new fields.
	    5) Parse the "devices" field seperately in virStorageBackendLogicalMakeVol,
	       multiple "extents" info are generated if the vol is striped. The
	       number of "extents" is equal to the stripes number of the striped vol.

	A incidental fix: (virStorageBackendLogicalMakeVol)
	    Free "vol" if it's new created and there is error.

	Demo on striped vol with the patch applied:

	% virsh vol-dumpxml /dev/test_vg/vol_striped2
	
	  vol_striped2
	  QuWqmn-kIkZ-IATt-67rc-OWEP-1PHX-Cl2ICs
	  
	    
	      
	    
	    
	      
	    
	  
	  8388608
	  8388608
	  
	    /dev/test_vg/vol_striped2
	    
	      0660
	      0
	      6
	      
	    
	  
	

	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=727474

2011-10-09  Michal Privoznik  

	qemuDomainAttach: Initialize pidfile variable
	If parsing qemu command line fails (e.g. because of non-existing
	process number supplied), we jump to cleanup label where we free
	pidfile. Therefore it needs to be initialized. Otherwise we free
	random pointer.

2011-10-08  Eric Blake  

	qemu: silence Coverity false positive
	Coverity complained that 4 out of 5 callers to virJSONValueObjectGetBoolean
	checked for errors.  But we documented that we don't care in this case.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockInfo): Use
	ignore_value.

2011-10-08  Eric Blake  

	lxc: fix logic bug
	Detected by Coverity.  We want to increment the size_t counter,
	not the pointer to the counter.  Bug present since 5f5c6fde (0.9.5).

	* src/lxc/lxc_controller.c (lxcSetupLoopDevices): Use correct
	precedence.

2011-10-07  tangchen  

	virsh: Update the help information for undefine command.
	virsh undefine command can now undefine an active guest, but the help information is still the old.
	This patch modifies it and make it coincident to the manpage of virsh.

2011-10-07  Daniel P. Berrange  

	Don't send back unknown program errors for async messages
	If we send back an unknown program error for async messages,
	we will confuse the client because they only expect replies
	for method calls. Just log & drop any invalid async messages

	* src/rpc/virnetserver.c: Don't send error for async messages

2011-10-07  Daniel P. Berrange  

	Fix deadlock when the RPC program is unknown
	Commit 597fe3cee68f561a181967b59a87b4e5c5880c4c accidentally
	introduced a deadlock when reporting an unknown RPC program.
	The virNetServerDispatchNewMessage method is called with
	the client locked, and must therefore not attempt to send
	any RPC messages back to the client. Only once the incoming
	message is passed off to the virNetServerHandleJob worker
	is it safe to start sending messages back

	* src/rpc/virnetserver.c: Delay checking for unknown RPC
	  program until in worker thread

2011-10-07  Eric Blake  

	snapshot: simplify redefinition of disk snapshot
	Redefining disk-only snapshot xml should work even if the user
	did not explicitly pass VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY;
	the flag is only required for conditions where the 
	subelement is not already present in parsing (that is, defining
	a new snapshot).

	Also, fix the error code of some user-visible errors (the remaining
	VIR_ERR_INTERNAL_ERROR should not be user-visible, since parsing
	of  is only done from internal code).

	* src/conf/domain_conf.c (virDomainSnapshotDefParseString): Allow
	disks during redefinition of disk snapshot.

2011-10-07  Eric Blake  

	snapshot: let virsh edit disk snapshots
	It was impossible for 'virsh snapshot-current dom name' to set name
	as the current snapshot, if name is a disk-only snapshot.

	Using strstr rather than full-blown xml parsing is safe, since the
	xml is assumed to be well-formed coming from libvirtd rather than
	arbitrary text coming from the user.

	* tools/virsh.c (cmdSnapshotCurrent, cmdSnapshotEdit): Pass
	disk_only flag when redefining a disk snapshot.

2011-10-07  Eric Blake  

	snapshot: fix virsh error message typo
	* tools/virsh.c (cmdSnapshotList): Spell exclusive correctly.

2011-10-07  Michal Privoznik  

	remote_driver: Avoid double free in EventControl building
	Don't xdr_free event data as they are freed by our caller
	virNetClientProgramDispatch.

2011-10-07  Eric Blake  

	build: fix 'make distcheck' with pdwtags installed
	I am getting this failure with 'make distcheck':

	  GEN    ../../src/remote_protocol-structs
	/bin/sh: ../../src/remote_protocol-structs-t: Permission denied
	make[4]: *** [../../src/remote_protocol-structs] Error 1

	since it attempts a sub-run of a VPATH 'make check' where $(srcdir)
	is intentionally read-only.  I'm not sure which commit introduced
	the problem, although I suspect it was around 62dee6f when I
	refactored protocol struct checking to be more powerful.

	$(@F) is required by POSIX, and although it is not yet portable
	to all make implementations, we already require GNU make.

	* src/Makefile.am (PDWTAGS): Generate temp file into current
	directory, since $(srcdir) is read-only during distcheck.

2011-10-07  Guido Günther  

	xenParseXM: don't dereference NULL pointer when script is empty

2011-10-07  Laine Stump  

	qemu: add separate rerror_policy for disk errors
	Previously libvirt's disk device XML only had a single attribute,
	error_policy, to control both read and write error policy, but qemu
	has separate options for controlling read and write. In one case
	(enospc) a policy is allowed for write errors but not read errors.

	This patch adds a separate attribute that sets only the read error
	policy. If just error_policy is set, it will apply to both read and
	write error policy (previous behavior), but if the new rerror_policy
	attribute is set, it will override error_policy for read errors only.
	Possible values for rerror_policy are "stop", "report", and "ignore"
	("report" is the qemu-controlled default for rerror_policy when
	error_policy isn't specified).

	For consistency, the value "report" has been added to the possible
	values for error_policy as well.

2011-10-07  Laine Stump  

	qemu: leave rerror policy at default when enospace is requested
	commit 12062ab set rerror=ignore when error_policy="enospace" was
	selected (since the rerror option in qemu doesn't accept "enospc", as
	the werror option does).

	After that patch was already pushed, Paolo Bonzini noticed it and
	commented that leaving rerror at the default ("report") would be a
	better choice. This patch corrects the problem - if error_policy =
	"enospace" is given, rerror is left off the qemu commandline,
	effectively setting it to "report". For other values, rerror is still
	set to match werror.

	Additionally, the parsing of error_policy was changed to no longer
	erroneously allow "default" as a choice - as with most other
	attributes, if you want the default setting, just don't specify an
	error_policy.

	Finally, two ommissions in the first patch were corrected - a
	long-dormant qemuxml2argv test for enospace was enabled, and fixed to
	pass, and the argv2xml parser in qemu_command.c was updated to
	recognize the different spelling on the qemu commandline.

2011-10-07  Eric Blake  

	qemu: enable multifunction for older qemu
	Now that RHEL 6.2 Beta is out, it would be nice to test multifunction
	devices on that platform.  This changes things so that the multifunction
	cap bit can be set in two different ways: by version comparison (needed
	for qemu 0.13 which lacked a -device query), and by -device query
	(provided by qemu.git and backported to the RHEL beta build of
	qemu-kvm which still claims to be a modified 0.12, and therefore needed
	for RHEL).

	* src/qemu/qemu_capabilities.c (qemuCapsParseDeviceStr): Allow
	second method of setting multifunction cap bit.
	* tests/qemuhelptest.c (mymain): Test it.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel62-beta: New file.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel62-beta-device: Likewise.

2011-10-06  Guido Günther  

	Document STREQ_NULLABLE and STRNEQ_NULLABLE

2011-10-06  Daniel P. Berrange  

	Make LXC work with new network configuration types
	If using one of the new non-NAT/routed virtual network
	configurations, the LXC driver would not know how to
	setup the VETH devices. Adding in calls to setup the
	"actual" network configuration at VM startup and cleanup
	when shutting down fixes this.

	* src/lxc/lxc_driver.c: Setup/cleanup actual net devs

2011-10-06  Eric Blake  

	init: raise default system aio limits
	https://bugzilla.redhat.com/show_bug.cgi?id=740899 documents that
	if qemu uses aio=native for its disks, then it consumes 128 aio
	requests per disk.  On a host with multiple guests, this can quickly
	run out of kernel aio requests with the default aio-max-nr of
	65536.  Kernel developers have confirmed that there is no up-front
	cost to raising this limit (a larger limit merely implies that more
	aio requests can be issued in parallel, which in turn will result
	in more kernel memory allocation, only if the system really does use
	that many requests).  Since the system default limit prevents 256
	disks, which is well within libvirt's current scalability, this
	patch installs a file to raise the limit and document it in case a
	system administrator has further cause to tune the limit.  The
	install only works on platforms new enough to source /etc/sysctl.d/*
	alongside /etc/sysctl.conf (F14 and RHEL 6).

	* daemon/libvirtd.sysctl: New file.
	* daemon/Makefile.am (EXTRA_DIST): Ship it.
	(install-init, uninstall-init): Install it.
	* libvirt.spec.in (%files): Include it in rpm.

2011-10-06  Eric Blake  

	maint: fix minor issues in virterror public header
	Consistent use of tabs, fewer long lines, and a typo fix.

	* include/libvirt/virterror.h: Fix typos, layout.

2011-10-06  Eric Blake  

	snapshot: enforce REVERT_FORCE on qemu
	Implements the documentation for snapshot revert vs. force.

	Part of the patch tightens existing behavior (previously, reverting
	to an old snapshot without  was blindly attempted, now it
	requires force), while part of it relaxes behavior (previously, it
	was not possible to revert an active domain to an ABI-incompatible
	active snapshot, now force allows this transition).

	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Check for
	risky situations, and allow force to get past them.

2011-10-06  Eric Blake  

	snapshot: use qemu-img on disks in use at time of snapshot
	Once we know which set of disks belong to a snapshot, reverting or
	deleting that snapshot should visit just those disks, rather than
	also visiting disks that were hot-plugged in the meantime or
	skipping disks that were hot-unplugged in the meantime.

	* src/qemu/qemu_domain.c (qemuDomainSnapshotForEachQcow2): Use
	snapshot domain details when available.  Avoid NULL deref.

2011-10-06  Eric Blake  

	snapshot: add REVERT_FORCE to API
	Although reverting to a snapshot is a form of data loss, this is
	normally expected.  However, there are two cases where additional
	surprises (failure to run the reverted state, or a break in
	connectivity to the domain) can come into play.  Requiring extra
	acknowledgment in these cases will make it less likely that
	someone can get into an unrecoverable state due to a default revert.

	Also create a new error code, so users can distinguish when forcing
	would make a difference, rather than having to blindly request force.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_REVERT_FORCE):
	New flag.
	* src/libvirt.c (virDomainRevertToSnapshot): Document it.
	* include/libvirt/virterror.h (VIR_ERR_SNAPSHOT_REVERT_RISKY): New
	error value.
	* src/util/virterror.c (virErrorMsg): Implement it.
	* tools/virsh.c (cmdDomainSnapshotRevert): Add --force to virsh.
	* tools/virsh.pod (snapshot-revert): Document it.

2011-10-05  Eric Blake  

	snapshot: implement snapshot roots listing in vbox
	Commit 9f5e53e introduced the ability to filter snapshots to
	just roots, but it was never implemented for VBox until now.

	The VBox implementation prohibits deletion of a snapshot with
	multiple children.  Hence, there can only be at most one root,
	which is found by searching for the snapshot with a NULL uuid.

	Prior to 4.0, snapshotGet looked up by UUID, and snapshotFind
	looked up by name; after that point, snapshotGet disappeared
	and snapshotFind handles uuid or name.

	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotNum)
	(vboxDomainSnapshotListNames): Implement limiting list to root.

2011-10-05  Jiri Denemark  

	qemu: Don't fail virDomainGetInfo if we can't update balloon info
	Qemu driver tries to update balloon data in virDomainGetInfo and if it
	can't do so because there is another monitor job running, it just
	reports what's known in domain def. However, if there was no job running
	but getting the data from qemu fails, we would fail the whole API. This
	doesn't make sense. Let's make the failure nonfatal.

2011-10-05  Eric Blake  

	snapshot: simplify esx snapshot name lookup
	No need to request the parent of a snapshot if we aren't going to use it.

	* src/esx/esx_vi.c (esxVI_GetSnapshotTreeByName): Make parent
	optional.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML)
	(esxDomainSnapshotLookupByName, esxDomainRevertToSnapshot)
	(esxDomainSnapshotDelete): Simplify accordingly.

2011-10-05  Eric Blake  

	snapshot: implement snapshot roots listing in esx
	Commit 9f5e53e introduced the ability to filter snapshots to
	just roots, but it was never implemented for ESX until now.

	* src/esx/esx_vi.h (esxVI_GetNumberOfSnapshotTrees)
	(esxVI_GetSnapshotTreeNames): Add parameter.
	* src/esx/esx_vi.c (esxVI_GetNumberOfSnapshotTrees)
	(esxVI_GetSnapshotTreeNames): Allow choice of recursion or not.
	* src/esx/esx_driver.c (esxDomainSnapshotNum)
	(esxDomainSnapshotListNames): Use it to limit to roots.

2011-10-05  Laine Stump  

	qemu: correct misspelled 'enospc' option, and only use for werror
	This resolves:

	     https://bugzilla.redhat.com/show_bug.cgi?id=730909

	When support for setting the qemu disk error policy to "enospc" was
	added, it was inadvertently spelled "enospace". This patch corrects
	that on the qemu commandline (while retaining the "enospace" spelling
	for libvirt's XML).

	Also, while examining the qemu source, I found that "enospc" is not
	allowed for the read error policy, only for write error policy (makes
	sense). Since libvirt currently only has a single error policy
	setting, when "enospace" is selected, the read error policy is set to
	"ignore".

2011-10-05  Eric Blake  

	snapshot: better virsh handling of missing current, parent
	Previously, virsh 'snapshot-parent' and 'snapshot-current' were
	completely silent in the case where the code conclusively proved
	there was no parent or current snapshot, but differed in exit
	status; this silence caused some confusion on whether the commands
	worked.  Furthermore, commit d1be48f introduced a regression where
	snapshot-parent would leak output about an unknown function, but
	only on the first attempt, when talking to an older server that
	lacks virDomainSnapshotGetParent.  This changes things to consistenly
	report an error message and exit with status 1 when no snapshot
	exists, and to avoid leaking unknown function warnings when using
	fallbacks.

	* tools/virsh.c (vshGetSnapshotParent): Alter signature, to
	distinguish between real error and missing parent.  Don't pollute
	last_error on success.
	(cmdSnapshotParent): Adjust caller.  Always output message on
	failure.
	(cmdSnapshotList): Adjust caller.
	(cmdSnapshotCurrent): Always output message on failure.

2011-10-05  Guido Günther  

	Document that ff callbacks need to be invoked from a clean stack.
	Also fix a typo.

2011-10-04  Jiri Denemark  

	qemu: Fix migration with dname
	Destination libvirtd remembers the original name in the prepare phase
	and clears it in the finish phase. The original name is used when
	comparing domain name in migration cookie.

2011-10-04  Daniel P. Berrange  

	Allow passing of command line args to LXC container
	When booting a virtual machine with a kernel/initrd it is possible
	to pass command line arguments using the ...args...
	element in the guest XML. These appear to the kernel / init process
	in /proc/cmdline.

	When booting a container we do not have a custom /proc/cmdline,
	but we can easily set an environment variable for it. Ideally
	we could pass individual arguments to the init process as a
	regular set of 'char *argv[]' parameters, but that would involve
	libvirt parsing the  XML text. This can easily be added
	later, even if we add the env variable now

	* docs/drvlxc.html.in: Document env variables passed to LXC
	* src/conf/domain_conf.c: Add  to be parsed for
	  guests of type='exe'
	* src/lxc/lxc_container.c: Set LIBVIRT_LXC_CMDLINE env var

2011-10-04  Daniel P. Berrange  

	Add support for bandwidth filtering on LXC guests
	Call virBandwidthEnable after creating the LXC veth, so that any
	bandwidth controls get applied

	* src/lxc/lxc_driver.c: Enable bandwidth limiting

2011-10-04  Laine Stump  

	network: fill in bandwidth from portgroup for all forward modes
	This patch is a fix for:

	  https://bugzilla.redhat.com/show_bug.cgi?id=743176

	which was discovered by Dan Berrange while making bandwidth
	configuration work for LXC guests.

	Background: Although virtportprofile data from a network portgroup is
	only applicable for direct mode interfaces, the code that copies
	bandwidth data from the portgroup was also only being executed in the
	case of direct mode interfaces. The result was that interfaces using
	traditional virtual networks (forward mode='nat|route|none'), and
	those using a host bridge for forwarding, would not pick up bandwidth
	data from a portgroup defined in the network.

	This patch moves that code outside the conditional, so that bandwidth
	information is *alway* copied from the appropriate portgroup (unless
	the  definition itself already has bandwidth information,
	which would take precedence over what's in the portgroup anyway).

2011-10-04  Neil Wilson  

	bridge_driver.c: Fix autoconf setting
	Code altered so that it is consistent with the associated comment. The
	'autoconf' variable is forced to zero.

2011-10-04  Marc-André Lureau  

	Set to NULL members that have been freed to prevent crashes
	Do not crash if virStreamFinish is called after error.

	==11000== Invalid read of size 4
	==11000==    at 0x373A8099A0: pthread_mutex_lock (pthread_mutex_lock.c:51)
	==11000==    by 0x4C7CADE: virMutexLock (threads-pthread.c:85)
	==11000==    by 0x4D57C31: virNetClientStreamRaiseError (virnetclientstream.c:203)
	==11000==    by 0x4D385E4: remoteStreamFinish (remote_driver.c:3541)
	==11000==    by 0x4D182F9: virStreamFinish (libvirt.c:14157)
	==11000==    by 0x40FDC4: cmdScreenshot (virsh.c:3075)
	==11000==    by 0x42BA40: vshCommandRun (virsh.c:14922)
	==11000==    by 0x42ECCA: main (virsh.c:16381)
	==11000==  Address 0x59b86c0 is 16 bytes inside a block of size 216 free'd
	==11000==    at 0x4A06928: free (vg_replace_malloc.c:427)
	==11000==    by 0x4C69E2B: virFree (memory.c:310)
	==11000==    by 0x4D57B56: virNetClientStreamFree (virnetclientstream.c:184)
	==11000==    by 0x4D3DB7A: remoteDomainScreenshot (remote_client_bodies.h:1812)
	==11000==    by 0x4CFD245: virDomainScreenshot (libvirt.c:2903)
	==11000==    by 0x40FB73: cmdScreenshot (virsh.c:3029)
	==11000==    by 0x42BA40: vshCommandRun (virsh.c:14922)
	==11000==    by 0x42ECCA: main (virsh.c:16381)

2011-10-03  Eric Blake  

	snapshot: implement getparent for vbox
	Built by copying from existing functions.

	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotGetParent): New function.

2011-10-03  Eric Blake  

	snapshot: implement getparent for esx
	Pretty easy to paste together compared to existing functions.

	* src/esx/esx_driver.c (esxDomainSnapshotGetParent): New function.

2011-10-01  Laine Stump  

	qemu: make PCI multifunction support more manual
	When support for was added for PCI multifunction cards (in commit
	9f8baf, first included in libvirt 0.9.3), it was done by always
	turning on the multifunction bit for all PCI devices. Since that time
	it has been realized that this is not an ideal solution, and that the
	multifunction bit must be selectively turned on. For example, see

	  https://bugzilla.redhat.com/show_bug.cgi?id=728174

	and the discussion before and after

	  https://www.redhat.com/archives/libvir-list/2011-September/msg01036.html

	This patch modifies multifunction support so that the multifunction=on
	option is only added to the qemu commandline for a device if its PCI
	
     definition has the attribute "multifunction='on'", e.g.:

	  
    

	In practice, the multifunction bit should only be turned on if
	function='0' AND other functions will be used in the same slot - it
	usually isn't needed for functions 1-7 (although there are apparently
	some exceptions, e.g. the Intel X53 according to the QEMU source
	code), and should never be set if only function 0 will be used in the
	slot. The test cases have been changed accordingly to illustrate.

	With this patch in place, if a user attempts to assign multiple
	functions in a slot without setting the multifunction bit for function
	0, libvirt will issue an error when the domain is defined, and the
	define operation will fail. In the future, we may decide to detect
	this situation and automatically add multifunction=on to avoid the
	error; even then it will still be useful to have a manual method of
	turning on multifunction since, as stated above, there are some
	devices that excpect it to be turned on for all functions in a slot.

	A side effect of this patch is that attempts to use the same PCI
	address for two different devices will now log an error (previously
	this would cause the domain define operation to fail, but there would
	be no log message generated). Because the function doing this log was
	almost completely rewritten, I didn't think it worthwhile to make a
	separate patch for that fix (the entire patch would immediately be
	obsoleted).

2011-10-01  Laine Stump  

	conf: remove unused VIR_ENUM_DECL
	While adding a new enum, I noticed a VIR_ENUM_DECL for a type that
	doesn't exist. There is also of course no matching VIR_ENUM_IMPL for
	it.

2011-10-01  Marc-André Lureau  

	virsh: do not unlink NULL file
	error:could not take a screenshot of xp
	==6216== Syscall param unlink(pathname) points to unaddressable byte(s)
	==6216==    at 0x373A0D4937: unlink (syscall-template.S:82)
	==6216==    by 0x40FD73: cmdScreenshot (virsh.c:3070)
	==6216==    by 0x42BA0D: vshCommandRun (virsh.c:14920)
	==6216==    by 0x42EC97: main (virsh.c:16379)
	==6216==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
	==6216==
	error:Requested operation is not valid: domain is not running

2011-10-01  Serge E. Hallyn  

	lvm storage backend: handle command_names=1 in lvm.conf
	If the regexes supported (?:pvs)?, then we could handle this by
	optionally matching but not returning the initial command name.  But it
	doesn't.  So add a new char* argument to
	virStorageBackendRunProgRegex().  If that argument is NULL then we act
	as usual.  Otherwise, if the string at that argument is found at the
	start of a returned line, we drop that before running the regex.

	With this patch, virt-manager shows me lvs with command_names 1 or 0.

	The definitions of PVS_BASE etc may want to be moved into the configure
	scripts (though given how PVS is found, IIUC that could only happen if
	pvs was a link to pvs_real), but in any case no sense dealing with that
	until we're sure this is an ok way to handle it.

2011-09-30  Michal Privoznik  

	qemu: Check for outstanding async job too
	Currently, qemuDomainGetXMLDesc and qemudDomainGetInfo check for
	outstanding synchronous job before (eventual) monitor entering.
	However, there can be already async job set, e.g. migration.

2011-09-29  Peter Krempa  

	qemu: Fix error message mentioning VNC instead of SPICE

2011-09-29  Xu He Jie  

	virsh: Add 'reset' command for virsh

	remote: Implement 'reset' for remote driver

	qemu: Implement 'reset' for qemu driver

	api: Add public api for 'reset'
	Add new public api for 'reset'.
	It can reset domain immediately without any guest shutdown.

2011-09-29  Jiri Denemark  

	logging: Add date to log timestamp

	logging: Do not log timestamp through syslog
	Syslog puts the timestamp to every message anyway so this removes
	redundant data.

2011-09-29  Matthias Bolte  

	hyperv: Report an error for acceptable URI schemes with a transport
	Before, URIs such as hyperv+ssh:// have been declined by the Hyper-V
	driver resulting in the remote driver trying to connect to an
	non-existing libvirtd.

	Now such URIs trigger an error in the yper-V driver suggesting to
	try again without the transport part in the scheme.

2011-09-29  Matthias Bolte  

	esx: Report an error for acceptable URI schemes with a transport
	Before, URIs such as esx+ssh:// have been declined by the ESX driver
	resulting in the remote driver trying to connect to an non-existing
	libvirtd.

	Now such URIs trigger an error in the ESX driver suggesting to try
	again without the transport part in the scheme.

2011-09-29  Douglas Schilling Landgraf  

	formatdomain.html.in: fix tickpolicy
	there is no option "none":

	>From libvirt/src/conf/domain_conf.c

	
	VIR_ENUM_IMPL(virDomainTimerTickpolicy,
	VIR_DOMAIN_TIMER_TICKPOLICY_LAST,
	              "delay",
	              "catchup",
	              "merge",
	              "discard");
	

	Replacing with delay.

2011-09-29  Daniel Veillard  

	virsh: describe attach-interface parameter target
	This patch is based on a improvement suggested by Kazuhiro Kikuchi
	of Fujitsu, it gives a description of the target parameter for that
	command

	* tools/virsh.pod: add description for target parameter of
	  attach-interface

2011-09-29  Daniel Veillard  

	virsh: update man page for cpu_shares parameter
	The man page suggest that the cpu_shares parameter of schedinfo
	allows values 0-262144, but the kernel remaps values 0 and 1 to
	the minimum 2, just document that behaviour:

	[root@test ~]# cat /cgroup/cpu/libvirt/qemu/cpu.shares
	1024
	[root@test ~]# echo 0 > /cgroup/cpu/libvirt/qemu/cpu.shares
	[root@test ~]# cat /cgroup/cpu/libvirt/qemu/cpu.shares
	2
	[root@test ~]# echo 1 > /cgroup/cpu/libvirt/qemu/cpu.shares
	[root@test ~]# cat /cgroup/cpu/libvirt/qemu/cpu.shares
	2
	[root@test ~]#

	* tools/virsh.pod: update description of the cpu_shares parameter
	  to indicate the values 0 and 1 are automatically changed by the
	  kernel to minimal value 2

2011-09-29  Michal Privoznik  

	qemu: Check for ejected media during startup and migration
	If the daemon is restarted so we reconnect to monitor, cdrom media
	can be ejected. In that case we don't want to show it in domain xml,
	or require it on migration destination.

	To check for disk status use 'info block' monitor command.

2011-09-29  Alex Jia  

	qemu: add return value check
	* src/qemu/qemu_migration.c: if 'vmdef' is NULL, the function
	  virDomainSaveConfig still dereferences it, it doesn't make
	  sense, so should add return value check to make sure 'vmdef'
	  is non-NULL before calling virDomainSaveConfig, in addition,
	  in order to debug later, also should record error information
	  into log.

2011-09-28  Eric Blake  

	snapshot: implement getparent in qemu
	First hypervisor implementation of the new API.
	Allows 'virsh snapshot-list --tree' to be more efficient.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotGetParent): New
	function.

2011-09-28  Eric Blake  

	snapshot: add virsh snapshot-list --tree
	Reuse the tree listing of nodedev-list, coupled with the new helper
	function to efficiently grab snapshot parent names, to produce
	tree output for a snapshot hierarchy.  For example:

	$ virsh snapshot-list dom --tree
	root1
	 |
	  +- sibling1
	  +- sibling2
	  |   |
	  |   +- grandchild
	  |
	  +- sibling3

	root2
	 |
	  +- child

	* tools/virsh.c (cmdSnapshotList): Add --tree.
	* tools/virsh.pod (snapshot-list): Document it.

2011-09-28  Eric Blake  

	snapshot: refactor virsh snapshot parent computation
	Make parent computation reusable, using virDomainSnapshotGetParent
	when possible.

	* tools/virsh.c (vshGetSnapshotParent): New helper.
	(cmdSnapshotParent): Use it.

2011-09-28  Eric Blake  

	snapshot: remote protocol for getparent
	Mostly straight-forward, although this is the first API that
	returns a new snapshot based on a snapshot rather than a domain.

	* src/remote/remote_protocol.x
	(REMOTE_PROC_DOMAIN_SNAPSHOT_GET_PARENT): New rpc.
	(remote_domain_snapshot_get_parent_args)
	(remote_domain_snapshot_get_parent_ret): New structs.
	* src/rpc/gendispatch.pl: Adjust generator.
	* src/remote/remote_driver.c (remote_driver): Use it.
	* src/remote_protocol-structs: Update.

2011-09-28  Eric Blake  

	snapshot: new virDomainSnapshotGetParent API
	Although a client can already obtain a snapshot's parent by
	dumping and parsing the xml, then doing a snapshot lookup by
	name, it is more efficient to get the parent in one step, which
	in turn will make operations that must traverse a snapshot
	hierarchy easier to perform.

	* include/libvirt/libvirt.h.in (virDomainSnapshotGetParent):
	Declare.
	* src/libvirt.c (virDomainSnapshotGetParent): New function.
	* src/libvirt_public.syms: Export it.
	* src/driver.h (virDrvDomainSnapshotGetParent): New callback.

2011-09-28  Eric Blake  

	docs: document node device XML
	Coupled with the recent virsh nodedev-* doc patch, this should now
	give a better picture of libvirt node device handling.

	* docs/formatnode.html.in: Fill in page.

2011-09-28  Eric Blake  

	docs: document virsh nodedev-* commands
	This section of the man page was completely missing; I stumbled on
	it when I had no clue that I had to use nodedev-reattach after
	I was done playing with  device passthrough to one of my
	guests.

	* tools/virsh.pod (NODEDEV COMMANDS): New section.
	(attach-device, detach-device): Add cross-references.

2011-09-28  Laine Stump  

	security: properly chown/label bidirectional and unidirectional fifos
	This patch fixes the regression with using named pipes for qemu serial
	devices noted in:

	  https://bugzilla.redhat.com/show_bug.cgi?id=740478

	The problem was that, while new code in libvirt looks for a single
	bidirectional fifo of the name given in the config, then relabels that
	and continues without looking for / relabelling the two unidirectional
	fifos named ${name}.in and ${name}.out, qemu looks in the opposite
	order. So if the user had naively created all three fifos, libvirt
	would relabel the bidirectional fifo to allow qemu access, but qemu
	would attempt to use the two unidirectional fifos and fail (because it
	didn't have proper permissions/rights).

	This patch changes the order that libvirt looks for the fifos to match
	what qemu does - first it looks for the dual fifos, then it looks for
	the single bidirectional fifo. If it finds the dual unidirectional
	fifos first, it labels/chowns them and ignores any possible
	bidirectional fifo.

	(Note commit d37c6a3a (which first appeared in libvirt-0.9.2) added
	the code that checked for a bidirectional fifo. Prior to that commit,
	bidirectional fifos for serial devices didn't work because libvirt
	always required the ${name}.(in|out) fifos to exist, and qemu would
	always prefer those.

2011-09-28  Jiri Denemark  

	qemu: Preserve fakeReboot flag in domain status
	Thus, when libvirtd is restarted, it will know if a domain is supposed
	to be killed or reset when it shuts down.

	qemu: Finish domain shutdown on reconnect
	If a domain started with -no-shutdown shuts down while libvirtd is not
	running, it will be seen as paused when libvirtd reconnects to it. Use
	the paused reason to detect if a domain was stopped because of shutdown
	and finish the process just as if a SHUTDOWN event is delivered from
	qemu.

	qemu: Check domain status details when reconnecting monitor
	Current qemu is able to give us detailed domain status (not just if it
	is running or not) which we can translate into a status reason.

	qemu: Always remove domain object if MigratePrepare fails
	If migration failed in Prepare phase after virDomainAssignDef and before
	a job was started, the domain object was not properly removed.

2011-09-28  Jamie Strandboge  

	fix AppArmor driver for pipe character devices
	The AppArmor security driver adds only the path specified in the domain
	XML for character devices of type 'pipe'. It should be using .in
	and .out. We do this by creating a new vah_add_file_chardev() and
	use it for char devices instead of vah_add_file(). Also adjust
	valid_path() to accept S_FIFO (since qemu chardevs of type 'pipe' use
	fifos). This is https://launchpad.net/bugs/832507

2011-09-28  Peter Krempa  

	virsh: Allow using complete  elements with cpu-baseline
	This patch cleans the cpu baseline function using new libvirt helper
	functions and fixes XPath expression that selects  elements from
	the source file, that can contain concatenated  XMLs,
	domain XMLs and bare  elements. The fixed XPath expression ensures
	not to select NUMA 

	virsh: Allow using domain and capabilities XMLs with cpu-compare
	This patch adds extraction of the  element from capabilities and
	domain definition XML documents to improve user experience.

	https://bugzilla.redhat.com/show_bug.cgi?id=731151

2011-09-28  Eric Blake  

	snapshot: fix man page typos
	pod2man from perl-5.8.8 (RHEL 5) errors out on ill-formed POD:

	*** ERROR: unterminated I<...> at line 1114 in file virsh.pod
	*** ERROR: unterminated I<...> at line 1851 in file virsh.pod

	Newer pod2man appears to be more tolerant (which is a shame,
	because it meant that this error is harder to detect).

	* tools/virsh.pod (undefine, snapshot-current): Add missing >.

2011-09-27  Laine Stump  

	qemu: add ability to set PCI device "rombar" on or off
	This patch was made in response to:

	  https://bugzilla.redhat.com/show_bug.cgi?id=738095

	In short, qemu's default for the rombar setting (which makes the
	firmware ROM of a PCI device visible/not on the guest) was previously
	0 (not visible), but they recently changed the default to 1
	(visible). Unfortunately, there are some PCI devices that fail in the
	guest when rombar is 1, so the setting must be exposed in libvirt to
	prevent a regression in behavior (it will still require explicitly
	setting  in the guest XML).

	rombar is forced on/off by adding:

	  

	inside a  element that defines a PCI device. It is currently
	ignored for all other types of devices.

	At the moment there is no clean method to determine whether or not the
	rombar option is supported by QEMU - this patch uses the advice of a
	QEMU developer to assume support for qemu-0.12+. There is currently a
	patch in the works to put this information in the output of "qemu-kvm
	-device pci-assign,?", but of course if we switch to keying off that,
	we would lose support for setting rombar on all the versions of qemu
	between 0.12 and whatever version gets that patch.

2011-09-27  Eric Blake  

	spec: F15 still uses cgconfig, RHEL lacks hyperv
	Commit ecd8725c dropped attempts to probe the cgconfig service on
	new enough Fedora where systemd took over that aspect of the system,
	but mistakenly used F14 instead of F15 as the cutoff point.

	https://bugzilla.redhat.com/show_bug.cgi?id=741358

	Also, RHEL does not include HyperV support yet.

	* libvirt.spec.in (with_cgconfig): Check cgconfig service in F15.
	(%{?rhel}): Provide default for with_hyperv.

2011-09-27  Jiri Denemark  

	qemu: Relax -no-shutdown check to [0.14.0, 0.15.50)
	SIGTERM handling for -no-shutdown is already fixed in qemu git and
	libvirt can safely use it. The downside is that 0.15.50 version of qemu
	can be any qemu compiled from git, even that without the fix for
	SIGTERM. However, I think this patch is worth it since excluding 0.15.50
	from the check makes testing current qemu with libvirt much easier and
	someone running qemu from git should be able to rebuild fixed qemu from
	git if they hit the problem with a hang on shutdown.

	virsh: Better document --copy-storage migrate options
	Both --copy-storage-{all,inc} options require disk images to be present
	on destination host.

	virsh: Enhance documentation of commands starting jobs
	Some virsh commands start a (long-running) job that can be monitored
	using domjobinfo and aborted with domjobabort. Let's be explicit about
	this in virsh man page.

2011-09-27  Michal Privoznik  

	virLockManagerNopInit: Rename flags to unused_flags
	As these might be not used and make syntax-check complains about checking
	them via virCheckFlags.

2011-09-27  Peter Krempa  

	daemon: Don't remove pidfiles in init scripts
	Init scripts removed pid file of the daemon. Removing pid files may be
	harmful as new api for crash-safe pidfiles is used (introduced by
	c8a3a26).

2011-09-27  Michal Privoznik  

	debug: Annotate some variables as unused
	as they are not used with debugging turned off.

2011-09-27  Osier Yang  

	storage: Do not break the whole vol lookup process in the middle
	* src/storage/storage_driver.c: As virStorageVolLookupByPath lookups
	all the pool objs of the drivers, breaking when failing on getting
	the stable path of the pool will just breaks the whole lookup process,
	it can cause the API fails even if the vol exists indeed. It won't get
	any benefit. This patch is to fix it.

2011-09-24  Peter Krempa  

	maint: update authors

2011-09-23  Oskari Saarenmaa  

	Add unsafe cache mode support for disk driver
	QEMU 0.13 introduced cache=unsafe for -drive, this patch exposes
	it in the libvirt layer.

	  * Introduced a new QEMU capability flag ($prefix_CACHE_UNSAFE),
	    as even if $prefix_CACHE_V2 is set, we can't know if unsafe
	    is supported.

	  * Improved the reliability of qemu cache type detection.

2011-09-23  Daniel P. Berrange  

	Fix synchronous reading of stream data
	commit 984840a2c292402926ad100aeea33f8859ff31a9 removed the
	notification of waiting calls when VIR_NET_CONTINUE messages
	arrive. This was to fix the case of a virStreamAbort() call
	being prematurely notified of completion.

	The problem is that sometimes there are dummy calls from a
	virStreamRecv() call waiting that *do* need to be notified.

	These dummy calls should have a status VIR_NET_CONTINUE. So
	re-add the notification upon VIR_NET_CONTINUE, but only if
	the waiter also has a status of VIR_NET_CONTINUE.

	* src/rpc/virnetclient.c: Notify waiting call if stream data
	  arrives
	* src/rpc/virnetclientstream.c:  Mark dummy stream read packet
	  with status VIR_NET_CONTINUE

2011-09-23  Michal Privoznik  

	selinux: Correctly report warning if virt_use_nfs not set
	Previous patch c9b37fee tried to deal with virt_use_nfs. But
	setfilecon() returns EOPNOTSUPP on NFS so we need to move the
	warning to else branch.

2011-09-23  Peter Krempa  

	virsh: Improve virsh manual for virsh memtune command
	Commit 0a22f54 added --min-guarantee option for the memtune command.
	This option is supported only by the ESX hypervisor. This patch adds a
	statement about this fact, to prevent user confusion.

	This patch also adds explanation how to clear/set to unlimited the
	memory tunables. (documments the -1 value).

2011-09-22  Osier Yang  

	virsh: Do not ignore the specified flags for cmdSaveImageDefine
	Introduced by commit 42c52d53c, which added the support for new
	flags, but forgot to update the API use to pass the flags.

2011-09-22  Michal Privoznik  

	qemu: Transfer inactive XML among cookie
	If a domain has inactive XML we want to transfer it to destination
	when migrating with VIR_MIGRATE_PERSIST_DEST. In order to harm
	the migration protocol as least as possible, a optional cookie was
	chosen.

2011-09-22  Daniel Veillard  

	Release of libvirt-0.9.6

2011-09-22  Eric Blake  

	snapshot: also delete empty directory
	The previous patch removed all snapshots, but not the directory
	where the snapshots lived, which is still a form of stale data.

	* src/qemu/qemu_domain.c (qemuDomainRemoveInactive): Wipe any
	snapshot directory.

2011-09-22  Eric Blake  

	snapshot: remove snapshot metadata on transient exit
	Commit 282fe1f0 documented that transient domains will auto-delete
	any snapshot metadata when the last reference to the domain is
	removed, and that management apps are in charge of grabbing any
	snapshot metadata prior to that point.  However, this was not
	actually implemented for qemu until now.

	* src/qemu/qemu_driver.c (qemudDomainCreate)
	(qemuDomainDestroyFlags, qemuDomainSaveInternal)
	(qemudDomainCoreDump, qemuDomainRestoreFlags, qemudDomainDefine)
	(qemuDomainUndefineFlags, qemuDomainMigrateConfirm3)
	(qemuDomainRevertToSnapshot): Clean up snapshot metadata.
	* src/qemu/qemu_migration.c (qemuMigrationPrepareAny)
	(qemuMigrationPerformJob, qemuMigrationPerformPhase)
	(qemuMigrationFinish): Likewise.
	* src/qemu/qemu_process.c (qemuProcessHandleMonitorEOF)
	(qemuProcessReconnect, qemuProcessReconnectHelper)
	(qemuProcessAutoDestroyDom): Likewise.

2011-09-22  Eric Blake  

	snapshot: prepare to remove transient snapshot metadata
	This patch is mostly code motion - moving some functions out
	of qemu_driver and into qemu_domain so they can be reused by
	multiple qemu_* files (since qemu_driver.h must not grow).
	It also adds a new helper function, qemuDomainRemoveInactive,
	which will be used in the next patch.

	* src/qemu/qemu_domain.h (qemuFindQemuImgBinary)
	(qemuDomainSnapshotWriteMetadata, qemuDomainSnapshotForEachQcow2)
	(qemuDomainSnapshotDiscard, qemuDomainSnapshotDiscardAll)
	(qemuDomainRemoveInactive): New prototypes.
	(struct qemu_snap_remove): New struct.
	* src/qemu/qemu_domain.c (qemuDomainRemoveInactive)
	(qemuDomainSnapshotDiscardAllMetadata): New functions.
	(qemuFindQemuImgBinary, qemuDomainSnapshotWriteMetadata)
	(qemuDomainSnapshotForEachQcow2, qemuDomainSnapshotDiscard)
	(qemuDomainSnapshotDiscardAll): Move here...
	* src/qemu/qemu_driver.c (qemuFindQemuImgBinary)
	(qemuDomainSnapshotWriteMetadata, qemuDomainSnapshotForEachQcow2)
	(qemuDomainSnapshotDiscard, qemuDomainSnapshotDiscardAll): ...from
	here.
	(qemuDomainUndefineFlags): Update caller.
	* src/conf/domain_conf.c (virDomainRemoveInactive): Doc fixes.

2011-09-22  Eric Blake  

	snapshot: fix logic bug in qemu undefine
	Commit 19f8c98 introduced VIR_DOMAIN_UNDEFINE_SNAPSHOTS_METADATA,
	with the intent that omitting the flag makes undefine fail, and
	including the flag deletes metadata.  But it used the wrong logic.
	Also, hoist the transient domain sooner, so that we don't
	accidentally remove metadata of a transient domain.

	* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Check correct
	flag value.

2011-09-22  Eric Blake  

	sanlock: fix memory leak
	Detected by Coverity.  The only way to get to error_unlink is if
	path was successfully assigned, so the if was useless.  Meanwhile,
	there was a return statement that did not free path.

	* src/locking/lock_driver_sanlock.c
	(virLockManagerSanlockSetupLockspace): Fix mem-leak, and drop
	useless if.

2011-09-22  Eric Blake  

	virsh: fix regression in argv parsing
	Prior to commit 85d2810, we had an issue where:

	snapshot-create-as dom name --diskspec spec --diskspec spec

	failed to parse the second spec, because the first spec had marked
	that option as no longer requiring an argument.

	In commit 85d2810, I fixed it by making argv options no longer mark
	the option as seen.  But this in turn breaks mandatory argv options,
	which now complain that the argv option is missing.

	This patch reverts that part of 85d2810, and instead replaces it with
	fixes to no longer clear opts_need_arg of an argv argument.

	* tools/virsh.c (vshCmddefGetOption, vshCmddefGetData)
	(vshCommandParse): Fix option parsing for required argv option.
	(vshCmddefOptParse): Check that argv option is last.
	* tests/virsh-optparse: Enhance test.

2011-09-22  Osier Yang  

	virsh: More friendly err if no pool is specified for looking up a vol
	There are 3 ways to lookup a volume, only virStorageVolLookupByName
	needs pool object. So if no --pool is specified, it will tries to
	get the volume via virStorageVolLookupByPath/virStorageVolLookupByKey.

	But if all 3 ways fails, and no --pool is specified, a friendly
	error might help the user get right way quickly.

2011-09-22  Osier Yang  

	storage: Wait udev events are handled before removing lvm vol
	Related #BZ: https://bugzilla.redhat.com/show_bug.cgi?id=702260.

	There are two problems described in the BZ:
	1) "Can't remove open logical volume".
	2) "Unable to deactivate logical volume "foo""

	This patch just intends to fix 2), as 1) is expected if the vol
	is still used by something, and you never known if "lvchange -an"
	will fail or not either (sometime, it will succeed, sometimes not).
	We'd better not look for trouble, :-)

	For 2), that's caused by race between lvremove and udev event handling,
	the only workable way now is to wait the events handling are finished,
	though it might introduce latencies, as "udevadmin settle" exits
	after *all* events are handled, it's the only way we can fix
	the racing in libvirt layer.

	See https://bugzilla.redhat.com/show_bug.cgi?id=570359 for more
	details.

2011-09-22  Alex Jia  

	qemu: avoid dereferencing a NULL pointer
	* src/qemu/qemu_process.c: Taking if (qemuDomainObjEndJob(driver, obj) == 0)
	  true branch then 'obj' is NULL, virDomainObjIsActive(obj) and
	  virDomainObjUnref(obj) will dereference NULL pointer.

2011-09-22  Oskari Saarenmaa  

	tests: improve test failure diagnosis
	  * qemuhelptest prints test case name on failure.

2011-09-21  Jiri Denemark  

	qemu: Avoid loop of fake reboots
	Once virDomainReboot is called for a domain, guest OS initiated shutdown
	would always result in reboot instead of shutdown. Only
	virDomainShutdown would actually shutd such domain down. That's because
	we forgot to reset fakeReboot flag once we asked the domain to reboot.

2011-09-21  Jiri Denemark  

	qemu: Fix shutdown regression with buggy qemu
	The commit that prevents disk corruption on domain shutdown
	(96fc4784177ecb70357518fa863442455e45ad0e) causes regression with QEMU
	0.14.* and 0.15.* because of a regression bug in QEMU that was fixed
	only recently in QEMU git. The affected versions of QEMU do not quit on
	SIGTERM if started with -no-shutdown, which we use to implement fake
	reboot. Since -no-shutdown tells QEMU not to quit automatically on guest
	shutdown, domains started using the affected QEMU cannot be shutdown
	properly and stay in a paused state.

	This patch disables fake reboot feature on such QEMU by not using
	-no-shutdown, which makes shutdown work as expected. However,
	virDomainReboot will not work in this case and it will report "Requested
	operation is not valid: Reboot is not supported with this QEMU binary".

2011-09-21  Osier Yang  

	API: prefer to use NULLSTR macro

2011-09-21  Eric Blake  

	remote: fix crash on OOM
	Bug introduced in commit 675464b.  On an OOM, this would try to
	dereference a char* and free the contents as a pointer, which is
	doomed to failure.

	Adding a syntax check will prevent mistakes like this in the future.

	* cfg.mk (sc_prohibit_internal_functions): New syntax check.
	(exclude_file_name_regexp--sc_prohibit_internal_functions): Add
	exemptions.
	* daemon/remote.c (remoteRelayDomainEventIOError)
	(remoteRelayDomainEventIOErrorReason)
	(remoteRelayDomainEventGraphics, remoteRelayDomainEventBlockJob):
	Use correct free function.

2011-09-21  Eric Blake  

	xen: use typical allocations
	The next patch will add a syntax check that flags this usage in xen
	as awkward - while it was valid memory management, it was very hard
	to maintain.  Swapping to a more traditional allocation may be a bit
	slower, but easier to understand.

	* src/xen/xend_internal.c (xenDaemonListDomainsOld): Use two-level
	allocation, rather than abusing allocation function.
	(xenDaemonLookupByUUID): Update caller.

2011-09-21  Osier Yang  

	virsh: Remove useless codes of cmdVolPath
	Variable "name" is never used in the codes, it's useless.

2011-09-21  Eric Blake  

	build: silence warning on 32-bit build
	gcc warns when building libvirt 0.9.5 on a 32-bit machine:

	qemu/qemu_migration.c: In function 'qemuMigrationToFile':
	qemu/qemu_migration.c:2727:38: error: large integer implicitly truncated to unsigned type [-Woverflow]

	* src/qemu/qemu_domain.h (QEMU_DOMAIN_FILE_MIG_BANDWIDTH_MAX): Cap
	to long when building for 32-bit platform.

2011-09-20  Daniel Veillard  

	Release of libvirt-0.9.5
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: fetch updated translations from transifex and rebuilt

2011-09-20  Daniel Veillard  

	Fix crash on events due to allocation errors
	remoteRelayDomainEventBlockJob, remoteRelayDomainEventIOError,
	remoteRelayDomainEventIOErrorReason and remoteRelayDomainEventGraphics
	were using const string directly in rpc structure, before calling
	remoteDispatchDomainEventSend(). But that routine now frees up all
	the pointed allocated memory from the rpc structure and we end up
	with a double free.
	This now strdup() all the strings passed and provide mem_error goto
	labels to be used when an allocation error occurs.
	Note that the cleanup isn't completely finished because all relaying
	function also call make_nonnull_domain() which also allocate a string
	and never handle the error case. This patches doesn't try to address
	this as this is only error correctness a priori and touches far more
	functions in this module:

	* daemon/remote.c: fix string allocations and memory error handling
	  for remoteRelayDomainEventBlockJob, remoteRelayDomainEventIOError,
	  remoteRelayDomainEventIOErrorReason and remoteRelayDomainEventGraphics

2011-09-20  Daniel P. Berrange  

	Update to require sanlock 1.8 for license compliance
	Inexplicably the sanlock code all got placed under the GPLv2-only,
	so libvirt's use of sanlock introduces a license incompatibility.
	The sanlock developers have now rearranged the code such that there
	is a 'sanlock_client.so' which is LGPLv2+ while their daemon remains
	GPLv2-only. To use the new client library we need to call the new
	sanlock_init and sanlock_align APIs instead of sanlock_direct_init
	and sanlock_direct_align. These APIs calls are now routed via the
	sanlock daemon, instead of doing direct I/O calls to disk.

	For all this we require sanlock >= 1.8

	* configure.ac: Check for sanlock_client.so instead of sanlock.so
	  and fix various comments
	* libvirt.spec.in: Mandate sanlock >= 1.8
	* src/Makefile.am: Link to -lsanlock_client
	* src/locking/lock_driver_sanlock.c: Use sanlock_init and
	  sanlock_align

2011-09-20  Osier Yang  

	conf: Assign newDef of active domain as persistent conf if it is NULL
	Libvirt loads the domain conf from status XML if it's running when
	starting up. The problem is there is no record of the original conf.
	(dom->newDef is NULL here).

	So libvirt won't be able to restore the domain conf to original one
	when destroying/shutdown. E.g.

	1) attach a device without "--persistent"
	2) restart libvirtd
	3) destroy domain
	4) start domain

	One will see the the disk still exists.

	This patch is to fix the peoblem by assigning persistent domain conf
	to dom->newDef if it's NULL and the domain is running.

2011-09-20  Osier Yang  

	storage: Ensure the device path exists before refreshing disk pool
	Doing libvirt_parthelper on an not existed device path will get
	an unfriendly error message. This patch is to prohibit it.

	daemon: Error and exit if specified value for timeout is not valid
	Silently setting "timeout" as -1 if the specified value is invalid
	is a bit confused.

2011-09-20  Peter Krempa  

	Remove devname identifier from autogenerated RPC code
	Patch 79cf07a missed one instance of "devname" in source for RPC code
	generator.

2011-09-20  Eric Blake  

	virsh: tweak previous domblkstat patch
	Translators are likely to botch trailing spacing; by doing the
	formatting outside of the translation, we can generally get
	better alignment.  Also, for consistency, use 'bytes read' to
	match 'bytes written'.

	* tools/virsh.c (domblkstat_output): Drop trailing space. Tweak
	rd_bytes output.
	(cmdDomblkstat, DOMBLKSTAT_LEGACY_PRINT): Update formatting.

2011-09-20  Peter Krempa  

	virsh: doc: Fix supported driver types for attach-disk command
	Virsh man page lists driver types to be used with attach-device
	command, but does not specify that those are usable only with the XEN
	Hypervisor.

	This patch adds statement, that those options specified are applicable
	only on the Xen hypervisor and adds option usable with qemu emulator.

	This patch also changes type of error returned by QEMU driver if the
	user specifies incompatible driver type from VIR_ERR_INTERNAL_ERROR to
	VIR_ERR_CONFIG_UNSUPPORTED.

2011-09-20  Eric Blake  

	maint: Prefer names over email in 'git shortlog'
	Alex recently committed some patches with just an email instead
	of a preferred name; this fixes things so 'git shortlog' gives
	nicer output.

	* .mailmap: Update.

2011-09-20  Peter Krempa  

	virsh: Add more human-friendly output of domblkstat command
	Users of virsh complain that output of the domblkstat command
	is not intuitive enough. This patch adds explanation of fields
	returned by this command to the help section for domblkstat and
	the man page of virsh. Also a switch --human is added for
	domblkstat that prints the fields with more descriptive
	texts.

	This patch also changes sequence of the output fields and their
	names back to the order and spelling established by previous
	versions of virsh to maintain compatibility with scripts.

	Example of ordered and "translated" output:

	PRE-patch:

	virsh # domblkstat 1 vda
	vda wr_bytes 5170176
	vda wr_operations 511
	vda rd_bytes 82815488
	vda rd_operations 3726

	POST-patch:

	virsh # domblkstat 1 vda
	vda rd_req 3726
	vda rd_bytes 82815488
	vda wr_req 478
	vda wr_bytes 4965376

	Example of human readable output:

	virsh # domblkstat 1 vda --human
	Device: vda
	 number of read operations:      3726
	 number of read bytes:           82815488
	 number of write operations:     478
	 number of bytes written:        4965376

	https://bugzilla.redhat.com/show_bug.cgi?id=731656

2011-09-20  ajia@redhat.com  

	vmx: avoid memory leak
	* src/vmx/vmx.c: fix memory leak, 'def' has a initial value 'NULL', so
	  'goto cleanup' is perfected instead of adding a virConfFree before
	  'return NULL'.

2011-09-20  ajia@redhat.com  

	util: avoid memory leak
	Leak in pciGetVirtualFunctionIndex present since commit 17d64ca.

	* src/util/pci.c: fix memory leak.

2011-09-20  ajia@redhat.com  

	remote: avoid memory leak
	Leak present since introduction of remoteDomainBuildEventGraphics
	in commit 987e31e.

	* src/remote/remote_driver.c: fix memory leak.

2011-09-20  ajia@redhat.com  

	qemu: avoid memory leak
	Leak introduced in commit 036ad50, affects only error case.

	* src/qemu/qemu_command.c: fix memory leak.

2011-09-20  ajia@redhat.com  

	daemon: avoid memory leak
	Introduced in commit efa7fc9f.

	* daemon/remote.c: fix memory leak in remoteDispatchDomainBlockStatsFlags

2011-09-17  Eric Blake  

	spec: silence warnings when installing in F16
	https://bugzilla.redhat.com/show_bug.cgi?id=738725 documents that
	'yum install libvirt' in Fedora 16 is rather noisy.  This fixes
	the problems.

	* libvirt.spec.in (%post client): Silence chkconfig warning about
	SysV services.
	(%post) [with_cgconfig]: Drop for Fedora 15 and newer, where
	systemd does this automatically.

2011-09-17  Eric Blake  

	snapshot: allow disk snapshots of qcow2 disks
	For all types of disks other than qcow2, we were requesting that
	SELinux labeling visit the new file as if it were qcow2, which
	means labeling would try to find the backing files of an empty file.
	And for a pre-existing qcow2 disk, we were passing NULL, which meant
	that labelling tried to probe the file type (and if probing is
	disabled, per the default qemu.conf, this made snapshots fail).
	What we really want is to make SELinux labeling visit the new
	file as raw; it will later be converted to qcow2 if qemu successfully
	made the snapshot.

	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive): Force SELinux labeling
	to avoid probe of new file.

2011-09-17  Eric Blake  

	snapshot: affect persistent xml after disk snapshot
	For external snapshots to be useful on persistent domains, we must
	alter the persistent definition alongside the running definition.
	Thanks to the possibility of disk hotplug as well as of edits that
	only affect the persistent xml, we can't assume that vm->def and
	vm->newDef have the same disk at the same index, so we can only
	update the persistent copy if the device destination matches up.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateDiskActive)
	(qemuDomainSnapshotCreateSingleDiskActive): Also affect newDef, if
	present.

2011-09-17  Eric Blake  

	build: work around lack of MacOS fdatasync
	Mingw lacks fsync, but gnulib provides that.  Meanwhile, gnulib does
	not (yet) provide fdatasync, so this is a quick hack to fake that
	function on MacOS X; we can revert this configure change once gnulib
	gives us a real module.

	We have been implicitly relying on gnulib's largefile module being
	pulled in by other modules, but it's better to make that explicit.

	* bootstrap.conf (gnulib_modules): Add fsync.  Make largefile use
	explicit.
	* configure.ac (AC_CHECK_FUNCS_ONCE): Check for fdatasync, and
	fake it with fsync when not present.

2011-09-17  Daniel P. Berrange  

	Prevent crash from dlclose() of libvirt.so
	When libvirt calls virInitialize it creates a thread local
	for the virErrorPtr storage, and registers a callback to
	cleanup memory when a thread exits. When libvirt is dlclose()d
	or otherwise made non-resident, the callback function is
	removed from memory, but the thread local may still exist
	and if a thread later exists, it will invoke the callback
	and SEGV. There may also be other thread locals with callbacks
	pointing to libvirt code, so it is in general never safe to
	unload libvirt.so from memory once initialized.

	To allow dlclose() to succeed, but keep libvirt.so resident
	in memory, link with '-z nodelete'. This issue was first
	found with the libvirt CIM provider, but can potentially
	hit many of the dynamic language bindings which all ultimately
	involve dlopen() in some way, either on libvirt.so itself,
	or on the glue code for the binding which in turns links
	to libvirt

	* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
	  with -z nodelete
	* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
	  tests/shunloadtest.c: A test case to unload libvirt while
	  a thread is still running.

2011-09-17  Alex Jia  

	qemu: add return value check
	* src/qemu/qemu_command.c: missing return value check.

2011-09-16  Jiri Denemark  

	qemu: Introduce shutdown reason for paused state
	Qemu sends STOP event as part of the shutdown process. Detect such STOP
	event and consider shutdown to be reason of emitting such event. That's
	the best we can do until qemu provides us the reason directly in STOP
	event. This allows us to report shutdown reason for paused state so that
	apps can detect domains that failed to finish the shutdown process
	(e.g., because qemu is buggy and doesn't exit on SIGTERM or it is
	blocked in flushing disk buffers).

2011-09-16  Jiri Denemark  

	qemu: Prevent disk corruption on domain shutdown
	Ever since we introduced fake reboot, we call qemuProcessKill as a
	reaction to SHUTDOWN event. Unfortunately, qemu doesn't guarantee it
	flushed all internal buffers before sending SHUTDOWN, in which case
	killing the process forcibly may result in (virtual) disk corruption.

	By sending just SIGTERM without SIGKILL we give qemu time to to flush
	all buffers and exit. Once qemu exits, we will see an EOF on monitor
	connection and tear down the domain. In case qemu ignores SIGTERM or
	just hangs there, the process stays running but that's not any different
	from a possible hang anytime during the shutdown process so I think it's
	just fine.

	Also qemu (since 0.14 until it's fixed) has a bug in SIGTERM processing
	which causes it not to exit but instead send new SHUTDOWN event and keep
	waiting. I think the best we can do is to ignore duplicate SHUTDOWN
	events to avoid a SHUTDOWN-SIGTERM loop and leave the domain in paused
	state.

2011-09-16  Jiri Denemark  

	qemu: Properly detect crash of a rebooted domain
	When a domain is rebooted using libvirt API, we use fake reboot
	consisting of shutting down and resetting the domain. Thus we see a
	SHUTDOWN event and set gotShutdown flag. But we never reset it back and
	if the domain crashes after it was rebooted this way, we consider it was
	a normal shutdown and not a crash.

	qemu: Fix shutoff reason when domain crashes
	Commit 4454a9efc728b91e791b1f14c26ea23a19d57f48 changed shutoff reason
	from VIR_DOMAIN_SHUTOFF_CRASHED to VIR_DOMAIN_SHUTOFF_FAILED in case we
	see an unexpected EOF on monitor connection. But FAILED reason is
	dedicated for domains that fail to start. CRASHED reason is the right
	one to use in this situation.

	python: Fix bindings generated in VPATH build

2011-09-16  Eric Blake  

	Revert "virsh: Use old API if remote libvirtd does not support new"
	This reverts commit 799912fa05b8c3aa37bd04c57b196755f3f70552; now
	that the rpc regression is fixed, virsh no longer needs the special
	case here.

2011-09-16  Eric Blake  

	rpc: convert unknown procedures to VIR_ERR_NO_SUPPORT
	Libvirt special-cases a specific VIR_ERR_RPC from the remote driver
	back into VIR_ERR_NO_SUPPORT on the client, so that clients can
	handle missing rpc functions the same whether the hypervisor driver
	is local or remote.  However, commit c1b22644 introduced a regression:
	VIR_FROM_THIS changed from VIR_FROM_REMOTE to VIR_FROM_RPC, so the
	special casing no longer works if the server uses the newer error
	domain.

	* src/rpc/virnetclientprogram.c
	(virNetClientProgramDispatchError): Also cater to 0.9.3 and newer.

2011-09-16  Stefan Berger  

	Fix buzzilla 738778
	This patch fixes the bug shown in bugzilla 738778. It's not an nwfilter problem but a connection sharing / closure issue.

	https://bugzilla.redhat.com/show_bug.cgi?id=738778

	Depending on the speed / #CPUs of the machine you are using you may not see this bug all the time.

2011-09-16  Alex Jia  

	conf: avoid memory leak on virDomainDefParseXML
	* conf/domain_conf.c: allocate memory to def->redirdevs in
	  virDomainDefParseXML such as VIR_ALLOC_N(def->redirdevs, n),
	  however, virDomainDefFree(def) hasn't released these memory.

	* Detected in valgrind run:

	==19820== 209 (16 direct, 193 indirect) bytes in 1 blocks are definitely lost in loss record 25 of 26
	==19820==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==19820==    by 0x4A13AF: virAllocN (memory.c:129)
	==19820==    by 0x4D4A0E: virDomainDefParseXML (domain_conf.c:7258)
	==19820==    by 0x4D4C93: virDomainDefParseNode (domain_conf.c:7512)
	==19820==    by 0x4D562F: virDomainDefParse (domain_conf.c:7465)
	==19820==    by 0x415863: testCompareXMLToXMLFiles (qemuxml2xmltest.c:35)
	==19820==    by 0x415982: testCompareXMLToXMLHelper (qemuxml2xmltest.c:80)
	==19820==    by 0x416D31: virtTestRun (testutils.c:140)
	==19820==    by 0x415604: mymain (qemuxml2xmltest.c:192)
	==19820==    by 0x416437: virtTestMain (testutils.c:689)
	==19820==    by 0x3CA7A1ECDC: (below main) (in /lib64/libc-2.12.so)
	==19820==
	==19820== LEAK SUMMARY:
	==19820==    definitely lost: 16 bytes in 1 blocks
	==19820==    indirectly lost: 193 bytes in 5 blocks
	==19820==      possibly lost: 0 bytes in 0 blocks
	==19820==    still reachable: 1,054 bytes in 21 blocks

	* How to reproduce?
	% valgrind -v --leak-check=full ./tests/qemuxml2xmltest

2011-09-16  Peter Krempa  

	build: storage: Macro 'MKFS' is undefined on some platforms.
	Mac OS X 10.6. Snow Leopard and probably other do not provide a mkfs
	command to create filesystems. Macro MKFS then remained undefined and
	did not provide any substitute, so that build failed on a missing
	argument.

	build: storage: Conditionaly compiled structure caused build fail on OSX
	Struct virStoragePoolProbeResult was compiled in conditionaly, but
	virStorageBackendFileSystemProbe used it unconditionaly. This patch
	exempts the struct from conditional include.

	Avoid using "devname" as an identifier.
	/usr/lib/stdlib.h in Mac OS X and probably also in BSD's
	exports this symbol :(

2011-09-16  Peter Krempa  

	doc: Add statment about permissions needed to do a core dump
	Documentation did not specify, that some permissions are required on
	target path for coredump for the user running the hypervisor.

	Diff to v1:
	- reword statements

2011-09-16  Eric Blake  

	snapshot: tweak snapshot-create-as diskspec docs
	With this patch, it is hopefully a bit more obvious that for
	snapshot-create-as, a literal '--diskspec' is mandatory if name
	or description was omitted, but optional if all earlier options
	were provided.

	These all denote two diskspecs and a description:
	virsh snapshot-create-as dom name desc vda vdb
	virsh snapshot-create-as dom name desc --diskspec vda --diskspec vdb
	virsh snapshot-create-as dom name desc --diskspec vda vdb
	virsh snapshot-create-as dom name desc vda --diskspec vdb
	virsh snapshot-create-as dom --diskspec vda --diskspec vdb name desc

	This gives two diskspecs but no description:
	virsh snapshot-create-as dom name --diskspec vda --diskspec vdb

	And this treats 'vda' as the description, with only one diskspec:
	virsh snapshot-create-as dom name vda vdb

	The help output now shows:
	    snapshot-create-as  [] [] [--print-xml] [--no-metadata] [--halt] [--disk-only] [[--diskspec] ]...

	I also checked the help output for echo and send-key, which are two
	other variants of argv commands.

	* tools/virsh.pod (snapshot-create-as): Document when a literal
	--diskspec must preceed a diskspec argument.
	* tools/virsh.c (vshCmddefHelp): Update help output for argv when
	naming the option is useful.
	(vshCmddefGetData): Fix logic on when argv was seen.
	* tests/virsh-optparse: Add tests to avoid regressions.

2011-09-16  Cole Robinson  

	python: Fix libvirt.py generation to include virterror info
	Recent generator refactoring broke libvirt.py. With this patch, libvirt.py
	is generated exactly the same as before offending commit 9eba0d25.

2011-09-16  Eric Blake  

	qemu_api: doc improvements
	The new doc text had a few readability issues.  Also, the
	monitor command text copied a bit too much from the attach case.

	* src/libvirt-qemu.c (virDomainQemuMonitorCommand)
	(virDomainQemuAttach): Fix typos and grammar.

2011-09-16  Peter Krempa  

	doc: virsh: Fix command name in man page
	Fix cut&paste error having command named domif-setlink instead of
	domif-getlink.

2011-09-15  Alex Jia  

	sanlock: add missing test command in virt-sanlock-cleanup.in
	* tools/virt-sanlock-cleanup.in: fix missing test command when judging
	  second condition.

	https://bugzilla.redhat.com/show_bug.cgi?id=738534

2011-09-15  Michal Privoznik  

	spec: Require augeas for sanlock
	Even though we BuildRequire augeas in some cases, we need to require
	it even after if we build with sanlock. virt-sanlock-cleanup use it.

2011-09-15  Jim Fehlig  

	Fix build after commit 829bce17
	Pushing under build-breaker rule.

2011-09-15  Jim Fehlig  

	Use max bandwidth from qemuDomainObjPrivate struct when migrating
	Adjust qemuMigrationRun() to use migMaxBandwidth in qemuDomainObjPrivate
	structure when setting qemu migration speed.  Caller-specified 'resource'
	parameter overrides migMaxBandwidth.

2011-09-15  Jim Fehlig  

	Set qemu migration speed unlimited when migrating to file
	The qemu migration speed default is 32MiB/s as defined in migration.c

	/* Migration speed throttling */
	static int64_t max_throttle = (32 << 20);

	There's no need to throttle migration when targeting a file, so set migration
	speed to unlimited prior to migration, and restore to libvirt default value
	after migration.

	Default units is MB for migrate_set_speed monitor command, so
	(INT64_MAX / (1024 * 1024)) is used for unlimited migration speed.

	Tested with both json and text monitors.

2011-09-15  Jim Fehlig  

	Save migration speed in qemuDomainMigrateSetMaxSpeed
	Now that migration speed is stored in qemuDomainObjPrivate structure,
	save the new value when invoking qemuDomainMigrateSetMaxSpeed().

	Allow setting migration speed on inactive domain too.

2011-09-15  Jim Fehlig  

	Impl virDomainMigrateGetMaxSpeed in qemu driver

	Store max migration bandwidth in qemuDomainObjPrivate struct
	The maximum bandwidth that can be consumed when migrating a domain
	is better classified as an operational vs configuration parameter of
	the dommain.  As such, store this parameter in qemuDomainObjPrivate
	structure.

2011-09-15  Marc-André Lureau  

	conf: add missing break in virDomainAuditRedirdev
	Also initialize to NULL a few variables that might get
	free before being set.

2011-09-15  Eric Blake  

	network: add missing exports
	Commit c246b025 added new functions, but forgot to export them,
	resulting in a build failure when using modules.

	* src/libvirt_private.syms (network.h): Export new functions.

2011-09-14  Eric Blake  

	snapshot: ABI stability must include memory sizing
	Commit 973fcd8f introduced the ability for qemu to reject snapshot
	reversion on an ABI incompatibility; but the very example that was
	first proposed on-list[1] as a demonstration of an ABI incompatibility,
	namely that of changing the max memory allocation, was not being
	checked for, resulting in a cryptic failure when running with larger
	max mem than what the snapshot was created with:
	error: operation failed: Error -22 while loading VM state

	This commit merely protects the three variables within mem that are
	referenced by qemu_command.c, rather than all 7 (the other 4 variables
	affect cgroup handling, but as far as I can tell, have no visible effect
	to the qemu guest).  This also affects migration and save file handling,
	which are other places where we perform ABI compatibility checks.

	[1] https://www.redhat.com/archives/libvir-list/2010-December/msg00331.html

	* src/conf/domain_conf.c (virDomainDefCheckABIStability): Add
	memory sizing checks.

2011-09-14  Eric Blake  

	maint: ignore generated files
	* .gitignore: Exempt recently added generated files.

2011-09-14  Peter Krempa  

	xml: Clean up rest of virtual XML document names for XML strings
	Commit 498d783 cleans up some of virtual file names for parsing strings
	in memory. This patch cleans up (hopefuly) the rest forgotten by the
	first patch.

	This patch also changes all of the previously modified "filenames" to
	valid URI's replacing spaces for underscores.

	Changes to v1:
	- Replace all spaces for underscores, so that the strings form valid
	  URI's
	- Replace spaces in places changed by commit 498d783

2011-09-14  Daniel Veillard  

	Remove two references to files not generated
	This was breaking "make dist"

2011-09-14  Peter Krempa  

	make: Fix 'make syntax-check' failing.
	Commit 2a0d75e5 added file python/libvirt-qemu-override.c that contains
	code that does not pass "make syntax-check". This patch adds an
	exception for this file and the check.

	prohibit_always_true_header_tests
	python/libvirt-qemu-override.c:17:#undef HAVE_PTHREAD_H
	maint.mk: do not test the above HAVE_
    _H symbol(s);
	  with the corresponding gnulib module, they are always true
	make: *** [sc_prohibit_always_true_header_tests] Error 1

2011-09-14  Osier Yang  

	qemu_api: Update libvirt spec file

	qemu_api: Update Makefile to generate libvirtmod_qemu lib

	qemu_api: Update Py binding generator to generate files for QEMU APIs
	It will generate:
	  libvirt-qemu.py
	  libvirt-qemu.h
	  libvirt-qemu.c
	  libvirt-qemu-export.c

	qemu_api: Add override XML and C files for QEMU APIs
	There is only one function (virDomainQemuMonitorCommand) need to
	be hand-craft.

	qemu_api: Add comments for API virDomainQemuMonitorCommand
	And fix argument @pid's type of virDomainQemuAttach.

	qemu_api: Update Makefile for subdir docs

	qemu_api: Modify apibuild.py to generate docs for QEMU APIs
	The generated docs are: libvirt-qemu-api.xml, libvirt-qemu-refs.xml

2011-09-14  Peter Krempa  

	virsh: Use old API if remote libvirtd does not support new
	Commit ffe28ab74b821c916ec4ba8efb5c992454e4bd24 introduced regression
	while communicating with older libvirtd command 'domblkstat' used the new
	API and did not check for VIR_ERR_RPC error code signalling the remote
	server does not support this API and did not fall back to older API.
	Thereafter 'domblkstat' ended with "error: unknown procedure: 243".

2011-09-13  Guannan Ren  

	snapshot: fix double free of qemuImgBinary
	Regression introduced in commit 3881a470, due to an improper rebase
	of a cleanup written beforehand but only applied after a rebased of
	a refactoring that created a new function in commit 25fb3ef.

	Also avoids passing NULL to printf %s.

	* src/qemu/qemu_driver.c: In qemuDomainSnapshotForEachQcow2()
	it free up the memory of qemu_driver->qemuImgBinary in the
	cleanup tag which leads to the garbage value of qemuImgBinary
	in qemu_driver struct and libvirtd crash when running
	"virsh snapshot-create" command a second time.

2011-09-13  Daniel Veillard  

	Do not log invalid operations in libvirtd logs
	  This is a bit painful for example when starting virt-manager
	it tends to clutter libvirtd.log with invalid operation on cpu pinning
	for defined but not running domains. A priori those kind of errors
	don't indicate an error when executing the command but on a precondition
	for running the API, and honnestly while the application should report
	it, logging it as an error in libvirtd.log is not really useful,

	   Related bug: https://bugzilla.redhat.com/show_bug.cgi?id=590807

	* daemon/libvirtd.c: extend daemonErrorLogFilter() to filter out
	   errors of type VIR_ERR_OPERATION_INVALID

2011-09-09  Michal Privoznik  

	virnetsocket: Pass KRB5CCNAME env variable
	So we can allow GSSAPI authentication for ssh.

	selinux: Detect virt_use_nfs boolean set
	If we fail setting label on a file and this file is on NFS share,
	it is wise to advise user to set virt_use_nfs selinux boolean
	variable.

2011-09-09  Philipp Hahn  

	Fix URL-escaping for domainDefine
	'+' in strings get translated to ' ' when editing domains.
	While xenDaemonDomainCreateXML() did URL-escape the sexpr,
	xenDaemonDomainDefineXML() did not.

	Remove the explicit urlencode() in xenDaemonDomainCreateXML() and add
	the direct encoding calls to xend_op_ext() because it calls xend_post()
	which uses "Content-Type: application/x-www-form-urlencoded". According
	to  this
	requires all parameters to be url-encoded as specified in rfc1738.

	Notice: virBufferAsprintf(..., "%s=%s", ...) is again replaced by three
	calls to virBufferURIEncodeString() and virBufferAddChar() because '='
	is a "reserved" character, which would get escaped by
	virBufferURIEncodeString(), which - by the way - escapes anything not
	c_isalnum().

2011-09-09  Peter Krempa  

	xml: Change virtual file names of xml documents parsed in memory
	While parsing XML strings from memory, the previous convention in
	libvirt was to set the virtual file name to "domain.xml" or something
	similar. This could potentialy trick the user into looking for a file
	named domain.xml on the disk in an attempt to fix the error.

	This patch changes these filenames to something that can't be as easily
	confused for a valid filename.

	Examples of error messages:
	---------------------------
	Error while loading file from disk:

	15:07:59.015: 527: error : catchXMLError:709 : /path/to/domain.xml:1: StartTag: invalid element name
	<
	--------------------^

	Error while parsing definition in memory:

	15:08:43.581: 525: error : catchXMLError:709 : (domain definition):2: error parsing attribute name
	  vm1
	--^

2011-09-08  Eric Blake  

	snapshot: fix regression with system checkpoints
	Regression introduced in commit d6f6b2d194c.  Running
	'virsh snapshot-create dom' would mistakenly report that
	disks can only be specified for disk snapshots.

	* src/conf/domain_conf.c (virDomainSnapshotDefParseString): Only
	give error about no disk support when  was found.

2011-09-08  Eric Blake  

	maint: update to latest gnulib
	* .gnulib: Update to latest.

2011-09-08  Eric Blake  

	snapshot: use new API for less work
	This has the added benefit of making 'snapshot-create dom --no-metadata'
	now able to tell you the name of the just-generated snapshot.

	* tools/virsh.c (vshSnapshotCreate, cmdSnapshotCurrent): Don't get
	XML just for name.

2011-09-08  Eric Blake  

	snapshot: new APIs for inspecting snapshot object
	These functions access internals of the opaque object, and do
	not need any rpc counterpart.  It could be argued that we should
	have provided these when snapshot objects were first introduced,
	since all the other vir*Ptr objects have at least a GetName accessor.

	* include/libvirt/libvirt.h.in (virDomainSnapshotGetName)
	(virDomainSnapshotGetDomain, virDomainSnapshotGetConnect): Declare.
	* src/libvirt.c (virDomainSnapshotGetName)
	(virDomainSnapshotGetDomain, virDomainSnapshotGetConnect): New
	functions.
	* src/libvirt_public.syms: Export them.

2011-09-08  Soren Hansen  

	Don't treat pci_system_init failure as fatal if no PCI bus is present
	Xen PV domU's have no PCI bus. node_device_udev.c calls pci_system_init
	which looks for /sys/bus/pci. If it does not find /sys/bus/pci (which it
	won't in a Xen PV domU) it returns unsuccesfully (ENOENT), which libvirt
	considers fatal. This makes libvirt unusable in this environment, even
	though there are plenty of valid virtualisation options that work
	there (LXC, UML, and QEmu spring to mind)

	https://bugzilla.redhat.com/show_bug.cgi?id=709471

2011-09-08  Alex Jia  

	doc: fix incorrect option in send-key
	* tools/virsh.pod: fix a option typo of send-key section.

	virsh: fix typo in opts_send_key
	* tools/virsh.c: millseconds should be milliseconds in opts_send_key.

2011-09-08  Alex Jia  

	rpc: avoid memory leak on virNetTLSContextValidCertificate
	* src/rpc/virnettlscontext.c: fix memory leak on
	  virNetTLSContextValidCertificate.

	* Detected in valgrind run:

	==25667==
	==25667== 6,085 (44 direct, 6,041 indirect) bytes in 1 blocks are definitely
	lost in loss record 326 of 351
	==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
	==25667==    by 0x4F2791F3: _asn1_add_node_only (structure.c:53)
	==25667==    by 0x4F27997A: _asn1_copy_structure3 (structure.c:421)
	==25667==    by 0x4F276A50: _asn1_append_sequence_set (element.c:144)
	==25667==    by 0x4F2743FF: asn1_der_decoding (decoding.c:1194)
	==25667==    by 0x4F22B9CC: gnutls_x509_crt_import (x509.c:229)
	==25667==    by 0x805274B: virNetTLSContextCheckCertificate
	(virnettlscontext.c:1009)
	==25667==    by 0x804DE32: testTLSSessionInit (virnettlscontexttest.c:693)
	==25667==    by 0x804F14D: virtTestRun (testutils.c:140)
	==25667==
	==25667== 23,188 (88 direct, 23,100 indirect) bytes in 11 blocks are definitely
	lost in loss record 346 of 351
	==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
	==25667==    by 0x4F22B841: gnutls_x509_crt_init (x509.c:50)
	==25667==    by 0x805272B: virNetTLSContextCheckCertificate
	(virnettlscontext.c:1003)
	==25667==    by 0x804DDD1: testTLSSessionInit (virnettlscontexttest.c:673)
	==25667==    by 0x804F14D: virtTestRun (testutils.c:140)

	* How to reproduce?
	% cd libvirt && ./configure && make && make -C tests valgrind
	or
	% valgrind -v --leak-check=full ./tests/virnettlscontexttest

2011-09-08  Alex Jia  

	tests: avoid memory leak on testTLSSessionInit
	* tests/virnettlscontexttest: fix memory leak on virnettlscontext test case.

	* Detected in valgrind run:

	==25667==
	==25667== 86,651 (34,680 direct, 51,971 indirect) bytes in 10 blocks are
	definitely lost in loss record 350 of 351
	==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
	==25667==    by 0x4F1F515D: gnutls_init (gnutls_state.c:270)
	==25667==    by 0x8053432: virNetTLSSessionNew (virnettlscontext.c:1181)
	==25667==    by 0x804DD24: testTLSSessionInit (virnettlscontexttest.c:624)
	==25667==    by 0x804F14D: virtTestRun (testutils.c:140)
	==25667==
	==25667== 100,578 (38,148 direct, 62,430 indirect) bytes in 11 blocks are
	definitely lost in loss record 351 of 351
	==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
	==25667==    by 0x4F1F515D: gnutls_init (gnutls_state.c:270)
	==25667==    by 0x8053432: virNetTLSSessionNew (virnettlscontext.c:1181)
	==25667==    by 0x804DD3C: testTLSSessionInit (virnettlscontexttest.c:625)
	==25667==    by 0x804F14D: virtTestRun (testutils.c:140)

	* How to reproduce?
	% cd libvirt && ./configure && make && make -C tests valgrind
	or
	% valgrind -v --leak-check=full ./tests/virnettlscontexttest

2011-09-08  Alex Jia  

	libxl: avoid a dereference of a null pointer
	Variable 'l_disk' initialized to a null pointer value, control jumps to 'case
	VIR_DOMAIN_DISK_DEVICE_DISK and then taking false branch, Within the expansion
	of the macro 'libxlError': Field access results in a dereference of a null
	pointer (loaded from variable 'l_disk').

	* src/libxl/libxl_driver.c: Field access results in a dereference of a null
	  pointer (loaded from variable 'l_disk')

2011-09-08  Eric Blake  

	blockinfo: fix qemu regression in handling disk name
	Regression introduced in commit 89b6284fd, due to an incorrect
	conversion to the new means of converting disk names back to
	the correct object.

	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Avoid NULL deref.

2011-09-08  Matthias Bolte  

	esx: Fix managed object lookup with optional occurrence
	Exit early if managed object is not found, instead of dereferencing
	a NULL pointer and triggering a segfault.

2011-09-07  Michal Privoznik  

	Threadpool: Initialize new dynamic workers
	Although we were initializing worker threads during pool creating,
	we missed this during virThreadPoolSendJob. This bug led to segmenation
	fault as worker thread free() given argument.

2011-09-07  Matthias Bolte  

	mingw: Don't use interface as an identifier
	Because it's a define used in MSCOM and its usage as
	identifier results in a compile error.

2011-09-06  Peter Krempa  

	link-state: virsh: Add wrapper commands for changing link state
	Two new commands are added to virsh that wrap usage of
	virDomainUpdateDeviceFlags for changing link state of domain's network
	interfaces. These wrappers extract network devices's xml configuration
	and modify the link state for easy manipulation from an user's perspective.

	 - domif-setlink - set link state of a domains virtual network interface
	 - domif-getlink - get link state

	* tools/virsh.c   - Add functionality to virsh
	* tools/virsh.pod - Manpage documentation

2011-09-06  Peter Krempa  

	link-state: qemu: Add net intf modification to virUpdateDeviceFlags
	This patch enables modifying network device configuration using the
	virUpdateDeviceFlags API method. Matching of devices is accomplished
	using MAC addresses.

	While updating live configuration of a running domain, the user is
	allowed only to change link state of the interface. Additional
	modifications may be added later. For now the code checks for
	unsupported changes and thereafter changes the link state, if
	applicable.

	When updating persistent configuration of guest's network interface the
	whole configuration (except for the MAC address) may be modified and
	is stored for the next startup.

	* src/qemu/qemu_driver.c   - Add dispatching of virUpdateDevice for
	                             network devices update (live/config)
	* src/qemu/qemu_hotplug.c  - add setting of initial link state on live
	                             device addition
	                           - add function to change network device
	                             configuration. By now it supports only
	                             changing of link state
	* src/qemu/qemu_hotplug.h  - Headers to above functions
	* src/qemu/qemu_process.c  - set link states before virtual machine
	                             start. Qemu does not support setting of
	                             this on the command line.

2011-09-06  Peter Krempa  

	link-state: qemu: Add monitor handling for link state modification
	This patch adds handlers for modification of guest's interface
	link state. Both HMP and QMP commands are supported, but as the
	link state functionality is from the beginning supported in QMP
	the HMP code will probably never be used.

2011-09-06  Peter Krempa  

	link-state: conf: Add element to XML for controling link state
	A new element is introduced to XML that allows to control
	state of virtual network interfaces in hypervisors.

	Live modification of the link state allows networking tools
	propagate topology changes to guest OS or testing of
	scenarios in complex (virtual) networks.

	This patch adds elements to XML grammars and parsing and generating
	code.

2011-09-06  Peter Krempa  

	link-state: util: Add equality comparison functions for structures
	This patch adds functions to compare structures containing network
	device configuration for equality. They serve for the purpose of
	disallowing unsupported changes to live network devices.

2011-09-06  Peter Krempa  

	XML: Improve XML parsing error messages
	This patch modifies error handling function for the XML parser provided
	by libxml2.

	Originaly only a line number and error message were logged. With this
	new error handler function, the user is provided with a more complex
	description of the parsing error.

	Context of the error is printed in libXML2 style and filename of the
	file, that caused the error is printed. Example of an parse error:

	13:41:36.262: 16032: error : catchXMLError:706 :
	/etc/libvirt/qemu/rh_bad.xml:58: Opening and ending tag mismatch: name
	line 2 and domain
	
	---------^

	Context of the error gives the user hints that may help to quickly
	locate a corrupt xml file.

	fixes BZs:
	----------
	Bug 708735 - [RFE] Show column and line on XML parsing error
	https://bugzilla.redhat.com/show_bug.cgi?id=708735

	Bug 726771 - libvirt does not specify problem file if persistent xml is
	invalid
	https://bugzilla.redhat.com/show_bug.cgi?id=726771

2011-09-06  Marc-André Lureau  

	redirdev: allows to specify device address
	It is important to be able to attach USB redirected devices to a
	particular controller (one that supports USB2 for instance).
	Without this patch, only the default bus was used.

	     
	       
    
	     

2011-09-06  Daniel Veillard  

	latency: fix make check for remote protocol structs and numbers

2011-09-06  Osier Yang  

	latency: Update virsh command domblkstat to use new API
	The modified function fallbacks to use virDomainBlockStats if
	virDomainBlockStatsFlags is not supported by the hypervisor driver.
	If the new API is supported, it will be invoked instead of the
	old API.

	latency: Expose the new API for Python binding

	latency: Implemente internal API for qemu driver

2011-09-06  Osier Yang  

	latency: Update monitor functions for new latency fields
	The mainly changes are:

	1) Update qemuMonitorGetBlockStatsInfo and it's children (Text/JSON)
	   functions to return the value of new latency fields.
	2) Add new function qemuMonitorGetBlockStatsParamsNumber, which is
	   to count how many parameters the underlying QEMU supports.
	3) Update virDomainBlockStats in src/qemu/qemu_driver.c to be
	   compatible with the changes by 1).

2011-09-06  Osier Yang  

	latency: Wire up the remote protocol

	latency: Implemente the public API

	latency: Define the internal driver callback

	latency: Define new public API and structure

2011-09-06  Michal Privoznik  

	qemu: Deal with stucked qemu on daemon startup
	If libvirt daemon gets restarted and there is (at least) one
	unresponsive qemu, the startup procedure hangs up. This patch creates
	one thread per vm in which we try to reconnect to monitor. Therefore,
	blocking in one thread will not affect other APIs.

	qemu: Introduce job queue size limit
	This patch creates an optional BeginJob queue size limit. When
	active, all other attempts above level will fail. To set this
	feature assign desired value to max_queued variable in qemu.conf.
	Setting it to 0 turns it off.

2011-09-06  Michal Privoznik  

	daemon: Create priority workers pool
	This patch annotates APIs with low or high priority.
	In low set MUST be all APIs which might eventually access monitor
	(and thus block indefinitely). Other APIs may be marked as high
	priority. However, some must be (e.g. domainDestroy).

	For high priority calls (HPC), there are some high priority workers
	(HPW) created in the pool. HPW can execute only HPC, although normal
	worker can process any call regardless priority. Therefore, only those
	APIs which are guaranteed to end in reasonable small amount of time
	can be marked as HPC.

	The size of this HPC pool is static, because HPC are expected to end
	quickly, therefore jobs assigned to this pool will be served quickly.
	It can be configured in libvirtd.conf via prio_workers variable.
	Default is set to 5.

	To mark API with low or high priority, append priority:{low|high} to
	it's comment in src/remote/remote_protocol.x. This is similar to
	autogen|skipgen. If not marked, the generator assumes low as default.

2011-09-05  Eric Blake  

	snapshot: use SELinux and lock manager with external snapshots
	With this, it is now possible to create external snapshots even
	when SELinux is enforcing, and to protect the new file with a
	lock manager.

	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive): Create and register
	new file with proper permissions and locks.
	(qemuDomainSnapshotCreateDiskActive): Update caller.

2011-09-05  Eric Blake  

	snapshot: wire up live qemu disk snapshots
	Lots of earlier patches led up to this point - the qemu snapshot_blkdev
	monitor command can now be controlled by libvirt!  Well, insofar as
	SELinux doesn't prevent qemu from open(O_CREAT) on the files.  There's
	still some followup work before things work with SELinux enforcing,
	but this patch is big enough to post now.

	There's still room for other improvements, too (for example, taking a
	disk snapshot of an inactive domain, by using qemu-img for both internal
	and external snapshots; wiring up delete and revert control, including
	additional flags from my RFC; supporting active QED disk snapshots;
	supporting per-storage-volume snapshots such as LVM or btrfs snapshots;
	etc.).  But this patch is the one that proves the new XML works!

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Wire in
	active disk snapshots.
	(qemuDomainSnapshotDiskPrepare)
	(qemuDomainSnapshotCreateDiskActive)
	(qemuDomainSnapshotCreateSingleDiskActive): New functions.

2011-09-05  Eric Blake  

	snapshot: wire up new qemu monitor command
	No one uses this yet, but it will be important once
	virDomainSnapshotCreateXML learns a VIR_DOMAIN_SNAPSHOT_DISK_ONLY
	flag, and the xml allows passing in the new file names.

	* src/qemu/qemu_monitor.h (qemuMonitorDiskSnapshot): New prototype.
	* src/qemu/qemu_monitor_text.h (qemuMonitorTextDiskSnapshot):
	Likewise.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDiskSnapshot):
	Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorDiskSnapshot): New
	function.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskSnapshot):
	Likewise.

2011-09-05  Eric Blake  

	snapshot: make it possible to audit external snapshot
	Snapshots alter the set of disk image files opened by qemu, so
	they must be audited.  But they don't involve a full disk definition
	structure, just the new filename.  Make the next patch easier by
	refactoring the audit routines to just operate on file name.

	* src/conf/domain_audit.h (virDomainAuditDisk): Update prototype.
	* src/conf/domain_audit.c (virDomainAuditDisk): Act on strings,
	not definition structures.
	(virDomainAuditStart): Update caller.
	* src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia)
	(qemuDomainAttachPciDiskDevice, qemuDomainAttachSCSIDisk)
	(qemuDomainAttachUsbMassstorageDevice)
	(qemuDomainDetachPciDiskDevice, qemuDomainDetachDiskDevice):
	Likewise.

2011-09-05  Eric Blake  

	snapshot: reject unimplemented disk snapshot features
	My RFC for snapshot support [1] proposes several rules for when it is
	safe to delete or revert to an external snapshot, predicated on
	the existence of new API flags.  These will be incrementally added
	in future patches, but until then, blindly mishandling a disk
	snapshot risks corrupting internal state, so it is better to
	outright reject the attempts until the other pieces are in place,
	thus incrementally relaxing the restrictions added in this patch.

	[1] https://www.redhat.com/archives/libvir-list/2011-August/msg00361.html

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCountExternal): New
	function.
	(qemuDomainUndefineFlags, qemuDomainSnapshotDelete): Use it to add
	safety valve.
	(qemuDomainRevertToSnapshot, qemuDomainSnapshotCreateXML): Add safety
	valve.

2011-09-05  Eric Blake  

	snapshot: wire up disk-only flag to snapshot-create
	Expose the disk-only flag through virsh.  Additionally, make
	virsh snapshot-create-as take an arbitrary number of diskspecs,
	which can be used to build up the xml for .

	* tools/virsh.c (cmdSnapshotCreate): Add --disk-only.
	(cmdSnapshotCreateAs): Likewise, and add argv diskspec.
	(vshParseSnapshotDiskspec): New helper function.
	(vshCmddefGetOption): Allow naming of argv field.
	* tools/virsh.pod (snapshot-create, snapshot-create-as): Document
	them.
	* tests/virsh-optparse: Test snapshot-create-as parsing.

2011-09-05  Eric Blake  

	snapshot: add flag for requesting disk snapshot
	Prior to this patch, / was ignored.  This
	changes it to be an error unless an explicit disk snapshot is
	requested (a future patch may relax things if it turns out to
	be useful to have a  specification alongside a system
	checkpoint).

	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY): New flag.
	* src/libvirt.c (virDomainSnapshotCreateXML): Document it.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Disk
	snapshots not supported yet.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Likewise.

2011-09-05  Eric Blake  

	snapshot: add virsh domblklist command
	This adds a convenience function to virsh that parses out block
	information from the domain xml, making it much easier to see
	what strings can be used in all other contexts that demand a
	specific block name, especially when given the previous patch
	that allows using either target or unique source name.

	As an example on a domain with one disk and an empty cdrom drive:

	Target     Source
	-------------------------------------------
	vda        /var/lib/libvirt/images/fedora_12.img
	hdc        -

	* tools/virsh.c (cmdDomblklist): New function.
	* tools/virsh.pod (domblklist): Document it.

2011-09-05  Eric Blake  

	snapshot: also support disks by path
	I got confused when 'virsh domblkinfo dom disk' required the
	path to a disk (which can be ambiguous, since a single file
	can back multiple disks), rather than the unambiguous target
	device name that I was using in disk snapshots.  So, in true
	developer fashion, I went for the best of both worlds - all
	interfaces that operate on a disk (aka block) now accept
	either the target name or the unambiguous path to the backing
	file used by the disk.

	* src/conf/domain_conf.h (virDomainDiskIndexByName): Add
	parameter.
	(virDomainDiskPathByName): New prototype.
	* src/libvirt_private.syms (domain_conf.h): Export it.
	* src/conf/domain_conf.c (virDomainDiskIndexByName): Also allow
	searching by path, and decide whether ambiguity is okay.
	(virDomainDiskPathByName): New function.
	(virDomainDiskRemoveByName, virDomainSnapshotAlignDisks): Update
	callers.
	* src/qemu/qemu_driver.c (qemudDomainBlockPeek)
	(qemuDomainAttachDeviceConfig, qemuDomainUpdateDeviceConfig)
	(qemuDomainGetBlockInfo, qemuDiskPathToAlias): Likewise.
	* src/qemu/qemu_process.c (qemuProcessFindDomainDiskByPath):
	Likewise.
	* src/libxl/libxl_driver.c (libxlDomainAttachDeviceDiskLive)
	(libxlDomainDetachDeviceDiskLive, libxlDomainAttachDeviceConfig)
	(libxlDomainUpdateDeviceConfig): Likewise.
	* src/uml/uml_driver.c (umlDomainBlockPeek): Likewise.
	* src/xen/xend_internal.c (xenDaemonDomainBlockPeek): Likewise.
	* docs/formatsnapshot.html.in: Update documentation.
	* tools/virsh.pod (domblkstat, domblkinfo): Likewise.
	* docs/schemas/domaincommon.rng (diskTarget): Tighten pattern on
	disk targets.
	* docs/schemas/domainsnapshot.rng (disksnapshot): Update to match.
	* tests/domainsnapshotxml2xmlin/disk_snapshot.xml: Update test.

2011-09-05  Eric Blake  

	snapshot: add  to snapshot xml
	Adds an optional element to , which will be used
	to give user control over external snapshot filenames on input,
	and specify generated filenames on output.

	For now, no driver accepts this element; that will come later.

	
	  ...
	  
	    
	    
	    
	      
	      
	    
	  
	  
	    ...
	    
	      
	        
	        
	        
	      
	    
	  
	

	* src/conf/domain_conf.h (_virDomainSnapshotDiskDef): New type.
	(_virDomainSnapshotDef): Add new elements.
	(virDomainSnapshotAlignDisks): New prototype.
	* src/conf/domain_conf.c (virDomainSnapshotDiskDefClear)
	(virDomainSnapshotDiskDefParseXML, disksorter)
	(virDomainSnapshotAlignDisks): New functions.
	(virDomainSnapshotDefParseString): Parse new fields.
	(virDomainSnapshotDefFree): Clean them up.
	(virDomainSnapshotDefFormat): Output them.
	* src/libvirt_private.syms (domain_conf.h): Export new function.
	* docs/schemas/domainsnapshot.rng (domainsnapshot, disksnapshot):
	Add more xml.
	* docs/formatsnapshot.html.in: Document it.
	* tests/domainsnapshotxml2xmlin/disk_snapshot.xml: New test.
	* tests/domainsnapshotxml2xmlout/disk_snapshot.xml: Update.

2011-09-05  Eric Blake  

	snapshot: support extra state in snapshots
	In order to distinguish disk snapshots from system checkpoints, a
	new state value that is only valid for snapshots is helpful.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_LAST): New placeholder.
	* src/conf/domain_conf.h (virDomainSnapshotState): New enum mapping.
	(VIR_DOMAIN_DISK_SNAPSHOT): New internal enum value.
	* src/conf/domain_conf.c (virDomainState): Use placeholder.
	(virDomainSnapshotState): Extend mapping by one for use in snapshot.
	(virDomainSnapshotDefParseString, virDomainSnapshotDefFormat):
	Handle new state.
	(virDomainObjSetState, virDomainStateReasonToString)
	(virDomainStateReasonFromString): Avoid compiler warnings.
	* tools/virsh.c (vshDomainState, vshDomainStateReasonToString):
	Likewise.
	* src/libvirt_private.syms (domain_conf.h): Export new functions.
	* docs/schemas/domainsnapshot.rng: Tighten state definition.
	* docs/formatsnapshot.html.in: Document it.
	* tests/domainsnapshotxml2xmlout/disk_snapshot.xml: New test.

2011-09-05  Eric Blake  

	snapshot: expose halt-after-creation in virsh
	Easy enough to emulate even with older servers.

	* tools/virsh.c (cmdSnapshotCreate, cmdSnapshotCreateAs): Add
	--halt flag.
	(vshSnapshotCreate): Emulate halt when flag is unsupported.
	* tools/virsh.pod (snapshot-create, snapshot-create-as): Document
	it.

2011-09-05  Eric Blake  

	snapshot: allow halting after snapshot
	Since a snapshot is fully recoverable, it is useful to have a
	snapshot as a means of hibernating a guest, then reverting to
	the snapshot to wake the guest up.  This mode of usage is
	similar to 'virsh save/virsh restore', except that virsh
	save uses an external file while virsh snapshot keeps the
	vm state internal to a qcow2 file.  However, it only works on
	persistent domains.

	In the usage pattern of snapshot/revert for hibernating a guest,
	there is no need to keep the guest running between the two points
	in time, especially since that would generate runtime state that
	would just be discarded.  Add a flag to make it possible to
	stop the domain after the snapshot has completed.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_CREATE_HALT):
	New flag.
	* src/libvirt.c (virDomainSnapshotCreateXML): Document it.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML)
	(qemuDomainSnapshotCreateActive): Implement it.

2011-09-05  Eric Blake  

	snapshot: expose new delete flag in virsh
	It would technically be possible to have virsh compute the list
	of descendants of a given snapshot, then delete those one at
	a time.  But it's complex, and not worth writing for a first
	cut at implementing the new flags.

	* tools/virsh.c (cmdSnapshotDelete): Add --children-only,
	--metadata.
	* tools/virsh.pod (snapshot-delete): Document them.

2011-09-05  Eric Blake  

	snapshot: introduce new deletion flag
	Reverting to a state prior to an external snapshot risks
	corrupting any other branches in the snapshot hierarchy that
	were using the snapshot as a read-only backing file.  So
	disk snapshot code will default to preventing reverting to
	a snapshot that has any children, meaning that deleting just
	the children of a snapshot becomes a useful operation in
	preparing that snapshot for being a future reversion target.
	The code for the new flag is simple - it's one less deletion,
	plus a tweak to keep the current snapshot correct.

	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN_ONLY): New flag.
	* src/libvirt.c (virDomainSnapshotDelete): Document it, and
	enforce mutual exclusion.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDelete): Implement
	it.

2011-09-05  Eric Blake  

	snapshot: reject transient disks where code is not ready
	The previous patch introduced new config, but if a hypervisor does
	not support that new config, someone can write XML that does not
	behave as documented.  This prevents some of those cases by
	explicitly rejecting transient disks for several hypervisors.

	Disk snapshots will require a new flag to actually affect a snapshot
	creation, so there's not much to reject there.

	* src/qemu/qemu_command.c (qemuBuildDriveStr): Reject transient
	disks for now.
	* src/libxl/libxl_conf.c (libxlMakeDisk): Likewise.
	* src/xenxs/xen_sxpr.c (xenFormatSxprDisk): Likewise.
	* src/xenxs/xen_xm.c (xenFormatXMDisk): Likewise.

2011-09-05  Eric Blake  

	snapshot: additions to domain xml for disks
	As discussed here:
	https://www.redhat.com/archives/libvir-list/2011-August/msg00361.html
	https://www.redhat.com/archives/libvir-list/2011-August/msg00552.html

	Adds snapshot attribute and transient sub-element:

	
	  
	    ...
	    
	  
	

	* docs/schemas/domaincommon.rng (snapshot): New define.
	(disk): Add snapshot and persistent attributes.
	* docs/formatdomain.html.in: Document them.
	* src/conf/domain_conf.h (virDomainDiskSnapshot): New enum.
	(_virDomainDiskDef): New fields.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-transient.xml: New
	test of rng, no args counterpart until qemu support is complete.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-snapshot.args: New
	file, snapshot attribute does not affect args.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-snapshot.xml: Likewise.
	* tests/qemuxml2argvtest.c (mymain): Run new test.

2011-09-05  Lei Li  

	Check for source conflicts in storage pools
	Fix bug #611823 storage driver should prohibit pools with duplicate
	underlying storage.

	Add internal API virStoragePoolSourceFindDuplicate() to do uniqueness
	check based on source location infomation for pool type.

	* AUTHORS: add Lei Li

2011-09-05  Marc-André Lureau  

	Add a usb1 & usb2 qemuxml2argv test

	Default USB device is on slot 1 function 2
	Fix qemuAssignDevicePCISlots() and the associated regression tests

	PIIX3 USB controller is on function 2
	Current code reserves slot 1 function 2 even if there is a user
	defined PIIX3 USB controller there.

2011-09-05  Philipp Hahn  

	Fix localtime handling for Xen-PV domains
	At least Xen-3.4.3 translates the /vm/localtime SXPR value to
	/domain/platform/localtime and /domain/image/{linux,hvm}/localtime when
	the domain is defined.  When reading back that information libvirt only
	handles HVM domains, but not PV domains: This results in libvirtd always
	returning
	    
	while Xend used (localtime 1).

	For PV domains use /domain/image/linux/localtime.

2011-09-03  Eric Blake  

	snapshot: store qemu domain details in xml
	When reverting to a snapshot, the inactive domain configuration
	has to be rolled back to what it was at the time of the snapshot.
	Additionally, if the VM is active and the snapshot was active,
	this now adds a failure if the two configurations are ABI
	incompatible, rather than risking qemu confusion.

	A future patch will add a VIR_DOMAIN_SNAPSHOT_FORCE flag, which
	will be required for two risky code paths - reverting to an
	older snapshot that lacked full domain information, and reverting
	from running to a live snapshot that requires starting a new qemu
	process.  Any reverting that stops a running vm is also a form
	of data loss (discarding the current running state to go back in
	time), but as that is what reversion usually implies, it is
	probably not worth requiring a force flag.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Copy out
	domain.
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot): Perform
	ABI compatibility checks.

2011-09-03  Eric Blake  

	snapshot: update rng to support full domain in xml
	This patch will probably cause merge conflicts to those trying
	to do backports.  The end goal is simple - domaincommon.rng
	should be the state of domain.rng pre-patch, with a few lines
	tweaked in the header, while domain.rng post-patch is now just
	a shell that includes domaincommon.rng and sets the .

	* docs/schemas/domain.rng: Move guts...
	* docs/schemas/domaincommon.rng: ...to new file.
	* docs/schemas/domainsnapshot.rng: Allow new xml.
	* docs/schemas/Makefile.am (schema_DATA): Distribute new file.
	* tests/domainsnapshotxml2xmlout/full_domain.xml: New test.
	* libvirt.spec.in (%files client): Ship new file.  Sort lines.
	* mingw32-libvirt.spec.in: Likewise.

2011-09-03  Eric Blake  

	snapshot: correctly escape generated xml
	Commit 69278878 fixed one direction of arbitrarily-named snapshots,
	but not the round trip path.  While auditing domain_conf, I found
	a couple other instances that weren't escaping arbitrary strings.

	* src/conf/domain_conf.c (virDomainFSDefFormat)
	(virDomainGraphicsListenDefFormat, virDomainSnapshotDefFormat):
	Escape arbitrary strings.

2011-09-03  Eric Blake  

	snapshot: allow full domain xml in snapshot
	Just like VM saved state images (virsh save), snapshots MUST
	track the inactive domain xml to detect any ABI incompatibilities.

	The indentation is not perfect, but functionality comes before form.

	Later patches will actually supply a full domain; for now, this
	wires up the storage to support one, but doesn't ever generate one
	in dumpxml output.

	Happily, libvirt.c was already rejecting use of VIR_DOMAIN_XML_SECURE
	from read-only connections, even though before this patch, there was
	no information to be secured by the use of that flag.

	And while we're at it, mark the libvirt snapshot metadata files
	as internal-use only.

	* src/libvirt.c (virDomainSnapshotGetXMLDesc): Document flag.
	* src/conf/domain_conf.h (_virDomainSnapshotDef): Add member.
	(virDomainSnapshotDefParseString, virDomainSnapshotDefFormat):
	Update signature.
	* src/conf/domain_conf.c (virDomainSnapshotDefFree): Clean up.
	(virDomainSnapshotDefParseString): Optionally parse domain.
	(virDomainSnapshotDefFormat): Output full domain.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML)
	(esxDomainSnapshotGetXMLDesc): Update callers.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML)
	(vboxDomainSnapshotGetXMLDesc): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML)
	(qemuDomainSnapshotLoad, qemuDomainSnapshotGetXMLDesc)
	(qemuDomainSnapshotWriteMetadata): Likewise.
	* docs/formatsnapshot.html.in: Rework doc example.
	Based on a patch by Philipp Hahn.

2011-09-03  Eric Blake  

	snapshot: refactor domain xml output
	Minor semantic change - allow domain xml to be generated in place
	within a larger buffer, rather than having to go through a
	temporary string.

	* src/conf/domain_conf.c (virDomainDefFormatInternal): Add
	parameter.
	(virDomainDefFormat, virDomainObjFormat): Update callers.

2011-09-03  Eric Blake  

	snapshot: prevent migration from stranding snapshot data
	Migration is another case of stranding metadata.  And since
	snapshot metadata is arbitrarily large, there's no way to
	shoehorn it into the migration cookie of migration v3.

	This patch consolidates two existing locations for migration
	validation into one helper function, then enhances that function
	to also do the new checks.  If we could always trust the source
	to validate migration, then the destination would not have to
	do anything; but since older servers that did not do checking
	can migrate to newer destinations, we have to repeat some of
	the same checks on the destination; meanwhile, we want to
	detect failures as soon as possible.  With migration v2, this
	means that validation will reject things at Prepare on the
	destination if the XML exposes the problem, otherwise at Perform
	on the source; with migration v3, this means that validation
	will reject things at Begin on the source, or if the source
	is old and the XML exposes the problem, then at Prepare on the
	destination.

	This patch is necessarily over-strict.  Once a later patch
	properly handles auto-cleanup of snapshot metadata on the
	death of a transient domain, then the only time we actually
	need snapshots to prevent migration is when using the
	--undefinesource flag on a persistent source domain.

	It is possible to recreate snapshot metadata on the destination
	with VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE and
	VIR_DOMAIN_SNAPSHOT_CREATE_CURRENT.  But for now, that is limited,
	since if we delete the snapshot metadata prior to migration,
	then we won't know the name of the current snapshot to pass
	along; and if we delete the snapshot metadata after migration
	and use the v3 migration cookie to pass along the name of the
	current snapshot, then we need a way to bypass the fact that
	this patch refuses migration with snapshot metadata present.

	So eventually, we may have to introduce migration protocol v4
	that allows feature negotiation and an arbitrary number of
	handshake exchanges, so as to pass as many rpc calls as needed
	to transfer all the snapshot xml hierarchy.

	But all of that is thoughts for the future; for now, the best
	course of action is to quit early, rather than get into a
	funky state of stale metadata; then relax restrictions later.

	* src/qemu/qemu_migration.h (qemuMigrationIsAllowed): Make static.
	* src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Alter
	signature, and allow checks for both outgoing and incoming.
	(qemuMigrationBegin, qemuMigrationPrepareAny)
	(qemuMigrationPerformJob): Update callers.

2011-09-03  Eric Blake  

	snapshot: support new undefine flags in qemu
	A nice benefit of deleting all snapshots at undefine time is that
	you don't have to do any reparenting or subtree identification - since
	everything goes, this is an O(n) process, whereas using multiple
	virDomainSnapshotDelete calls would be O(n^2) or worse.  But it is
	only doable for snapshot metadata, where we are in control of the
	data being deleted; for the actual snapshots, there's too much
	likelihood of something going wrong, and requiring even more API
	calls to figure out what failed in the meantime, so callers are
	better off deleting the snapshot data themselves one snapshot at
	a time where they can deal with failures as they happen.

	* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Honor new flags.

2011-09-03  Eric Blake  

	snapshot: cache qemu-img location
	As more clients start to want to know this information, doing
	a PATH stat walk and malloc for every client adds up.

	We are only caching the location, not the capabilities, so even
	if qemu-img is updated in the meantime, it will still probably
	live in the same location.  So there is no need to worry about
	clearing this particular cache.

	* src/qemu/qemu_conf.h (qemud_driver): Add member.
	* src/qemu/qemu_driver.c (qemudShutdown): Cleanup.
	(qemuFindQemuImgBinary): Add an argument, and cache result.
	(qemuDomainSnapshotForEachQcow2, qemuDomainSnapshotDiscard)
	(qemuDomainSnapshotCreateInactive, qemuDomainSnapshotRevertInactive)
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot): Update
	callers.

2011-09-03  Eric Blake  

	snapshot: refactor some qemu code
	Prepare for code sharing.  No semantic change.

	* src/qemu/qemu_driver.c (qemuFindQemuImgBinary)
	(qemuDomainSnapshotWriteMetadata)
	(qemuDomainSnapshotDiscard)
	(qemuDomainSnapshotForEachQcow2): Float up.
	(qemuDomainSnapshotDiscardDescendant): Likewise, and rename...
	(qemuDomainSnapshotDiscardAll): ...for generic use.
	(qemuDomainSnapshotDelete): Update caller.

2011-09-03  Eric Blake  

	snapshot: teach virsh about new undefine flags
	Similar to 'undefine --managed-save' (commit 83e849c1), we must
	assume that the old API is unsafe; however, we cannot emulate
	metadata-only deletion on older servers.  Additionally, we have
	the wrinkle that while virDomainUndefineFlags and managed save
	cleanup were introduced in 0.9.4, it wasn't until 0.9.5 that
	snapshots block undefine of a domain.  Do the best we can given
	the server we are talking to.

	* tools/virsh.c (cmdUndefine): Add --snapshots-metadata flag.
	* tools/virsh.pod (undefine, destroy, shutdown): Document effect
	of snapshots.

2011-09-03  Eric Blake  

	snapshot: prevent stranding snapshot data on domain destruction
	Just as leaving managed save metadata behind can cause problems
	when creating a new domain that happens to collide with the name
	of the just-deleted domain, the same is true of leaving any
	snapshot metadata behind.  For safety sake, extend the semantic
	change of commit b26a9fa9 to also cover snapshot metadata as a
	reason to reject undefining an inactive domain.  A future patch
	will make sure that shutdown of a transient domain automatically
	deletes snapshot metadata (whether by destroy, shutdown, or
	guest-initiated action).  Management apps of transient domains
	should take care to capture xml of snapshots, if it is necessary
	to recreate the snapshot metadata on a later transient domain
	with the same name and uuid.

	This also documents a new flag that hypervisors can choose to
	support as a shortcut for taking care of the metadata as part of
	the undefine process; however, nontrivial driver support for these
	flags will be deferred to future patches.

	Note that ESX and VBox can never be transient; therefore, they
	do not have to worry about automatic cleanup after shutdown
	(the persistent domain still remains); likewise they never
	store snapshot metadata, so the undefine flag is trivial.
	The nontrivial work remaining is thus in the qemu driver.

	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_UNDEFINE_SNAPSHOTS_METADATA): New flag.
	* src/libvirt.c (virDomainUndefine, virDomainUndefineFlags):
	Document new limitations and flag.
	* src/esx/esx_driver.c (esxDomainUndefineFlags): Trivial
	implementation.
	* src/vbox/vbox_tmpl.c (vboxDomainUndefineFlags): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Enforce
	the limitations.

2011-09-03  Eric Blake  

	snapshot: add qemu snapshot redefine support
	Redefining a qemu snapshot requires a bit of a tweak to the common
	snapshot parsing code, but the end result is quite nice.

	Be careful that redefinitions do not introduce circular parent
	chains.  Also, we don't want to allow conversion between online
	and offline existing snapshots.  We could probably do some more
	validation for snapshots that don't already exist to make sure
	they are even feasible, by parsing qemu-img output, but that
	can come later.

	* src/conf/domain_conf.h (virDomainSnapshotParseFlags): New
	internal flags.
	* src/conf/domain_conf.c (virDomainSnapshotDefParseString): Alter
	signature to take internal flags.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Update caller.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Support
	new public flags.

2011-09-03  Eric Blake  

	snapshot: add qemu snapshot creation without metadata
	Supporting NO_METADATA on snapshot creation is interesting - we must
	still return a valid opaque snapshot object, but the user can't get
	anything out of it (unless we add a virDomainSnapshotGetName()),
	since it is no longer registered with the domain.

	Also, virsh now tries to query for secure xml, in anticipation of
	when we store  xml inside ; for now, we
	can trivially support it, since we have nothing secure.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Support
	new flag.
	(qemuDomainSnapshotGetXMLDesc): Trivially support VIR_DOMAIN_XML_SECURE.

2011-09-03  Eric Blake  

	snapshot: improve virsh snapshot-create, add snapshot-edit
	Wire up the new snapshot creation flags in virsh.  For convenience,
	teach 'snapshot-current' how to make an existing snapshot become
	current (can be used after upgrading to newer libvirt to recover
	from the fact that the older libvirt lost track of the current
	snapshot after a restart).  The snapshot-create-as command is
	intentionally not taught --redefine or --current, as this would
	imply adding a lot of other options for everything else that can
	appear in the  xml, but which is normally read-only.
	Besides, redefining will usually be done on files created by
	snapshot-dumpxml, rather than something built up by hand on the
	command line.  And now that we can redefine, we can edit.

	* tools/virsh.c (cmdSnapshotCreate): Add --redefine, --current,
	and --no-metadata.
	(cmdSnapshotCreateAs): Add --no-metadata.
	(cmdSnapshotCurrent): Add snapshotname to alter current snapshot.
	(cmdSnapshotEdit): New command.
	* tools/virsh.pod (snapshot-create, snapshot-create-as)
	(snapshot-current, snapshot-edit):  Document these.

2011-09-03  Eric Blake  

	snapshot: refactor virsh snapshot creation
	The next patch will make snapshot creation more complex, so it's
	better to avoid repetition of the complexity.

	* tools/virsh.c (vshSnapshotCreate): New helper function.
	(cmdSnapshotCreate, cmdSnapshotCreateAs): Use it.

2011-09-03  Eric Blake  

	snapshot: allow recreation of metadata
	The first two flags are essential for being able to replicate
	snapshot hierarchies across multiple hosts, which will come in
	handy for supervised migrations.  It also allows a management app
	to take a snapshot of a transient domain, save the metadata, stop
	the domain, recreate a new transient domain by the same name,
	redefine the snapshot, then revert to it.

	This is not quite as convenient as leaving the metadata behind
	after a domain is no longer around, but doing that has a few
	problems: 1. the libvirt API can only delete snapshot metadata
	if there is a valid domain handle to use to get to that snapshot
	object - if stale data is left behind without a domain, there is
	no way to request that the data be cleaned up. 2. creating a new
	domain with the same name but different uuid than the older
	domain where a snapshot existed cannot use the older snapshot
	data; this risks confusing libvirt, and forbidding the stale
	data is similar to the recent patch to forbid stale managed save.

	The first two flags might be useful on hypervisors with no metadata,
	but only for modifying the notion of the current snapshot;
	however, I don't know how to do that for ESX or VBox.

	The third flag is a convenience option, to combine a creation with
	a delete metadata into one step.  It is trivial for hypervisors
	with no metadata.

	The qemu changes will be involved enough to warrant a separate patch.

	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE)
	(VIR_DOMAIN_SNAPSHOT_CREATE_CURRENT)
	(VIR_DOMAIN_SNAPSHOT_CREATE_NO_METADATA): New flags.
	* src/libvirt.c (virDomainSnapshotCreateXML): Document them, and
	enforce mutual exclusion.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Trivial
	implementation.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
	* docs/formatsnapshot.html.in: Document re-creation.

2011-09-03  Eric Blake  

	snapshot: identify qemu snapshot roots
	Filtering for roots is pretty easy to do.

	* src/conf/domain_conf.h (virDomainSnapshotObjListGetNames)
	(virDomainSnapshotObjListNum): Update prototype.
	* src/conf/domain_conf.c (virDomainSnapshotObjListCopyNames)
	(virDomainSnapshotObjListGetNames, virDomainSnapshotObjListCount)
	(virDomainSnapshotObjListNum): Support filtering.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotNum)
	(qemuDomainSnapshotListNames): Update callers.

2011-09-03  Eric Blake  

	snapshot: reflect new dumpxml and list options in virsh
	New flag bits are worth exposing via virsh.  In the case of
	snapshot-list --roots, it's possible to emulate this even when
	talking to an older server that lacks the bit; whereas
	--metadata requires a newer server.

	Although we don't use --security-info yet, the flag is already
	documented for other dumpxml operations, and turning it on now
	will make it useful when a future patch actually has to honor it.

	* tools/virsh.c (cmdSnapshotDumpXML, cmdSnapshotCurrent): Add
	--security-info.
	(cmdSnapshotList): Add --roots, --metadata.
	* tools/virsh.pod (snapshot-dumpxml, snapshot-current)
	(snapshot-list): Document these.

2011-09-03  Eric Blake  

	snapshot: identify which snapshots have metadata
	To make it easier to know when undefine will fail because of existing
	snapshot metadata, we need to know how many snapshots have metadata.

	Also, it is handy to filter the list of snapshots to just those that
	have no parents; document that flag now, but implement it in later patches.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_LIST_ROOTS)
	(VIR_DOMAIN_SNAPSHOT_LIST_METADATA): New flags.
	* src/libvirt.c (virDomainSnapshotNum)
	(virDomainSnapshotListNames): Document them.
	* src/esx/esx_driver.c (esxDomainSnapshotNum)
	(esxDomainSnapshotListNames): Implement trivial flag.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotNum)
	(vboxDomainSnapshotListNames): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotNum)
	(qemuDomainSnapshotListNames): Likewise.

2011-09-03  Eric Blake  

	snapshot: let qemu discard only snapshot metadata
	Adding this was trivial compared to the previous patch for fixing
	qemu snapshot deletion in the first place.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiscard): Add
	parameter.
	(qemuDomainSnapshotDiscardDescendant, qemuDomainSnapshotDelete):
	Update callers.

2011-09-03  Eric Blake  

	snapshot: allow deletion of just snapshot metadata
	A future patch will make it impossible to remove a domain if it
	would leave behind any libvirt-tracked metadata about snapshots,
	since stale metadata interferes with a new domain by the same name.
	But requiring snaphot contents to be deleted before removing a
	domain is harsh; with qemu, qemu-img can still make use of the
	contents after the libvirt domain is gone.  Therefore, we need
	an option to get rid of libvirt tracking information, but not
	the actual contents.  For hypervisors that do not track any
	metadata in libvirt, the implementation is trivial; all remaining
	hypervisors (really, just qemu) will be dealt with separately.

	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_DELETE_METADATA_ONLY): New flag.
	* src/libvirt.c (virDomainSnapshotDelete): Document it.
	* src/esx/esx_driver.c (esxDomainSnapshotDelete): Trivially
	supported when there is no libvirt metadata.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotDelete): Likewise.

2011-09-03  Eric Blake  

	snapshot: simplify acting on just children
	Similar to the last patch in isolating the filtering from the
	client actions, so that clients don't have to reinvent the
	filtering.

	* src/conf/domain_conf.h (virDomainSnapshotForEachChild): New
	prototype.
	* src/libvirt_private.syms (domain_conf.h): Export it.
	* src/conf/domain_conf.c (virDomainSnapshotActOnChild)
	(virDomainSnapshotForEachChild): New functions.
	(virDomainSnapshotCountChildren): Delete.
	(virDomainSnapshotHasChildren): Simplify.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotReparentChildren)
	(qemuDomainSnapshotDelete): Likewise.

2011-09-03  Eric Blake  

	snapshot: track current domain across deletion of children
	Deleting a snapshot and all its descendants had problems with
	tracking the current snapshot.  The deletion does not necessarily
	proceed in depth-first order, so a parent could be deleted
	before a child, wreaking havoc on passing the notion of the
	current snapshot to the parent.  Furthermore, even if traversal
	were depth-first, doing multiple file writes to pass current up
	the chain one snapshot at a time is wasteful, comparing to a
	single update to the current snapshot at the end of the algorithm.

	* src/qemu/qemu_driver.c (snap_remove): Add field.
	(qemuDomainSnapshotDiscard): Add parameter.
	(qemuDomainSnapshotDiscardDescendant): Adjust accordingly.
	(qemuDomainSnapshotDelete): Properly reset current.

2011-09-03  Eric Blake  

	snapshot: avoid crash when deleting qemu snapshots
	This one's nasty.  Ever since we fixed virHashForEach to prevent
	nested hash iterations for safety reasons (commit fba550f6),
	virDomainSnapshotDelete with VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN
	has been broken for qemu: it deletes children, while leaving
	grandchildren intact but pointing to a no-longer-present parent.
	But even before then, the code would often appear to succeed to
	clean up grandchildren, but risked memory corruption if you have
	a large and deep hierarchy of snapshots.

	For acting on just children, a single virHashForEach is sufficient.
	But for acting on an entire subtree, it requires iteration; and
	since we declared recursion as invalid, we have to switch to a
	while loop.  Doing this correctly requires quite a bit of overhaul,
	so I added a new helper function to isolate the algorithm from the
	actions, so that callers do not have to reinvent the iteration.

	Note that this _still_ does not handle CHILDREN correctly if one
	of the children is the current snapshot; that will be next.

	* src/conf/domain_conf.h (_virDomainSnapshotDef): Add mark.
	(virDomainSnapshotForEachDescendant): New prototype.
	* src/libvirt_private.syms (domain_conf.h): Export it.
	* src/conf/domain_conf.c (virDomainSnapshotMarkDescendant)
	(virDomainSnapshotActOnDescendant)
	(virDomainSnapshotForEachDescendant): New functions.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiscardChildren):
	Replace...
	(qemuDomainSnapshotDiscardDescenent): ...with callback that
	doesn't nest hash traversal.
	(qemuDomainSnapshotDelete): Use new function.

2011-09-03  Eric Blake  

	snapshot: speed up snapshot location
	Each snapshot lookup was iterating over the entire hash table, O(n),
	instead of honing in directly on the hash key, amortized O(1).

	Besides, fixing this means that virDomainSnapshotFindByName can now
	be used inside another virHashForeach iteration (without this patch,
	attempts to lookup a snapshot by name during a hash iteration will
	fail due to nested iteration).

	* src/conf/domain_conf.c (virDomainSnapshotFindByName): Simplify.
	(virDomainSnapshotObjListSearchName): Delete unused function.

2011-09-03  Eric Blake  

	snapshot: add snapshot-list --parent to virsh
	Even though I recently added 'virsh snapshot-parent', doing it one
	snapshot at a time is painful, so make it possible to expand the
	snapshot-list table at once.

	* tools/virsh.c (cmdSnapshotList): Add --parent.
	* tools/virsh.pod (snapshot-list): Document it.

2011-09-03  Eric Blake  

	snapshot: fine-tune qemu snapshot revert states
	For a system checkpoint of a running or paused domain, it's fairly
	easy to honor new flags for altering which state to use after the
	revert.  For an inactive snapshot, the revert has to be done while
	there is no qemu process, so do back-to-back transitions; this also
	lets us revert to inactive snapshots even for transient domains.

	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Support new
	flags.

2011-09-03  Eric Blake  

	snapshot: properly revert qemu to offline snapshots
	Commit 5e47785 broke reverts to offline system checkpoint snapshots
	with older qemu, since there is no longer any code path to use
	qemu -loadvm on next boot.  Meanwhile, reverts to offline system
	checkpoints have been broken for newer qemu, both before and
	after that commit, since -loadvm no longer works to revert to
	disk state without accompanying vm state.  Fix both of these by
	using qemu-img to revert disk state.

	Meanwhile, consolidate the (now 3) clients of a qemu-img iteration
	over all disks of a VM into one function, so that any future
	algorithmic fixes to the FIXMEs in that function after partial
	loop iterations are dealt with at once.  That does mean that this
	patch doesn't handle partial reverts very well, but we're not
	making the situation any worse in this patch.

	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Use
	qemu-img rather than 'qemu -loadvm' to revert to offline snapshot.
	(qemuDomainSnapshotRevertInactive): New helper.
	(qemuDomainSnapshotCreateInactive): Factor guts...
	(qemuDomainSnapshotForEachQcow2): ...into new helper.
	(qemuDomainSnapshotDiscard): Use it.

2011-09-03  Eric Blake  

	snapshot: improve reverting to qemu paused snapshots
	If you take a checkpoint snapshot of a running domain, then pause
	qemu, then restore the snapshot, the result should be a running
	domain, but the code was leaving things paused.  Furthermore, if
	you take a checkpoint of a paused domain, then run, then restore,
	there was a brief but non-deterministic window of time where the
	domain was running rather than paused.  Fix both of these
	discrepancies by always pausing before restoring.

	Also, check that the VM is active every time lock is dropped
	between two monitor calls.

	Finally, straighten out the events that get emitted on each
	transition.

	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Always
	pause before reversion, and improve events.

2011-09-03  Eric Blake  

	snapshot: fine-tune qemu saved images starting paused
	Implement the new running/paused overrides for saved state management.

	Unfortunately, for virDomainSaveImageDefineXML, the saved state
	updates are write-only - I don't know of any way to expose a way
	to query the current run/pause setting of an existing save image
	file to the user without adding a new API or modifying the domain
	xml of virDomainSaveImageGetXMLDesc to include a new element to
	reflect the state bit encoded into the save image.  However, I
	don't think this is a show-stopper, since the API is designed to
	leave the state bit alone unless an explicit flag is used to
	change it.

	* src/qemu/qemu_driver.c (qemuDomainSaveInternal)
	(qemuDomainSaveImageOpen): Adjust signature.
	(qemuDomainSaveFlags, qemuDomainManagedSave)
	(qemuDomainRestoreFlags, qemuDomainSaveImageGetXMLDesc)
	(qemuDomainSaveImageDefineXML, qemuDomainObjRestore): Adjust
	callers.

2011-09-03  Eric Blake  

	snapshot: expose --running and --paused in virsh
	Pretty straight-forward exposure of new flags.  For most commands,
	we let the API reject mutually exclusive flags; but for save-image-edit,
	we do the sanity check ourselves to avoid looping on flag failure if
	the edit cycle is ever enhanced to allow the user to retry an edit
	to fix up an xml validation error.

	* tools/virsh.c (cmdManagedSave, cmdRestore, cmdSave)
	(cmdSaveImageDefine, cmdSaveImageEdit): Add new flags.
	* tools/virsh.pod (managedsave, restore, save, save-image-define)
	(save-image-edit): Document them.

2011-09-03  Eric Blake  

	snapshot: fine-tune ability to start paused
	While it is nice that snapshots and saved images remember whether
	the domain was running or paused, sometimes the restoration phase
	wants to guarantee a particular state (paused to allow hot-plugging,
	or running without needing to call resume).  This introduces new
	flags to allow the control, and a later patch will implement the
	flags for qemu.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SAVE_RUNNING)
	(VIR_DOMAIN_SAVE_PAUSED, VIR_DOMAIN_SNAPSHOT_REVERT_RUNNING)
	(VIR_DOMAIN_SNAPSHOT_REVERT_PAUSED): New flags.
	* src/libvirt.c (virDomainSaveFlags, virDomainRestoreFlags)
	(virDomainManagedSave, virDomainSaveImageDefineXML)
	(virDomainRevertToSnapshot): Document their use, and enforce
	mutual exclusion.

2011-09-03  Eric Blake  

	snapshot: better events when starting paused
	There are two classes of management apps that track events - one
	that only cares about on/off (and only needs to track EVENT_STARTED
	and EVENT_STOPPED), and one that cares about paused/running (also
	tracks EVENT_SUSPENDED/EVENT_RESUMED).  To keep both classes happy,
	any transition that can go from inactive to paused must emit two
	back-to-back events - one for started and one for suspended (since
	later resuming of the domain will only send RESUMED, but the first
	class isn't tracking that).

	This also fixes a bug where virDomainCreateWithFlags with the
	VIR_DOMAIN_START_PAUSED flag failed to start paused when restoring
	from a managed save image.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_EVENT_SUSPENDED_RESTORED)
	(VIR_DOMAIN_EVENT_SUSPENDED_FROM_SNAPSHOT)
	(VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT): New sub-events.
	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Use them.
	(qemuDomainSaveImageStartVM): Likewise, and add parameter.
	(qemudDomainCreate, qemuDomainObjStart): Send suspended event when
	starting paused.
	(qemuDomainObjRestore): Add parameter.
	(qemuDomainObjStart, qemuDomainRestoreFlags): Update callers.
	* examples/domain-events/events-c/event-test.c
	(eventDetailToString): Map new detail strings.

2011-09-02  Marc-André Lureau  

	Learn to use spicevmc as a redirection type for usb-redir

	Add "redirdev" redirection device
	- create a new "redirdev" element for this purpose

2011-09-02  Marc-André Lureau  

	qemu: Don't append 0 at usb id, so that it is compatible with legacy -usb
	QEMU uses USB bus name "usb.0" when using the legacy -usb argument.
	If we want to allow USB devices to specify their addresses with legacy
	-usb, we should either in case of legacy bus name drop the 0 from the
	address bus, or just drop the 0 from device id. This patch does the
	later.

	Another solution would be to permit addressing on non-legacy USB
	controllers only.

2011-09-02  Marc-André Lureau  

	qemu: don't reserve slot 1 if a PIIX3 USB controller is defined there
	Applies only to piix3 and check if piix3 controller is on correct
	address, or report error

2011-09-02  Marc-André Lureau  

	Modify USB port to be defined as a port path
	So that devices can be attached to hubs. Example, to attach to first
	port of a usb-hub on port 1.

	      
	         
    
	      

	      
	         
    
	      

	also add a test entry

2011-09-02  Marc-André Lureau  

	Add USB hub device
	domain parsing and serialization code, qemu driver backend and
	a couple of test

2011-09-02  Marc-André Lureau  

	Add USB companion controllers support
	Companion controllers take an extra 'master' attribute to associate
	them.

	Also add tests for this

2011-09-02  Marc-André Lureau  

	USB devices gain a new USB address child element
	Expand the domain and the QEmu driver code
	Adds a couple of tests

	test: USB controller can have a PCI address child element
	add a few tests for the new constructs

2011-09-02  Marc-André Lureau  

	Add a new controller type 'usb' with optionnal 'model'
	The model by default is piix3-uchi.

	Example:
	

2011-09-02  Marc-André Lureau  

	Add USB controller models
	List is: piix3-uhci piix4-uhci ehci ich9-ehci1 ich9-uhci1 ich9-uhci2
	ich9-uhci3 vt82c686b-uhci pci-ohci

	Rename virDomainControllerModel to virDomainControllerModelSCSI
	Since we are about to add USB controller support let's remove the
	ambiguity

	Add various USB devices QEMU_CAPS

2011-09-02  Eric Blake  

	snapshot: fix corner case on OOM during creation
	Commit 6766ff10 introduced a corner case bug with snapshot creation:
	if a snapshot is created, but then we hit OOM while trying to
	create the return value of the function, then we have polluted the
	internal directory with the snapshot metadata with no way to clean
	it up from the running libvirtd.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Don't
	write metadata file on OOM condition.

2011-09-02  Eric Blake  

	tests: add missing files
	Created by copying from qemuxml2argv-disk-drive-v2-wb.*, then
	s/writeback/directsync/.  Hopefully this matches Osier's intentions.

	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-cache-directsync.args:
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-cache-directsync.xml:
	Add missing files needed by 'make check'.

2011-09-02  Osier Yang  

	Add directsync cache mode support for disk driver
	Newer QEMU introduced cache=directsync for -drive, this patchset
	is to expose it in libvirt layer.

	  * Introduced a new QEMU capability flag ($prefix_CACHE_DIRECTSYNC),
	    As even $prefix_CACHE_V2 is set, we can't known if directsync
	    is supported.

2011-09-02  Osier Yang  

	storage: Add virsh support for fs pool formating

2011-09-02  Osier Yang  

	storage: Add fs pool formatting
	This patch adds the ability to make the filesystem for a filesystem
	pool during a pool build.

	The patch adds two new flags, no overwrite and overwrite, to control
	when mkfs gets executed.  By default, the patch preserves the
	current behavior, i.e., if no flags are specified, pool build on a
	filesystem pool only makes the directory on which the filesystem
	will be mounted.

	If the no overwrite flag is specified, the target device is checked
	to determine if a filesystem of the type specified in the pool is
	present.  If a filesystem of that type is already present, mkfs is
	not executed and the build call returns an error.  Otherwise, mkfs
	is executed and any data present on the device is overwritten.

	If the overwrite flag is specified, mkfs is always executed, and any
	existing data on the target device is overwritten unconditionally.

2011-09-02  Osier Yang  

	storage: Add mkfs and libblkid to build system

	API: Init conn in case of it might be used uninitialized
	There is a goto before "conn" is initialized.

2011-09-02  Eric Blake  

	qemu: detect incomplete save files
	Several users have reported problems with 'virsh start' failing because
	it was encountering a managed save situation where the managed save file
	was incomplete.  Be more robust to this by using two different magic
	numbers, so that newer libvirt can gracefully handle an incomplete file
	differently than a complete one, while older libvirt will at least fail
	up front rather than trying to load only to have qemu fail at the end.

	Managed save is a convenience - it exists to preserve as much state
	as possible; if the state was not preserved, it is reasonable to just
	log that fact, then proceed with a fresh boot.  On the other hand,
	user saves are under user control, so we must fail, but by making
	the failure message distinct, the user can better decide how to handle
	the situation of an incomplete save file.

	* src/qemu/qemu_driver.c (QEMUD_SAVE_PARTIAL): New define.
	(qemuDomainSaveInternal): Use it to mark incomplete images.
	(qemuDomainSaveImageOpen, qemuDomainObjRestore): Add parameter
	that controls what to do with partial images.
	(qemuDomainRestoreFlags, qemuDomainSaveImageGetXMLDesc)
	(qemuDomainSaveImageDefineXML, qemuDomainObjStart): Update callers.
	Based on an initial idea by Osier Yang.

2011-09-02  Eric Blake  

	qemu: refactor file opening
	In a SELinux or root-squashing NFS environment, libvirt has to go
	through some hoops to create a new file that qemu can then open()
	by name.  Snapshots are a case where we want to guarantee an empty
	file that qemu can open; also, reopening a save file to convert it
	from being marked partial to complete requires a reopen to avoid
	O_DIRECT headaches.  Refactor some existing code to make it easier
	to reuse in later patches.

	* src/qemu/qemu_migration.h (qemuMigrationToFile): Drop parameter.
	* src/qemu/qemu_migration.c (qemuMigrationToFile): Let cgroup do
	the stat, rather than asking caller to do it and pass info down.
	* src/qemu/qemu_driver.c (qemuOpenFile): New function, pulled from...
	(qemuDomainSaveInternal): ...here.
	(doCoreDump, qemuDomainSaveImageOpen): Use it here as well.

2011-09-02  Wen Congyang  

	reserve slot 1 on pci bus0
	After supporting multi function pci device, we only reserve function 1 on slot 1.
	The user can use the other function on slot 1 in the xml config file. We should
	detect this wrong usage.

2011-09-02  Xu He Jie  

	libvirtd: create run dir when running at non-root user
	When libvirtd is running at non-root user, it won't create ${HOME}/.libvirt.

	It will show error message:
	17:44:16.838: 7035: error : virPidFileAcquirePath:322 : Failed to open pid file

2011-09-02  Scott Moser  

	lxc: do not require 'ifconfig' or 'ipconfig' in container
	Currently, the lxc implementation invokes 'ip' and 'ifconfig' commands
	inside a container using 'virRun'.  That has the side effect of requiring
	those commands to be present and to function in a manner consistent with
	the usage.  Some small roots (such as ttylinux) may not have 'ip' or
	'ifconfig'.

	This patch replaces the use of these commands with usage of
	netdevice.  The result is that lxc containers do not have to implement
	those commands, and lxc in libvirt is only dependent on the netdevice
	interface.

	I've tested this patch locally against the ubuntu libvirt version enough
	to verify its generally sane.  I attempted to build upstream today, but
	failed with:
	  /usr/bin/ld:
	    ../src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_domain.o):
	   undefined reference to symbol 'xmlXPathRegisterNs@@LIBXML2_2.4.30

	Thats probably a local issue only, but I wanted to get this patch up and
	see what others thought of it.  This is ubuntu bug
	https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/828211 .

2011-09-02  Serge Hallyn  

	Create ptmx as a device
	Hi,

	I'm seeing an issue with udev and libvirt-lxc.  Libvirt-lxc creates
	/dev/ptmx as a symlink to /dev/pts/ptmx.  When udev starts up, it
	checks the device type, sees ptmx is 'not right', and replaces it
	with a 'proper' ptmx.

	In lxc, /dev/ptmx is bind-mounted from /dev/pts/ptmx instead of being
	symlinked, so udev sees the right device type and leaves it alone.

	A patch like the following seems to work for me.  Would there be
	any objections to this?

	>From 4c5035de52de7e06a0de9c5d0bab8c87a806cba7 Mon Sep 17 00:00:00 2001
	From: Ubuntu 
	Date: Wed, 31 Aug 2011 18:15:54 +0000
	Subject: [PATCH 1/1] make ptmx a bind mount rather than symlink

	udev on some systems checks the device type of /dev/ptmx, and replaces it if
	not as expected.  The symlink created by libvirt-lxc therefore gets replaced.
	By creating it as a bind mount, the device type is correct and udev leaves it
	alone.

2011-09-02  Adam Litke  

	BlockPull: Set initial bandwidth limit if specified
	The libvirt BlockPull API supports the use of an initial bandwidth limit but the
	qemu block_stream API does not.  To get the desired behavior we use the two APIs
	strung together: first BlockPull, then BlockJobSetSpeed.  We can do this at the
	driver level to avoid duplicated code in each monitor path.

2011-09-02  Adam Litke  

	BlockJob: Bandwidth parameter is in MB when using text monitor
	Due to an unfortunate precedent in qemu, the units for the bandwidth parameter
	to block_job_set_speed are different between the text monitor and the qmp
	monitor.  While the qmp monitor uses bytes/s, the text monitor expects MB/s.

	Correct the units for the text interface.

2011-09-02  Jim Fehlig  

	Increase size of buffer for xend response
	On systems with many pcpus, the sexpr returned by xend can be quite
	large for dom0 when it is configured to have #vcpus = #pcpus (default).
	E.g. on a 80 pcpu system, where dom0 had 80 vcpus, the sexpr details
	for dom0 was 73817 bytes!  Increase maximum buffer size to 256k.

2011-09-02  Jim Fehlig  

	Don't overwrite errors from xend_{get,req}
	xenDaemonDomainFetch() was overwriting errors reported by
	xend_get() and xend_req().  E.g. without patch

	error: failed Xen syscall xenDaemonDomainFetch failed to find this domain

	with patch

	error: internal error Xend returned HTTP Content-Length of 73817, which exceeds
	maximum of 65536

2011-09-02  Jim Fehlig  

	Change my email domain
	I'd like to change my primary email address to jfehlig@suse.com.
	This patch changes it in AUTHORS and .mailmap.

2011-09-02  Eric Blake  

	virsh: improve send-key documentation
	The 'virsh man' description of send-key was incomplete and used the
	old style (literal 'optional name' instead of '[name]' metasyntax).
	Meanwhile, none of the other virsh help texts include examples, so
	I moved it out of virsh help and into the man page.

	* tools/virsh.pod (send-key): Give better details.
	* tools/virsh.c (info_send_key): Drop example from here.

2011-09-02  Eric Blake  

	virsh: support 'virsh start --force-boot' on older servers
	Managed save was added in 0.8.0, virDomainCreateWithFlags in 0.8.2,
	and FORCE_BOOT in 0.9.5.  The virsh flag is more useful if we
	emulate it for all older servers (note that if a hypervisor fails
	the query for a managed save image, then it does not have one to
	be removed, so the flag can be safely ignored).

	* tools/virsh.c (cmdStart): Add emulation for new flag.

2011-09-02  Alex Jia  

	virsh: avoid memory leak on cmdVolCreateAs
	* tools/virsh.c: fix memory leak on cmdVolCreateAs function.

	* Detected in valgrind run:

	==4746==
	==4746== 48 (40 direct, 8 indirect) bytes in 1 blocks are definitely lost in loss record 26 of 52
	==4746==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==4746==    by 0x4C76E51: virAlloc (memory.c:101)
	==4746==    by 0x4CD9418: virGetStoragePool (datatypes.c:592)
	==4746==    by 0x4D21367: remoteStoragePoolLookupByName (remote_driver.c:4126)
	==4746==    by 0x4CE42B0: virStoragePoolLookupByName (libvirt.c:10232)
	==4746==    by 0x40C276: vshCommandOptPoolBy (virsh.c:13660)
	==4746==    by 0x40CA37: cmdVolCreateAs (virsh.c:8094)
	==4746==    by 0x412AF2: vshCommandRun (virsh.c:13770)
	==4746==    by 0x422F11: main (virsh.c:15127)
	==4746==
	==4746== 1,011 bytes in 1 blocks are definitely lost in loss record 45 of 52
	==4746==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==4746==    by 0x4A06167: realloc (vg_replace_malloc.c:525)
	==4746==    by 0x4C76ECB: virReallocN (memory.c:161)
	==4746==    by 0x4C60319: virBufferGrow (buf.c:72)
	==4746==    by 0x4C606AA: virBufferAdd (buf.c:106)
	==4746==    by 0x40CB37: cmdVolCreateAs (virsh.c:8118)
	==4746==    by 0x412AF2: vshCommandRun (virsh.c:13770)
	==4746==    by 0x422F11: main (virsh.c:15127)
	==4746==
	==4746== LEAK SUMMARY:
	==4746==    definitely lost: 1,051 bytes in 2 blocks
	==4746==    indirectly lost: 8 bytes in 1 blocks
	==4746==      possibly lost: 0 bytes in 0 blocks
	==4746==    still reachable: 390,767 bytes in 1,373 blocks
	==4746==         suppressed: 0 bytes in 0 blocks

	* How to reproduce?

	% valgrind -v --leak-check=full virsh vol-create-as default foo.img 10M \
	  --allocation 0 --format qcow2 --backing-vol bar.img

	Notes: bar.img doesn't exist.

2011-09-02  Eric Blake  

	build: fix 'make check' with pdwtags
	Problem introduced by commit b12354b.

	* src/remote_protocol-structs: Remove spurious blank line.

2011-09-02  Jim Fehlig  

	virsh: Expose virDomainMigrateGetMaxSpeed API

2011-09-02  Jim Fehlig  

	Add public API for getting migration speed
	Includes impl of python binding since the generator was not
	able to cope.

	Note: Requires gendispatch.pl patch from Matthias Bolte

	https://www.redhat.com/archives/libvir-list/2011-August/msg01367.html

2011-09-01  Eric Blake  

	virsh: prefer unsigned flags
	virsh had some leftover 'int flags', and even an 'int flag'
	declaration, compared to our preferred style of 'unsigned int flags'.

	* tools/virsh.c (cmdUndefine, cmdSave, cmdSaveImageDumpxml)
	(cmdSaveImageEdit, cmdManagedSave, cmdRestore, cmdDump)
	(cmdVcpuPin, cmdSetvcpus, cmdSetmem, cmdSetmaxmem, cmdDumpXML)
	(cmdDomXMLFromNative, cmdDomXMLToNative, doMigrate)
	(cmdInterfaceEdit, cmdInterfaceDumpXML, cmdEdit): Match coding
	style for flags.
	(struct vshComdOptDef): Rename field member.
	(vshCmddefOptParse, vshCmddefHelp): Adjust clients.

2011-09-01  Daniel P. Berrange  

	Fix tracking of RPC messages wrt streams
	Commit 2c85644b0b51fbe5b6244e6773531af29933a727 attempted to
	fix a problem with tracking RPC messages from streams by doing

	-            if (msg->header.type == VIR_NET_REPLY) {
	+            if (msg->header.type == VIR_NET_REPLY ||
	+                (msg->header.type == VIR_NET_STREAM &&
	+                 msg->header.status != VIR_NET_CONTINUE)) {
	                 client->nrequests--;

	In other words any stream packet, with status NET_OK or NET_ERROR
	would cause nrequests to be decremented. This is great if the
	packet from from a synchronous virStreamFinish or virStreamAbort
	API call, but wildly wrong if from a server initiated abort.
	The latter resulted in 'nrequests' being decremented below zero.
	This then causes all I/O for that client to be stopped.

	Instead of trying to infer whether we need to decrement the
	nrequests field, from the message type/status, introduce an
	explicit 'bool tracked' field to mark whether the virNetMessagePtr
	object is subject to tracking.

	Also add a virNetMessageClear function to allow a message
	contents to be cleared out, without adversely impacting the
	'tracked' field as a naive memset() would do

	* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h: Add
	  a 'bool tracked' field and virNetMessageClear() API
	* daemon/remote.c, daemon/stream.c, src/rpc/virnetclientprogram.c,
	  src/rpc/virnetclientstream.c, src/rpc/virnetserverclient.c,
	  src/rpc/virnetserverprogram.c: Switch over to use
	  virNetMessageClear() and pass in the 'bool tracked' value
	  when creating messages.

2011-09-01  Daniel P. Berrange  

	Avoid use-after-free on streams, due to message callbacks
	When sending outbound stream RPC messages, a callback is
	used to re-enable stream data transmission. If the stream
	aborts while one of these messages is outstanding, the
	stream may have been free'd by the time it is invoked. This
	results in a use-after-free error

	* daemon/stream.c: Ref-count streams to avoid use-after-free

2011-09-01  Daniel P. Berrange  

	Fix parted sector size assumption
	Parted does not report disk size in 512 byte units, but
	rather the disks' logical sector size, which with modern
	drives might be 4k.

	* src/storage/parthelper.c: Remove hardcoded 512 byte sector
	  size

2011-09-01  Osier Yang  

	qemu: Fix a regression of domain save
	* src/qemu/qemu_driver.c - qemuDomainSaveInternal: Return directly
	will keep the domain object locked, introduced by 173015bec6a.

	Revert "test: Cleanup improper VIR_ERR_NO_SUPPORT use"
	This reverts commit 172214bd304ff958160307be2efd6614e9868946.

	storage: Fix incorrect error codes
	Commit 0376f4a69b intended to fix incorrect use of VIR_ERR_NO_SUPPORT,
	but replacing it with VIR_ERR_OPERATION_INVALID is not proper either.

	remote: Fix incorrect error codes
	Introduced by d4b53ef6c. For "no internalFlags support", the
	error code is changed into INTERNAL_ERROR.

	nodeinfo: Fix incorrect error codes
	Introduced by 5e495c8b, except the ones for checking if numa
	is supported by host, all the NO_SUPPORT are changed back. For
	the ones about numa checking, change them into INTERNAL_ERROR.

	lxc: Fix incorrect changes on error codes.
	Fix incorrect changes introduced by commit 6ac47762bb9.

	conf: Substitute OPERATION_INVALID with INTERNAL_ERROR

2011-09-01  Daniel P. Berrange  

	Stop libxl driver polluting logs on non-Xen hosts
	If the libxl driver is compiled in, then everytime libvirtd
	starts up on a non-Xen Dom0 host, it logs a error message.
	Since this is an expected condition, we should not log at
	'error' level, only 'info'.

	* src/libxl/libxl_driver.c: Lower log level for certain
	  expected errors during driver init

2011-09-01  Daniel P. Berrange  

	Fix memory leak parsing 'relabel' attribute in domain security XML
	* src/conf/domain_conf.c: Free the 'relabel' attribute

2011-09-01  Daniel P. Berrange  

	Fix memory leak dispatching domain events
	When dispatching domain events we will create an XDR struct
	containing the event info. Some of this data may be allocated
	on the heap and so must be freed. The graphics event dispatcher
	had a broken attempt to free one field, but missed others. All
	the events have a dom->name string that needs freeing. The code
	should have used the xdr_free() procedure for doing all this

	* daemon/remote.c: Use xdr_free after dispatching events

2011-09-01  Daniel P. Berrange  

	Don't leak memory if a cgroup is mounted multiple times
	It is possible (expected/likely in Fedora 15) for a cgroup controller
	to be mounted in multiple locations at the same time, due to bind
	mounts. Currently we leak memory if this happens, because we overwrite
	the previous 'mountPoint' string. Instead just accept the first match
	we find.

	* src/util/cgroup.c: Only accept first match for a cgroup
	  controller mount

2011-08-31  Eric Blake  

	security: fix build
	Regression introduced in commit 183383889.

	* src/libvirt_private.syms (security_manager.h): Drop deleted
	symbol. Detected by build-bot.

2011-08-31  Guannan Ren  

	stream: remove redundant reference to client while sending stream data
	    *daemon/stream.c: remove virNetServerClientRef()

2011-08-31  Daniel P. Berrange  

	Remove bogus virSecurityManagerSetProcessFDLabel method
	The virSecurityManagerSetProcessFDLabel method was introduced
	after a mis-understanding from a conversation about SELinux
	socket labelling. The virSecurityManagerSetSocketLabel method
	should have been used for all such scenarios.

	* src/security/security_apparmor.c, src/security/security_apparmor.c,
	  src/security/security_driver.h, src/security/security_manager.c,
	  src/security/security_manager.h, src/security/security_selinux.c,
	  src/security/security_stack.c: Remove SetProcessFDLabel driver

2011-08-31  Daniel P. Berrange  

	Fix sanlock socket security labelling
	It is not possible to change the label of a TCP socket once it
	has been opened. When creating a TCP socket care must be taken
	to ensure the socket creation label is set & then cleared.
	Remove the bogus call to virSecurityManagerSetProcessFDLabel
	from the lock driver guest setup code and instead make use of
	virSecurityManagerSetSocketLabel

2011-08-31  Daniel P. Berrange  

	Fix incorrect path length check in sanlock lockspace setup
	The code for creating a sanlock lockspace accidentally used
	SANLK_NAME_LEN instead of SANLK_PATH_LEN for a size check.
	This meant disk paths were limited to 48 bytes !

	* src/locking/lock_driver_sanlock.c: Fix disk path length
	  check

2011-08-31  Eric Blake  

	snapshot: forbid snapshot on autodestroy domain
	There is no reason to forbid pausing an autodestroy domain
	(not to mention that 'virsh start --paused --autodestroy'
	succeeds in creating a paused autodestroy domain).

	Meanwhile, qemu was failing to enforce the API documentation that
	autodestroy domains cannot be saved.  And while the original
	documentation only mentioned save/restore, snapshots are another
	form of saving that are close enough in semantics as to make no
	sense on one-shot domains.

	* src/qemu/qemu_driver.c (qemudDomainSuspend): Drop bogus check.
	(qemuDomainSaveInternal, qemuDomainSnapshotCreateXML): Forbid
	saves of autodestroy domains.
	* src/libvirt.c (virDomainCreateWithFlags, virDomainCreateXML):
	Document snapshot interaction.

2011-08-31  Philipp Hahn  

	Fix error detection in device change
	According to qemu-kvm/qerror.c all messages start with a capital
	"Device ", but the current code only scans for the lower case "device ".
	This results in "virDomainUpdateDeviceFlags()" to not detect locked
	CD-ROMs and reporting success even in the case of a failure:
		# virsh qemu-monitor-command "$VM" change\ drive-ide0-0-0\ \"/var/lib/libvirt/images/ucs_2.4-0-sec4-20110714145916-dvd-amd64.iso\"
		Device 'drive-ide0-0-0' is locked
		# virsh update-device "$VM" /dev/stdin <<<"
    "
		Device updated successfully

2011-08-30  Eric Blake  

	start: allow discarding managed save
	There have been several instances of people having problems with
	a broken managed save file, and not aware that they could use
	'virsh managedsave-remove dom' to fix things.  Making it possible
	to do this as part of starting a domain makes the same functionality
	easier to find, and one less API call.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_START_FORCE_BOOT): New
	flag.
	* src/libvirt.c (virDomainCreateWithFlags): Document it.
	* src/qemu/qemu_driver.c (qemuDomainObjStart): Alter signature.
	(qemuAutostartDomain, qemuDomainStartWithFlags): Update callers.
	* tools/virsh.c (cmdStart): Expose it in virsh.
	* tools/virsh.pod (start): Document it.

2011-08-30  Eric Blake  

	build: simplify use of verify
	Back in 2008 when this line of util.h was written, gnulib's verify
	module didn't allow the use of multiple verify() in one file
	in combination with our choice of gcc -W options.  But that has
	since been fixed in gnulib, and newer gnulib even maps verify()
	to the C1x feature of _Static_assert, which gives even nicer
	diagnostics with a new enough compiler, so we might as well go
	with the simpler verify().

	* src/util/util.h (VIR_ENUM_IMPL): Use simpler verify, now that
	gnulib module is smarter.

2011-08-30  Eric Blake  

	qemu: properly label outgoing pipe for tunneled migration
	Commit 3261761 made it possible to use pipes instead of sockets
	for outgoing tunneled migration; however, it caused a regression
	because the pipe was never given a SELinux label.

	* src/qemu/qemu_migration.c (doTunnelMigrate): Label outgoing pipe.

2011-08-30  Guannan Ren  

	rpc: fix a typo in debugging log in virNetServerProgramSendStreamData
	The bufferOffset has been initialized to zero in virNetMessageEncodePayloadRaw(),
	so, we use bufferLength to represent the length of message which is going to be
	sent to client side.

2011-08-27  Eric Blake  

	maint: fix spelling errors on lose
	* docs/drvqemu.html.in: Fix typo.
	* src/libvirt.c (virDomainCreateXML, virDomainCreateWithFlags):
	Likewise.

2011-08-27  Jim Fehlig  

	Fix generator to cope with call-by-ref long types
	From: Matthias Bolte 
	Tested-by: Jim Fehlig 

	Matthias provided this patch to fix an issue I encountered in the
	generator with APIs containing call-by-ref long type, e.g.

	int virDomainMigrateGetMaxSpeed(virDomainPtr domain,
	                                unsigned long *bandwidth,
	                                unsigned int flags);

2011-08-26  Matthias Bolte  

	hyperv: Add basic documentation

2011-08-26  Matthias Bolte  

	hyperv: Add basic driver for Microsoft Hyper-V
	Domain listing, basic information retrieval and domain life cycle
	management is implemented. But currently the domain XML output
	lacks the complete devices section.

	The driver uses OpenWSMAN to directly communicate with a Hyper-V
	server over its WS-Management interface exposed via Microsoft WinRM.

	The driver is based on the work of Michael Sievers. This started in
	the same master program project group at the University of Paderborn
	as the ESX driver.

	See Michael's blog for details: http://hyperv4libvirt.wordpress.com/

2011-08-26  Matthias Bolte  

	hyperv: Add OpenWSMAN based client for the Hyper-V WMI API
	Add a generator script to generate the structs and serialization
	information for OpenWSMAN.

	openwsman.h collects workarounds for problems in OpenWSMAN <= 2.2.6.
	There are also disabled sections that would use ws_serializer_free_mem
	but can't because it's broken in OpenWSMAN <= 2.2.6. Patches to fix
	this have been posted upstream.

2011-08-26  Matthias Bolte  

	hyperv: Add driver skeleton

	hyperv: Add configure check for OpenWSMAN

2011-08-26  Taku Izumi  

	schedinfo: update man page about virsh schedinfo command
	This patch updates the man page about virsh schedinfo command.

	 - fix typo: 1844674407370955 -> 18446744073709551
	 - describe the value 0 of vcpu_period and vcpu_quota parameters

2011-08-26  KAMEZAWA Hiroyuki  

	Fix persistent migration config save
	When a user migrates a domain by command as

	libvirt saves vm's domain XML config in destination host after migration.
	But it saves vm->def. Then, the saved XML contains some garbage.

	  
	                     ^^^^^^^^
	  ...
	   
	                       ^^^^^^^^^^^^^^^^^

	Avoid saving unnecessary things by saving persistent vm definition.

2011-08-26  Jiri Denemark  

	rpc: Don't close connection if program is unknown
	In case we add a new program in the future (we did that in the past and
	we are going to do it again soon) current daemon will behave badly with
	new client that wants to use the new program. Before the RPC rewrite we
	used to just send an error reply to any request with unknown program.
	With the RPC rewrite in 0.9.3 the daemon just closes the connection
	through which such request was sent. This patch fixes this regression.

2011-08-26  Michal Privoznik  

	remote: Refuse connecting to remote socket
	If users wants to connect to remote unix socket, e.g.
	'qemu+unix:///system' currently the  part is ignored,
	ending up connecting to localhost. Connecting to remote socket is not
	supported and user should have used TLS/TCP/SSH instead.

	virterror: Fix error message for VIR_ERR_INVALID_ARG
	When a detail message is presented, nobody expects prefix 'invalid
	argument in' but something more general, like 'invalid argument:'.

2011-08-26  Daniel P. Berrange  

	Detect errors from the 'sendkey' command
	On success, the 'sendkey' command does not return any data, so
	any data in the reply should be considered to be an error
	message

	* src/qemu/qemu_monitor_text.c: Treat non-"" reply data as an
	  error message for 'sendkey' command

2011-08-26  Daniel P. Berrange  

	Fix keymap used to talk with QEMU
	The QEMU 'sendkey' command expects keys to be encoded in the same
	way as the RFB extended keycode set. Specifically it wants extended
	keys to have the high bit of the first byte set, while the Linux
	XT KBD driver codeset uses the low bit of the second byte. To deal
	with this we introduce a new keymap 'RFB' and use that in the QEMU
	driver

	* include/libvirt/libvirt.h.in: Add VIR_KEYCODE_SET_RFB
	* src/qemu/qemu_driver.c: Use RFB keycode set instead of XT KBD
	* src/util/virkeycode-mapgen.py: Auto-generate the RFB keycode
	  set from the XT KBD set
	* src/util/virkeycode.c: Add RFB keycode entry to table. Add a
	  verify check on cardinality of the codeOffset table

2011-08-26  Jiri Denemark  

	virsh: Clarify documentation of -d option
	The default is 4, not 0.

	qemu: Correctly label migration TCP socket

	security: Introduce SetSocketLabel
	This API labels all sockets created until ClearSocketLabel is called in
	a way that a vm can access them (i.e., they are labeled with svirt_t
	based label in SELinux).

	security: Rename SetSocketLabel APIs to SetDaemonSocketLabel
	The APIs are designed to label a socket in a way that the libvirt daemon
	itself is able to access it (i.e., in SELinux the label is virtd_t based
	as opposed to svirt_* we use for labeling resources that need to be
	accessed by a vm). The new name reflects this.

	Ignore unused streams in virStreamAbort
	When virStreamAbort is called on a stream that has not been used yet,
	quite confusing error is returned: "this function is not supported by
	the connection driver". Let's just ignore such streams as there's
	nothing to abort anyway.

	Do not try to cancel non-existent migration on source
	If migration failed on source daemon, the migration is automatically
	canceled by the daemon itself. Thus we don't need to call
	virDomainMigrateConfirm3(cancelled=1). Calling it doesn't cause any harm
	but the resulting error message printed in logs may confuse people.

2011-08-26  Eric Blake  

	snapshot: track current snapshot across restarts
	Audit all changes to the qemu vm->current_snapshot, and make them
	update the saved xml file for both the previous and the new
	snapshot, so that there is always at most one snapshot with
	1 in the xml, and that snapshot is used as the
	current snapshot even across libvirtd restarts.

	This patch does not fix the case of virDomainSnapshotDelete(,CHILDREN)
	where one of the children is the current snapshot; that will be later.

	* src/conf/domain_conf.h (_virDomainSnapshotDef): Alter member
	type and name.
	* src/conf/domain_conf.c (virDomainSnapshotDefParseString)
	(virDomainSnapshotDefFormat): Update clients.
	* docs/schemas/domainsnapshot.rng: Tighten rng.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Reload current
	snapshot.
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot)
	(qemuDomainSnapshotDiscard): Track current snapshot.

2011-08-26  Eric Blake  

	snapshot: only pass snapshot to qemu command line when reverting
	Changing the current vm, and writing that change to the file
	system, all before a new qemu starts, is risky; it's hard to
	roll back if starting the new qemu fails for some reason.
	Instead of abusing vm->current_snapshot and making the command
	line generator decide whether the current snapshot warrants
	using -loadvm, it is better to just directly pass a snapshot all
	the way through the call chain if it is to be loaded.

	This frees up the last use of snapshot->def->active for qemu's
	use, so the next patch can repurpose that field for tracking
	which snapshot is current.

	* src/qemu/qemu_command.c (qemuBuildCommandLine): Don't use active
	field of snapshot.
	* src/qemu/qemu_process.c (qemuProcessStart): Add a parameter.
	* src/qemu/qemu_process.h (qemuProcessStart): Update prototype.
	* src/qemu/qemu_migration.c (qemuMigrationPrepareAny): Update
	callers.
	* src/qemu/qemu_driver.c (qemudDomainCreate)
	(qemuDomainSaveImageStartVM, qemuDomainObjStart)
	(qemuDomainRevertToSnapshot): Likewise.
	(qemuDomainSnapshotSetCurrentActive)
	(qemuDomainSnapshotSetCurrentInactive): Delete unused functions.

2011-08-26  Eric Blake  

	snapshot: don't leak resources on qemu snapshot failure
	https://bugzilla.redhat.com/show_bug.cgi?id=727709
	mentions that if qemu fails to create the snapshot (such as what
	happens on Fedora 15 qemu, which has qmp but where savevm is only
	in hmp, and where libvirt is old enough to not try the hmp fallback),
	then 'virsh snapshot-list dom' will show a garbage snapshot entry,
	and the libvirt internal directory for storing snapshot metadata
	will have a bogus file.

	This fixes the fallout bug of polluting the snapshot-list with
	garbage on failure (the root cause of the F15 bug of not having
	fallback to hmp has already been fixed in newer libvirt releases).

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Allocate
	memory before making snapshot, and cleanup on failure.  Don't
	dereference NULL if transient domain exited during snapshot creation.

2011-08-26  Alex Jia  

	libvirt: avoid dead store in virDomainMigrateVersion3
	* src/qemu/qemu_migration.c: avoid dead 'ret' assignment and silence
	  clang warning.

	Detected by ccc-analyzer:

	libvirt.c:4277:5: warning: Value stored to 'ret' is never read
	    ret = domain->conn->driver->domainMigrateConfirm3
	    ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2011-08-26  Alex Jia  

	qemu: avoid dead store in doPeer2PeerMigrate3
	* src/qemu/qemu_migration.c: avoid dead 'ret' assignment and silence
	  clang warning.

	Detected by ccc-analyzer:

	  CC     libvirt_driver_qemu_la-qemu_migration.lo
	qemu/qemu_migration.c:2046:5: warning: Value stored to 'ret' is never read
	    ret = qemuMigrationConfirm(driver, sconn, vm,
	    ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2011-08-25  Daniel P. Berrange  

	Fix command test wrt gnutls initialize & fix debugging
	The VIR_TEST_DEBUG and VIR_TEST_VERBOSE env vars did not work
	because we replaced 'environ' with 'newenv'. Simply calling
	virTestGetDebug/Verbose() before replacing the 'environ' ensures
	we have processed the env variables.

	The gnutls initialization code opens /dev/urandom and keeps that
	FD around for later use. We have code which kills off FDs 3-5
	to avoid interfereing with our test case. Move the virInitialize
	call before this point, so it kills off the gnutls /dev/urandom
	FD which is irrelevant for testing purposes

	* tests/commandtest.c: Fix test debugging & make it robust against
	  opened FDs

2011-08-25  Michal Privoznik  

	daemon: Move TLS initialization to virInitialize
	My previous patch 74c75671331d284e1f777f9692b72e9737520bf0
	introduced a regression by removing TLS initialization from client.

2011-08-25  Laine Stump  

	util: only fchown newly created files in virFileOpenAs
	virFileOpenAs takes desired uid:gid as arguments, and not only uses
	them for a fork/setuid/setgid when retrying failed open operations,
	but additionally always forces the opened file to be owned by the
	given uid:gid.

	One example of the problems this causes is that, when restoring a
	domain from a file that is owned by the qemu user, opening the file
	chowns it to root. if dynamic_ownership=1 this is coincidentally
	expected, but if dynamic_ownership=0, no existing file should ever
	have its ownership changed.

	This patch adds an extra check before calling fchown() - it only does
	it if O_CREAT was passed to virFileOpenAs() in the openflags.

2011-08-25  Shradha Shah  

	qemu: fix off-by-one in pci slot reservation

2011-08-25  Steve Hodgson  

	maint: attribute second author of previous patch

2011-08-25  Shradha Shah  

	pci: fix pciDeviceListSteal on multiple devices
	pciDeviceListSteal(pcidevs, dev) removes dev from pcidevs reducing
	the length of pcidevs, so moving onto what was the next dev is wrong.

	Instead callers should pop entry 0 repeatedly until pcidevs is empty.

2011-08-24  Eric Blake  

	libvirt: log all flags parameters
	I was testing a virsh patch, and wanted to see if I had passed the
	flags I thought.  But with LIBVIRT_DEBUG in the environment, I just
	saw:

	14:24:52.359: 15022: debug : virDomainSnapshotNum:15586 : dom=0xc9c180, (VM: name=rhel_6-64, uuid=48f8e8e7-e14f-0e14-02f0-ce71997bdcab),

	including a trailing space.  This fixes the issues.

	* src/libvirt.c: Log flag parameters, even if currently unused.
	(VIR_DOMAIN_DEBUG_0): Drop trailing comma in log.
	(VIR_DOMAIN_DEBUG_1): Split guts into...
	(VIR_DOMAIN_DEBUG_2): ...new macro.

2011-08-24  Eric Blake  

	virsh: add list --managed-save
	Knowing whether 'virsh start' will resume a saved image or do
	a fresh boot is useful enough to expose via 'virsh list'.

	Also, translate the state column.

	* tools/virsh.c (cmdList): add --managed-save flag
	* tools/virsh.pod (list): Document it.
	Based on a suggestion by Miklos Vajna.

2011-08-24  Matthias Bolte  

	esx: Use $(PYTHON) instead of the shebang to run the generator

2011-08-24  Osier Yang  

	qemu: Report error if qemu monitor command not found for BlockJob
	* src/qemu/qemu_monitor_json.c: Handle error "CommandNotFound" and
	  report the error.

	* src/qemu/qemu_monitor_text.c: If a sub info command is not found,
	  it prints the output of "help info", for other commands,
	  "unknown command" is printed.

	Without this patch, libvirt always report:

	  An error occurred, but the cause is unknown

	This patch was adapted from a patch by Osier Yang  to
	break out detection of unrecognized text monitor commands into a separate
	function.

2011-08-24  Matthias Bolte  

	esx: Refactor a repeated string in the generator

2011-08-24  Eric Blake  

	maint: fix comment typos
	* src/qemu/qemu_driver.c (qemuDomainSaveInternal): Fix typo.
	* src/conf/domain_event.c (virDomainEventDispatchMatchCallback):
	Likewise.
	* daemon/libvirtd.c (daemonRunStateInit): Likewise.
	* src/lxc/lxc_container.c (lxcContainerChildMountSort): Likewise.
	* src/util/virterror.c (virCopyError, virRaiseErrorFull): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxprSound): Likewise.

2011-08-23  Osier Yang  

	virsh: Substitute goto label out with cleanup
	Introduced by 241cbc13a, pushed under urgent rule.

2011-08-23  Osier Yang  

	virsh: Do not try to free domain if it is NULL
	Without these patch, there will be error like below if domain
	is NULL.

	error: invalid domain pointer in virDomainFree

	Which is useless.

2011-08-23  Osier Yang  

	xen: Cleanup improper VIR_ERR_NO_SUPPORT use

	test: Cleanup improper VIR_ERR_NO_SUPPORT use

	storage: Cleanup improper VIR_ERR_NO_SUPPORT use

	remote: Cleanup improper VIR_ERR_NO_SUPPORT use

2011-08-23  Osier Yang  

	qemu: Cleanup improper VIR_ERR_NO_SUPPORT use
	* src/qemu/qemu_command.c: s/VIR_ERR_NO_SUPPORT/VIR_ERR_CONFIG_UNSUPPORTED/

	* src/qemu/qemu_driver.c: s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_INVALID/

	* src/qemu/qemu_process.c: s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_INVALID/

2011-08-23  Osier Yang  

	nodeinfo: Cleanup improper VIR_ERR_NO_SUPPORT use

2011-08-23  Osier Yang  

	lxc: Cleanup improper VIR_ERR_NO_SUPPORT use
	s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_INVALID/

	Special case is changes on lxcDomainInterfaceStats, if it's not
	implemented on the platform, prints error like:

	    lxcError(VIR_ERR_OPERATION_INVALID, "%s",
	             _("interface stats not implemented on this platform"));

	As the function is supported by driver actually, error like
	VIR_ERR_NO_SUPPORT is confused.

2011-08-23  Osier Yang  

	conf: Cleanup improper use of VIR_ERR_NO_SUPPORT in node_device_conf

	qemu: Substitute VIR_ERR_NO_SUPPORT with VIR_ERR_OPERATION_INVALID
	* src/qemu/qemu_monitor_text.c: Error like "this function is not
	supported by the connection driver" is confused obviously.

	virsh: Print error if specified bandwidth is invalid for blockjob
	It's strange that the command fails but without any error if one
	specifies as not a number.

2011-08-22  KAMEZAWA Hiroyuki  

	send-key: fix scan keycode map
	Now, bad key-code in send-key can cause segmentation fault in libvirt.
	(example)
	 % virsh send-key --codeset win32 12
	   error: End of file while reading data: Input/output error

	This is caused by overrun at scanning keycode array.

	Fix it.

2011-08-22  Eric Blake  

	build: work around older systemtap header
	Systemtap 1.2  tried to expand STAP_PROBE3 into an
	initialization:
	  volatile __typeof__(arg) foo = arg;
	but that fails if arg was declared as 'char arg[100]'.
	Rather than make all callers to PROBE deal with the stupidity
	of , we instead make PROBE cast away the problem.
	Some of this preprocessor abuse copies ideas in src/libvirt.c.

	* daemon/libvirtd.h (PROBE): Add casts to all arguments, using...
	(VIR_ADD_CASTS, VIR_ADD_CAST, VIR_ADD_CAST2, VIR_ADD_CAST3)
	(VIR_ADD_CAST_EXPAND, VIR_ADD_CAST_PASTE, VIR_COUNT_ARGS)
	(VIR_ARG5, PROBE_EXPAND): New macros.
	Reported by Wen Congyang.

2011-08-19  Eric Blake  

	virsh: properly interleave shared stdout and stderr
	Without this patch, invoking 'virsh >file 2>&1' results in
	error messages appearing before normal output, even if they
	occurred later in time than the normal output (since stderr
	is unbuffered, but stdout waits until a full buffer).

	* tools/virsh.c (print_job_progress, vshError): Flush between
	stream transitions.
	* tests/undefine: Test it.

2011-08-19  Eric Blake  

	maint: simplify lots of libxml2 clients
	Repetitive patterns should be factored.  The sign of a good
	factorization is a change that kills 5x more lines than it adds :)

	* src/conf/domain_conf.c (virDomainDeviceDefParse)
	(virDomainSnapshotDefParseString): Use new convenience macros.
	* src/conf/storage_conf.c (virStoragePoolDefParseSourceString):
	Likewise.
	* src/cpu/cpu.c (cpuCompareXML, cpuBaselineXML): Likewise.
	* src/esx/esx_vi.c (esxVI_Context_Execute): Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationCookieXMLParseStr):
	Likewise.
	* src/security/virt-aa-helper.c (caps_mockup): Likewise.
	* src/test/test_driver.c (testOpenFromFile): Likewise.
	* tests/cputest.c (cpuTestLoadXML, cpuTestLoadMultiXML):
	Likewise.
	* tools/virsh.c (cmdFreecell, makeCloneXML, cmdVNCDisplay)
	(cmdTTYConsole, cmdDetachInterface, cmdDetachDisk)
	(cmdSnapshotCreate, cmdSnapshotCreateAs, cmdSnapshotCurrent)
	(cmdSnapshotList, cmdSnapshotParent): Likewise.

2011-08-19  Eric Blake  

	xml: add another convenience function
	Often, we want to use XPath functions on the just-parsed document;
	fold this into the parser function for convenience.

	* src/util/xml.h (virXMLParseHelper): Add argument.
	(virXMLParseStrHelper, virXMLParseFileHelper): Delete.
	(virXMLParseCtxt, virXMLParseStringCtxt, virXMLParseFileCtxt): New
	macros.
	* src/libvirt_private.syms (xml.h): Remove deleted functions.
	* src/util/xml.c (virXMLParseHelper): Add argument.
	(virXMLParseStrHelper, virXMLParseFileHelper): Delete.

2011-08-19  Eric Blake  

	maint: treat more libxml2 functions as free-like
	* cfg.mk (useless_free_options): Add xmlFreeDoc, xmlBufferFree.
	* src/esx/esx_vi.c (ESX_VI__TEMPLATE__FREE): Fix offenders.
	* tools/virsh.c (cmdFreecell, cmdVNCDisplay, cmdTTYConsole)
	(cmdDetachInterface, cmdDetachDisk, cmdSnapshotCreate)
	(cmdSnapshotCreateAs, cmdSnapshotList, cmdSnapshotParent):
	Likewise.

2011-08-19  Eric Blake  

	test: rewrite test to match change in behavior
	Test failure exposed in commit 7d3390f.

	* tests/undefine: Fix to match updated test driver semantics.

2011-08-19  Eric Blake  

	build: fix typo in recent test patch
	* src/test/test_driver.c (testDomainUndefineFlags): Use right
	variable name.

2011-08-19  Eric Blake  

	Revert "xen: Allow to undefine a running domain (xm_internal)"
	ACK was given too soon.  According to the code, the xm driver is
	only used for inactive domains, and has no notion of an active
	domain, thus, it cannot support undefine of a running domain.
	The real fix for xen needs to be in the unified driver and/or
	the xend level.

	This reverts commit 49186deda62161599877b0de6f7f4345c50d842a.

2011-08-19  Osier Yang  

	xen: Allow to undefine a running domain (xm_internal)

	vmware: Allow to undefine a running domain

	uml: Allow to undefine a running domain

	test: Allow to undefine a running domain

	qemu: Allow to undefine a running domain

	openvz: Allow to undefine a running domain

	lxc: Allow to undefine a running domain

	libxl: Allow to undefine a running domain.
	Undefining a running domain will convert it to trasient, but keep
	the domain still running.

	qemu: Get memory balloon info correctly for text monitor
	* src/qemu/qemu_monitor_text.c: BALLOON_PREFIX was defined as
	"balloon: actual=", which cause "actual=" is stripped early before
	the real parsing. This patch changes BALLOON_PREFIX into "balloon: ",
	and modifies related functions, also renames
	"qemuMonitorParseExtraBalloonInfo" to "qemuMonitorParseBalloonInfo",
	as after the changing, it parses all the info returned by "info balloon".

2011-08-19  Eric Blake  

	build: fix compilation on mingw64
	* .gnulib: Update to latest, for getcwd fixes.
	* bootstrap: Resync to gnulib.

2011-08-19  Michal Privoznik  

	storage: Flush host cache after write
	Although we are flushing cache after some critical writes (e.g.
	volume creation), after some others we do not (e.g. volume cloning).
	This patch fix this issue. That is for volume cloning, writing
	header of logical volume, and storage wipe.

2011-08-19  Michal Privoznik  

	daemon: initialize GnuTLS
	When spice_tls is set but listen_tls is not, we don't initialize
	GnuTLS library. So any later gnutls call (e.g. during migration,
	where we initialize a certificate) will access uninitialized GnuTLS
	internal structs and throws an error.

	Although, we might now initialize GnuTLS twice, it is safe according
	to the documentation:

	    This function can be called many times,
	    but will only do something the first time.

	This patch creates 2 functions: virNetTLSInit and virNetTLSDeinit
	with respect to written above.

2011-08-19  Taku Izumi  

	schedinfo: add missing documentation
	This patch adds the missing documentation about the scheduler parameter
	"vcpu_period" and "vcpu_quota".

2011-08-19  Eric Blake  

	maint: ignore generated file
	I did 'git add .' while in the middle of 'make syntax-check', and
	it picked up a temporary file that should not be committed.

	* .gitignore: Ignore sc_* from syntax check.

2011-08-18  Eric Blake  

	build: fix virnetsocket on mingw
	Regression introduced in commit 5d30db0.

	* src/rpc/virnetsocket.c (virNetSocketNewListenUNIX) [WIN32]: Use
	correct signature.

2011-08-18  Eric Blake  

	build: fix virpidfile on mingw
	Regression introduced in commit b7e5ca4.

	Mingw lacks kill(), but we were only using it for a sanity check;
	so we can go with one less check.

	Also, on OOM error, this function should outright fail rather than
	claim that the pid file was successfully read.

	* src/util/virpidfile.c (virPidFileReadPathIfAlive): Skip kill
	call where unsupported, and report error on OOM.

2011-08-18  Daniel P. Berrange  

	Ensure async packets never get marked for sync replies
	If a client had initiated a stream abort, it will have a call
	waiting for a reply in the queue. If more data continues to
	arrive on the stream, the abort command could mistakenly get
	signalled as complete. Remove the code from async data processing
	that looked for waiting calls. Add a sanity check to ensure no
	async call can ever be marked as needing a reply

	* src/rpc/virnetclient.c: Ensure async data packets can't
	  trigger a reply

2011-08-18  Daniel P. Berrange  

	Don't attempt to read from a stream if it is closed
	The I/O event callback processes incoming packets first, and then
	does outgoing packets. If the incoming packet caused the stream to
	close, then the attempt to process outgoing data resulted in an
	error. This caused libvirt to then send an error back to the client,
	but the stream had already been stopped. This confused the client
	since it sees 2 error events.

	* daemon/stream.c: Don't attempt read if stream is closed

2011-08-17  Tom Vijlbrief  

	qemu: disk migration verbose progress
	A virsh command like:

	migrate --live --copy-storage-all Guest qemu+ssh://user@host/system
	--persistent --verbose

	shows

	Migration: [  0 %]

	during the storage copy and does not start counting
	until the ram transfer starts

	Fix this by scraping optional disk transfer status, and adding it
	into the progress meter.

2011-08-17  Eric Blake  

	virsh: concatenate qemu-monitor-command arguments
	Call me lazy, but:

	virsh qemu-monitor-command dom --hmp info status

	is nicer than:

	virsh qemu-monitor-command dom --hmp 'info status'

	* tools/virsh.c (cmdQemuMonitorCommand): Allow multiple arguments,
	for convenience.

2011-08-17  Osier Yang  

	qemu: Init reattaching related members of pciDevice before reattach
	Otherwise the device will still be bound to pci-stub driver even
	it's set as "managed=yes" when do detaching. Of course, it won't
	triger any driver reprobing too.

2011-08-17  Eric Blake  

	virsh: tweak misleading wording
	Fixes confusing docs introduced in commit 98369d3.

	* tools/virsh.c (cmdSnapshotParent): Operates on named snapshot,
	not current.

2011-08-17  Daniel P. Berrange  

	Tweak debugging message in RPC client code
	Make it clearer that a log message is for an outgoing message

2011-08-17  Daniel P. Berrange  

	Fix race condition in abort of stream
	If a stream gets a server initiated abort, the client may still
	send an abort request before it receives the server side abort.
	This causes the server to send back another abort for the
	stream. Since the protocol defines that abort is the last thing
	to be sent, the client gets confused by this second abort from
	the server. If the stream is already shutdown, just drop any
	client requested abort, rather than sending back another message.
	This fixes the regression from previous versions.

	Tested as follows

	In one virsh session

	  virsh # start foo
	  virsh # console foo

	In other virsh session

	  virsh # destroy foo

	The first virsh session should be able to continue issuing
	commands without error. Prior to this patch it saw

	  virsh # list
	  error: Failed to list active domains
	  error: An error occurred, but the cause is unknown

	  virsh # list
	  error: Failed to list active domains
	  error: no call waiting for reply with prog 536903814 vers 1 serial 9

	* src/rpc/virnetserverprogram.c: Drop abort requests
	  for streams which no longer exist

2011-08-17  Daniel P. Berrange  

	Ensure client streams are closed when marking a client for close
	Every active stream results in a reference being held on the
	virNetServerClientPtr object. This meant that if a client quit
	with any streams active, although all I/O was stopped the
	virNetServerClientPtr object would leak. This causes libvirtd
	to leak any file handles associated with open streams when a
	client quit

	To fix this, when we call virNetServerClientClose there is a
	callback invoked which lets the daemon release the streams
	and thus the extra references

	* daemon/remote.c: Add a hook to close all streams
	* daemon/stream.c, daemon/stream.h: Add API for releasing
	  all streams
	* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h:
	  Allow registration of a hook to trigger when closing client

2011-08-17  Daniel P. Berrange  

	Ensure stream is aborted when exiting console
	After running 'virsh console' in interactive mode, there was a
	missing call to virStreamAbort, which meant the server kept the
	stream resources open

	* tools/console.c: Abort stream when exiting

2011-08-17  Stefan Berger  

	maint: fix some compilation issues on non-linux platforms (part 2)
	Get rid of the #if __linux__ check in virPidFileReadPathIfAlive that
	was preventing a check of a symbolic link in /proc//exe on
	non-linux platforms against an expected executable. Replace
	this with a run-time check testing whether the /proc//exe is a
	symbolic link and if so call the function doing the comparison
	against the expected file the link is supposed to point to.

	maint: fix some compilation issues on non-linux platforms
	This patch fixes *some* compilation issues on non-Linux platforms (cygwin).

2011-08-17  Peter Krempa  

	daemon: Add early libvirtd start verbose errors.
	Early errors during start of libvirtd didn't have
	an error reporting mechanism and caused libvirtd
	to exit silently (only the return value indicated
	an error).

	Libvirt logging is initialized very early using
	enviroment variables and the internal error reporting
	API is used to report early errors.

	 v2 changes:
	 - print errors unconditionaly before logging starts
	 - fix message to US spelling
	 v2.5 changes:
	 - initialize logging from enviroment
	 - log all early errors using VIR_ERROR
	 v3 changes:
	 - move virSetLogFromEnv() after virInitialize()

	fixes: https://bugzilla.redhat.com/show_bug.cgi?id=728654

2011-08-17  Stefan Berger  

	maint: add missing symbols
	Add missing symbols to libvirt_private.syms.

2011-08-16  Roopa Prabhu  

	macvtap: Fix getPhysfn to get the PF of a direct attach network interface
	This patch renames getPhysfn to getPhysfnDev and adds code to get the
	Physical function and Virtual Function index of the direct attach linkdev (if
	the direct attach interface is a SRIOV VF). The idea is to send the port
	profile message to a PF if the direct attach interface is a SRIOV VF.

	interface: Add functions to get sriov PF/VF relationship of a net interface
	This patch adds the following functions to get PF/VF relationship of an SRIOV
	network interface:
	ifaceIsVirtualFunction: Function to check if a network interface is a SRIOV VF
	ifaceGetVirtualFunctionIndex: Function to get VF index if a network interface is a SRIOV VF
	ifaceGetPhysicalFunction: Function to get the PF net interface name of a SRIOV VF net interface

	pci: Add helper functions for sriov devices
	This patch adds the following helper functions:
	pciDeviceIsVirtualFunction: Function to check if a pci device is a sriov VF
	pciGetVirtualFunctionIndex: Function to get the VF index of a sriov VF
	pciDeviceNetName: Function to get the network device name of a pci device
	pciConfigAddressCompare: Function to compare pci config addresses

	pci: Move some pci sriov helper code out of node device driver to util/pci
	This patch moves some of the sriov related pci code from node_device driver
	to src/util/pci.[ch]. Some functions had to go thru name and argument list
	change to accommodate the move.

2011-08-16  Eric Blake  

	maint: ignore generated file
	* .gitignore: Ignore qemu-sanlock.conf.

2011-08-15  Laine Stump  

	qemu: support event_idx parameter for virtio disk and net devices
	In some versions of qemu, both virtio-blk-pci and virtio-net-pci
	devices can have an event_idx setting that determines some details of
	event processing. When it is enabled, it "reduces the number of
	interrupts and exits for the guest". qemu will automatically enable
	this feature when it is available, but there may be cases where this
	new feature could actually make performance worse (NB: no such case
	has been found so far).

	As a safety switch in case such a situation is encountered in the
	field, this patch adds a new attribute "event_idx" to the 
	element of both disk and interface devices. event_idx can be set to
	"on" (to force event_idx on in case qemu has it disabled by default)
	or "off" (for force event_idx off). In the case that event_idx support
	isn't present in qemu, the attribute is ignored (this on the advice of
	the qemu developer).

	docs/formatdomain.html.in: document the new flag (marking it as
	   "don't mess with this!"
	docs/schemas/domain.rng: add event_idx in appropriate places
	src/conf/domain_conf.[ch]: add event_idx to parser and formatter
	src/libvirt_private.syms: export
	   virDomainVirtioEventIdx(From|To)String
	src/qemu/qemu_capabilities.[ch]: detect and report event_idx in
	   disk/net
	src/qemu/qemu_command.c: add event_idx parameter to qemu commandline
	    when appropriate.
	tests/qemuxml2argvdata/qemuxml2argv-event_idx.args,
	tests/qemuxml2argvdata/qemuxml2argv-event_idx.xml,
	tests/qemuxml2argvtest.c,
	tests/qemuxml2xmltest.c: test cases for event_idx.

2011-08-15  Peter Krempa  

	qemu: error message should show uri instead of (null)
	Fix pointer for error message uri if domain migration fails.

	BZ# 730244

2011-08-15  Jiri Denemark  

	qemu: Use fd: protocol for migration
	By opening a connection to remote qemu process ourselves and passing the
	socket to qemu we get much better errors than just "migration failed"
	when the connection is opened by qemu.

	qemu: Use virNetSocket for tunneled migration

	qemu: Refactor do{Tunnel,Native}Migrate functions
	The core of these two functions is very similar and most of it is even
	exactly the same. Factor out the core functionality into a separate
	function to remove code duplication and make further changes easier.

	Support changing UNIX socket owner in virNetSocketNewListenUNIX
	This patch allows owner's UID to be changed as well.

	Add backlog parameter to virNetSocketListen
	So that callers can change the default value.

2011-08-15  Daniel P. Berrange  

	Add API for duplicating a socket/client file descriptor
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add
	  virNetSocketDupFD()
	* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Add
	  virNetClientDupFD() and virNetClientGetFD()

2011-08-15  Douglas Schilling Landgraf  

	libvirtd.init.in: stop/restart() - wrong return value in case of failure
	The function stop() was always returning 0 (OK) from killproc() even
	in case of error.

2011-08-15  Osier Yang  

	daemon: Fix regression of libvirtd reloading support
	This is introduced by commit df0b57a95a, which forgot to
	add signal handler for SIGHUP.

	A simple reproduce method:

	1) Create a domain XML under /etc/libvirt/qemu
	2) % kill -SIGHUP $(pidof libvirtd)
	3) % virsh list --all (the new created domain XML is not listed)

2011-08-13  Eric Blake  

	maint: let emacs avoid tabs in rng files
	* .dir-locals.el: Add nxml-mode preferences.

2011-08-13  Philipp Hahn  

	Swap virDomain / virFomainSnapshot declaration
	In preparation for storing the domain description with the snapshot,
	swap the order of declaration.

2011-08-13  Eric Blake  

	build: fix recent build failures
	With gcc 4.5.1:

	util/virpidfile.c: In function 'virPidFileAcquirePath':
	util/virpidfile.c:308:66: error: nested extern declaration of '_gl_verify_function2' [-Wnested-externs]

	Then in tests/commandtest.c, the new virPidFile APIs need to be used.

	* src/util/virpidfile.c (virPidFileAcquirePath): Move verify to
	top level.
	* tests/commandtest.c: Use new pid APIs.

2011-08-13  Daniel P. Berrange  

	Convert libvirtd to use crash-safe pidfile APIs
	Remove the current libvirtd pidfile handling code, in favour of
	calling out to the new APIs. This ensures libvirtd's pidfile
	handling is crashsafe

	This also means that the non-root libvirtd instances (for handling
	qemu:///session URIs) can now safely use pidfiles without racing

	* daemon/libvirtd.c: Switch to use virPidFileAcquire and
	  virPidFileRelease

2011-08-13  Daniel P. Berrange  

	Add some APIs which use locking for crashsafe pidfile handling
	In daemons using pidfiles to protect against concurrent
	execution there is a possibility that a crash may leave a stale
	pidfile on disk, which then prevents later restart of the daemon.

	To avoid this problem, introduce a pair of APIs which make
	use of virFileLock to ensure crash-safe & race condition-safe
	pidfile acquisition & releae

	* src/libvirt_private.syms, src/util/virpidfile.c,
	  src/util/virpidfile.h: Add virPidFileAcquire and virPidFileRelease

2011-08-13  Daniel P. Berrange  

	Introduce functions for checking whether a pidfile is valid
	In some cases the caller of virPidFileRead might like extra checks
	to determine whether the pid just read is really the one they are
	expecting. This adds virPidFileReadIfAlive which will check whether
	the pid is still alive with kill(0, -1), and (on linux only) will
	look at /proc/$PID/path

	* libvirt_private.syms, util/virpidfile.c, util/virpidfile.h: Add
	  virPidFileReadIfValid and virPidFileReadPathIfValid
	* network/bridge_driver.c: Use new APIs to check PID validity

2011-08-13  Daniel P. Berrange  

	Move pidfile functions into util/virpidfile.{c,h}
	The functions for manipulating pidfiles are in util/util.{c,h}.
	We will shortly be adding some further pidfile related functions.
	To avoid further growing util.c, this moves the pidfile related
	functions into a dedicated virpidfile.{c,h}. The functions are
	also all renamed to have 'virPidFile' as their name prefix

	* util/util.h, util/util.c: Remove all pidfile code
	* util/virpidfile.c, util/virpidfile.h: Add new APIs for pidfile
	  handling.
	* lxc/lxc_controller.c, lxc/lxc_driver.c, network/bridge_driver.c,
	  qemu/qemu_process.c: Add virpidfile.h include and adapt for API
	  renames

2011-08-13  Daniel P. Berrange  

	Add virFileLock and virFileUnlock APIs
	Add some simple wrappers around the fcntl() discretionary file
	locking capability.

	* src/util/util.c, src/util/util.h, src/libvirt_private.syms: Add
	  virFileLock and virFileUnlock APIs

2011-08-13  Eric Blake  

	virsh: fix dead store
	Two copy-and-paste bugs in a row.  :(

	* tools/virsh.c (cmdUndefine): Also avoid dead store.

2011-08-13  Eric Blake  

	virsh: fix logic bug
	Bug introduced in commit 9a0ec36.

	* tools/virsh.c (cmdUndefine): Add missing line.

2011-08-12  Eric Blake  

	vbox, xenapi: add virDomainUndefineFlags
	We forgot to add virDomainUndefineFlags for a couple of hypervisors.
	This wires up trivial versions (since neither hypervisor supports
	managed save yet, they do not need to support any flags).

	* src/vbox/vbox_tmpl.c (vboxDomainCreateXML): Update caller.
	(vboxDomainUndefine): Move guts...
	(vboxDomainUndefineFlags): ...to new function.
	* src/xenapi/xenapi_driver.c (xenapiDomainUndefine)
	(xenapiDomainUndefineFlags): Likewise.

2011-08-12  Eric Blake  

	virsh: don't reject undefine on active domain
	The public API documents that undefine may be used to transition a
	running persistent domain into a transient one.  Many drivers still
	do not support this usage, but virsh shouldn't be getting in the
	way of those that do support it.

	This also drops a redundant conditional; vshCommandOptString
	guaranteed that name was non-NULL.

	* tools/virsh.c (cmdUndefine): Allow undefine on active domains;
	the drivers may still reject it, but it is a valid API usage.
	* tests/undefine (error): Fix the test to match.

2011-08-12  Philipp Hahn  

	Improve tokenizing of linkable terms
	Currently only tabs and blanks are used for tokenizing the description,
	which breaks when a term is at the end of a line or has () appended to
	it.
	1. Use also other white space characters such as new-lines and carriage
	   return for splitting.
	2. Remove some common non-word characters from the token before lookup.

2011-08-12  Daniel P. Berrange  

	Add some docs about the RPC protocol and APIs
	* remote.html.in: Remove obsolete notes about internals of the
	  RPC protocol
	* internals/rpc.html.in: Extensive docs on RPC protocol/API
	* sitemap.html.in: Add new page

2011-08-12  Philipp Hahn  

	Align table cells on top
	When the description of an entry is too long and needs multiple lines,
	all other table cells of the same row are currently vertically aligned
	on center. Without row borders or different background colors for
	alternating rows this is hard to read.

	Change the style-sheet to align the table cells of a row on top.

2011-08-12  Peter Krempa  

	virsh: Add dir type for listing volumes with vol-list
	Fix of output of detailed volume list. BZ #727088

2011-08-12  Peter Krempa  

	storage: Directory shouldn't be listed as type 'file'
	Fix internals of libvirt for new storage volume type.
	Libvirt reported an invalid type of the volume.

	BZ #727088

2011-08-12  Eric Blake  

	virsh: add snapshot-parent
	Down the road, I want to add virDomainSnapshotGetParent, and use
	the new API rather than xml scraping; but this virsh command can
	be implemented even without the new API.

	* tools/virsh.c (cmdSnapshotParent): New command.
	* tools/virsh.pod (snapshot-parent): Document it.

2011-08-12  Eric Blake  

	qemu: silence clang false positive
	Our logic throws off analyzer tools:

	ptr var = NULL;
	if (flags == 0) flags = live ? _LIVE : _CONFIG;
	if (flags & _LIVE) do stuff
	if (flags & _CONFIG) var = non-null;
	if (flags & _LIVE) do more stuff
	else if (flags & _CONFIG) use var

	the tools keep thinking that var can still be NULL in the last
	if clause, adding the hint shuts them up.

	* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Add a
	static analysis hint.

2011-08-12  Laine Stump  

	network: eliminate potential memory leak on parse failure
	While the first encountered dns host record is being parsed, it's
	possible for virNetworkDef::hosts to point to memory that has been
	allocated, but virNetworkDef::nhosts to still be 0. If there is a
	failure during that time, virNetworkDef::hosts will be leaked.

	Although this isn't currently the case for virNetworkDef::txtrecords,
	it could become that way through future re-factoring, and it hurts
	nothing to restructure the freeing of txtrecord data to match that of
	hosts data.

2011-08-11  Stefan Berger  

	nwfilter: tolerate disappearing interfaces while instantiating filter
	When instantiating a filter, a VM may disappear and remove its tap interfaces. Tolerate this case and don't report an error.

2011-08-11  Cole Robinson  

	qemu: Fix -chardev udp if parameters are omitted
	The following XML:

	    
	      
	    

	is accepted by domain_conf.c but maps to the qemu command line:

	-chardev udp,host=127.0.0.1,port=2222,localaddr=(null),localport=(null)

	qemu can cope with everything omitting except the connection port, which
	seems to also be the intent of domain_conf validation, so let's not
	generate bogus command lines for that case.
	The defaults are empty strings for addresses and 0 for the localport

	Additionally, tweak the qemu cli parsing to handle omitted host
	parameters
	for -serial udp

2011-08-11  Laine Stump  

	docs: use IPv6 addresses in range reserved for documentation
	Someone in an IRC channel or an email pointed out a few days ago that
	the examples of IPv6 addresses in the libvirt documentation were not
	in the officially reserved "documentation" range. This addresses their
	concern.

2011-08-11  Eric Blake  

	virsh: add virsh snapshot-current --name
	Sometimes, full XML is too much; since most snapshot commands
	operate on a snapshot name, there should be an easy way to get
	at the current snapshot's name.  For example:

	virsh snapshot-revert dom `virsh snapshot-current dom --name`

	* tools/virsh.c (cmdSnapshotCurrent): Add an option.
	* tools/virsh.pod (snapshot-current): Document it.

2011-08-11  Eric Blake  

	virsh: fix snapshot-create-as to handle arbitrary names
	Found this working on the next patch to use xpath to parse
	arbitrary names back out.

	* tools/virsh.c (cmdSnapshotCreateAs): Escape user input.

2011-08-11  Eric Blake  

	managedsave: prohibit use on transient domains
	Transient domains reject attempts to set autostart, and using
	virDomainCreate to restart a domain only works on persistent
	domains.  Therefore, managed save makes no sense on transient
	domains, and should be rejected up front rather than creating
	an otherwise unrecoverable managed save file.

	Besides, transient domains imply that a lot more management is
	being done by the upper layer; this includes the assumption
	that the upper layer is okay managing the saved state file
	created by virDomainSave, and does not need to use managed save.

	* src/libvirt.c: Document that transient domains are incompatible
	with managed save.
	* src/qemu/qemu_driver.c (qemuDomainManagedSave): Enforce it.
	* src/libxl/libxl_driver.c (libxlDomainManagedSave): Likewise.

2011-08-11  Laine Stump  

	docs: describe new virtual switch configuration in network XML docs
	This should have been done with the rest of the patch for virtual
	switch / network device abstraction. If documents the new elements
	(and new usage of existing elements) in the  XML to support
	libvirt networks that use existing host bridges and macvtap direct
	connections, as well as the new  element.

2011-08-10  Juerg Haefliger  

	Bugfix: Check stdoutWatch before removing the handler.

2011-08-10  Eric Blake  

	qemu: minor formatting cleanup
	I noticed some inconsistent use of 'else'.

	* src/qemu/qemu_driver.c (qemuCPUCompare)
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot)
	(qemuDomainSnapshotDiscard): Match coding conventions.

2011-08-10  Philipp Hahn  

	Fix memory leak while scanning snapshots
	If a snapshot with the name already exists, virDomainSnapshotAssignDef()
	just returns NULL, in which case the snapshot definition is leaked.
	Currently this leak is not a big problem, since qemuDomainSnapshotLoad()
	is only called once during initial startup of libvirtd.

2011-08-08  Eric Blake  

	build: fix regression in large file support
	* .gnulib: Update to latest, for largefile fix.

2011-08-08  Daniel P. Berrange  

	Allow use of file images for LXC container filesystems
	A previous commit gave the LXC driver the ability to mount
	block devices for the container filesystem. Through use of
	the loopback device functionality, we can build on this to
	support use of plain file images for LXC filesytems.

	By setting the LO_FLAGS_AUTOCLEAR flag we can ensure that
	the loop device automatically disappears when the container
	dies / shuts down

	* src/lxc/lxc_container.c: Raise error if we see a file
	  based filesystem, since it should have been turned into
	  a loopback device already
	* src/lxc/lxc_controller.c: Rewrite any filesystems of
	  type=file, into type=block, by binding the file image
	  to a free loop device

2011-08-08  Daniel P. Berrange  

	Fix typo in LXC cgroups setup error message
	* src/lxc/lxc_controller.c: s/PYT/PTY/

2011-08-08  Daniel P. Berrange  

	Allow use of block devices for guest filesystem
	Currently the LXC driver can only populate filesystems from
	host filesystems, using bind mounts. This patch allows host
	block devices to be mounted. It autodetects the filesystem
	format at mount time, and adds the block device to the cgroups
	ACL. Example usage is

	    
	      
	      
	    

	* src/lxc/lxc_container.c: Mount block device filesystems
	* src/lxc/lxc_controller.c: Add block device filesystems
	  to cgroups ACL

2011-08-08  Daniel P. Berrange  

	Don't mount /dev for application containers
	An application container shouldn't get a private /dev. Fix
	the regression from 6d37888e6a35a37e6faf7c0a1b1b4d9a5dee1285

	* src/lxc/lxc_container.c: Don't mount /dev for app containers

2011-08-06  Jiri Denemark  

	qemu: Avoid overwriting errors from virGetHostname

2011-08-05  Eric Blake  

	qemu: avoid crash on process attach
	Detected by ccc-analyzer, reported by Alex Jia.

	qemuProcessStart always calls qemuProcessWaitForMonitor with a
	non-negative position, but qemuProcessAttach always calls with -1.
	In the latter case, there is no log file we can scrape, so we
	also should not be trying to scrape the logs if the qemu process
	died at the very end.

	* src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Don't try
	to read from log in qemuProcessAttach case.

2011-08-05  Laine Stump  

	network: eliminate lag in updating dnsmasq hosts files
	This addresses https://bugzilla.redhat.com/show_bug.cgi?id=713728

	When "defining" a new network (or one that exists but isn't currently
	active) the new definition is stored in network->def, but for a
	network that already exists and is active, the new definition is
	stored in network->newDef, and then moved over to network->def as soon
	as the network is destroyed.

	However, the code that writes the dhcp and dns hosts files used by
	dnsmasq was always using network->def for its information, even when
	the new data was actually in network->newDef, so the hosts files
	always lagged one edit behind the definition.

	This patch changes the code to keep the pointer to the new definition
	after it's been assigned into the network, and use it directly
	(regardless of whether it's stored in network->newDef or network->def)
	to construct the hosts files.

2011-08-04  Alex Jia  

	qemu: avoid dead store in qemuMonitorTextBlockJob
	Value stored to 'ret' is never read, so remove this dead assignment.

	* src/qemu/qemu_monitor_text.c: kill dead assignment.

2011-08-04  Alex Jia  

	qemu: avoid dead store in qemuProcessStart
	Value stored to 'ret' is never read, in fact, 'cleanup' section will
	directly return -1 when function is fail, so remove this dead assignment.

	* src/qemu/qemu_process.c: kill dead assignment.

2011-08-04  Guannan Ren  

	rpc:fix sasl session relocking intead of unlocking it
	When trying to use any SASL authentication for TCP sockets by
	setting auth_tls = "sasl" in libvirtd.conf on server side, the
	client will hang because of the sasl session relocking other than
	dropping the lock when exiting virNetSASLSessionExtKeySize()
	* src/rpc/virnetsaslcontext.c: virNetSASLSessionExtKeySize drop the
	  lock on exit

2011-08-04  Osier Yang  

	daemon: Unlink unix socket paths on shutdown
	This patch introduces a internal RPC API "virNetServerClose", which
	is standalone with "virNetServerFree".  it closes all the socket fds,
	and unlinks the unix socket paths, regardless of whether the socket
	is still referenced or not.

	This is to address regression bug:
	https://bugzilla.redhat.com/show_bug.cgi?id=725702

2011-08-04  Eric Blake  

	build: update to latest gnulib
	I noticed that with 0.9.4, gnulib ended up replacing pthread_sigmask
	on glibc, even though glibc's works perfectly fine.  It turns out
	to have been an upstream gnulib bug.

	* .gnulib: Update to latest, for pthread_sigmask fix.

2011-08-04  Matthias Bolte  

	Fix detection of GnuTLS 1.x.y
	Detection based on gnutls_session doesn't work because GnuTLS 2.x.y
	comes with a compat.h that defines gnutls_session to gnutls_session_t.

	Instead detect this based on LIBGNUTLS_VERSION_MAJOR. Move this from
	configure/config.h to gnutls_1_0_compat.h and make sure that all users
	include gnutls_1_0_compat.h properly.

	Also fix header guard in gnutls_1_0_compat.h.

2011-08-03  Daniel Veillard  

	Release of libvirt-0.9.4
	* configure.ac docs/news.html.in libvirt.spec.in: updates for new
	  release
	* po/*.po*: pulled translations from the transifex teams and regenerated
	  localizations

2011-08-03  Eric Blake  

	qemu: silence coverity false positives
	Coverity gets confused by our logic.  Add some hints to silence
	false positives.

	* src/qemu/qemu_driver.c (qemudDomainGetVcpuPinInfo): Add hint.
	(qemuDomainGetMemoryParameters): Likewise.

2011-08-03  Eric Blake  

	util: plug memory leak
	Leak detected by Coverity; only possible on unlikely ptsname_r
	failure.  Additionally, the man page for ptsname_r states that
	failure is merely non-zero, not necessarily -1.

	* src/util/util.c (virFileOpenTtyAt): Avoid leak on ptsname_r
	failure.

2011-08-03  Eric Blake  

	interface: drop dead code
	Coverity detected that ifaceGetNthParent had already dereferenced
	'nth' prior to the conditional; all callers already complied with
	passing a non-NULL pointer so make this part of the contract.

	* src/util/interface.h (ifaceGetNthParent): Add annotations.
	* src/util/interface.c (ifaceGetNthParent): Drop useless null check.

2011-08-03  Eric Blake  

	rpc: silence coverity false positives
	In virNetServerNew, Coverity didn't realize that srv->mdsnGroupName
	can only be non-NULL if mdsnGroupName was non-NULL.

	In virNetServerRun, Coverity didn't realize that the array is non-NULL
	if the array count is non-zero.

	* src/rpc/virnetserver.c (virNetServerNew): Use alternate pointer.
	(virNetServerRun): Give coverity a hint.

2011-08-03  Eric Blake  

	rpc: avoid null deref
	Detected by Coverity.

	* src/rpc/virnetserverclient.c (virNetServerClientDispatchRead):
	Avoid null deref on OOM.

2011-08-03  Eric Blake  

	build: silence coverity false positives
	Coverity complained that 395 out of 409 virAsprintf calls are
	checked, and therefore assumed that the remaining cases are bugs
	waiting to happen.  But in each of these cases, a failed virAsprintf
	will properly set the target string to NULL, and pass on that
	failure to the caller, without wasting efforts to check the call.
	Adding the ignore_value silences Coverity.

	* src/conf/domain_audit.c (virDomainAuditGetRdev): Ignore
	virAsprintf return value, when it behaves like we need.
	* src/network/bridge_driver.c (networkDnsmasqLeaseFileNameDefault)
	(networkRadvdConfigFileName, networkBridgeDummyNicName)
	(networkRadvdPidfileBasename): Likewise.
	* src/util/storage_file.c (absolutePathFromBaseFile): Likewise.
	* src/openvz/openvz_driver.c (openvzGenerateContainerVethName):
	Likewise.
	* src/util/command.c (virCommandTranslateStatus): Likewise.

2011-08-03  Eric Blake  

	qemu: avoid memory leaks
	Quite a few leaks detected by coverity.  For chr, the leaks were
	close enough to the allocations to plug in place; for disk, the
	leaks were separated from the allocation by enough other lines with
	intermediate failure cases that I refactored the cleanup instead.

	* src/qemu/qemu_command.c (qemuParseCommandLine): Plug leaks.

2011-08-03  Eric Blake  

	qemu: plug child process leak on domain core dump
	Detected by Coverity.  Leak introduced by typo in commit 58e668d2.

	* src/qemu/qemu_driver.c (doCoreDump): Use correct function.

2011-08-03  Eric Blake  

	qemu: remove dead code
	Warning detected by Coverity.  No need for the NULL check, and
	removing it silences the warning without any semantic change.

	* src/qemu/qemu_migration.c (qemuMigrationFinish): All entries to
	endjob had non-NULL vm.

2011-08-03  Eric Blake  

	conf: avoid memory leak on disk operations
	Detected by Coverity.  Leak on meta introduced in commit 85aa40e.

	* src/conf/domain_conf.c (virDomainDiskDefForeachPath): Plug leak.

2011-08-03  Eric Blake  

	rpc: avoid crash on error
	Detected by Coverity.  Freeing the wrong variable results in both
	a memory leak and the likelihood of the caller dereferencing through
	a freed pointer.

	* src/rpc/virnettlscontext.c (virNetTLSSessionNew): Free correct
	variable.

2011-08-03  Eric Blake  

	qemu: avoid null deref on block pull error
	Coverity detected that 5 of 6 callers of virJSONValueArrayGet checked
	for a NULL return; and that by not checking we risk a null deref
	during an error.  The error is unlikely since the prior call to
	virJSONValueArraySize would probably have already caught any botched
	JSON array parse, but better safe than sorry.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockJobInfo):
	Check for NULL.
	(qemuMonitorJSONExtractPtyPaths): Fix typo.

2011-08-03  Eric Blake  

	rpc: correctly process sasl whitelist globs
	Detected by Coverity.  We want to compare the result of fnmatch 'rv',
	not our pre-set return value 'ret'.

	* src/rpc/virnetsaslcontext.c (virNetSASLContextCheckIdentity):
	Check correct variable.

2011-08-03  Eric Blake  

	build: allow caching the input to STATIC_ANALYSIS
	Right now, every re-run of configure re-evaluates whether a
	static analysis tool is in use.  But if you run configure under
	coverity, make a tweak, and then do an incremental rebuild with
	gcc but not coverity to test the tweak, then rerun a build under
	coverity, then configure does not get rerun, and static analysis
	ends up with lots of false positives.

	This patch caches the static analysis result, and also makes it
	easier to force static analysis even if the existing checks are
	insufficient to detect newer versions of the static analyzer tools.

	* configure.ac (lv_cv_static_analysis): New cache variable.

2011-08-03  Eric Blake  

	fdstream: drop delete argument
	Revert 6a1f5f568f8.  Now that libvirt_iohelper takes fds by
	inheritance rather than by open() (commit 1eb66479), there is
	no longer a race where the parent can unlink() a file prior to
	the iohelper open()ing the same file.  From there, it makes
	more sense to have the callers both create and unlink, rather
	than the caller create and the stream unlink, since the latter
	was only needed when iohelper had to do the unlink.

	* src/fdstream.h (virFDStreamOpenFile, virFDStreamCreateFile):
	Callers are responsible for deletion.
	* src/fdstream.c (virFDStreamOpenFileInternal): Don't leak created
	file on failure.
	(virFDStreamOpenFile, virFDStreamCreateFile): Drop parameter.
	* src/lxc/lxc_driver.c (lxcDomainOpenConsole): Update callers.
	* src/qemu/qemu_driver.c (qemuDomainScreenshot)
	(qemuDomainOpenConsole): Likewise.
	* src/storage/storage_driver.c (storageVolumeDownload)
	(storageVolumeUpload): Likewise.
	* src/uml/uml_driver.c (umlDomainOpenConsole): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainOpenConsole): Likewise.

2011-08-03  Eric Blake  

	screenshot: don't unlink bogus file
	The previous qemu patch could end up calling unlink(tmp) before
	tmp was the name of a valid file (unlinking a fileXXXXXX template
	instead), or calling unlink(tmp) twice on success (once here,
	and once at the end of the stream).  Meanwhile, vbox also suffered
	from the same leaked tmp file bug.

	* src/qemu/qemu_driver.c (qemuDomainScreenshot): Don't unlink on
	success, or on invalid name.
	* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Don't leak temp file.

2011-08-03  Eric Blake  

	python: avoid unlikely sign extension bug
	Detected by Coverity; same analysis as for commit f73198df.

	* python/libvirt-override.c (libvirt_virDomainGetVcpuPinInfo): Use
	correct type.

2011-08-03  Eric Blake  

	rpc: avoid uninitialized memory use
	Spotted by Coverity.  Gnutls documents that buffer must be NULL
	if gnutls_x509_crt_get_key_purpose_oid is to be used to determine
	the correct size needed for allocating a buffer.

	* src/rpc/virnettlscontext.c
	(virNetTLSContextCheckCertKeyPurpose): Initialize buffer.

2011-08-03  Eric Blake  

	rpc: avoid double close on error
	Spotted by coverity.  If pipe2 fails, then we attempt to close
	uninitialized fds, which may result in a double-close.

	* src/rpc/virnetserver.c (virNetServerSignalSetup): Initialize fds.

2011-08-03  Michal Privoznik  

	qemu: Unlink temporary file on failure
	Although virFDStreamOpenFile will unlink it once opened, when we hit
	error path, we must unlink it by hand.

2011-08-03  Eric Blake  

	doc: fix confusing statement about required privileges
	src/libvirt.c: "may requires" is confusing; the s was extra.

2011-08-02  Eric Blake  

	rpc: avoid libvirtd crash on unexpected client close
	Steps to reproduce this problem (vm1 is not running):
	for i in `seq 50`; do virsh managedsave vm1& done; killall virsh

	Pre-patch, virNetServerClientClose could end up setting client->sock
	to NULL prior to other cleanup functions trying to use client->sock.
	This fixes things by checking for NULL in more places, and by deferring
	the cleanup until after all queued messages have been served.

	* src/rpc/virnetserverclient.c (virNetServerClientRegisterEvent)
	(virNetServerClientGetFD, virNetServerClientIsSecure)
	(virNetServerClientLocalAddrString)
	(virNetServerClientRemoteAddrString): Check for closed socket.
	(virNetServerClientClose): Rearrange close sequence.
	Analysis from Wen Congyang.

2011-08-02  Alex Jia  

	virsh: fix memory leak in cmdNetworkInfo
	* tools/virsh.c: avoid memory leak in cmdNetworkInfo.

	* how to reproduce?
	  % valgrind -v --leak-check=yes virsh net-info default

	  https://bugzilla.redhat.com/show_bug.cgi?id=722806

2011-08-02  Alex Jia  

	doc: fix incorrect option in blockjob
	* tools/virsh.pod: change 'live' to 'abort' based on actual option

2011-08-02  Jean-Baptiste Rouault  

	openvz: detect when a domain was shut down from the inside
	This patch adds an internal function openvzGetVEStatus to
	get the real state of the domain. This function is used in
	various places in the driver, in particular to detect when
	the domain has been shut down by the user with the "halt"
	command.

2011-08-01  Eric Blake  

	qemu: fix crash when mixing sync and async monitor jobs
	Currently, we attempt to run sync job and async job at the same time. It
	means that the monitor commands for two jobs can be run in any order.

	In the function qemuDomainObjEnterMonitorInternal():
	    if (priv->job.active == QEMU_JOB_NONE && priv->job.asyncJob) {
	        if (qemuDomainObjBeginNestedJob(driver, obj) < 0)
	We check whether the caller is an async job by priv->job.active and
	priv->job.asynJob. But when an async job is running, and a sync job is
	also running at the time of the check, then priv->job.active is not
	QEMU_JOB_NONE. So we cannot check whether the caller is an async job
	in the function qemuDomainObjEnterMonitorInternal(), and must instead
	put the burden on the caller to tell us when an async command wants
	to do a nested job.

	Once the burden is on the caller, then only async monitor enters need
	to worry about whether the VM is still running; for sync monitor enter,
	the internal return is always 0, so lots of ignore_value can be dropped.

	* src/qemu/THREADS.txt: Reflect new rules.
	* src/qemu/qemu_domain.h (qemuDomainObjEnterMonitorAsync): New
	prototype.
	* src/qemu/qemu_process.h (qemuProcessStartCPUs)
	(qemuProcessStopCPUs): Add parameter.
	* src/qemu/qemu_migration.h (qemuMigrationToFile): Likewise.
	(qemuMigrationWaitForCompletion): Make static.
	* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitorInternal): Add
	parameter.
	(qemuDomainObjEnterMonitorAsync): New function.
	(qemuDomainObjEnterMonitor, qemuDomainObjEnterMonitorWithDriver):
	Update callers.
	* src/qemu/qemu_driver.c (qemuDomainSaveInternal)
	(qemudDomainCoreDump, doCoreDump, processWatchdogEvent)
	(qemudDomainSuspend, qemudDomainResume, qemuDomainSaveImageStartVM)
	(qemuDomainSnapshotCreateActive, qemuDomainRevertToSnapshot):
	Likewise.
	* src/qemu/qemu_process.c (qemuProcessStopCPUs)
	(qemuProcessFakeReboot, qemuProcessRecoverMigration)
	(qemuProcessRecoverJob, qemuProcessStart): Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationToFile)
	(qemuMigrationWaitForCompletion, qemuMigrationUpdateJobStatus)
	(qemuMigrationJobStart, qemuDomainMigrateGraphicsRelocate)
	(doNativeMigrate, doTunnelMigrate, qemuMigrationPerformJob)
	(qemuMigrationPerformPhase, qemuMigrationFinish)
	(qemuMigrationConfirm): Likewise.
	* src/qemu/qemu_hotplug.c: Drop unneeded ignore_value.

2011-08-01  Alex Jia  

	qemu: fix return value issue
	whether or not previous return value is -1, the following codes will be
	executed for a inactive guest in src/qemu/qemu_driver.c:
	ret = virDomainSaveConfig(driver->configDir, persistentDef);
	and if everything is okay, 'ret' is assigned to 0, the previous 'ret'
	will be overwritten, this patch will fix this issue.

	* src/qemu/qemu_driver.c: avoid return value is overwritten when give a argument
	  in out of blkio weight range for a inactive guest.

	* how to reproduce?
	  % virsh blkiotune ${guestname} --weight 10
	  % echo $?

	  Note: guest must be inactive, argument 10 in out of blkio weight range,
	  and can get a error information by checking libvirtd.log, however,
	  virsh hasn't raised any error information, and return value is 0.

	  https://bugzilla.redhat.com/show_bug.cgi?id=726304

2011-08-01  Alex Jia  

	qemu: fix return value issue in qemuDomainSetMemoryParameters
	whether or not previous return value is -1, the following codes will be
	executed for a inactive guest in qemuDomainSetMemoryParameters:
	ret = virDomainSaveConfig(driver->configDir, persistentDef);
	and if everything is okay, 'ret' is assigned to 0, the previous 'ret'
	will be overwritten, this patch will fix this issue.

	* src/qemu/qemu_driver.c: avoid return value is overwritten when set
	  min_guarante value to a inactive guest.

	* how to reproduce?
	  % virsh memtune ${guestname} --min_guarante 1024
	  % echo $?

	  Note: guest must be inactive, in fact, 'min_guarante' hasn't been implemented
	  in memory tunable, and I can get the error when check actual libvirtd.log,
	  however, virsh hasn't raised any error information, and return value is 0.

2011-08-01  Matthias Bolte  

	virsh: Fix vol-name and vol-pool commands
	This commands don't have a --pool option, so don't tell
	vshCommandOptVolBy that there could be one. This made
	vshCommandOptString for pooloptname fail and an "missing option"
	error was reported.

	Make pooloptname optional for vshCommandOptVolBy.

2011-08-01  Guannan Ren  

	Correct the default value of lock_manager in qemu.conf
	* src/qemu/qemu.conf: switch back the comment for the default lock
	  manager to sanlock

2011-08-01  Osier Yang  

	qemu: Fix a regression of domjobabort
	Introduced by f9a837da73a11ef, the condition is not changed after
	the else clause is removed. So now it quit with "domain is not
	running" when the domain is running. However, when the domain is
	not running, it reports "no job is active".

	How to reproduce:

	1)
	% virsh start $domain
	% virsh domjobabort $domain
	error: Requested operation is not valid: domain is not running

	2)
	% virsh destroy $domain
	% virsh domjobabort $domain
	error: Requested operation is not valid: no job is active on the domain

	3)
	% virsh save $domain /tmp/$domain.save

	Before above commands finished, try to abort job in another terminal

	% virsh domabortjob $domain
	error: Requested operation is not valid: domain is not running

2011-08-01  Matthias Bolte  

	conf: Don't leak the virtual port profile in virNetworkDefFree
	Reported by Alex Jia.

2011-07-30  Eric Blake  

	save: generate idempotent inactive xml for running domain
	Originally noticed by comparing the xml generated by virDomainSave
	with the xml produced by reparsing and redumping that xml, but I
	also did an audit of every last use of VIR_DOMAIN_XML_INACTIVE in
	domain_conf.c to ensure that no other discrepancies exist.

	* src/conf/domain_conf.c (virDomainDeviceInfoIsSet): Add
	parameter, and update all callers.  Make static.
	(virDomainNetDefFormat): Skip generated ifname.
	(virDomainDefFormatInternal): Skip default .
	(virDomainChrSourceDefParseXML): Skip generated pty path, and add
	parameter.  Update callers.
	* src/conf/domain_conf.h (virDomainDeviceInfoIsSet): Delete.
	* src/libvirt_private.syms (domain_conf.h): Update.

2011-07-30  Eric Blake  

	conf: make 'vnet' prefix a macro
	Using a macro ensures that all the code is looking for the same
	prefix.

	* src/conf/domain_conf.h (VIR_NET_GENERATED_PREFIX): New macro.
	* src/conf/domain_conf.c (virDomainNetDefParseXML): Use it.
	* src/uml/uml_conf.c (umlConnectTapDevice): Likewise.
	* src/qemu/qemu_command.c (qemuNetworkIfaceConnect): Likewise.
	Suggested by Laine Stump.

2011-07-30  Laine Stump  

	network: don't forward DNS requests from isolated networks
	This is in response to:

	  https://bugzilla.redhat.com/show_bug.cgi?id=723862

	which points out that a guest on an "isolated" network could
	potentially exploit the DNS forwarding provided by dnsmasq to create a
	communication channel to the outside.

	This patch eliminates that possibility by adding the "--no-resolv"
	argument to the dnsmasq commandline, which tells dnsmasq to not
	forward on any requests that it can't resolve itself (by looking at
	its own static hosts files and runtime list of dhcp clients), but to
	instead return a failure for those requests.

	This shouldn't cause any undesirable change from current
	behavior, even in the case where a guest is currently configured with
	multiple interfaces, one of them being connected to an isolated
	network, and another to a network that does have connectivity to the
	outside. If the isolated network's DNS server is queried for a name
	it doesn't know, it will return "Refused" rather than "Unknown", which
	indicates to the guest that it should query other servers, so it then
	queries the connected DNS server, and gets the desired response.

2011-07-30  Eric Blake  

	build: fix include path for cygwin
	Without this, cygwin failed to compile:

	In file included from ../src/rpc/virnetmessage.h:24,
	                 from ../src/rpc/virnetclient.h:27,
	                 from remote/remote_driver.c:31:
	../src/rpc/virnetprotocol.h:9:21: error: rpc/rpc.h: No such file or directory

	With that fixed, compilation warned:

	rpc/virnetsocket.c: In function 'virNetSocketNewListenUNIX':
	rpc/virnetsocket.c:347: warning: format '%d' expects type 'int', but argument 8 has type 'gid_t' [-Wformat]
	rpc/virnetsocket.c: In function 'virNetSocketGetLocalIdentity':
	rpc/virnetsocket.c:743: warning: pointer targets in passing argument 5 of 'getsockopt' differ in signedness

	* src/Makefile.am (libvirt_driver_remote_la_CFLAGS)
	(libvirt_net_rpc_client_la_CFLAGS)
	(libvirt_net_rpc_server_la_CFLAGS): Include XDR_CFLAGS, for rpc
	headers on cygwin.
	* src/rpc/virnetsocket.c (virNetSocketNewListenUNIX)
	(virNetSocketGetLocalIdentity): Avoid compiler warnings.

2011-07-30  Eric Blake  

	build: avoid non-portable shell in test setup
	POSIX states that 'a=1; a=2 b=$a command' has unspecified results
	for the value of $b visible within command.  In particular, on
	BSD, this resulted in PATH not picking up the in-test ssh.

	* tests/Makefile.am (lv_abs_top_builddir): New macro.
	(path_add, TESTS_ENVIRONMENT): Use it to avoid referring to an
	environment variable set previously within the same command line.
	Reported by Matthias Bolte.

2011-07-29  Matthias Bolte  

	tests: Don't use bash if we don't have to
	This tested failed on FreeBSD because it was using bash, that might
	not be installed.

2011-07-29  Osier Yang  

	utils: More useful error message for hook script failure
	Commit 3709a386 ported hooks codes to new command execution API,
	together with the useful error message removed. Though we can't
	get "errbuf" from the new command execution API anymore, still
	we can give a more useful error.

	https://bugzilla.redhat.com/show_bug.cgi?id=726398

2011-07-29  Matthias Bolte  

	freebsd: Fix build problem due to picking up the wrong libvirt.h
	Gettext annoyingly modifies CPPFLAGS in-place, putting
	-I/usr/local/include into the search patch if libintl headers
	must be used from that location.  But since we must support
	automake 1.9.6 which lacks AM_CPPFLAGS, and since CPPFLAGS is used
	prior to INCLUDES, this means that the build picks up the _old_
	installed libvirt.h in priority to the in-tree version, leading
	to all sorts of weird build failures on FreeBSD.

	Fix this by teaching configure to undo gettext's actions, but
	to keep any changes required by gettext at the end of INCLUDES
	after all in-tree locations are used first.  Also requires
	adding a wrapper Makefile.am and making gnulib-tool create
	just gnulib.mk files during the bootstrap process.

2011-07-29  Matthias Bolte  

	freebsd: Avoid /bin/true in commandtest
	Rely on PATH and use just true, because on FreeBSD it's /usr/bin/true.

2011-07-29  Matthias Bolte  

	tests: Unify style of test skipping code
	Prefer 'return EXIT_AM_SKIP' over 'exit(EXIT_AM_SKIP)'.

	Prefer 'int main(void)' over 'int main(int argc, char **argv)'.

	Fix mymain signature in commandtest and nodeinfotest.

2011-07-29  Eric Blake  

	save: let qemu driver manipulate save files
	The goal here is that save-image-dumpxml fed back to
	save-image-define should not change the save file; anywhere that
	this is not the case is probably a bug in domain_conf.c.

	* src/qemu/qemu_driver.c (qemuDomainSaveImageGetXMLDesc)
	(qemuDomainSaveImageDefineXML): New functions.
	(qemuDomainSaveImageOpen): Add parameter.
	(qemuDomainRestoreFlags, qemuDomainObjRestore): Adjust clients.

2011-07-29  Eric Blake  

	save: support qemu modifying xml on domain save/restore
	With this, it is possible to update the path to a disk backing
	image on either the save or restore action, without having to
	binary edit the XML embedded in the state file.

	This also modifies virDomainSave to output a smaller xml (only
	the inactive xml, which is all the more virDomainRestore parses),
	while still guaranteeing padding for most typical abi-compatible
	xml replacements, necessary so that the next patch for
	virDomainSaveImageDefineXML will not cause unnecessary
	modifications to the save image file.

	* src/qemu/qemu_driver.c (qemuDomainSaveInternal): Add parameter,
	only use inactive state, and guarantee padding.
	(qemuDomainSaveImageOpen): Add parameter.
	(qemuDomainSaveFlags, qemuDomainManagedSave)
	(qemuDomainRestoreFlags, qemuDomainObjRestore): Update callers.

2011-07-29  Eric Blake  

	maint: add missing copyright notices
	I went with the shorter license notice used by src/libvirt.c,
	rather than spelling out the full LGPLv2+ clause into each of
	these files.

	* configure.ac: Declare copyright.
	* all Makefile.am: Likewise.

2011-07-29  Eric Blake  

	xen: drop unused callbacks
	Found by:

	for f in $(sed -n 's/.*Drv[^ ]* \([^;]*\);.*/\1/p' src/xen/xen_driver.h)
	do
	  git grep "\(\.\|->\)$f\b" src/xen
	done | cat

	and looking through the resulting list to see which callback struct
	members are still necessary.

	* src/xen/xen_driver.h (xenUnifiedDriver): Drop all callbacks that
	are only used directly.
	* src/xen/xen_hypervisor.c (xenHypervisorDriver): Shrink list.
	* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.
	* src/xen/xend_internal.c (xenDaemonDriver): Likewise.
	* src/xen/xm_internal.c (xenXMDriver): Likewise.
	* src/xen/xs_internal.c (xenStoreDriver): Likewise.

2011-07-29  Eric Blake  

	xen: make direct call when there is only one subdriver
	No need to use a for loop if we know there is exactly one client.
	Found by:

	for f in $(sed -n 's/.*Drv[^ ]* \([^;]*\);.*/\1/p' src/xen/xen_driver.h)
	do
	  git grep "\(\.\|->\)$f\b" src/xen
	done | cat

	and looking through the resulting list to see which callback struct
	members are used exactly once.  The next patch will ensure that we
	don't reintroduce uses of these callbacks.

	* src/xen/xen_driver.c (xenUnifiedClose): Call close
	unconditionally, to match xenUnifiedOpen.
	(xenUnifiedNodeGetInfo, xenUnifiedDomainCreateXML)
	(xenUnifiedDomainSave, xenUnifiedDomainRestore)
	(xenUnifiedDomainCoreDump, xenUnifiedDomainUpdateDeviceFlags):
	Make direct call to lone implementation.
	* src/xen/xend_internal.h (xenDaemonDomainCoreDump)
	(xenDaemonUpdateDeviceFlags, xenDaemonCreateXML): Add prototypes.
	* src/xen/xend_internal.c (xenDaemonDomainCoreDump)
	(xenDaemonUpdateDeviceFlags, xenDaemonCreateXML): Export.

2011-07-29  Eric Blake  

	xen: reduce callback special cases
	The callback struct is great when iterating through several
	possibilities, but when calling a known callback, it's just
	overhead.  We can make the direct call in those cases.

	* src/xen/xen_driver.c (xenUnifiedOpen, xenUnifiedDomainSuspend)
	(xenUnifiedDomainResume, xenUnifiedDomainDestroyFlags): Make
	direct calls instead of going through callback.

2011-07-29  Eric Blake  

	xen: cleanup callback struct
	Using C99 initializers and xen-specific prefixes will make it
	so that future patches are less likely to add callback members
	to the xenUnifiedDriver struct, since the goal is to get rid
	of the callback struct in the first place.

	* src/xen/xen_driver.h (xenUnifiedDriver): Rename all struct
	members, to make it obvious which ones are still in use.
	* src/xen/xen_driver.c: Update all callers.
	* src/xen/xen_hypervisor.c (xenHypervisorDriver): Rewrite with C99
	initializers.
	* src/xen/xend_internal.c (xenDaemonDriver): Likewise.
	* src/xen/xs_internal.c (xenStoreDriver): Likewise.
	* src/xen/xm_internal.c (xenXMDriver): Likewise.
	* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.

2011-07-29  Laine Stump  

	libxl: fix build failure due to change in virDomainGraphicsDef
	This failure was introduced by commit dacee3d, which removed
	listenAddr from the unions in virDomainGraphicsDef in favor of putting
	it in the address attribute of virDomainGraphicsListenDef.

2011-07-29  Laine Stump  

	qemu: support type=network in domain graphics 
	The domain XML now understands the  subelement of its
	 element (including when listen type='network'), and the
	network driver has an internal API that will turn a network name into
	an IP address, so the final logical step is to put the glue into the
	qemu driver so that when it is starting up a domain, if it finds
	 in the XML, it will call the
	network driver to get an IPv4 address associated with network xyz, and
	tell qemu to listen for vnc (or spice) on that address rather than the
	default address (localhost).

	The motivation for this is that a large installation may want the
	guests' VNC servers listening on physical interfaces rather than
	localhost, so that users can connect directly from the outside; this
	requires sending qemu the appropriate IP address to listen on. But
	this address will of course be different for each host, and if a guest
	might be migrated around from one host to another, it's important that
	the guest's config not have any information embedded in it that is
	specific to one particular host. , or host bridge network:  

	  2) in the  element of each guest's domain xml, tell vnc to
	     listen on the network name used in step 1:

	     
	       
	     

	(all the above also applies for graphics type='spice').

2011-07-29  Laine Stump  

	conf: add  subelement to domain  element
	Once it's plugged in, the  element will be an optional
	replacement for the "listen" attribute that graphics elements already
	have. If the  element is type='address', it will have an
	attribute called 'address' which will contain an IP address or dns
	name that the guest's display server should listen on. If, however,
	type='network', the  element should have an attribute called
	'network' that will be set to the name of a network configuration to
	get the IP address from.

	* docs/schemas/domain.rng: updated to allow the  element

	* docs/formatdomain.html.in: document the  element and its
	  attributes.

	* src/conf/domain_conf.[hc]:

	  1) The domain parser, formatter, and data structure are modified to
	     support 0 or more  subelements to each 
	     element. The old style "legacy" listen attribute is also still
	     accepted, and will be stored internally just as if it were a
	     separate  element. On output (i.e. format), the address
	     attribute of the first  element of type 'address' will be
	     duplicated in the legacy "listen" attribute of the 
	     element.

	  2) The "listenAddr" attribute has been removed from the unions in
	     virDomainGRaphicsDef for graphics types vnc, rdp, and spice.
	     This attribute is now in the  subelement (aka
	     virDomainGraphicsListenDef)

	  3) Helper functions were written to provide simple access
	     (both Get and Set) to the listen elements and their attributes.

	* src/libvirt_private.syms: export the listen helper functions

	* src/qemu/qemu_command.c, src/qemu/qemu_hotplug.c,
	  src/qemu/qemu_migration.c, src/vbox/vbox_tmpl.c,
	  src/vmx/vmx.c, src/xenxs/xen_sxpr.c, src/xenxs/xen_xm.c

	  Modify all these files to use the listen helper functions rather
	  than directly referencing the (now missing) listenAddr
	  attribute. There can be multiple  elements to a single
	  , but the drivers all currently only support one, so all
	  replacements of direct access with a helper function indicate index
	  "0".

	* tests/* - only 3 of these are new files added explicitly to test the
	  new  element. All the others have been modified to reflect
	  the fact that any legacy "listen" attributes passed in to the domain
	  parse will be saved in a  element (i.e. one of the
	  virDomainGraphicsListenDefs), and during the domain format function,
	  both the  element as well as the legacy attributes will be
	  output.

2011-07-28  Alex Jia  

	virsh: avoid missing zero value judgement in cmdBlkiotune
	* tools/virsh.c: fix missing zero value judgement in cmdBlkiotune and correct
	  vshError information.

	  when weight is equal to 0, the cmdBlkiotune will not raise any error information
	  when judge weight value first time, and execute else branch to judge weight
	  value again, strncpy(temp->field, VIR_DOMAIN_BLKIO_WEIGHT, sizeof(temp->field))
	  will be not executed for ever. However, if and only if param->field is equal
	  to VIR_DOMAIN_BLKIO_WEIGHT, underlying qemuDomainSetBlkioParameters function
	  will check whether weight value is in range [100, 1000].

	* how to reproduce?

	  % virsh blkiotune ${guestname} --weight 0

2011-07-28  Eric Blake  

	build: avoid type-punning compiler warning
	On RHEL 5, with gcc 4.1.2:

	rpc/virnetsaslcontext.c: In function 'virNetSASLSessionUpdateBufSize':
	rpc/virnetsaslcontext.c:396: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]

	* src/rpc/virnetsaslcontext.c (virNetSASLSessionUpdateBufSize):
	Use a union to work around gcc warning.

2011-07-28  Eric Blake  

	qemu: fix nested job with driver lock held
	qemuMigrationUpdateJobStatus (called in a loop by migration
	and save tasks) uses qemuDomainObjEnterMonitorWithDriver;
	however, that function ended up starting a nested job without
	releasing the driver.

	Since no one else is making nested calls, we can inline the
	internal functions to properly track driver_locked.

	* src/qemu/qemu_domain.h (qemuDomainObjBeginNestedJob)
	(qemuDomainObjBeginNestedJobWithDriver)
	(qemuDomainObjEndNestedJob): Drop unused prototypes.
	* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitorInternal):
	Reflect driver lock to nested job.
	(qemuDomainObjBeginNestedJob)
	(qemuDomainObjBeginNestedJobWithDriver)
	(qemuDomainObjEndNestedJob): Drop unused functions.

2011-07-28  Michal Privoznik  

	qemu: Fix memory leak on metadata fetching
	As written in virStorageFileGetMetadataFromFD decription, caller
	must free metadata after use. Qemu driver miss this and therefore
	leak metadata which can grow to huge mem leak if somebody query
	for blockInfo a lot.

2011-07-28  Matthias Bolte  

	freebsd: Add gnulib environ module for the commandtest

2011-07-28  Michal Privoznik  

	libvirt.c: Update outdated description of flags
	Because we do support flags for virDomainSetBlkioParameters and
	virDomainGetBlkioParameters, update appropriate description as well.

2011-07-28  Hu Tao  

	python: add python binding for virDomainSetMemoryParameters

	python: add python binding for virDomainGetMemoryParameters

	python: add python binding for virDomainSetBlkioParameters

	python: add python binding for virDomainGetBlkioParameters

2011-07-28  Alex Jia  

	virsh: fix memory leak in cmdVolPath code
	* tools/virsh.c: avoid memory leak in cmdVolPath.
	* src/libvirt.c: Add doc for virStorageVolGetPath to tell one
	  must free() the returned path after use.

	* how to reproduce?

	% dd if=/dev/zero of=/var/lib/libvirt/images/foo.img count=1 bs=10M
	% virsh pool-refresh default
	% valgrind -v --leak-check=full virsh vol-path --vol \
	/var/lib/libvirt/images/foo.img

	* actual results:

	Detected in valgrind run:

	==16436== 32 bytes in 1 blocks are definitely lost in loss record 7 of 22
	==16436==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==16436==    by 0x386A314B3D: xdr_string (in /lib64/libc-2.12.so)
	==16436==    by 0x3DF8CD770D: xdr_remote_nonnull_string (remote_protocol.c:3
	==16436==    by 0x3DF8CD7EC8: xdr_remote_storage_vol_get_path_ret
	% virsh pool-refresh default
	% valgrind -v --leak-check=full virsh vol-path --vol \
	/var/lib/libvirt/images/foo.img

2011-07-28  Osier Yang  

	qemu: Improve docs for virsh dump format
	The error in getCompressionType will never be reported, change
	the errors codes into warning (VIR_WARN("%s", _(foo)); doesn't break
	syntax-check rule), and also improve the docs in qemu.conf to tell
	user the truth.

2011-07-28  Eric Blake  

	qemu: improve thread documentation
	* src/qemu/THREADS.txt: Fix problems with typos, grammar, and
	outdated examples.

	virsh: expose change-protection during migration
	* tools/virsh.c (doMigrate): Add --change-protection flag.
	* tools/virsh.pod (migrate): Document it.

2011-07-28  Matthias Bolte  

	rpc: Fix memory leak in remoteDomainSet*Parameters functions
	Add a new helper remoteFreeTypedParameters and teach the generator
	to add it to the cleanup section.

	https://bugzilla.redhat.com/show_bug.cgi?id=725322

2011-07-28  Lai Jiangshan  

	send-key: Implement Python API

2011-07-27  Jiri Denemark  

	qemu: Remove special case for virDomainAbortJob
	This doesn't abort migration job in any phase, yet.

	qemu: Remove special case for virDomainSuspend

	qemu: Remove special case for virDomainMigrateSetMaxDowntime
	Call qemu monitor command directly within a special job that is only
	allowed during outgoing migration.

	qemu: Remove special case for virDomainMigrateSetMaxSpeed
	Call qemu monitor command directly within a special job that is only
	allowed during outgoing migration.

	qemu: Remove special case for virDomainBlockStats
	Like other query commands, this can now be called directly during
	migration.

	qemu: Remove special case for virDomainGetBlockInfo
	Like other query commands, this can now be called directly during
	migration.

	qemu: Recover from interrupted migration

2011-07-27  Jiri Denemark  

	qemu: Migration job on source daemon
	Make MIGRATION_OUT use the new helper methods.

	This also introduces new protection to migration v3 process: the
	migration job is held from Begin to Confirm to avoid changes to a domain
	during migration (esp. between Begin and Perform phases). This change is
	automatically applied to p2p and tunneled migrations. For normal
	migration, this requires support from a client. In other words, if an
	old (pre 0.9.4) client starts normal migration of a domain, the domain
	will not be protected against changes between Begin and Perform steps.

2011-07-27  Jiri Denemark  

	qemu: Migration job on destination daemon
	Make MIGRATION_IN use the new helper methods.

	qemu: Implement migration job phases
	This patch introduces several helper methods to deal with jobs and
	phases during migration in a simpler manner.

2011-07-27  Eric Blake  

	build: support warnings on RHEL 5
	Without this, a configure built by autoconf 2.59 was broken when
	trying to detect which compiler warning flags were supported.

	* .gnulib: Update to latest, for warnings.m4 fix.
	* bootstrap.conf: Add fclose explicitly, to match recent gnulib
	implicit dependency changes.
	* src/qemu/qemu_conf.c (includes): Drop unused include.
	* src/uml/uml_conf.c (include): Likewise.
	Reported by Daniel P. Berrange.

2011-07-27  Michal Privoznik  

	bandwidth: Integrate bandwidth into portgroups
	Every DomainNetDef has a bandwidth, as does every portgroup.
	Whenever a DomainNetDef of type NETWORK is about to be used, a call is
	made to networkAllocateActualDevice(). This function chooses the "best"
	bandwidth object and places it in the DomainActualNetDef.
	From that point on, whenever some code needs to use the bandwidth data
	for the interface, it's retrieved with virDomainNetGetActualBandwidth(),
	which will always return the "best" info as determined in the
	previous step.

2011-07-27  Osier Yang  

	doc: Add doc for blockpull and blockjob commands
	Commit b31abc6f0 introduce commands blockpull and blockjob, but
	forgot to add the docs meanwhile.

2011-07-27  Cole Robinson  

	python: Properly report errors if virStreamRecv fails
	We only want to raise the special value -2. -1 should return None
	which tells the bindings to throw an exception.

2011-07-26  Alex Jia  

	tools: format percent strings of nodecpustats
	* tools/virsh.c: format strings display for virsh nodecpustats --percent.

	* how to reproduce?

	% virsh nodecpustats --percent
	usage:            2.0%
	    user  :       1.0%
	    system:       1.0%
	idle  :          98.0%
	iowait:           0.0%

	* after format strings

	% virsh nodecpustats --percent
	usage:            2.0%
	user:             1.0%
	system:           1.0%
	idle:            98.0%
	iowait:           0.0%

2011-07-26  Stefan Berger  

	Build: fix build if HAVE_AVAHI is not defined
	Fix the build if HAVE_AVAHI is not defined.

2011-07-26  Dave Allan  

	Fix incorrect implication about list options
	The description of the list command seemed to suggest that it could
	take a set of domains as an argument, which is not correct in the
	current HEAD.  If virsh list is intended to take a list of domains,
	then this patch should be NAK'd and a bug opened against virsh list.

	Reported by hachi on #virt

	v2:

	Change language to include transient domains

	Osier pointed out that transient domains are not defined, so what I
	had originally proposed wasn't quite correct.

2011-07-26  Daniel P. Berrange  

	Fix race in ref counting when handling RPC jobs
	When an incoming RPC message is ready for processing,

	  virNetServerClientDispatchRead()

	will invoke the 'dispatchFunc' callback. This is set to

	  virNetServerDispatchNewMessage

	This function puts the message + client in a queue for processing by the thread
	pool. The thread pool worker function is

	  virNetServerHandleJob

	The first thing this does is acquire an extra reference on the 'client'.

	Unfortunately, between the time the message+client are put on the thread pool
	queue, and the time the worker runs, the client object may have had its last
	reference removed.

	We clearly need to add the reference to the client object before putting the
	client on the processing queue

	* src/rpc/virnetserverclient.c: Add a reference to the client when
	  invoking the dispatch function
	* src/rpc/virnetserver.c: Don't acquire a reference to the client
	  when in the worker thread

2011-07-26  Wen Congyang  

	set cpu bandwidth for the vm
	The cpu bandwidth is applied at the vcpu group level. We should apply it
	at the vm group level too, because the vm may do heavy I/O, and it will affect
	the other vm.

	We apply cpu bandwidth at the vcpu and the vm group level, so we must ensure
	that max(child_quota) <= parent_quota when we modify cpu bandwidth.

2011-07-26  Daniel P. Berrange  

	Fix build with gnutls 1.0.x branch

	Fix typos in virsh.pod file
	* tools/virsh.pod: Fix missing > tag in docs

2011-07-26  Osier Yang  

	network: Fix typo
	Introduced by commit 239322cb, reported by Ruben Kerkhof.

2011-07-26  Daniel P. Berrange  

	Add libtasn1-devel as a BuildRequires for libvirt.spec
	* libvirt.spec.in: Add libtasn1-devel

2011-07-26  Daniel P. Berrange  

	Add mutex protection to SASL and TLS modules
	The virNetSASLContext, virNetSASLSession, virNetTLSContext and
	virNetTLSSession classes previously relied in their owners
	(virNetClient / virNetServer / virNetServerClient) to provide
	locking protection for concurrent usage. When virNetSocket
	gained its own locking code, this invalidated the implicit
	safety the SASL/TLS modules relied on. Thus we need to give
	them all explicit locking of their own via new mutexes.

	* src/rpc/virnetsaslcontext.c, src/rpc/virnettlscontext.c: Add
	  a mutex per object

2011-07-26  Daniel P. Berrange  

	Report error if unable to bind to any socket
	When setting up a server socket, we must skip EADDRINUSE errors
	from bind, since the IPv6 socket bind may have already bound to
	the IPv4 socket too. If we don't manage to bind to any sockets
	at all though, we should then report the EADDRINUSE error as
	normal.

	This fixes the case where libvirtd would not exit if some other
	program was listening on its TCP/TLS ports.

	* src/rpc/virnetsocket.c: Report EADDRINUSE

2011-07-26  Daniel P. Berrange  

	Fix leak of mDNS object in virNetServer
	* src/rpc/virnetserver.c: Free mDNS object

	Fix memory leaks in MDNS code
	* src/rpc/virnetservermdns.c: Fix leaks

2011-07-26  Eric Blake  

	virsh: use faster bit search
	Now that gnulib gives us ffs, we might as well use it.

	* tools/virsh.c (vshCmddefGetData): Use ffs rather than
	count_one_bits.

2011-07-26  Eric Blake  

	virsh: make vcpucount use --current consistently
	Rename the existing --current flag to the new name --active,
	while adding a new flag --current to expose the new
	VIR_DOMAIN_AFFECT_CURRENT flag of virDomainGetVcpusFlags.

	For backwards compability, the output does not change (even
	though the label "current" no longer matches the spelling of
	the option that would trigger that number in isolation), and
	we accept "--current --live" as an undocumented synonym for
	"--active --live" to avoid breaking any existing clients.

	* tools/virsh.c (cmdVcpucount): Add --active flag, and rearrange
	existing flag handling to expose VIR_DOMAIN_AFFECT_CURRENT support.
	* tools/virsh.pod (vcpucount): Document this.

2011-07-26  Eric Blake  

	vcpu: teach getVcpusFlags about current
	Now that virDomainSetVcpusFlags knows about VIR_DOMAIN_AFFECT_CURRENT,
	so should virDomainGetVcpusFlags.

	Unfortunately, the virsh counterpart 'virsh vcpucount' has already
	commandeered --current for a different meaning, so teaching virsh
	to expose this in the next patch will require a bit of care.

	* src/libvirt.c (virDomainGetVcpusFlags): Allow
	VIR_DOMAIN_AFFECT_CURRENT.
	* src/libxl/libxl_driver.c (libxlDomainGetVcpusFlags): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainGetVcpusFlags): Likewise.
	* src/test/test_driver.c (testDomainGetVcpusFlags): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainGetVcpusFlags): Likewise.

2011-07-26  Cole Robinson  

	python: Handle embedded NUL in stream.send data
	Otherwise things like volume upload are only useful with text data.

2011-07-26  Laine Stump  

	util: change virFile*Pid functions to return < 0 on failure
	Although most functions in libvirt return 0 on success and < 0 on
	failure, there are a few functions lingering around that return errno
	(a positive value) on failure, and sometimes code calling those
	functions incorrectly assumes the <0 standard. I noticed one of these
	the other day when auditing networkStartDhcpDaemon after Guido Gunther
	found a place where success was improperly returned on failure (that
	patch has been acked and is pending a push). The problem was that it
	expected the return value from virFileReadPid to be < 0 on failure,
	but it was actually positive (it was also neglected to set the return
	code in this case, similar to the bug found by Guido).

	This all led to the fact that *all* of the virFile*Pid functions in
	util.c are returning errno on failure. This patch remedies that
	problem by changing them all to return -errno on failure, and makes
	any necessary changes to callers of the functions. (In the meantime, I
	also properly set the return code on failure of virFileReadPid in
	networkStartDhcpDaemon).

2011-07-26  Guido Günther  

	Catch dnsmasq start failures
	While we checked the return value we didn't maks sure ret != 0 which
	resulted in dnsmasq errors being ignored.

2011-07-26  Daniel P. Berrange  

	Fix import of private key with older gnutls
	With older GNUTLS the gnutls_x509_privkey_import function is
	unable to import our private key. Instead we must use the
	alternative gnutls_x509_privkey_import_pkcs8() (as certtool
	does).

	* virnettlscontexttest.c: Fix import of private key with
	  older gnutls. Also add missing newlines to key

2011-07-25  Daniel P. Berrange  

	Fix TLS context tests with expired certs
	commit 5283ea9b1d8a4b0f2fd6796bf60615aca7b6c3e6 changed the
	semantics of the 'expire_offset' field in the test case struct
	so that instead of being an absolute timestamp, it was a delta
	relative to the current time. This broke the test cases which
	were testing expiry of certificates, by putting the expiry
	time into the future, instead of in the past.

	Fix this by changing the expiry values to be negative, so that
	the delta goes into the past again.

	* virnettlscontexttest.c: Fix expiry tests

2011-07-25  Wen Congyang  

	rename cfs_* to vcpu_*
	In the XML file we now have

	  
	    1024
	    90000
	    0
	  

	But the schedinfo parameter are being named

	 cpu_shares: 1024
	 cfs_period: 90000
	 cfs_quota: 0

	The period/quota is per-vcpu value, so these new tunables should be named
	'vcpu_period' and 'vcpu_quota'.

2011-07-25  Cole Robinson  

	docs: Break up 'Basic Resources' XML section
	We had a bit too many elements crammed in there. Separate it into different
	headings:

	- CPU Allocation ()
	- CPU Tuning ()
	- Memory allocation ( and )
	- Memory backing ()
	- Memory tuning ()
	- Numa tuning ()
	- Block I/O tuning ()

2011-07-25  Taku Izumi  

	python: add Python binding for virDomainGetVcpuPinInfo API
	This patch adds the Python bindings for virDomainGetVcpuPinInfo API.
	* python/generator.py: add it to generator skip list
	* python/libvirt-override-api.xml: provide an override description
	* python/libvirt-override.c: provide an override binding implementation

	python: add Python binding for virDomainPinVcpusFlags API
	This patch adds the Python bindings for virDomainPinVcpuFlags API.
	* python/generator.py: add it to the generator skip list
	* python/libvirt-override-api.xml: provide override description
	* python/libvirt-override.c: provide override bindings implementation

	python: add Python binding for virDomainGetSchedulerParametersFlags API
	This patch adds the Python bindings for
	virDomainGetSchedulerParametersFlags API.

	python: add Python binding for virDomainGetSchedulerParametersFlags API
	This patch adds the Python bindings for
	virDomainGetSchedulerParametersFlags API.
	* python/libvirt-override-api.xml: provide and override description
	* python/libvirt-override.c: implement the bindings

2011-07-25  Eric Blake  

	tests: detect gnutls errors
	* tests/virnettlscontexttest.c (testTLSLoadKey): Report errors.

2011-07-25  Wieland Hoffmann  

	driver.h: Fix two driver documentation mistakes

2011-07-25  Michal Privoznik  

	bandwidth: Add domain schema and xml2xml tests

	bandwidth: Add test cases for network

	bandwidth: Implement functions to enable and disable QoS
	These function executes 'tc' with appropriate arguments to set
	desired QoS setting on interface or bridge during its creation.

	bandwidth: Create format functions

2011-07-25  Michal Privoznik  

	bandwidth: Add parsing and free functions
	These functions parse given XML node and return pointer to the
	output. Unknown elements are silently ignored. Attributes must
	be integer and must fit in unsigned long long.

	Free function frees elements of virBandwidth structure.

2011-07-25  Michal Privoznik  

	bandwidth: Declare internal structures

2011-07-25  Michal Privoznik  

	bandwidth: Define schema and create documentation
	Define new 'bandwidth' element with possible child element 'inbound'
	and 'outbound' addressing incoming and outgoing traffic respectively:

	
	  
	  
	

	Leaving any element out means not to shape traffic in that
	direction.
	The units for average and peak (rate) are in kilobytes per second,
	for burst (size) are just in kilobytes.
	This element can be inserted into domain's 'interface' and
	'network'.

2011-07-25  Laine Stump  

	network: provide internal API to return IP of a network
	The new listenNetwork attribute needs to learn an IP address based on a
	named network. This patch provides a function networkGetNetworkAddress
	which provides that.

	Some networks have an IP address explicitly in their configuration
	(ie, those with a forward type of "none", "route", or "nat"). For
	those, we can just return the IP address from the config.

	The rest will have a physical device associated with them (either via
	, , or possibly via a pool
	of interfaces inside the network's  element) and we will need
	to ask the kernel for a current IP address of that device (via the
	newly added ifaceGetIPAddress)

	If networkGetNetworkAddress encounters an error while trying to learn
	the address for a network, it will return -1. In the case that libvirt
	has been compiled without the network driver, the call is a macro
	which reduces to -2. This allows differentiating between a failure of
	the network driver, and its complete absence.

2011-07-25  Laine Stump  

	util: add an ifaceGetIPAddress to the interface utilities
	This function uses ioctl(SIOCGIFADDR), which limits it to returning
	the first IPv4 address of an interface, but that's what we want right
	now (the place we're going to use the address only accepts one).

2011-07-25  Eric Blake  

	tests: fix compilation failures
	Even though gnutls is a hard-req for libvirt, and gnutls depends
	on libtasn1, that does not mean that you have to have the libtasn1
	development files installed.  Skip the test rather than failing
	compilation in that case.

	With newer gcc, the test consumed too much stack space.  Move
	things to static storage to fix that.

	* configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h.
	(HAVE_LIBTASN1): New automake conditional.
	* tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES)
	(virnettlscontexttest_LDADD): Allow compilation without libtasn1.
	* tests/virnettlscontexttest.c: Skip test if headers not present.
	(struct testTLSCertReq): Alter time members.
	(testTLSGenerateCert): Reflect the change.
	(mymain): Reduce stack usage.

2011-07-22  Daniel P. Berrange  

	Pre-create /var/lib/libvirt/sanlock directory
	The sanlock plugin for libvirt expects the directory
	/var/lib/libvirt/sanlock to exist. Create this and add
	it to the RPM

	* libvirt.spec.in: Add /var/lib/libvirt/sanlock
	* src/Makefile.am: Create /var/lib/libvirt/sanlock

2011-07-22  Daniel P. Berrange  

	Honour filesystem readonly flag & make special FS readonly
	A container should not be allowed to modify stuff in /sys
	or /proc/sys so make them readonly. Make /selinux readonly
	so that containers think that selinux is disabled.

	Honour the readonly flag when mounting container filesystems
	from the guest XML config

	* src/lxc/lxc_container.c: Support readonly mounts

2011-07-22  Daniel P. Berrange  

	Refactor mounting of special filesystems
	Even in non-virtual root filesystem mode we should be mounting
	more than just a new /proc. Refactor lxcContainerMountBasicFS
	so that it does everything except for /dev and /dev/pts moving
	that into lxcContainerMountDevFS. Pass in a source prefix
	to lxcContainerMountBasicFS() so it can be used in both shared
	root and private root modes.

	* src/lxc/lxc_container.c: Unify mounting code for special
	  filesystems

2011-07-22  Daniel P. Berrange  

	Pull code for doing a bind mount into separate method
	The bind mount setup is about to get more complicated.
	To avoid having to deal with several copies, pull it
	out into a separate lxcContainerMountFSBind method.

	Also pull out the iteration over container filesystems,
	so that it will be easier to drop in support for non-bind
	mount filesystems

	* src/lxc/lxc_container.c: Pull bind mount code out into
	  lxcContainerMountFSBind

2011-07-22  Daniel P. Berrange  

	Fix typos in daemon config file from previous commit

2011-07-22  Daniel P. Berrange  

	Add a test case for certificate validation
	This test case checks certification validation rules for

	 - Basic constraints
	 - Key purpose
	 - Key usage
	 - Start/expiry times

	It checks initial context creation sanity checks, and live
	session validation

2011-07-22  Daniel P. Berrange  

	Allow certificate sanity checking to be disabled
	When libvirtd starts it it will sanity check its own certs,
	and before libvirt clients connect to a remote server they
	will sanity check their own certs. This patch allows such
	sanity checking to be skipped. There is no strong reason to
	need to do this, other than to bypass possible libvirt bugs
	in sanity checking, or for testing purposes.

	libvirt.conf gains tls_no_sanity_certificate parameter to
	go along with tls_no_verify_certificate. The remote driver
	client URIs gain a no_sanity URI parameter

	* daemon/test_libvirtd.aug, daemon/libvirtd.conf,
	  daemon/libvirtd.c, daemon/libvirtd.aug: Add parameter to
	  allow cert sanity checks to be skipped
	* src/remote/remote_driver.c: Add no_sanity parameter to
	  skip cert checks
	* src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h:
	  Add new parameter for skipping sanity checks independantly
	  of skipping session cert validation checks

2011-07-22  Matthias Bolte  

	build: Use $(PYTHON) instead of python for the keycode map generator
	Also prepend $(AM_V_GEN) to the command line, mark virkeycode-mapgen.py
	as executable and switch the shebang line from /bin/python to the
	commonly use /usr/bin/python.

2011-07-22  Matthias Bolte  

	xenapi: Fix double-freeing the session in xenapiClose
	xen_session_logout already frees the whole session object.
	Don't call xenSessionFree on a freed session object.

	Reported by Sharmila Radhakrishnan.

2011-07-22  Oskari Saarenmaa  

	remote/ssh: optional "keyfile" parameter.
	New optional parameter "keyfile" for ssh transport allows the user to select
	the private key to be used to authenticate to the remote host.

2011-07-22  Laine Stump  

	util: make interface.c functions consistently return < 0 on error
	All of the functions in util/interface.c were returning 0 on success,
	but some returned -1 on error, and some returned a positive value
	(usually the value of errno, but sometimes just 1). Libvirt's standard
	is to return < 0 on error (in the case of functions that need to
	return errno, -errno is returned.

	This patch modifies all functions in interface.c to consistently
	return < 0 on error, and makes changes to callers of those functions
	where necessary.

2011-07-22  Daniel P. Berrange  

	Refactor the certification validation code
	There is some commonality between the code for sanity checking
	certs when initializing libvirt and the code for validating
	certs during a live TLS session handshake. This patchset splits
	up the sanity checking function into several smaller functions
	each doing a specific type of check. The cert validation code
	is then updated to also call into these functions

	* src/rpc/virnettlscontext.c: Refactor cert validation code

2011-07-22  Daniel P. Berrange  

	Remove call to deprecated gnutls_certificate_type_set_priority (again)
	The gnutls_certificate_type_set_priority method is deprecated.
	Since we already set the default gnutls priority, it was not
	serving any useful purpose and can be removed

	* src/rpc/virnettlscontext.c: Remove gnutls_certificate_type_set_priority
	  call

2011-07-22  Daniel P. Berrange  

	Ensure that libvirtd shuts down if initialization fails
	If the virStateInitialize call fails we must shutdown libvirtd
	since drivers will not be available. Just free'ing the virNetServer
	is not sufficient, we must send a SIGTERM to ourselves so that
	we interrupt the event loop and trigger a orderly shutdown

	* daemon/libvirtd.c: Kill ourselves if state init fails
	* src/rpc/virnetserver.c: Add some debugging to event loop

2011-07-22  Adam Litke  

	Asynchronous event for BlockJob completion
	When an operation started by virDomainBlockPull completes (either with
	success or with failure), raise an event to indicate the final status.
	This API allow users to avoid polling on virDomainGetBlockJobInfo if
	they would prefer to use an event mechanism.

	* daemon/remote.c: Dispatch events to client
	* include/libvirt/libvirt.h.in: Define event ID and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle the new event
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for block_stream completion and emit a libvirt block pull event
	* src/remote/remote_driver.c: Receive and dispatch events to application
	* src/remote/remote_protocol.x: Wire protocol definition for the event
	* src/remote_protocol-structs: structure definitions for protocol verification
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for BLOCK_STREAM_COMPLETED event
	  from QEMU monitor

2011-07-22  Adam Litke  

	Enable virDomainBlockPull in the python API
	virDomainGetBlockJobInfo requires manual override since it returns a
	custom type.

	* python/generator.py: reenable bindings for this entry point
	* python/libvirt-override-api.xml python/libvirt-override.c:
	  manual overrides

2011-07-22  Adam Litke  

	Enable the virDomainBlockPull API in virsh
	Define two new virsh commands:
	 * blockpull: Initiate a blockPull for the given disk
	 * blockjob: Retrieve progress info, modify speed, and cancel active block jobs

	Share print_job_progress() with the migration code.

	* tools/virsh.c: implement the new commands

2011-07-22  Adam Litke  

	Implement virDomainBlockPull for the qemu driver
	The virDomainBlockPull* family of commands are enabled by the
	following HMP/QMP commands: 'block_stream', 'block_job_cancel',
	 'info block-jobs' / 'query-block-jobs', and 'block_job_set_speed'.

	* src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement disk
	  streaming by using the proper qemu monitor commands.
	* src/qemu/qemu_monitor_json.[ch]: implement commands using the qmp monitor

2011-07-22  Adam Litke  

	Add virDomainBlockPull support to the remote driver
	The generator can handle everything except virDomainGetBlockJobInfo().

	* src/remote/remote_protocol.x: provide defines for the new entry points
	* src/remote/remote_driver.c daemon/remote.c: implement the client and
	  server side for virDomainGetBlockJobInfo.
	* src/remote_protocol-structs: structure definitions for protocol verification
	* src/rpc/gendispatch.pl: Permit some unsigned long parameters

2011-07-22  Adam Litke  

	virDomainBlockPull: Implement the main entry points
	* src/libvirt.c: implement the main entry points

2011-07-22  Adam Litke  

	Add new API virDomainBlockPull* to headers
	Set up the types for the block pull functions and insert them into the
	virDriver structure definition.  Symbols are exported in this patch to
	prevent
	documentation compile failures.

	* include/libvirt/libvirt.h.in: new API
	* src/driver.h: add the new entry to the driver structure
	* python/generator.py: fix compiler errors, the actual python bindings
	* are
	  implemented later
	* src/libvirt_public.syms: export symbols
	* docs/apibuild.py: Extend 'unsigned long' parameter exception to this
	* API

2011-07-22  Eric Blake  

	save: add virsh commands for manipulating save files
	Now you can edit a saved state file even if you forgot to grab
	a dumpxml file prior to saving a domain.  Plus, in-place editing
	feels so much nicer.

	* tools/virsh.c (cmdSaveImageDumpxml, cmdSaveImageDefine)
	(cmdSaveImageEdit): New commands.
	* tools/virsh.pod (save-image-dumpxml, save-image-define)
	(save-image-edit): Document them.

2011-07-22  Eric Blake  

	save: wire up remote protocol
	* src/remote/remote_driver.c (remote_driver): Add new callbacks.
	* src/remote/remote_protocol.x (remote_procedure): New RPCs.
	(remote_domain_save_image_get_xml_desc_args)
	(remote_domain_save_image_get_xml_desc_ret)
	(remote_domain_save_image_define_xml_args): New structs.
	* src/remote_protocol-structs: Update.

2011-07-22  Eric Blake  

	save: new API to manipulate save file images
	Modifying the xml on either save or restore only gets you so
	far - you have to remember to 'virsh dumpxml dom' just prior
	to the 'virsh save' in order to have an xml file worth modifying
	that won't be rejected due to abi breaks.  To make this more
	powerful, we need a way to grab the xml embedded within a state
	file, and from there, it's not much harder to also support
	modifying a state file in-place.

	Also, virDomainGetXMLDesc didn't document its flags.

	* include/libvirt/libvirt.h.in (virDomainSaveImageGetXMLDesc)
	(virDomainSaveImageDefineXML): New prototypes.
	* src/libvirt.c (virDomainSaveImageGetXMLDesc)
	(virDomainSaveImageDefineXML): New API.
	* src/libvirt_public.syms: Export them.
	* src/driver.h (virDrvDomainSaveImageGetXMLDesc)
	(virDrvDomainSaveImgeDefineXML): New driver callbacks.

2011-07-22  Eric Blake  

	save: support bypass-cache flag in libvirt-guests init script
	libvirt-guests is a perfect use case for bypassing the file system
	cache - lots of filesystem traffic done at system shutdown, where
	caching is pointless, and startup, where reading large files only
	once just gets in the way.  Make this a configurable option in the
	init script, but defaulting to existing behavior.

	* tools/libvirt-guests.sysconf (BYPASS_CACHE): New variable.
	* tools/libvirt-guests.init.sh (start, suspend_guest): Use it.

2011-07-22  Eric Blake  

	save: support bypass-cache flag in qemu.conf
	When auto-dumping a domain on crash events, or autostarting a domain
	with managed save state, let the user configure whether to imply
	the bypass cache flag.

	* src/qemu/qemu.conf (auto_dump_bypass_cache, auto_start_bypass_cache):
	Document new variables.
	* src/qemu/libvirtd_qemu.aug (vnc_entry): Let augeas parse them.
	* src/qemu/qemu_conf.h (qemud_driver): Store new preferences.
	* src/qemu/qemu_conf.c (qemudLoadDriverConfig): Parse them.
	* src/qemu/qemu_driver.c (processWatchdogEvent, qemuAutostartDomain):
	Honor them.

2011-07-22  Eric Blake  

	save: support BYPASS_CACHE during qemu save/restore
	Wire together the previous patches to support file system cache
	bypass during API save/restore requests in qemu.

	* src/qemu/qemu_driver.c (qemuDomainSaveInternal, doCoreDump)
	(qemudDomainObjStart, qemuDomainSaveImageOpen, qemuDomainObjRestore)
	(qemuDomainObjStart): Add parameter.
	(qemuDomainSaveFlags, qemuDomainManagedSave, qemudDomainCoreDump)
	(processWatchdogEvent, qemudDomainStartWithFlags, qemuAutostartDomain)
	(qemuDomainRestoreFlags): Update callers.

2011-07-22  Eric Blake  

	save: add virFileDirectFd wrapper type
	O_DIRECT has stringent requirements.  Rather than make lots of changes
	at each site that wants to use O_DIRECT, it is easier to offload
	the work through a helper process that mirrors the I/O between a
	pipe and the actual direct fd, so that the other end of the pipe
	no longer has to worry about constraints.

	Plus, if the kernel ever gains better posix_fadvise support, then we
	only have to touch a single file to let all callers benefit from a
	more efficient way to avoid file system caching.

	* src/util/virfile.h (virFileDirectFdFlag, virFileDirectFdNew)
	(virFileDirectFdClose, virFileDirectFdFree): New prototypes.
	* src/util/virdirect.c: Implement new wrapper object.
	* src/libvirt_private.syms (virfile.h): Export new symbols.
	* cfg.mk (useless_free_options): Add to list.
	* po/POTFILES.in: Add new translations.

2011-07-22  Eric Blake  

	save: let iohelper work on O_DIRECT fds
	Required for a coming patch where iohelper will operate on O_DIRECT
	fds.  There, the user-space memory must be aligned to file system
	boundaries (at least 512, but using page-aligned works better, and
	some file systems prefer 64k).  Made tougher by the fact that
	VIR_ALLOC won't work on void *, but posix_memalign won't work on
	char * and isn't available everywhere.

	This patch makes some simplifying assumptions - namely, output
	to an O_DIRECT fd will only be attempted on an empty seekable
	file (hence, no need to worry about preserving existing data
	on a partial block, and ftruncate will work to undo the effects
	of having to round up the size of the last block written), and
	input from an O_DIRECT fd will only be attempted on a complete
	seekable file with the only possible short read at EOF.

	* configure.ac (AC_CHECK_FUNCS_ONCE): Check for posix_memalign.
	* src/util/iohelper.c (runIO): Use aligned memory, and handle
	quirks of O_DIRECT on last write.

2011-07-22  Eric Blake  

	save: let iohelper handle inherited fd
	Rather than making the iohelper subject to a race in reopening
	the file, it is nicer to pass an already-open fd by inheritance.

	The old synopsis form must continue to work - if someone updates
	their libvirt package and installs a new libvirt_iohelper but
	without restarting the old libvirtd daemon, then the daemon can
	still make calls using the old syntax but the new iohelper.

	* src/util/iohelper.c (runIO): Split code for open...
	(prepare): ...to new function.
	(usage): Update synopsis.
	(main): Allow alternate calling form.
	* src/fdstream.c (virFDStreamOpenFileInternal): Use alternate form.

2011-07-22  Eric Blake  

	save: support --xml to virsh save/restore
	Also, migrate was missing documentation for the --xml option
	added in commit ec5301cb.

	* tools/virsh.c (cmdSave, cmdRestore): Add xml argument.
	* tools/virsh.pod (save, restore, migrate): Document it.

2011-07-22  Eric Blake  

	save: add --bypass-cache flag to virsh save/restore operations
	Wire up the new flag to several virsh commands.  Also, the
	'dump' command had undocumented flags.

	* tools/virsh.c (cmdSave, cmdManagedSave, cmdDump, cmdStart)
	(cmdRestore): Add new flag.
	* tools/virsh.pod (save, managedsave, dump, start, restore):
	Document flags.

2011-07-22  Eric Blake  

	save: wire up trivial save/restore flags implementations
	For all hypervisors that support save and restore, the new API
	now performs the same functions as the old.

	VBox is excluded from this list, because its existing domainsave
	is broken (there is no corresponding domainrestore, and there
	is no control over the filename used in the save).  A later
	patch should change vbox to use its implementation for
	managedsave, and teach start to use managedsave results.

	* src/libxl/libxl_driver.c (libxlDomainSave): Move guts...
	(libxlDomainSaveFlags): ...to new function.
	(libxlDomainRestore): Move guts...
	(libxlDomainRestoreFlags): ...to new function.
	* src/test/test_driver.c (testDomainSave, testDomainSaveFlags)
	(testDomainRestore, testDomainRestoreFlags): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainSave)
	(xenUnifiedDomainSaveFlags, xenUnifiedDomainRestore)
	(xenUnifiedDomainRestoreFlags): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainSave, qemudDomainRestore):
	Rename and move guts.
	(qemuDomainSave, qemuDomainSaveFlags, qemuDomainRestore)
	(qemuDomainRestoreFlags): ...here.
	(qemudDomainSaveFlag): Rename...
	(qemuDomainSaveInternal): ...to this, and update callers.

2011-07-22  Eric Blake  

	error: add new error type for reflecting partial API support
	VIR_ERR_INVALID_ARG implies that an argument cannot possibly
	be correct, given the current state of the API.
	VIR_ERR_CONFIG_UNSUPPORTED implies that a configuration is
	wrong, but arguments aren't configuration.
	VIR_ERR_NO_SUPPORT implies that a function is completely
	unimplemented.

	But in the case of a function that is partially implemented,
	yet the full power of the API is not available for that
	driver, none of the above messages make sense.  Hence a new
	error message, implying that the argument is known to comply
	with the current state of the API, and that while the driver
	supports aspects of the function, it does not support that
	particular use of the argument.

	A good use case for this is a driver that supports
	virDomainSaveFlags, but not the dxml argument of that API.

	It might be feasible to also use this new error for all functions
	that check flags, and which accept fewer flags than what is possible
	in the public API.  But doing so would get complicated, since
	neither libvirt.c nor the remote driver may do flag filtering,
	and every other driver would have to do a two-part check, first
	using virCheckFlags on all public flags (which gives
	VIR_ERR_INVALID_ARG for an impossible flag), followed by a
	particular mask check for VIR_ERR_ARGUMENT_UNSUPPORTED (for a
	possible public flag but unsupported by this driver).

	* include/libvirt/virterror.h (VIR_ERR_ARGUMENT_UNSUPPORTED): New
	error.
	* src/util/virterror.c (virErrorMsg): Give it a message.
	Suggested by Daniel P. Berrange.

2011-07-22  Eric Blake  

	build: fix bugs with destroyFlags patches
	Build failure on xenapi_driver from compiler warnings (flags was unused).

	Build failure on xen (incorrect number of arguments).  And in fixing
	that, I obeyed the comments of struct xenUnifiedDriver that state
	that we want to minimize the number of callback functions in that
	struct, not add to it.

	* src/xen/xen_driver.c (xenUnifiedDomainDestroyFlags): Use correct
	arguments.
	(xenUnifiedDomainDestroy): Simplify.
	* src/xen/xen_driver.h (xenUnifiedDriver): Remove unused callback.
	* src/xen/xen_hypervisor.c (xenHypervisorDestroyDomain): Likewise.
	* src/xen/xend_internal.c (xenDaemonDomainDestroy): Likewise.
	* src/xen/xend_internal.h (xenDaemonDomainDestroyFlags): Likewise.
	* src/xen/xm_internal.c (xenXMDriver): Likewise.
	* src/xen/xs_internal.c (xenStoreDriver): Likewise.
	* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainDestroyFlags): Reject
	unknown flags.

2011-07-22  Michal Privoznik  

	remote: Fix forgotten comma
	during conflict resolving

2011-07-22  Laine Stump  

	network: internal API functions to manage assignment of physdev to guest
	The network driver needs to assign physical devices for use by modes
	that use macvtap, keeping track of which physical devices are in use
	(and how many instances, when the devices can be shared). Three calls
	are added:

	networkAllocateActualDevice - finds a physical device for use by the
	domain, and sets up the virDomainActualNetDef accordingly.

	networkNotifyActualDevice - assumes that the domain was already
	running, but libvirtd was restarted, and needs to be notified by each
	already-running domain about what interfaces they are using.

	networkReleaseActualDevice - decrements the usage count of the
	allocated physical device, and frees the virDomainActualNetDef to
	avoid later accidentally using the device.

	bridge_driver.[hc] - the new APIs. When WITH_NETWORK is false, these
	functions are all #defined to be "0" in the .h file (effectively
	becoming a NOP) to prevent link errors.

	qemu_(command|driver|hotplug|process).c - add calls to the above APIs
	    in the appropriate places.

	tests/Makefile.am - we need to include libvirt_driver_network.la
	    whenever libvirt_driver_qemu.la is linked, to avoid unreferenced
	    symbols (in functions that are never called by the test
	    programs...)

2011-07-22  Laine Stump  

	qemu: use virDomainNetGetActual*() in qemuDomainXMLToNative
	This is the one function outside of domain_conf.c that plays around
	with (even modifying) the internals of the virDomainNetDef, and thus
	can't be fixed up simply by replacing direct accesses to the fields of
	the struct with the GetActual*() access functions.

	In this case, we need to check if the defined type is "network", and
	if it is *then* check the actual type; if the actual type is "bridge",
	then we can at least put the bridgename in a place where it can be
	used; otherwise (if type isn't "bridge"), we behave exactly as we used
	to - just null out *everything*.

2011-07-22  Laine Stump  

	qemu: use virDomainNetGetActual*() functions where appropriate
	The qemu driver accesses fields in the virDomainNetDef directly, but
	with the advent of the virDomainActualNetDef, some pieces of
	information may be found in a different place (the ActualNetDef) if
	the network connection is of type='network' and that network is of
	forward type='bridge|private|vepa|passthrough'. The previous patch
	added functions to mask this difference from callers - they hide the
	decision making process and just pick the value from the proper place.

	This patch uses those functions in the qemu driver as a first step in
	making qemu work with the new network types. At this point, the
	virDomainActualNetDef is guaranteed always NULL, so the GetActualX()
	function will return exactly what the def->X that's being replaced
	would have returned (ie bisecting is not compromised).

	There is one place (in qemu_driver.c) where the internal details of
	the NetDef are directly manipulated by the code, so the GetActual
	functions cannot be used there without extra additional code; that
	file will be treated in a separate patch.

2011-07-22  Laine Stump  

	network: separate Start/Shutdown functions for new network types
	Previously all networks were composed of bridge devices created and
	managed by libvirt, and the same operations needed to be done for all
	of them when they were started and stopped (create and start the
	bridge device, configure its MAC address and IP address, add iptables
	rules). The new network types are (for now at least) managed outside
	of libvirt, and the network object is used only to contain information
	about the network, which is then used as each individual guest
	connects itself.

	This means that when starting/stopping one of these new networks, we
	really want to do nothing, aside from marking the network as
	active/inactive.

	This has been setup as toplevel Start/Shutdown functions that do the
	small bit of common stuff, then have a switch statement to execute
	network type-specific start/shutdown code, then do a bit more common
	code. The type-specific functions called for the new host bridge and
	macvtap based types are currently empty.

	In the future these functions may actually do something, and we will
	surely add more functions that are similarly patterned. Once
	everything has settled, we can make a table of "sub-driver" function
	pointers for each network type, and store a pointer to that table in
	the network object, then we can replace the switch statements with
	calls to functions in the table.

	The final step in this will be to add a new table (and corresponding
	new functions) for new network types as they are added.

2011-07-22  Laine Stump  

	conf: support abstracted interface info in network XML
	The network XML is updated in the following ways:

	1) The  element can now contain a list of forward interfaces:

	     
	       
	       
	       
	       
	     

	   The first of these takes the place of the dev attribute that is
	   normally in  - when defining a network you can specify
	   either one, and on output both will be present. If you specify
	   both on input, they must match.

	2) In addition to forward modes of 'nat' and 'route', these new modes
	   are supported:

	     private, passthrough, vepa - when this network is referenced by a
	     domain's interface, it will have the same effect as if the
	     interface had been defined as type='direct', e.g.:

	        
	          "), then guest interfaces using this network will use
	     libvirt's "host bridge" mode, equivalent to this:

	       
	          
	          ...
	       

	3) A network can have multiple  elements, which may be
	   selected by the guest interface definition (by adding
	   "portgroup='${name}'" in the  element along with the
	   network name). Currently a portgroup can only contain a
	   virtportprofile, but the intent is that other configuration items
	   may be put there int the future (e.g. bandwidth config). When
	   building a guest's interface, if the  XML itself has no
	   virtportprofile, and if the requested network has a portgroup with
	   a name matching the name given in the  (or if one of the
	   network's portgroups is marked with the "default='yes'" attribute),
	   the virtportprofile from that portgroup will be used by the
	   interface.

	4) A network can have a virtportprofile defined at the top level,
	   which will be used by a guest interface when connecting in one of
	   the 'direct' modes if the guest interface XML itself hasn't
	   specified any virtportprofile, and if there are also no matching
	   portgroups on the network.

2011-07-22  Laine Stump  

	conf: support abstracted interface info in domain interface XML
	the domain XML  element is updated in the following ways:

	1)  can be specified when source type='network'
	(previously it was only valid for source type='direct')

	2) A new attribute "portgroup" has been added to the 
	element. When source type='network' (the only time portgroup is
	recognized), extra configuration information will be taken from the
	 element of the given name in the network definition.

	3) Each virDomainNetDef now also potentially has a
	virDomainActualNetDef which is a private object (never
	exported/imported via the public API, and not defined in the RNG) that
	is used to maintain information about the physical device that was
	actually used for a NetDef of type VIR_DOMAIN_NET_TYPE_NETWORK.

	The virDomainActualNetDef will only be parsed/formatted if the
	parse/format function is called with the
	VIR_DOMAIN_XML_INTERNAL_ACTUAL_NET flag set (which is only needed when
	saving/loading a running domain's state info to the stateDir).

2011-07-22  Laine Stump  

	conf: virDomainNetDef points to (rather than contains) virtPortProfile
	The virtPortProfile in the domain interface struct is now a separately
	allocated object *pointed to by* (rather than contained in) the main
	virDomainNetDef object. This is done to make it easier to figure out
	when a virtualPortProfile has/hasn't been specified in a particular
	config.

	conf: put virtPortProfile struct / functions in a common location
	virtPortProfiles are currently only used in the domain XML, but will
	soon also be used in the network XML. To prepare for that change, this
	patch moves the structure definition into util/network.h and the parse
	and format functions into util/network.c (I decided that this was a
	better choice than macvtap.h/c for something that needed to always be
	available on all platforms).

	util: define MAX
	If util.h is going to have a MIN, it may as well also have MAX.

2011-07-22  Michal Privoznik  

	destroy: Implement internal API for xenapi driver

	destroy: Implement internal API for xen driver

	destroy: Implement internal API for vmware driver

	destroy: Implement internal API for vbox driver

	destroy: Implement internal API for uml driver

	destroy: Implement internal API for phyp driver

	destroy: Implement internal API for openvz driver

	destroy: Implement internal API for lxc driver

	destroy: Implement internal API for libxl driver

	destroy: Implement internal API for ESX driver

	destroy: Implement internal API for qemu driver

	destroy: Wire up the remote protocol

2011-07-22  Michal Privoznik  

	destroy: Define new public API virDomainDestroyFlags
	This introduces new API virDomainDestroyFlags to allow
	domain destroying with flags, as the existing API virDomainDestroy
	misses flags.

	The set of flags is defined in virDomainDestroyFlagsValues enum,
	which is currently commented, because it is empty.

	Calling this API with no flags set (@flags == 0) is equivalent calling
	virDomainDestroy.

2011-07-22  Eric Blake  

	save: wire up remote protocol
	* src/remote/remote_driver.c (remote_driver): Add new callbacks.
	* src/remote/remote_protocol.x (remote_procedure): New RPCs.
	(remote_domain_save_flags_args, remote_domain_restore_flags_args):
	New structs.
	* src/remote_protocol-structs: Update.

2011-07-22  Eric Blake  

	save: new public API to bypass file system cache on save/restore
	In order to choose whether to use O_DIRECT when saving a domain image
	to a file, we need a new flag.  But virDomainSave was implemented
	before our policy of all new APIs having a flag argument.  Likewise
	for virDomainRestore when restoring from a file.

	The new flag name is chosen as CACHE_BYPASS so as not to preclude
	a future solution that uses posix_fadvise once the Linux kernel has
	a smarter implementation of that interface.

	* include/libvirt/libvirt.h.in (virDomainCreateFlags)
	(virDomainCoreDumpFlags): Add a flag.
	(virDomainSaveFlags, virDomainRestoreFlags): New prototypes.
	* src/libvirt.c (virDomainSaveFlags, virDomainRestoreFlags): New API.
	* src/libvirt_public.syms: Export them.
	* src/driver.h (virDrvDomainSaveFlags, virDrvDomainRestoreFlags):
	New driver callbacks.

2011-07-22  Eric Blake  

	qemu: fix error message with migrate2 xml
	Otherwise, an ABI mismatch gives error messages attributing the target
	xml string as current, and the current domain state as the new xml.

	* src/qemu/qemu_migration.c (qemuMigrationBegin): Use correct
	argument order.

2011-07-22  Eric Blake  

	build: rename files.h to virfile.h
	In preparation for a future patch adding new virFile APIs.

	* src/util/files.h, src/util/files.c: Move...
	* src/util/virfile.h, src/util/virfile.c: ...here, and rename
	functions to virFile prefix.  Macro names are intentionally
	left alone.
	* *.c: All '#include "files.h"' uses changed.
	* src/Makefile.am (UTIL_SOURCES): Reflect rename.
	* cfg.mk (exclude_file_name_regexp--sc_prohibit_close): Likewise.
	* src/libvirt_private.syms: Likewise.
	* docs/hacking.html.in: Likewise.
	* HACKING: Regenerate.

2011-07-22  Eric Blake  

	command: avoid leaking fds across fork
	Since libvirt is multi-threaded, we should use FD_CLOEXEC as much
	as possible in the parent, and only relax fds to inherited after
	forking, to avoid leaking an fd created in one thread to a fork
	run in another thread.  This gets us closer to that ideal, by
	making virCommand automatically clear FD_CLOEXEC on fds intended
	for the child, as well as avoiding a window of time with non-cloexec
	pipes created for capturing output.

	* src/util/command.c (virExecWithHook): Use CLOEXEC in parent.  In
	child, guarantee that all fds to pass to child are inheritable.
	(getDevNull): Use CLOEXEC.
	(prepareStdFd): New helper function.
	(virCommandRun, virCommandRequireHandshake): Use pipe2.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Simplify caller.

2011-07-22  Eric Blake  

	command: move all docs into .c file
	We already have a precedent of function documentation in C files,
	where it is closer to the implementation (witness libvirt.h vs.
	libvirt.c); maintaining docs in both files risks docs going stale.

	While I was at it, I used consistent doxygen style on all comments.

	* src/util/command.h: Remove duplicate docs, and move unique
	documentation...
	* src/util/command.c: ...here.
	Suggested by Matthias Bolte.

2011-07-21  Matthias Bolte  

	rpc: Make the dispatch generator handle 'void name(void)' style procedures
	The only 'void name(void)' style procedure in the protocol is 'close' that
	is handled special, but also programming errors like a missing _args or
	_ret suffix on the structs in the .x files can create such a situation by
	accident. Making the generator aware of this avoids bogus errors from the
	generator such as:

	  Use of uninitialized value in exists at ./rpc/gendispatch.pl line 967.

	Also this allows to get rid of the -c option and the special case code for
	the 'close' procedure, as the generator handles it now correctly.

	Reported by Michal Privoznik

2011-07-21  Eric Blake  

	error: preserve errno when saving last error
	It is common to see the sequence:

	virErrorPtr save_err = virSaveLastError();
	// do cleanup
	virSetError(save_err);
	virFreeError(save_err);

	on cleanup paths.  But for functions where it is desirable to
	return the errno that caused failure, this sequence can clobber
	that errno.  virFreeError was already safe; this makes the other
	two functions in the sequence safe as well, assuming all goes
	well (on OOM, errno will be clobbered, but then again, save_err
	won't reflect the real error that happened, so you are no longer
	preserving the real situation - that's life with OOM).

	* src/util/virterror.c (virSaveLastError, virSetError): Preserve
	errno.

2011-07-21  Matthias Bolte  

	python: Fix makefile rule for code generation
	Commit 8665f85523f0451c changed generated.stamp to $(GENERATE).stamp,
	but missed one instance in the CLEANFILES list. This can break the
	build in case the generated code is deleted but the .stamp file stays
	around and therefore the code isn't regenerated.

2011-07-21  Daniel P. Berrange  

	Fix uninitialized variable in QEMU CPU bandwidth code
	* src/qemu/qemu_driver.c: Fix uninitialized variable

2011-07-21  Wen Congyang  

	fix make syntax-check error

	doc: Add documentation for new cputune elements period and quota
	We have added element period and quota. Document them in formatdomain.html.in.

	qemu: Implement cfs_period and cfs_quota's modification
	This patch implements cfs_period and cfs_quota's modification.
	We can use the command 'virsh schedinfo' to query or modify cfs_period and
	cfs_quota.
	If you query period or quota from config file, the value 0 means it does not set
	in the config file.
	If you set period or quota to config file, the value 0 means that delete current
	setting from config file.
	If you modify period or quota while vm is running, the value 0 means that use
	current value.

	qemu: Implement period and quota tunable XML configuration and parsing
	This patch implements period and quota tunable XML configuration and parsing.
	A quota or period of zero will be simply ignored.

	Update XML Schema for new entries
	Define the element cputune's child elements 'period' and 'quota':
	
	  100000
	  50000
	

	cgroup: Implement cpu.cfs_period_us and cpu.cfs_quota_us tuning API
	This patch provides 4 APIs to get and set cpu.cfs_period_us and cpu.cfs_quota_us.

	Introduce the function virCgroupForVcpu
	Introduce the function virCgroupForVcpu() to create sub directory for each vcpu.

2011-07-21  Lai Jiangshan  

	qemu: send-key: Implement the driver methods
	qemu driver just accept xt_kbd codeset's keycode, so the lib virtkey
	is used for translating keycodes from other codesets

	send-key: Expose the new API in virsh
	Also support string names for the linux keycode(auto detect)
	* tools/virsh.c: add new command "send-key"
	* tools/virsh.pod: documents the new command

2011-07-21  Lai Jiangshan  

	util: add virtkeycode module
	Add virtkey lib for usage-improvment and keycode translating.
	Add 4 internal API for the aim

	const char *virKeycodeSetTypeToString(int codeset);
	int virKeycodeSetTypeFromString(const char *name);
	int virKeycodeValueFromString(virKeycodeSet codeset, const char *keyname);
	int virKeycodeValueTranslate(virKeycodeSet from_codeset,
	                             virKeycodeSet to_offset,
	                             int key_value);

	* include/libvirt/libvirt.h.in: extend virKeycodeSet enum
	* src/Makefile.am: add new virtkeycode module and rule to generate
	  virkeymaps.h
	* src/util/virkeycode.c src/util/virkeycode.h: new module
	* src/util/virkeycode-mapgen.py: python generator for virkeymaps.h
	  out of keymaps.csv
	* src/libvirt_private.syms: extend private symbols for new module
	* .gitignore: add generated virkeymaps.h

2011-07-21  Lai Jiangshan  

	util: Add keymaps.csv
	Should keep it as the same as:
	http://git.gnome.org/browse/gtk-vnc/commit/src/keymaps.csv

	All master  keymaps are defined in a CSV file. THis covers
	Linux keycodes, OSX keycodes, AT set1, 2 & 3, XT keycodes,
	the XT encoding used by the Linux KBD driver, USB keycodes,
	Win32 keycodes, the XT encoding used by Xorg on Cygwin,
	the XT encoding used by Xorg on Linux with kbd driver.

	* src/Makefile.am: added to EXTRA_DIST
	* src/util/keymaps.csv: new file

2011-07-21  Eric Blake  

	maint: fix typos on guaranteed
	* src/conf/domain_event.c (virDomainEventDispatch): Fix typo.
	* src/internal.h (ATTRIBUTE_FMT_PRINTF): Likewise.
	* src/libvirt.c (virStreamEventUpdateCallback): Likewise.
	* src/remote/remote_driver.c (doRemoteOpen): Likewise.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.
	* src/util/virterror.c (virConnCopyLastError, virCopyLastError):
	Likewise.
	* src/xen/xend_internal.h (xend_wait_for_devices): Likewise.

2011-07-21  Cole Robinson  

	rpc: Pass through DISPLAY so ssh can launch askpass
	Though we prefer users to have SSH keys setup, virt-manager users still
	depend on remote SSH connections to launch a password dialog. This fixes
	launch ssh-askpass

	Fix suggested by danpb

2011-07-20  Michal Privoznik  

	sysinfo: Don't try to run dmidecode on archs missing it
	DMI table is Intel & Intel-compatible specific. Therefore other
	architectures miss dmidecode command. So we always fail in searching
	for that command on non-Intel architectures.

2011-07-20  Guannan Ren  

	Don't try to close a NULL virNetClientPtr
	* src/rpc/virnetclient.c: Skip close attempt if virNetClientPtr
	  is NULL

2011-07-20  Daniel P. Berrange  

	Honour key usage/purpose criticality flag
	If a key purpose or usage field is marked as non-critical in the
	certificate, then a data mismatch is not (ordinarily) a cause for
	rejecting the connection

	* src/rpc/virnettlscontext.c: Honour key usage/purpose criticality

2011-07-20  Daniel P. Berrange  

	Fix checking of key usage/purpose data
	If key usage or purpose data is not present in the cert, the
	RFC recommends that access be allowed. Also fix checking of
	key usage to include requirements for client/server certs,
	and fix key purpose checking to treat data as a list of bits

	Fix mixed up error messages when reporting TLS certificate problems
	* src/rpc/virnettlscontext.c: Fix mixed up error messages

2011-07-20  Michal Privoznik  

	udev: Don't try to dump DMI on non-intel archs
	DMI is Intel & Intel-compatible specific. Don't try to dump information
	on non-compatible architectures, which results only in error message in
	logs.

2011-07-20  Eric Blake  

	build: fix broken build
	* src/libxl/libxl_driver.c (libxlDomainUndefineFlags): Use correct
	enum value.
	* src/remote_protocol-structs (remote_procedure): Likewise.

2011-07-20  Osier Yang  

	undefine: Extend virsh undefine to support the new flag
	If the domain has managed save image, and --managed-save is
	not specified, then it fails with an error telling the user
	that a managed save image still exists.

	If the domain has managed save image, and --managed-save is
	specified, it invokes virDomainUndefineFlags. If
	virDomainUndefineFlags fails, then it tries to remove the managed
	save image using virDomainManagedSaveRemove first, with
	invoking virDomainUndefine following. (For compatibility between
	new virsh with this patch and older libvirt without this patch).

	Similarly if the domain has no managed save image. See the codes for
	detail.

	NOTE: Have not removing the codes checking if the domain is running
	in function "cmdUndefine", it will go along with qemu driver's fix
	(allow to undefine a running domain).

2011-07-20  Osier Yang  

	undefine: Implement undefineFlags for all other drivers

	undefine: Implement internal API for libxl driver
	* src/libxl/libxl_driver.c: New callback for libxl_driver,
	new function libxlDomainUndefineFlags, and changes libxlDomainUndefine
	as a wrapper of libxlDomainUndefineFlags.

	undefine: Implement internal API for qemu driver
	* src/qemu/qemu_driver.c: New call back for qemu_driver,
	New function qemudDomainUndefineFlags, and changes on
	qemudDomainUndefine.

	undefine: Wire up the remote protocol

2011-07-20  Osier Yang  

	undefine: Define the new API
	This introduces a new API virDomainUndefineFlags to control the
	domain undefine process, as the existing API virDomainUndefine
	doesn't support flags.

	Currently only flag VIR_DOMAIN_UNDEFINE_MANAGED_SAVE is supported.
	If the domain has a managed save image, including
	VIR_DOMAIN_UNDEFINE_MANAGED_SAVE in @flags will also remove that
	file, and omitting the flag will cause undefine process to fail.

	This patch also changes the behavior of virDomainUndefine, if the
	domain has a managed save image, the undefine will be refused.

2011-07-20  Eric Blake  

	maint: fix spelling of Red Hat
	* cfg.mk (sc_copyright_format): Add to rule.
	* src/util/files.h: Fix offenders.
	* src/util/files.c: Likewise.

2011-07-19  Daniel P. Berrange  

	Add sanity checking of basic constraints, key purpose & key usage
	Gnutls requires that certificates have basic constraints present
	to be used as a CA certificate. OpenSSL doesn't add this data
	by default, so add a sanity check to catch this situation. Also
	validate that the key usage and key purpose constraints contain
	correct data

	* src/rpc/virnettlscontext.c: Add sanity checking of certificate
	  constraints

2011-07-19  Daniel P. Berrange  

	Add some basic sanity checking of certificates before use
	If the libvirt daemon or libvirt client is configured with bogus
	certificates, it is very unhelpful to only find out about this
	when a TLS connection is actually attempted. Not least because
	the error messages you get back for failures are incredibly
	obscure.

	This adds some basic sanity checking of certificates at the
	time the virNetTLSContext object is created. This is at libvirt
	startup, or when creating a virNetClient instance.

	This checks that the certificate expiry/start dates are valid
	and that the certificate is actually signed by the CA that is
	loaded.

	* src/rpc/virnettlscontext.c: Add certificate sanity checks

2011-07-19  Daniel P. Berrange  

	Fix reporting of errors for p2p migration
	Starting/ending jobs when closing the connection may reset any
	error which was reported earlier in p2p migration. We must
	save the original error before doing so. This means we can also
	just call virConnectClose as normal, instead of virUnrefConnect

	* src/qemu/qemu_migration.c: Preserve errors in p2p migration

2011-07-19  Daniel P. Berrange  

	Add an explicit virNetClientClose method
	Since the I/O callback registered against virNetSocket will
	hold a reference on the virNetClient, we can't rely on the
	virNetClientFree to be able to close the network connection.
	The last reference will only go away when the event callback
	fires (likely due to EOF from the server).

	This is sub-optimal and can potentially cause a leak of the
	virNetClient object if the server were to not explicitly
	close the socket itself

	* src/remote/remote_driver.c: Explicitly close the client
	  object when disconnecting
	* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Add a
	  virNetClientClose method

2011-07-19  Daniel P. Berrange  

	Use a virFreeCallback on virNetSocket to ensure safe release
	When unregistering an I/O callback from a virNetSocket object,
	there is still a chance that an event may come in on the callback.
	In this case it is possible that the virNetSocket might have been
	freed already. Make use of a virFreeCallback when registering
	the I/O callbacks and hold a reference for the entire time the
	callback is set.

	* src/rpc/virnetsocket.c: Register a free function for the
	  file handle watch
	* src/rpc/virnetsocket.h, src/rpc/virnetserverservice.c,
	  src/rpc/virnetserverclient.c, src/rpc/virnetclient.c: Add
	  a free function for the socket I/O watches

2011-07-19  Daniel P. Berrange  

	Add mutex locking and reference counting to virNetSocket
	Remove the need for a virNetSocket object to be protected by
	locks from the object using it, by introducing its own native
	locking and reference counting

	* src/rpc/virnetsocket.c: Add locking & reference counting

2011-07-19  Daniel P. Berrange  

	Add some debugging for virNetClient reference counting
	* src/rpc/virnetclient.c: Add debugging of ref counts

2011-07-19  Eric Blake  

	build: detect doc generation failure
	Commit 8665f85 introduced a slight regression in doc generation,
	since make only quits a rule on the first failed command ending
	with a newline rather than a semicolon.

	* docs/Makefile.am (html/index.html): Don't use xmllint unless
	xsltproc succeeded.
	* .gitignore: Ignore recently updated stamp file name.

2011-07-19  Alex Jia  

	util: avoid fds leak when virEventPollAddHandle fail
	* src/util/event_poll.c: avoid file descriptors leak when
	  virEventPollAddHandle fail on virEventPollInit function.

2011-07-19  Eric Blake  

	Revert "virsh: make migrate --tunnelled imply --p2p"
	This reverts commit 40143fb697c3cb042197632c0286e7dadf40afd4.

	The patch prevents future compatibility if migration ever learns
	how to do tunnelled without p2p.

2011-07-19  Daniel P. Berrange  

	Unregister event callback if a fatal error occurs during dispatch
	If we get an I/O error in the async event callback for an RPC
	client, we might not have consumed all pending data off the
	wire. This could result in the callback being immediately
	invoked again. At which point the same I/O might occur. And
	we're invoked again. And again...And again...

	Unregistering the async event callback if an error occurs is
	a good safety net. The real error will be seen when the next
	RPC method is invoked

	* src/rpc/virnetclient.c: Unregister event callback on error

2011-07-19  Daniel P. Berrange  

	Quieten build & ensure API build scripts exit with non-zero status
	The current API build scripts will continue and exit with a zero
	status even if they find problems. This has been the cause of many
	build problems, or hidden build errors, in the past. Change the
	scripts so they always exit with a non-zero status for any problems
	they do not understand. Also turn off all debug output by default
	so they respect $(AM_V_GEN)

	* docs/Makefile.am: Use $(AM_V_GEN) for API/HTML scripts
	* docs/apibuild.py, python/generator.py: Exit with non-zero status
	  if problems are found. Also be silent, not outputting any debug
	  messages.
	* src/Makefile.am: Use $(AM_V_GEN) for ESX generator
	* python/Makefile.am: Tweak rule

2011-07-19  Osier Yang  

	tests: Fix virshtest failure after dominfo changed
	Caused by the new changed "dominfo" command.

	virsh: Extend virsh dominfo to display if managed save image exists
	* tools/virsh.c: new column "Managed save" for "cmdDominfo".
	* tools/virsh.pod: Update document of "managedsave" to tell one can
	  use "dominfo" to query whether a domain has any managed save image.

	doc: Correct documents for iface commands
	The problems:
	    * Duplicate documents for "iface-name"
	    * Lacks of document for "iface-mac"
	    * Inconsistent option names with virsh help strings.

2011-07-19  Eric Blake  

	virsh: make migrate --tunnelled imply --p2p
	We can make the virsh migrate UI friendlier by supplying the
	missing bit automatically instead of erroring out when requesting
	--tunnelled without --p2p.

	* tools/virsh.c (doMigrate): Make --p2p optional when using
	--tunnelled.
	* tools/virsh.pod (migrate): Tweak wording accordingly.

2011-07-19  Eric Blake  

	libvirt: do not mix internal flags into public API
	There were two API in driver.c that were silently masking flags
	bits prior to calling out to the drivers, and several others
	that were explicitly masking flags bits.  This is not
	forward-compatible - if we ever have that many flags in the
	future, then talking to an old server that masks out the
	flags would be indistinguishable from talking to a new server
	that can honor the flag.  In general, libvirt.c should forward
	_all_ flags on to drivers, and only the drivers should reject
	unknown flags.

	In the case of virDrvSecretGetValue, the solution is to separate
	the internal driver callback function to have two parameters
	instead of one, with only one parameter affected by the public
	API.  In the case of virDomainGetXMLDesc, it turns out that
	no one was ever mixing VIR_DOMAIN_XML_INTERNAL_STATUS with
	the dumpxml path in the first place; that internal flag was
	only used in saving and restoring state files, which happened
	to be in functions internal to a single file, so there is no
	mixing of the internal flag with a public flags argument.
	Additionally, virDomainMemoryStats passed a flags argument
	over RPC, but not to the driver.

	* src/driver.h (VIR_DOMAIN_XML_FLAGS_MASK)
	(VIR_SECRET_GET_VALUE_FLAGS_MASK): Delete.
	(virDrvSecretGetValue): Separate out internal flags.
	(virDrvDomainMemoryStats): Provide missing flags argument.
	* src/driver.c (verify): Drop unused check.
	* src/conf/domain_conf.h (virDomainObjParseFile): Delete
	declaration.
	(virDomainXMLInternalFlags): Move...
	* src/conf/domain_conf.c: ...here.  Delete redundant include.
	(virDomainObjParseFile): Make static.
	* src/libvirt.c (virDomainGetXMLDesc, virSecretGetValue): Update
	clients.
	(virDomainMemoryPeek, virInterfaceGetXMLDesc)
	(virDomainMemoryStats, virDomainBlockPeek, virNetworkGetXMLDesc)
	(virStoragePoolGetXMLDesc, virStorageVolGetXMLDesc)
	(virNodeNumOfDevices, virNodeListDevices, virNWFilterGetXMLDesc):
	Don't mask unknown flags.
	* src/interface/netcf_driver.c (interfaceGetXMLDesc): Reject
	unknown flags.
	* src/secret/secret_driver.c (secretGetValue): Update clients.
	* src/remote/remote_driver.c (remoteSecretGetValue)
	(remoteDomainMemoryStats): Likewise.
	* src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase):
	Likewise.
	* src/qemu/qemu_driver.c (qemudDomainMemoryStats): Likewise.
	* daemon/remote.c (remoteDispatchDomainMemoryStats): Likewise.

2011-07-19  Alex Jia  

	virsh: avoid double free of domain
	* tools/virsh.c: avoid double free of domain, when weight value of blkiotune
	  less than 0, codes will free domain and jump to cleanup section, however,
	  cleanup will free domain again.

	Detected in valgrind run:

	==21297== ERROR SUMMARY: 20 errors from 20 contexts (suppressed: 69 from 8)
	==21297==
	==21297== 1 errors in context 1 of 20:
	==21297== Invalid read of size 4
	==21297==    at 0x40E209B: virDomainFree (libvirt.c:2096)
	==21297==    by 0x8065274: cmdBlkiotune (virsh.c:3695)
	==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
	==21297==    by 0x806B967: main (virsh.c:14487)
	==21297==  Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
	==21297==    at 0x4005B0A: free (vg_replace_malloc.c:325)
	==21297==    by 0x406814D: virFree (memory.c:310)
	==21297==    by 0x40D6635: virReleaseDomain (datatypes.c:243)
	==21297==    by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
	==21297==    by 0x40E20B9: virDomainFree (libvirt.c:2101)
	==21297==    by 0x8065297: cmdBlkiotune (virsh.c:3613)
	==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
	==21297==    by 0x806B967: main (virsh.c:14487)
	==21297==
	==21297==
	==21297== 1 errors in context 2 of 20:
	==21297== Invalid read of size 4
	==21297==    at 0x40E1FE6: virDomainFree (libvirt.c:2092)
	==21297==    by 0x8065274: cmdBlkiotune (virsh.c:3695)
	==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
	==21297==    by 0x806B967: main (virsh.c:14487)
	==21297==  Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
	==21297==    at 0x4005B0A: free (vg_replace_malloc.c:325)
	==21297==    by 0x406814D: virFree (memory.c:310)
	==21297==    by 0x40D6635: virReleaseDomain (datatypes.c:243)
	==21297==    by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
	==21297==    by 0x40E20B9: virDomainFree (libvirt.c:2101)
	==21297==    by 0x8065297: cmdBlkiotune (virsh.c:3613)
	==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
	==21297==    by 0x806B967: main (virsh.c:14487)

	* how to reproduce?
	  % valgrind -v --leak-check=full virsh blkiotune guestname --weight -1

2011-07-19  Eric Blake  

	docs: improve virsh man page synopses
	"optional" is not a very good meta-syntactic construct in our man
	page.  I scrubbed this, and additionally improved some documentation
	on mutually exclusive options.  For example,

	[[--live] [--config] | [--current]]

	implies a set of optional flags, where within the set you can have
	either --current or a choice of 0, 1, or both --live and --config.

	* tools/virsh.pod: Use "[name]" rather than "optional name" for
	optional arguments.

2011-07-19  Jiri Denemark  

	build: Fix protocol-structs check in VPATH build
	$@ already included $(srcdir)

2011-07-18  Daniel P. Berrange  

	Fix now dead cleanup of VMs on libvirtd restart
	When libvirtd restarts it will attempt to reconnect to existing
	LXC containers. If it loads a XML state file for the container
	the container will appear running. If we fail to read the PID
	file, or fail to connect to the LXC monitor, we should be killing
	off the guest, but if the VMs cgroup does not exist any more,
	cleanup will get skipped. Reading the PID file is also pointless
	since the PID is in the XML statefile

	In lxcReconnectVM we do not need to read the PID file. If part
	of the reconnect process fails we need to run the VM terminate
	code as a safety net.

	In lxcVMTerminate, if we can't obtain the VM cgroup, we know
	the process has died, but we must still run lxcVMCleanup to
	clear out the virDomainObjPtr live state

	* src/lxc/lxc_driver.c: Fix cleanup of dead VMs on restart

2011-07-18  Michal Privoznik  

	docs: Fix spice documentation typo
	We missed ending tag for paragraph element

2011-07-17  Osier Yang  

	rpc: Fix typos in rpc generator scripts
	These typos are introduced by file renaming in commit b17b4afaf.

	src/remote/qemu_protocol.x \
	src/remote/remote_protocol.x \
	src/rpc/gendispatch.pl:
	    s/remote_generator/gendispatch/

	src/rpc/genprotocol.pl:
	    s/remote\/remote_protocol/remote_protocol/

2011-07-16  Osier Yang  

	qemu: Fix a regression of attaching device
	The regression is introduced by Commit da1eba6b, the new
	codes with this commit doesn't reset "ret" to "-1" when
	it fails on parsing the device XML (live device attachment)

	This patch changes the codes to reset the "ret" and "-1",
	and also changes the codes so that it don't modify "ret"
	for condition checking.

	How to reproduce:

	% cat test.xml
	
	  
	  
	  
	

	% virsh attach-device $domain test.xml
	Device attached successfully

	The device attachment failed actually with error "unknown disk type 'oops'",
	however, it reports success.

2011-07-16  Eric Blake  

	build: also track RPC on-wire enum values
	As long as we guarantee RPC struct layout stability, we might as
	well also guarantee RPC enum value constancy.

	* src/Makefile.am (r1, r2, PDWTAGS): Adjust rule to pick up named
	and anonymous enums.
	* src/remote_protocol-structs: Add enum values.
	* src/qemu_protocol-structs: Likewise.
	* src/virnetprotocol-structs: Likewise.

2011-07-16  Eric Blake  

	docs: document dxml argument to migrate2
	Commit 135554166 introduced a nice feature without documenting it.

	* src/libvirt.c (virDomainMigrate2): Add paragraph.

2011-07-16  Eric Blake  

	build: add syntax check for proper flags use
	Enforce the recent flags cleanups - we want to use 'unsigned int flags'
	in any of our APIs (except where backwards compatibility is important,
	in the public migration APIs), and that all flags are checked for
	validity (except when there are stub functions that completely
	ignore the flags argument).

	There are a few minor tweaks done here to avoid false positives:
	signed arguments passed to open() are renamed oflags, and flags
	arguments that are legitimately ignored are renamed flags_unused.

	* cfg.mk (sc_flags_usage): New rule.
	(exclude_file_name_regexp--sc_flags_usage): And a few exemptions.
	(sc_flags_debug): Tweak wording.
	* src/util/iohelper.c (runIO, main): Rename variable.
	* src/util/util.c (virSetInherit): Likewise.
	* src/fdstream.h (virFDStreamOpenFile, virFDStreamCreateFile):
	Likewise.
	* src/fdstream.c (virFDStreamOpenFileInternal)
	(virFDStreamOpenFile, virFDStreamCreateFile): Likewise.
	* src/util/command.c (virExecWithHook) [WIN32]: Likewise.
	* src/util/util.c (virFileOpenAs, virDirCreate) [WIN32]: Likewise.
	* src/locking/lock_manager.c (virLockManagerPluginNew)
	[!HAVE_DLFCN_H]: Likewise.
	* src/locking/lock_driver_nop.c (virLockManagerNopNew)
	(virLockManagerNopAddResource, virLockManagerNopAcquire)
	(virLockManagerNopRelease, virLockManagerNopInquire): Likewise.

2011-07-16  Eric Blake  

	xen: reject unknown flags
	Also fix a logic bug in xenXMDomain{Attach,Detach}DeviceFlags,
	where (flags & VIR_DOMAIN_DEVICE_MODIFY_CURRENT) is always false.

	* src/xen/xen_driver.c (xenUnifiedDomainXMLFromNative)
	(xenUnifiedDomainXMLToNative, xenUnifiedDomainBlockPeek): Reject
	unknown flags.
	* src/xen/xen_hypervisor.c (xenHypervisorOpen)
	(xenHypervisorGetDomainState): Likewise.
	* src/xen/xen_inotify.c (xenInotifyOpen): Likewise.
	* src/xen/xs_internal.c (xenStoreOpen, xenStoreDomainGetState)
	(xenStoreDomainReboot): Likewise.
	* src/xen/xend_internal.c (xenDaemonOpen, xenDaemonDomainReboot)
	(xenDaemonDomainCoreDump, xenDaemonDomainGetState)
	(xenDaemonDomainMigratePrepare, xenDaemonDomainSetVcpusFlags,
	xenDaemonDomainGetVcpusFlags, xenDaemonAttachDeviceFlags,
	xenDaemonDetachDeviceFlags): Likewise.
	(xenDaemonDomainGetXMLDesc): Prefer unsigned flags.
	* src/xen/xend_internal.h (xenDaemonDomainGetXMLDesc): Likewise.
	* src/xen/xm_internal.h (xenXMDomainGetXMLDesc): Likewise.
	* src/xen/xm_internal.c (xenXMDomainGetXMLDesc): Likewise.
	(xenXMOpen, xenXMDomainGetState, xenXMDomainSetVcpusFlags)
	(xenXMDomainGetVcpusFlags): Reject unknown flags.
	(xenXMDomainAttachDeviceFlags, xenXMDomainDetachDeviceFlags):
	Likewise, and avoid always-false conditional.
	* src/xen/xen_driver.h (XEN_MIGRATION_FLAGS): New define.

2011-07-16  Eric Blake  

	esx: reject unknown flags
	Silently ignored flags get in the way of new features that
	use those flags.

	Regarding ESX migration flags - right now, ESX silently enforces
	VIR_MIGRATE_PERSIST_DEST, VIR_MIGRATE_UNDEFINE_SOURCE, and
	VIR_MIGRATE_LIVE, even if those flags were not supplied; it ignored
	other flags.  This patch does not change the implied bits (it permits
	but does not require them), but enforces only the supported bits.
	If further cleanup is needed to be more particular about migration
	flags, that should be a separate patch.

	* src/esx/esx_device_monitor.c (esxDeviceOpen): Reject unknown
	flags.
	* src/esx/esx_driver.c (esxOpen, esxDomainReboot)
	(esxDomainXMLFromNative, esxDomainXMLToNative)
	(esxDomainMigratePrepare, esxDomainMigratePerform)
	(esxDomainMigrateFinish): Likewise.
	* src/esx/esx_interface_driver.c (esxInterfaceOpen): Likewise.
	* src/esx/esx_network_driver.c (esxNetworkOpen): Likewise.
	* src/esx/esx_nwfilter_driver.c (esxNWFilterOpen): Likewise.
	* src/esx/esx_secret_driver.c (esxSecretOpen): Likewise.
	* src/esx/esx_storage_driver.c (esxStorageOpen): Likewise.

2011-07-16  Eric Blake  

	virsh: improve option handling
	The documentation for vshCommandOptString claims that it returns
	-1 on a missing required argument, but in reality, that error
	message was unreachable (it was buried inside an if clause that
	is true only if the argument was present).  The code was so hairy
	that I decided a rewrite would make it easier to understand,
	and actually return the error values we want.

	Meanwhile, our construction guarantees that all vshCmdOpt have
	a non-null def member, so there are some redundant checks that
	can be trimmed.

	* tools/virsh.c (vshCommandOpt): Alter signature.
	(vshCommandOptInt, vshCommandOptUInt, vshCommandOptUL)
	(vshCommandOptString, vshCommandOptLongLong)
	(vshCommandOptULongLong, vshCommandOptBool): Adjust all callers.
	(vshCommandOptArgv): Remove dead condition.

2011-07-16  Eric Blake  

	flags: fix domain_conf migration regression
	Commit 461e0f1a broke migration, because there was a code path
	that tried to enable an internal flag while still going through
	the public function.  Split the internal flag into a separate
	callback, and validate that flags do not overlap.

	* src/conf/domain_conf.c (virDomainDefFormat): Split...
	(virDomainDefFormatInternal): ...to separate the flag check.
	(virDomainObjFormat): Adjust caller.

2011-07-16  Dave Allan  

	website: Point main page links to libvirt driver pages
	The "libvirt supports:" section on the main page of libvirt.org
	contains a list of hypervisors with links that point to the sites of
	the underlying virt technologies.  The entry for KVM points to
	http://www.linux-kvm.org/, for example.  People coming to libvirt.org
	for the first time are likely to know about those sites, and they're
	probably interested in how libvirt manages those technologies.  This
	patch points those links to the libvirt driver pages instead.  It also
	consolidates KVM and QEMU as there is only one libvirt driver page for
	them.  Finally, it adds a line about networking support.

	v2: incorporate Eric's feedback adding project links to driver pages.

	website: Add project links to KVM/QEMU driver page
	website: Add project links to Xen driver page
	website: Add project links to LXC driver page
	website: Add project links to OpenVZ driver page
	website: Add project links to UML driver page
	website: Add project links to Virtualbox driver page
	website: Add project links to ESX driver page
	website: Add project links to VMware driver page

2011-07-16  Eric Blake  

	flags: fix qemu migration regression
	Commit f548480b broke migration v3 on qemu, because the driver
	passed flags on through to qemu_migration even though
	qemu_migration wasn't using those flags.

	* src/qemu/qemu_migration.h (QEMU_MIGRATION_FLAGS): New define.
	* src/qemu/qemu_driver.c: Simplify all migration callbacks.
	* src/qemu/qemu_migration.c (qemuMigrationConfirm): Fix regression.

2011-07-16  Eric Blake  

	flags: use common dumpxml flags check
	The previous patches only cleaned up ATTRIBUTE_UNUSED flags cases;
	auditing the drivers found other places where flags was being used
	but not validated.  In particular, domainGetXMLDesc had issues with
	clients accepting a different set of flags than the common
	virDomainDefFormat helper function.

	* src/conf/domain_conf.c (virDomainDefFormat): Add common flag check.
	* src/uml/uml_driver.c (umlDomainAttachDeviceFlags)
	(umlDomainDetachDeviceFlags): Reject unknown
	flags.
	* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc)
	(vboxDomainAttachDeviceFlags)
	(vboxDomainDetachDeviceFlags): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Likewise.
	(qemuDomainGetXMLDesc): Document common flag handling.
	* src/libxl/libxl_driver.c (libxlDomainGetXMLDesc): Likewise.
	* src/lxc/lxc_driver.c (lxcDomainGetXMLDesc): Likewise.
	* src/openvz/openvz_driver.c (openvzDomainGetXMLDesc): Likewise.
	* src/phyp/phyp_driver.c (phypDomainGetXMLDesc): Likewise.
	* src/test/test_driver.c (testDomainGetXMLDesc): Likewise.
	* src/vmware/vmware_driver.c (vmwareDomainGetXMLDesc): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainGetXMLDesc): Likewise.

2011-07-16  Eric Blake  

	maint: fix typos
	Our XML prefers "shareable" over "sharable".

	* docs/internals/locking.html.in: s/sharable/shareable/
	* src/locking/lock_driver_sanlock.c
	(virLockManagerSanlockAddResource): Likewise.

2011-07-16  Hu Tao  

	add --cache, --serial, --shareable and --address to attach-disk
	This adds four options for virsh command attach-disk.

	--cache option allows user to specify cache mode of disk device
	from virsh command line when attaching a disk device.

	--serial option allows user to specify serial string of disk device
	from virsh command line when attaching a disk device.

	--shareable option allows user to specify whether the disk device is
	shareable between domains when attaching a disk device from virsh
	command line.

	--address option allows user to specify address of disk device when
	attaching a disk device.

2011-07-15  Daniel P. Berrange  

	Fix error message for missing TLS write function
	* src/rpc/virnettlscontext.c: s/read/write/

2011-07-15  Daniel P. Berrange  

	Fix reporting of cert validation failures
	If the server succesfully validates the client cert, it will send
	back a single byte, under TLS. If it fails, it will close the
	connection. In this case, we were just reporting the standard
	I/O error. The original RPC code had a special case hack for the
	GNUTLS_E_UNEXPECTED_PACKET_LENGTH error code to make us report
	a more useful error message

	* src/rpc/virnetclient.c: Return ENOMSG if we get
	  GNUTLS_E_UNEXPECTED_PACKET_LENGTH
	* src/rpc/virnettlscontext.c: Report cert failure if we
	  see ENOMSG

2011-07-15  Dave Allan  

	Fix error code for storage operations
	Many volume operations will fail if the volume in question is being
	allocated.  These operations were returning VIR_ERR_INTERNAL_ERROR
	when they should be returning VIR_ERR_OPERATION_INVALID.

2011-07-15  Taku Izumi  

	setvcpus: add "--current" option to "virsh setvcpus"
	This patch adds the --current option to "virsh setvcpus"
	command. Currently "virsh setvcpus" command supports
	"--live" and "--config" , but "--current" option.
	From view of consistency, it's reasonable to support
	"--current" option too.

	When --current is specified, it affects a "current"
	domain.

2011-07-15  Taku Izumi  

	setvcpus: extend qemuDomainSetVcpusFlags() to support current flag
	This patch extends qemudDomainSetVcpusFlags() function to support
	VIR_DOMAIN_AFFECT_CURRENT flag.

2011-07-15  Taku Izumi  

	setvcpus: extend virDomainSetVcpusFlags API to support current flag
	This patch extends virDomainSetVcpusFlags API to support
	VIR_DOMAIN_AFFECT_CURRENT flag.

	Now because most APIs accept VIR_DOMAIN_AFFECT_CURRENT flags,
	virDomainSetVcpusFlags API should also do.

2011-07-15  Daniel P. Berrange  

	Add domain events support to UML driver
	* src/uml_conf.h: Add queue for dispatch of domain events
	* src/uml_driver.c: Trigger domain events upon important lifecycle transitions

2011-07-15  Eric Blake  

	docs: mention EMOTIVE as a libvirt-using app
	* docs/apps.html.in: Add EMOTIVE.
	Reported by Alex Vaqué Brull .

2011-07-15  Eric Blake  

	virnetsocket: use new API for uniform child cleanup
	Rather than trying to clean up the ssh child ourselves, and risk
	subtle differences from the socket creation error path, we can
	just use the new APIs.

	* src/rpc/virnetsocket.c (virNetSocketFree): Use new function.

2011-07-15  Eric Blake  

	fdstream: avoid child process leak on error
	By requesting the pid in virCommandRunAsync, fdstream was claiming
	that it would manually wait for the process.  But on the failure
	path, the child process was being leaked.

	* src/fdstream.c (virFDStreamOpenFileInternal): Auto-reap child.

2011-07-15  Eric Blake  

	command: introduce virPidWait, virPidAbort
	When using virCommandRunAsync and saving the pid for later, it
	is useful to be able to reap that pid in the same way that it
	would have been auto-reaped by virCommand if we had passed
	NULL for the pid argument in the first place.

	* src/util/command.c (virPidWait, virPidAbort): New functions,
	created from...
	(virCommandWait, virCommandAbort): ...bodies of these.
	(includes): Drop duplicate .  Ensure that our pid_t
	assumptions hold.
	(virCommandRunAsync): Improve documentation.
	* src/util/command.h (virPidWait, virPidAbort): New prototypes.
	* src/libvirt_private.syms: Export them.
	* docs/internals/command.html.in: Document them.

2011-07-15  Jamie Strandboge  

	update apparmor security driver for new udev paths
	In the Ubuntu development release we recently got a new udev that
	moves /var/run to /run, /var/lock to /run/lock and /dev/shm to /run/shm.
	This change in udev requires updating the apparmor security driver in
	libvirt[1].

	Attached is a patch that:
	 * adjusts src/security/virt-aa-helper.c to allow both
	LOCALSTATEDIR/run/libvirt/**/%s.pid and /run/libvirt/**/%s.pid. While
	the profile is not as precise, LOCALSTATEDIR/run/ is typically a symlink
	to /run/ anyway, so there is no additional access (remember that
	apparmor resolves symlinks, which is why this is still required even
	if /var/run points to /run).
	 * adjusts example/apparmor/libvirt-qemu paths for /dev/shm

	[1]https://launchpad.net/bugs/810270

	--
	Jamie Strandboge             | http://www.canonical.com

2011-07-14  Matthias Bolte  

	xenapi: Improve error reporting in xenapiOpen
	Use better suited error code and avoid NULL in error messsage
	as *privP->session->error_description can be NULL.

2011-07-14  Eric Blake  

	build: fix VPATH build of todo
	Without this patch, the make rule in a VPATH build was trying to
	invoke ../../docs/../../docs/todo.pl, which didn't exist.

	* docs/Makefile.am (todo.html.in): Using $< already implies
	$(srcdir) in GNU make VPATH situations.

2011-07-14  Eric Blake  

	build: check for virnetprotocol on-the-wire stability
	Similar to the recent qemu_protocol-structs addition.

	* src/virnetprotocol-structs: New file.
	* src/Makefile.am (%_protocol-structs): Factor body...
	(PDWTAGS): ...into new helper macro.
	(virnetprotocol-structs): New rule.
	(PROTOCOL_STRUCTS): Add virnetprotocol-structs.

2011-07-14  Wen Congyang  

	build: disable some drivers when building without libvirt daemon
	We disable some drivers when building without libvirtd in configure,
	but we do not do the same thing in libvirt.spec. It may break rpm
	building without libvirtd.

2011-07-14  Michal Privoznik  

	storage: Avoid memory leak on metadata fetching
	Getting metadata on storage allocates a memory (path) which need to
	be freed after use otherwise it gets leaked. This means after use of
	virStorageFileGetMetadataFromFD or virStorageFileGetMetadata one
	must call virStorageFileFreeMetadata to free it. This function frees
	structure internals and structure itself.

2011-07-14  Jiri Denemark  

	qemu: Don't overwrite errors by closefd in error paths
	When qemuMonitorCloseFileHandle is called in error path, we need to
	preserve the original error since a possible further error when running
	closefd monitor command is not very useful to users.

	qemu: Save domain status ASAP after creating qemu process
	When creating new qemu process we saved domain status XML only after the
	process was fully setup and running. In case libvirtd was killed before
	the whole process finished, once libvirtd started again it didn't know
	anything about the new process and we end up with an orphaned qemu
	process. Let's save the domain status XML as soon as we know the PID so
	that libvirtd can kill the process on restart.

2011-07-14  Eric Blake  

	build: avoid ATTRIBUTE_UNUSED in headers
	The compiler might optimize based on our declaration that something
	is unused.  Putting that declaration in the header risks getting
	out of sync with the actual implementation, so it belongs better
	only in the .c files.  We were mostly compliant, and a new syntax
	check will help us in the future.

	* cfg.mk (sc_avoid_attribute_unused_in_header): New syntax check.
	* src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Delete
	attribute already present in .c file.
	* src/qemu/qemu_domain.h (qemuDomainEventFlush): Likewise.
	* src/util/virterror_internal.h (virReportErrorHelper): Parameters
	are actually used by .c file.
	* src/xenxs/xen_sxpr.h (xenFormatSxprDisk): Adjust prototype.
	* src/xenxs/xen_sxpr.c (xenFormatSxprDisk): Delete unused argument.
	(xenFormatSxpr): Adjust caller.
	* src/xen/xend_internal.c (xenDaemonAttachDeviceFlags)
	(xenDaemonUpdateDeviceFlags): Likewise.
	Suggested by Daniel Veillard.

2011-07-14  Eric Blake  

	remote: prefer unsigned flags
	* src/remote/remote_driver.c (call, remoteOpenSecondaryDriver):
	Prefer unsigned flags.

2011-07-14  Eric Blake  

	conf: delete unused flags arguments
	For static functions not used as callbacks, there's no need to
	keep an unused parameter.

	* src/conf/domain_conf.c (virDomainChrDefParseTargetXML)
	(virDomainTimerDefParseXML, virDomainHostdevSubsysUsbDefParseXML)
	(virDomainVcpuPinDefParseXML): Drop unused parameter.
	(virDomainChrDefParseXML, virDomainDefParseXML)
	(virDomainHostdevDefParseXML): Update callers.
	(virDomainNetDefParseXML): Mark flags used.

2011-07-14  Supriya Kannery  

	virsh: Update virsh man page
	Valid loglevel range for virsh  is 0-4. Update virsh man page
	accordingly. Also explain virsh ENV variables and values.

2011-07-14  Jiri Denemark  

	virsh: fix previous patch
	The last patch breaks make check for two reasons. First, it reverses the
	condition but leaves default level unchanged, so instead of not printing
	anything but errors before the patch it now prints all debug messages by
	default. Second, you forgot to change -d5 option passed to virsh in
	tests/virsh-optparse to -d0; the script wants to see all debug messages.

2011-07-14  Supriya Kannery  

	virsh: Make "DEBUG" loglevel the superset
	Aligning loglevel values of virsh to that of libvirt.
	"DEBUG"=0 loglevel, when specified through commandline or
	env variable, should log all the messages. "ERROR=4"
	should log only error messages.

	virsh: Avoid using magic numbers for logging
	Replace magic numbers with loglevel variables.

2011-07-14  Jiri Denemark  

	util: Avoid duplicating virFileOpenAsNoFork in virFileOpenAs
	In 2f4d2496a88055a8343b3efca618522da8715d92 I didn't notice that one
	part of virFileOpenAs doesn't actually call to virFileOpenAsNoFork but
	rather includes a copy of the code from there.

2011-07-14  Eric Blake  

	build: don't hand-roll cloexec code
	No need to repeat common code.

	* bootstrap.conf (gnulib_modules): Import calloc-posix.
	* src/util/bridge.c (brInit): Use virSetCloseExec.
	(brSetInterfaceUp): Adjust flags name.
	* src/uml/uml_driver.c (umlSetCloseExec): Delete.
	(umlStartVMDaemon): Use util version instead.

2011-07-14  Eric Blake  

	conf: prefer unsigned flags
	* src/conf/cpu_conf.h (virCPUDefFormat, virCPUDefFormatBuf):
	Change flags type.
	* src/conf/cpu_conf.c (virCPUDefFormat, virCPUDefFormatBuf):
	Likewise.
	* src/conf/storage_conf.c (_virStoragePoolOptions): Likewise.
	* src/datatypes.h (_virConnect, _virStream): Likewise.

	python: prefer unsigned flags
	* python/libvirt-override.c (libvirt_virConnectOpenAuth)
	(libvirt_virDomainSnapshotListNames)
	(libvirt_virDomainRevertToSnapshot): Change flags type.

2011-07-14  Eric Blake  

	node_device: avoid implicit int
	'unsigned a' and 'unsigned int a' are synonyms, but we generally
	always spell out the 'int' in that case.  Fixing this will avoid
	a false positive in the next syntax-check commit.

	* src/conf/node_device_conf.h (pci_config_address)
	(_virNodeDevCapsDef): Prefer 'unsigned int' over 'unsigned'.

2011-07-14  Eric Blake  

	virsh, daemon: prefer unsigned flags
	* tools/virsh.c (vshCmdDef): Change flags type.
	* daemon/remote.c (remoteDispatchOpen): Likewise.

	xenapi: reject unknown flags
	* src/xenapi/xenapi_driver.c (xenapiOpen, xenapiDomainReboot):
	Reject unknown flags.
	(xenapiDomainGetXMLDesc): Likewise, and pass known flags through
	to XML generation.

	vmware: reject unknown flags
	* src/vmware/vmware_driver.c (vmwareOpen, vmwareDomainReboot)
	(vmwareDomainCreateXML, vmwareDomainCreateWithFlags): Reject
	unknown flags.

	vbox: reject unknown flags
	* src/vbox/vbox_driver.c (vboxOpenDummy): Reject unknown flags.
	* src/vbox/vbox_tmpl.c (vboxOpen, vboxDomainReboot)
	(vboxNetworkOpen, vboxNetworkGetXMLDesc, vboxStorageOpen)
	(vboxStorageVolCreateXML, vboxStorageVolDelete)
	(vboxStorageVolGetXMLDesc, vboxDomainScreenshot): Likewise.

	uml: reject unknown flags
	* src/uml/uml_driver.c (umlOpen, umlDomainGetXMLDesc)
	(umlDomainBlockPeek): Reject unknown flags.

	test: reject unknown flags
	* src/test/test_driver.c (testOpen, testDomainCoreDump)
	(testOpenNetwork, testNetworkGetXMLDesc, testOpenInterface)
	(testInterfaceChangeBegin, testInterfaceChangeCommit)
	(testInterfaceChangeRollback, testInterfaceGetXMLDesc)
	(testInterfaceDefineXML, testInterfaceCreate)
	(testInterfaceDestroy, testStorageOpen, testStoragePoolStart)
	(testStorageFindPoolSources, testStoragePoolCreate)
	(testStoragePoolDefine, testStoragePoolBuild)
	(testStoragePoolDelete, testStoragePoolRefresh)
	(testStoragePoolGetXMLDesc, testStorageVolumeCreateXML)
	(testStorageVolumeCreateXMLFrom, testStorageVolumeDelete)
	(testStorageVolumeGetXMLDesc, testDevMonOpen)
	(testNodeNumOfDevices, testNodeListDevices)
	(testNodeDeviceGetXMLDesc, testNodeDeviceCreateXML)
	(testSecretOpen, testNWFilterOpen): Reject unknown flags.

	qemu: reject unknown flags
	* src/qemu/qemu_driver.c (qemudOpen, qemuDomainScreenshot)
	(qemuDomainXMLFromNative, qemuDomainXMLToNative)
	(qemudDomainBlockPeek, qemuCPUCompare, qemuCPUBaseline): Reject
	unknown flags.
	* src/qemu/qemu_migration.c (qemuMigrationConfirm): Likewise.
	(_qemuMigrationCookie, qemuMigrationCookieXMLParse)
	(qemuMigrationCookieXMLParseStr, qemuMigrationBakeCookie)
	(qemuMigrationEatCookie): Make flags unsigned.
	* src/qemu/qemu_domain.h: (qemuDomainDefFormatXML)
	(qemuDomainFormatXML): Prefer unsigned flags.
	* src/qemu/qemu_domain.c (qemuDomainDefFormatXML)
	(qemuDomainFormatXML): Likewise.
	(qemuDomainOpenLogHelper, qemuDomainCreateLog): Rename variable.

	phyp: reject unknown flags
	* src/phyp/phyp_driver.c (phypOpen, phypDomainReboot)
	(phypVIOSDriverOpen): Reject unknown flags.

	openvz: reject unknown flags
	* src/openvz/openvz_driver.c (openvzDomainReboot, openvzOpen):
	Reject unknown flags.

	lxc: reject unknown flags
	* src/lxc/lxc_driver.c (lxcOpen, lxcDomainSetMemoryParameters)
	(lxcDomainGetMemoryParameters): Reject unknown flags.
	* src/lxc/lxc_container.c (lxcContainerStart): Rename flags to
	cflags to reflect that it is not tied to libvirt.

	libxl: reject unknown flags
	* src/libxl/libxl_driver.c (libxlOpen, libxlDomainReboot)
	(libxlDomainXMLFromNative, libxlDomainXMLToNative)
	(libxlDomainCreateWithFlags): Reject unknown flags.

2011-07-14  Nan Zhang  

	virsh: fix missing prompt message for 'snapshot-delete' command
	Make the command 'virsh snapshot-delete' has the appropriate prompt
	message when executing sucessful or failed.

2011-07-14  Peter Krempa  

	qemu: build failed due to unused variables
	While compiling on F15 build crashed (probably because of new GCC).

2011-07-13  Eric Blake  

	storage: reject unknown flags
	* src/storage/storage_backend.c (virStorageBackendCreateBlockFrom)
	(virStorageBackendCreateQemuImg)
	(virStorageBackendCreateQcowCreate): Reject unknown flags.
	* src/storage/storage_backend_disk.c (virStorageBackendDiskBuildPool)
	(virStorageBackendDiskDeleteVol): Likewise.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemNetFindPoolSources)
	(virStorageBackendFileSystemBuild)
	(virStorageBackendFileSystemDelete, createFileDir)
	(virStorageBackendFileSystemVolBuildFrom)
	(virStorageBackendFileSystemVolDelete): Likewise.
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIFindPoolSources): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalFindPoolSources)
	(virStorageBackendLogicalBuildPool)
	(virStorageBackendLogicalDeletePool)
	(virStorageBackendLogicalDeleteVol): Likewise.
	* src/storage/storage_driver.c (storageOpen, storagePoolCreate)
	(storagePoolDefine, storagePoolRefresh, storagePoolGetXMLDesc)
	(storageVolumeCreateXML, storageVolumeCreateXMLFrom)
	(storageVolumeGetXMLDesc): Likewise.

	node_device: reject unknown flags
	* src/node_device/node_device_driver.c (nodeNumOfDevices)
	(nodeListDevices, nodeDeviceGetXMLDesc, nodeDeviceCreateXML):
	Reject unknown flags.
	* src/node_device/node_device_hal.c (halNodeDrvOpen): Likewise.
	* src/node_device/node_device_udev.c (udevNodeDrvOpen): Likewise.

2011-07-13  Eric Blake  

	util: reject unknown flags, and prefer unsigned flags
	Silently ignored flags get in the way of new features that
	use those flags.  Also, an upcoming syntax check will favor
	unsigned flags.

	* src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Drop
	unused attribute.
	* src/interface/netcf_driver.c (interfaceOpenInterface)
	(interfaceDefineXML, interfaceCreate, interfaceDestroy): Reject
	unknown flags.
	* src/network/bridge_driver.c (networkOpenNetwork)
	(networkGetXMLDesc): Likewise.
	* src/nwfilter/nwfilter_driver.c (nwfilterOpen): Likewise.
	* src/secret/secret_driver.c (secretOpen, secretDefineXML)
	(secretGetXMLDesc, secretSetValue): Likewise.
	* src/util/logging.c (virLogDefineFilter, virLogDefineOutput)
	(virLogMessage): Likewise; also use unsigned flags.
	* src/util/logging.h (virLogDefineFilter, virLogDefineOutput)
	(virLogMessage): Change signature.
	* src/util/command.c (virExecWithHook): Likewise.

2011-07-13  Eric Blake  

	libvirt-qemu: use unsigned flags
	Like commit 1740c381, but for libvirt-qemu.

	* src/remote/qemu_protocol.x (qemu_monitor_command_args): Adjust
	type to match API.
	* src/qemu_protocol-structs: Update accordingly.

2011-07-13  Eric Blake  

	maint: print flags in hex during debug
	Continuation of commit 313ac7fd, and enforce things with a syntax
	check.

	Technically, virNetServerClientCalculateHandleMode is not printing
	a mode_t, but rather a collection of VIR_EVENT_HANDLE_* bits;
	however, these bits are < 8, so there is no different in the
	output, and that was the easiest way to silence the new syntax check.

	* cfg.mk (sc_flags_debug): New syntax check.
	(exclude_file_name_regexp--sc_flags_debug): Add exemptions.
	* src/fdstream.c (virFDStreamOpenFileInternal): Print flags in
	hex, mode_t in octal.
	* src/libvirt-qemu.c (virDomainQemuMonitorCommand)
	(virDomainQemuAttach): Likewise.
	* src/locking/lock_driver_nop.c (virLockManagerNopInit): Likewise.
	* src/locking/lock_driver_sanlock.c (virLockManagerSanlockInit):
	Likewise.
	* src/locking/lock_manager.c: Likewise.
	* src/qemu/qemu_migration.c: Likewise.
	* src/qemu/qemu_monitor.c: Likewise.
	* src/rpc/virnetserverclient.c
	(virNetServerClientCalculateHandleMode): Print mode with %o.

2011-07-13  Eric Blake  

	maint: exclude more files from syntax check
	* cfg.mk (VC_LIST_ALWAYS_EXCLUDE_REGEX): Exempt
	docs/api_extension/*.patch.
	(exclude_file_name_regexp--sc_prohibit_always_true_header_tests)
	(exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF)
	(exclude_file_name_regexp--sc_prohibit_fork_wrappers)
	(exclude_file_name_regexp--sc_trailing_blank): Simplify.
	(exclude_file_name_regexp--sc_prohibit_gettext_noop): Delete.
	(exclude_file_name_regexp--sc_prohibit_close)
	(exclude_file_name_regexp--sc_prohibit_nonreentrant)
	(exclude_file_name_regexp--sc_prohibit_sprintf): Tighten.

2011-07-13  Eric Blake  

	util: honor anchored names when searching for executables
	I got bit in a debugging session on an uninstalled libvirtd; the
	code tried to call out to the installed $LIBEXECDIR/libvirt_iohelper
	instead of my just-built version.  So I set a breakpoint and altered
	the binary name to be "./src/libvirt_iohelper", and it still failed
	because I don't have "." on my PATH.

	According to POSIX, execvp only searches PATH if the name does
	not contain a slash.  Since we are trying to mimic that behavior,
	an anchored name should be relative to the current working dir.

	This tightens existing behavior, but most callers already pass
	an absolute name or a name with no slashes, so it probably won't
	be noticeable.

	* src/util/util.c (virFindFileInPath): Anchored relative names do
	not invoke a PATH search.

2011-07-13  Daniel P. Berrange  

	Ensure signal handler propagates fatal signals to default handler
	When replacing the default SEGV/ABORT/BUS signal handlers you
	can't rely on the process being terminated after your custom
	handler runs. It is neccessary to manually restore the default
	handler and then re-raise the signal

	* src/rpc/virnetserver.c: Restore default handler and raise
	  signal

2011-07-13  Daniel P. Berrange  

	Remove unused virNetServerProgramErrorHander typedef
	* src/rpc/virnetserverprogram.h: Remove unused typedef for
	  virNetServerProgramErrorHander function callback
	* daemon/remote.h: Remove decl for non-existant variables

2011-07-13  Jiri Denemark  

	qemu: Fix monitor unlocking in some error paths
	When monitor is entered with qemuDomainObjEnterMonitorWithDriver, the
	correct method for leaving and unlocking the monitor is
	qemuDomainObjExitMonitorWithDriver.

2011-07-13  Jiri Denemark  

	qemu: Consolidate qemuMigrationPrepare{Direct,Tunnel}
	Most of the code in these two functions is supposed to be identical but
	currently it isn't (which is natural since the code is duplicated).
	Let's move common parts of these functions into qemuMigrationPrepareAny.

	This also fixes qemuMigrationPrepareTunnel which didn't store received
	lockState in the domain object.

2011-07-13  Jiri Denemark  

	qemu: Add support for job phase
	Asynchronous jobs may take long time to finish and may consist of
	several phases which we need to now about to help with recovery/rollback
	after libvirtd restarts.

	qemu: Recover from interrupted jobs
	Detect and react on situations when libvirtd was restarted or killed
	when a job was active.

	qemu: Save job type in domain status XML
	If libvirtd is restarted when a job is running, the new libvirtd process
	needs to know about that to be able to recover and rollback the
	operation.

2011-07-13  Jiri Denemark  

	qemu: Allow all query commands to be run during long jobs
	Query commands are safe to be called during long running jobs (such as
	migration). This patch makes them all work without the need to
	special-case every single one of them.

	The patch introduces new job.asyncCond condition and associated
	job.asyncJob which are dedicated to asynchronous (from qemu monitor
	point of view) jobs that can take arbitrarily long time to finish while
	qemu monitor is still usable for other commands.

	The existing job.active (and job.cond condition) is used all other
	synchronous jobs (including the commands run during async job).

	Locking schema is changed to use these two conditions. While asyncJob is
	active, only allowed set of synchronous jobs is allowed (the set can be
	different according to a particular asyncJob) so any method that
	communicates to qemu monitor needs to check if it is allowed to be
	executed during current asyncJob (if any). Once the check passes, the
	method needs to normally acquire job.cond to ensure no other command is
	running. Since domain object lock is released during that time, asyncJob
	could have been started in the meantime so the method needs to recheck
	the first condition. Then, normal jobs set job.active and asynchronous
	jobs set job.asyncJob and optionally change the list of allowed job
	groups.

	Since asynchronous jobs only set job.asyncJob, other allowed commands
	can still be run when domain object is unlocked (when communicating to
	remote libvirtd or sleeping). To protect its own internal synchronous
	commands, the asynchronous job needs to start a special nested job
	before entering qemu monitor. The nested job doesn't check asyncJob, it
	only acquires job.cond and sets job.active to block other jobs.

2011-07-13  Jiri Denemark  

	qemu: Consolidate {Enter,Exit}Monitor{,WithDriver}
	EnterMonitor and ExitMonitor methods are very similar to their
	*WithDriver variants; consolidate them into EnterMonitorInternal and
	ExitMonitorInternal to avoid (mainly future) code duplication.

	qemu: Consolidate BeginJob{,WithDriver} into a single method
	This avoids code duplication and also avoids relying on good luck that
	ignore_value(virDomainObjUnref(obj)) doesn't set errno.

	qemu: Separate job related data into a new object

2011-07-13  Eric Blake  

	maint: avoid incremental 'make syntax-check' failure
	Incrementally running 'make syntax-check' on a tree previously
	built after commit 62dee6f but before 44036460 fails sc_po_check
	(because the generated qemu_dispatch.h gained translatable strings).
	This is a followup to commit addaa537 for that scenario.

	* cfg.mk (sc_po_check): Add another prereq.
	($(srcdir)/daemon/qemu_dispatch.h): Add rule.

2011-07-13  Daniel P. Berrange  

	Skip bugs which are CLOSED in todo list
	* docs/todo.pl: Skip closed bugs

2011-07-13  Daniel P. Berrange  

	Add missing cleanup for transient guests in UML driver
	The UML inotify handler would kill off guests when certain
	conditions arise, but it forgot to remove transient guests
	from the list of domains

	* src/uml/uml_driver.c: Cleanup transient guests

2011-07-13  Daniel P. Berrange  

	Add auditing to the UML driver
	* src/uml/uml_driver.c: Add audit hooks

	Add auditing to the LXC driver
	* src/lxc/lxc_driver.c: Add auditing hooks

2011-07-13  Daniel P. Berrange  

	Add virtualization type in audit messages
	Since a host can run several different virtualization types at
	the same time, audit messages should allow domains to be identified.
	Add a 'virt={qemu,kvm,uml,lxc,...}' key to domain audit messages

	* src/conf/domain_audit.c: Identify virt type of guest

2011-07-13  Daniel P. Berrange  

	Add auditing of filesystems
	When passing through filesystems from the host to a guest, the
	host filesystem passed must be audited

	* src/conf/domain_audit.{c,h}: Add virDomainAuditFS

2011-07-13  Daniel P. Berrange  

	Move qemu_audit.h helpers into shared code
	The LXC and UML drivers can both make use of auditing. Move
	the qemu_audit.{c,h} files to src/conf/domain_audit.{c,h}

	* src/conf/domain_audit.c: Rename from src/qemu/qemu_audit.c
	* src/conf/domain_audit.h: Rename from src/qemu/qemu_audit.h
	* src/Makefile.am: Remove qemu_audit.{c,h}, add domain_audit.{c,h}
	* src/qemu/qemu_audit.h, src/qemu/qemu_cgroup.c,
	  src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
	  src/qemu/qemu_hotplug.c, src/qemu/qemu_migration.c,
	  src/qemu/qemu_process.c: Update for changed audit API names

2011-07-12  Matthias Bolte  

	esx: Initialize all instances of esxVMX_Data to zero
	To avoid using or freeing uninitialized memory or pointers.

	rpc: Fix compile error due to potentially unused parameter
	connectDBus is only used if HAVE_DBUS is set. Therefore mark
	it as potentially unused.

2011-07-12  Jim Fehlig  

	Fix build when using polkit0
	V2: Remove policy kit references from virNetServer and use DBus APIs
	    directly, if available.

2011-07-12  Daniel P. Berrange  

	Implement code to attach to external QEMU instances.
	Given a PID, the QEMU driver reads /proc/$PID/cmdline and
	/proc/$PID/environ to get the configuration. This is fed
	into the ARGV->XML convertor to build an XML configuration
	for the process.

	/proc/$PID/exe is resolved to identify the full command
	binary path

	After checking for name/uuid uniqueness, an attempt is
	made to connect to the monitor socket. If successful
	then 'info status' and 'info kvm' are issued to determine
	whether the CPUs are running and if KVM is enabled.

	* src/qemu/qemu_driver.c: Implement virDomainQemuAttach
	* src/qemu/qemu_process.h, src/qemu/qemu_process.c: Add
	  qemuProcessAttach to connect to the monitor of an
	  existing QEMU process

2011-07-12  Daniel P. Berrange  

	Add monitor API for checking whether KVM is enabled
	When attaching to an external QEMU process, it is neccessary
	to check if the process is using KVM or not. This can be done
	using a monitor command

	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  API for checking if KVM is enabled

2011-07-12  Daniel P. Berrange  

	Add a method for extracting QEMU argv from /proc
	To enable attaching to externally launched QEMU, we need
	to be able to reverse engineer a guest XML config based
	on the argv for a PID in /proc

	* src/qemu/qemu_command.c, src/qemu/qemu_command.h: Add
	  qemuParseCommandLinePid which extracts QEMU config from
	  argv in /proc, given a PID number

2011-07-12  Daniel P. Berrange  

	Change extract pidfile & monitor config from QEMU command line
	When converting QEMU argv into a virDomainDefPtr, also extract
	the pidfile, monitor character device config and the monitor
	mode.

	* src/qemu/qemu_command.c, src/qemu/qemu_command.h: Extract
	  pidfile & monitor config from QEMU argv
	* src/qemu/qemu_driver.c, tests/qemuargv2xmltest.c: Add extra
	  params when calling qemuParseCommandLineString

2011-07-12  Daniel P. Berrange  

	Keep pidfile path in qemuDomainObjPrivate struct
	Avoid re-formatting the pidfile path everytime we need it. Create
	it once when starting the guest, and preserve it until the guest
	is shutdown.

	* src/libvirt_private.syms, src/util/util.c,
	  src/util/util.h: Add virFileReadPidPath
	* src/qemu/qemu_domain.h: Add pidfile field
	* src/qemu/qemu_process.c: Store pidfile path in qemuDomainObjPrivate

2011-07-12  Daniel P. Berrange  

	Add a new 'virsh qemu-attach' command.
	This command allows libvirt to attach to an existing QEMU
	instance.

	 $ qemu-kvm -cdrom ~/demo.iso \
	     -monitor unix:/tmp/demo,server,nowait \
	     -name foo \
	     -uuid cece4f9f-dff0-575d-0e8e-01fe380f12ea  &
	 $ QEMUPID=$!
	 $ virsh qemu-attach $QEMUPID

2011-07-12  Daniel P. Berrange  

	Define remote wire protocol & impls for virDomainQemuAttach
	This tweaks the RPC generator to cope with some naming
	conventions used for the QEMU specific APIs

	* daemon/remote.c: Server side dispatcher
	* src/remote/remote_driver.c: Client side dispatcher
	* src/remote/qemu_protocol.x: Wire protocol definition
	* src/rpc/gendispatch.pl: Use '$structprefix' in method
	  names, fix QEMU flags and fix dispatcher method names

2011-07-12  Daniel P. Berrange  

	Define a QEMU specific API to attach to a running QEMU process
	Introduce a new API in libvirt-qemu.so

	 virDomainPtr virDomainQemuAttach(virConnectPtr domain,
	                                  unsigned long long pid,
	                                  unsigned int flags);

	This allows libvirtd to attach to an existing, externally
	launched QEMU process. This is useful for QEMU developers who
	prefer to launch QEMU themselves for debugging/devel reasons,
	but still want the benefit of libvirt based tools like
	virt-top, virt-viewer, etc

	* include/libvirt/libvirt-qemu.h: Define virDomainQemuAttach
	* src/driver.h, src/libvirt-qemu.c, src/libvirt_qemu.syms:
	  Driver glue for virDomainQemuAttach

2011-07-12  Alex Jia  

	qemu: update configuration file
	* src/qemu/qemu.conf: Add blkio controller into qemu.conf.

2011-07-12  Eric Blake  

	qemu: avoid fd leak on core dump failure
	* src/qemu/qemu_driver.c (doCoreDump): Guarantee fd is closed.

	maint: rename virtaudit to match file contents
	* src/util/virtaudit.[ch]: Rename...
	* src/util/viraudit.[ch]: ...to match virAudit* API.
	* src/Makefile.am (UTIL_SOURCES): Reflect rename.
	* daemon/libvirtd.c: Likewise.
	* po/POTFILES.in: Likewise.
	* src/libvirt_private.syms: Likewise.
	* src/qemu/qemu_audit.c: Likewise.

2011-07-12  Oskari Saarenmaa  

	remote/ssh: support for no_verify.
	Set StrictHostKeyChecking=no to auto-accept new ssh host keys if the
	no_verify extra parameter was specified.  This won't disable host key
	checking for already known hosts.  Includes a test and documentation.

2011-07-12  KAMEZAWA Hiroyuki  

	Fix virsh inject-nmi man page
	* tools/virsh.pod: move the description which was misplaced

2011-07-12  Michal Privoznik  

	domain_conf: Free temporary variable
	* src/conf/domain_conf.c: caller must free returned value of
	  virXPathString in useserial

2011-07-12  Osier Yang  

	esx: Fix a potential crash
	Initialize ptr data.datastorePathWithoutFileName as NULL, otherwise
	it might cause crash when trying to free it in cleanup.

2011-07-12  Eric Blake  

	build: also check qemu_protocol for on-the-wire stability
	Since we are going to add some libvirt-qemu.so entry points in
	0.9.4, we might as well start checking for RPC stability, just
	as for libvirt.so.

	* src/Makefile.am (PROTOCOL_STRUCTS): New variable.
	(remote_protocol-structs): Rename...
	(%_protocol-structs): ...and make more generic.
	* src/qemu_protocol-structs: New file.

2011-07-12  Eric Blake  

	build: avoid requiring -lm
	log2() is heavy when ffs() can do the same thing.  But ffs()
	requires gnulib support for mingw.

	This patch solves this linker error on Fedora 14.

	/usr/bin/ld: libvirt_lxc-domain_conf.o: undefined reference to symbol 'log2@@GLIBC_2.2.5'
	/usr/bin/ld: note: 'log2@@GLIBC_2.2.5' is defined in DSO /lib64/libm.so.6 so try adding it to the linker command line
	/lib64/libm.so.6: could not read symbols: Invalid operation
	collect2: ld returned 1 exit status

	* .gnulib: Update to latest, for ffs.
	* bootstrap.conf (gnulib_modules): Import ffs.
	* src/conf/domain_conf.c (virDomainDefParseXML): Use ffs instead
	of log2.
	Reported by Dave Allan.

2011-07-12  Jim Fehlig  

	Remove code no longer used after commit df0b57a9

2011-07-12  Matthias Bolte  

	Add domain type checking
	The drivers were accepting domain configs without checking if those
	were actually meant for them. For example the LXC driver happily
	accepts configs with type QEMU.

	Add a check for the expected domain types to the virDomainDefParse*
	functions.

2011-07-11  Alex Jia  

	remote: Fix memory leak
	Detected in valgrind run:

	==9184== 1 bytes in 1 blocks are definitely lost in loss record 1 of 19
	==9184==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==9184==    by 0x3073715F78: xdr_array (xdr_array.c:97)
	==9184==    by 0x4CF97C9: xdr_remote_domain_get_security_label_ret (remote_protocol.c:1696)
	==9184==    by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
	==9184==    by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
	==9184==    by 0x4CE3887: call (remote_driver.c:3933)
	==9184==    by 0x4CF71C6: remoteDomainGetSecurityLabel (remote_driver.c:1580)
	==9184==    by 0x4CCA480: virDomainGetSecurityLabel (libvirt.c:7340)
	==9184==    by 0x41993A: cmdDominfo (virsh.c:2414)
	==9184==    by 0x411E92: vshCommandRun (virsh.c:12730)
	==9184==    by 0x4211ED: main (virsh.c:14076)
	==9184==
	==9184== 2 bytes in 1 blocks are definitely lost in loss record 2 of 19
	==9184==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==9184==    by 0x3073715F78: xdr_array (xdr_array.c:97)
	==9184==    by 0x4CF974F: xdr_remote_node_get_security_model_ret (remote_protocol.c:1713)
	==9184==    by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
	==9184==    by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
	==9184==    by 0x4CE3887: call (remote_driver.c:3933)
	==9184==    by 0x4CF6F96: remoteNodeGetSecurityModel (remote_driver.c:1648)
	==9184==    by 0x4CBF799: virNodeGetSecurityModel (libvirt.c:7382)
	==9184==    by 0x4197D7: cmdDominfo (virsh.c:2394)
	==9184==    by 0x411E92: vshCommandRun (virsh.c:12730)
	==9184==    by 0x4211ED: main (virsh.c:14076)
	==9184==
	==9184== 8 bytes in 1 blocks are definitely lost in loss record 3 of 19
	==9184==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==9184==    by 0x3073715F78: xdr_array (xdr_array.c:97)
	==9184==    by 0x4CF9729: xdr_remote_node_get_security_model_ret (remote_protocol.c:1710)
	==9184==    by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
	==9184==    by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
	==9184==    by 0x4CE3887: call (remote_driver.c:3933)
	==9184==    by 0x4CF6F96: remoteNodeGetSecurityModel (remote_driver.c:1648)
	==9184==    by 0x4CBF799: virNodeGetSecurityModel (libvirt.c:7382)
	==9184==    by 0x4197D7: cmdDominfo (virsh.c:2394)
	==9184==    by 0x411E92: vshCommandRun (virsh.c:12730)
	==9184==    by 0x4211ED: main (virsh.c:14076)
	==9184==
	==9184== LEAK SUMMARY:
	==9184==    definitely lost: 11 bytes in 3 blocks

	* src/remote/remote_driver.c: Avoid leak on remoteDomainGetSecurityLabel
	  and remoteNodeGetSecurityModel.

2011-07-11  Eric Blake  

	tests: simplify formatting
	The shell version would output 40 extra spaces for a test with
	a multiple of 40 sub-tests, and the C version can use the same
	printf optimization for avoiding a loop over single space output
	as the shell version.

	* tests/testutils.c (virtTestMain): Avoid loop for alignment.
	* tests/test-lib.sh: Fix formatting when counter is multiple of 40.

2011-07-11  Jim Fehlig  

	Do not drop kernel cmdline for xen pv domains
	Kernel cmdline args can be passed to xen pv domains even when a
	bootloader is specified.  The current config-to-sxpr mapping
	ignores cmdline when bootloader is present.

	Since the xend sub-driver is used with many xen toolstack versions,
	this patch takes conservative approach of adding an else block to
	existing !def->os.bootloader, and only appends sxpr if def->os.cmdline
	is non-NULL.

	V2: Fix existing testcase broken by this patch and add new testcases

2011-07-11  Wen Congyang  

	kill vm if saving config failed in v3 protocol
	If virDomainSaveConfig() failed, we will return NULL to source,
	and the vm is still available to restart during confirm() step in
	v3 protocol. So we should kill it off in qemuMigrationFinish().

	In v2 protocol, we should not set vm to NULL, because we hold
	a reference of vm and should unrefernce it.

2011-07-11  Wen Congyang  

	RPC: fix argument's name

	fix typo error

2011-07-11  Michal Privoznik  

	bios: Add support for SGA
	This patch creates new  element which, at this time has only the
	attribute useserial='yes|no'. This attribute allow users to use
	Serial Graphics Adapter and see BIOS messages from the very first moment
	domain boots up. Therefore, users can choose boot medium, set PXE, etc.

2011-07-11  Daniel Veillard  

	Fix rpm build with sanlock and without QEmu
	The qemu-sanlock.conf file is not installed in this case

2011-07-09  Matthias Bolte  

	vbox: Fix logic in storage driver open function
	If the main driver is the vbox driver, then the open function
	has to return an error if the private data is invalid.

2011-07-09  Matthias Bolte  

	tests: Improve output of tests that decide to skip at runtime
	Don't print OK/FAIL for tests that decide to be skipped after
	calling virtTestMain. Delay printing of the indentation before
	the first test until we know that the test didn't decide to be
	skipped.

	Also make the reconnect test use VIRT_TEST_MAIN.

2011-07-09  Matthias Bolte  

	tests: Fix compressed test output padding logic
	The current logic tries to count from 1 to 40 and ignores paddings
	of 0 and 1 to 40. This doesn't work for counter + 1 mod 40 == 0
	like here for counter value 159

	TEST: virsh-all
	      ........................................ 40
	      ........................................ 80
	      ........................................ 120
	      ....................................... 159 OK
	PASS: virsh-all

	Also seq isn't portable. Therefore, calculate the correct padding
	length directly and use printf to output it at once.

2011-07-09  Matthias Bolte  

	tests: Use EXIT_AM_SKIP instead of 77 directly

2011-07-09  Matthias Bolte  

	rpc: Fix whitespace problem in generated code
	Add missing line break and fix indention level.

	Reported by Cole Robinson.

2011-07-09  Federico Simoncelli  

	sanlock: avoid lockspace setup when auto_disk_lease is off
	When auto_disk_lease is off we should avoid the automatic lockspace
	creation.

2011-07-09  Eric Blake  

	libvirtd: diagnose explicitly requested but missing conf file
	Fixes test regression introduced in commit 8e2e4780.

	* daemon/libvirtd.c (daemonConfigLoad): Add argument.
	(main): Update caller.

2011-07-08  Michael Santos  

	qemu: clean up OOM checks

2011-07-08  Daniel P. Berrange  

	Don't exit if the libvirtd config does not exist
	It is common for the $HOME/.libvirt/libvirtd.conf file to not
	exist. Treat this situation as non-fatal since we can carry
	on with our default settings just fine.

	* daemon/libvirtd.c: Treat ENOENT as non-fatal when loading
	  config

2011-07-08  Daniel P. Berrange  

	Fix sending of reply to final RPC message
	The dispatch for the CLOSE RPC call was invoking the method
	virNetServerClientClose(). This caused the client connection
	to be immediately terminated. This meant the reply to the
	final RPC message was never sent. Prior to the RPC rewrite
	we merely flagged the connection for closing, and actually
	closed it when the next RPC call dispatch had completed.

	* daemon/remote.c: Flag connection for a delayed close
	* daemon/stream.c: Update to use new API for closing
	  failed connection
	* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h:
	  Add support for a delayed connection close. Rename the
	  virNetServerClientMarkClose method to virNetServerClientImmediateClose
	  to clarify its semantics

2011-07-08  Daniel P. Berrange  

	Fix leak of remote driver if final 'CLOSE' RPC call fails
	When closing a remote connection we issue a (fairly pointless)
	'CLOSE' RPC call to the daemon. If this fails we skip all the
	cleanup of private data, but the virConnectPtr object still
	gets released as normal. This causes a memory leak. Since the
	CLOSE RPC call is pretty pointless, just carry on freeing the
	remote driver if it fails.

	* src/remote/remote_driver.c: Ignore failure to issue CLOSE
	  RPC call

2011-07-08  Daniel P. Berrange  

	Fix release of outgoing stream confirmation/abort message
	When sending back the final OK or ERROR message on completion
	of a stream, we were not decrementing the 'nrequests' tracker
	on the client. With the default requests limit of '5', this
	meant once a client had created 5 streams, they are unable to
	process any further RPC calls.  There was also a bug when
	handling an error from decoding a message length header, which
	meant a client connection would not immediately be closed.

	* src/rpc/virnetserverclient.c: Fix release of request after
	  stream completion & mark client for close on error

2011-07-08  Daniel P. Berrange  

	Fix leak of 'msg' object in client stream code
	In one exit path we forgot to free the virNetMessage object causing
	a large memory leak for streams which send a lot of data. Some other
	paths were calling VIR_FREE directly instead of virNetMessageFree
	although this was (currently) harmless.

	* src/rpc/virnetclientstream.c: Fix leak of msg object
	* src/rpc/virnetclientprogram.c: Call virNetMessageFree instead
	  of VIR_FREE

2011-07-08  Daniel P. Berrange  

	Fix potential crash in libvirtd with active streams
	If a client disconnects while it has a stream active, there is
	a race condition which could see libvirtd crash. This is because
	the client struct may be freed before the last stream event has
	triggered. This is trivially solved by holding an extra reference
	on the client for the stream callbak

	* daemon/stream.c: Acquire reference on client when adding the
	  stream callback

2011-07-08  Daniel P. Berrange  

	Fix mistaken order of server cert/key parameters in constructor
	The virNetTLSContextNew was being passed key/cert parameters in
	the wrong order. This wasn't immediately visible because if
	virNetTLSContextNewPath was used, a second bug reversed the order
	of those parameters again.

	Only if the paths were manually specified in /etc/libvirt/libvirtd.conf
	did the bug appear

	* src/rpc/virnettlscontext.c: Fix order of params passed to
	  virNetTLSContextNew

2011-07-08  Michal Privoznik  

	graphics: add support for action_if_connected in qemu
	This option accepts 3 values:
	-keep, to keep current client connected (Spice+VNC)
	-disconnect, to disconnect client (Spice)
	-fail, to fail setting password if there is a client connected (Spice)

2011-07-08  Jiri Denemark  

	util: Don't try to fchown files opened as non-root
	When virFileOpenAs is called with VIR_FILE_OPEN_AS_UID flag and uid/gid
	different from root/root while libvirtd is running as root, we fork a
	new child, change its effective UID/GID to uid/gid and run
	virFileOpenAsNoFork. It doesn't make any sense to fchown() the opened
	file in this case since we already know that uid/gid can access the file
	when open succeeds and one of the following situations may happen:

	- the file is already owned by uid/gid and we skip fchown even before
	  this patch
	- the file is owned by uid but not gid because it was created in a
	  directory with SETGID set, in which case it is desirable not to change
	  the group
	- the file may be owned by a completely different user and/or group
	  because it was created on a root-squashed or even all-squashed NFS
	  filesystem, in which case fchown would most likely fail anyway

2011-07-08  Michal Privoznik  

	qemu: Don't chown files on NFS share if dynamic_ownership is off
	When dynamic ownership is disabled we don't want to chown any files,
	not just local.

2011-07-08  John Williams  

	microblaze: Add architecture support
	Add libvirt support for MicroBlaze architecture as a QEMU target.  Based on mips/mipsel pattern.

2011-07-08  Jim Fehlig  

	Skip some xen tests if xend is not running
	Currently, the xen statstest and reconnect tests are only compiled
	if xend is running.  Compile them unconditionally if xen headers
	are present, but skip the tests at runtime if xend is not running.

	This is in response to Eric's suggestion here

	https://www.redhat.com/archives/libvir-list/2011-July/msg00367.html

2011-07-08  Eric Blake  

	util: drop unused safezero argument
	No caller was using the flags argument, and this function is internal
	only, so we might as well skip it.

	* src/util/util.h (safezero): Update signature.
	* src/util/util.c (safezero): Update function.
	* src/locking/lock_driver_sanlock.c
	(virLockManagerSanlockSetupLockspace)
	(virLockManagerSanlockCreateLease): Update all callers.
	* src/storage/storage_backend.c (createRawFile): Likewise.

2011-07-08  Eric Blake  

	conf: prefer unsigned int for flags
	* src/conf/domain_conf.c (virDomainGraphicsDefParseXML)
	(virDomainDeviceInfoFormat, virDomainDeviceInfoParseXML)
	(virDomainDiskDefParseXML, virDomainControllerDefParseXML)
	(virDomainFSDefParseXML, virDomainNetDefParseXML)
	(virDomainChrDefParseTargetXML, virDomainChrDefParseXML)
	(virDomainSmartcardDefParseXML, virDomainInputDefParseXML)
	(virDomainTimerDefParseXML, virDomainSoundDefParseXML)
	(virDomainWatchdogDefParseXML, virDomainMemballoonDefParseXML)
	(virDomainVideoDefParseXML)
	(virDomainHostdevSubsysUsbDefParseXML)
	(virDomainHostdevSubsysPciDefParseXML)
	(virDomainHostdevDefParseXML, virSecurityLabelDefParseXML)
	(virDomainVcpuPinDefParseXML, virDomainDefParseXML)
	(virDomainDefParse, virDomainDiskDefFormat)
	(virDomainControllerDefFormat, virDomainFSDefFormat)
	(virDomainNetDefFormat, virDomainChrSourceDefFormat)
	(virDomainChrDefFormat, virDomainSmartcardDefFormat)
	(virDomainSoundDefFormat, virDomainMemballoonDefFormat)
	(virDomainWatchdogDefFormat, virDomainVideoDefFormat)
	(virDomainInputDefFormat, virDomainGraphicsDefFormat)
	(virDomainHostdevDefFormat, virDomainObjFormat): Switch signature.
	(virDomainObjTaint, virDomainSaveStatus): Use unsigned flags.

2011-07-08  Eric Blake  

	drivers: prefer unsigned int for flags
	Now that the public APIs always use unsigned flags, the internal
	driver callbacks might as well do likewise.

	* src/driver.h (vrDrvOpen, virDrvDomainCoreDump)
	(virDrvDomainGetXMLDesc, virDrvNetworkGetXMLDesc)
	(virDrvNWFilterGetXMLDesc): Update type.
	* src/remote/remote_protocol.x (remote_open_args)
	(remote_domain_core_dump_args, remote_domain_get_xml_desc_args)
	(remote_network_get_xml_desc_args)
	(remote_nwfilter_get_xml_desc_args): Likewise.
	* src/test/test_driver.c: Update clients.
	* src/remote/remote_driver.c: Likewise.
	* src/xen/xen_hypervisor.c: Likewise.
	* src/xen/xen_hypervisor.h: Likewise.
	* src/xen/xen_driver.c: Likewise.
	* src/xen/xend_internal.c: Likewise.
	* src/xen/xend_internal.h: Likewise.
	* src/xen/xm_internal.c: Likewise.
	* src/xen/xm_internal.h: Likewise.
	* src/xen/xs_internal.c: Likewise.
	* src/xen/xs_internal.h: Likewise.
	* src/xen/xen_inotify.c: Likewise.
	* src/xen/xen_inotify.h: Likewise.
	* src/phyp/phyp_driver.c: Likewise.
	* src/openvz/openvz_driver.c: Likewise.
	* src/vmware/vmware_driver.c: Likewise.
	* src/vbox/vbox_driver.c: Likewise.
	* src/vbox/vbox_tmpl.c: Likewise.
	* src/xenapi/xenapi_driver.c: Likewise.
	* src/esx/esx_driver.c: Likewise.
	* src/esx/esx_interface_driver.c: Likewise.
	* src/esx/esx_network_driver.c: Likewise.
	* src/esx/esx_storage_driver.c: Likewise.
	* src/esx/esx_device_monitor.c: Likewise.
	* src/esx/esx_secret_driver.c: Likewise.
	* src/esx/esx_nwfilter_driver.c: Likewise.
	* src/interface/netcf_driver.c: Likewise.
	* src/nwfilter/nwfilter_driver.c: Likewise.
	* src/libxl/libxl_driver.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/lxc/lxc_driver.c: Likewise.
	* src/uml/uml_driver.c: Likewise.
	* src/network/bridge_driver.c: Likewise.
	* src/secret/secret_driver.c: Likewise.
	* src/storage/storage_driver.c: Likewise.
	* src/node_device/node_device_hal.c: Likewise.
	* src/node_device/node_device_udev.c: Likewise.
	* src/remote_protocol-structs: Likewise.

2011-07-08  Eric Blake  

	public API: prefer unsigned int for flags
	Most APIs use 'unsigned int flags'; but a few stragglers were using
	a signed value.  In particular, the vir*GetXMLDesc APIs were
	split-brain, with inconsistent choice of types.  Although it is
	an API break to use 'int' instead of 'unsigned int', it is ABI
	compatible (pre-compiled apps will have no difference in behavior),
	and generally apps can be recompiled without any issue (only rare
	apps that compiled with extremely high warning levels, or which
	pass libvirt API around as typed function pointers, would have to
	make any code changes to deal with the change).

	The migrate APIs use 'unsigned long flags', which can't be changed,
	due to ABI constraints.

	This patch intentionally touches only the public API, to prove the
	claim that most existing code (including driver callbacks and virsh)
	still compiles just fine in spite of the type change.

	* include/libvirt/libvirt.h.in (virConnectOpenAuth)
	(virDomainCoreDump, virDomainGetXMLDesc, virNetworkGetXMLDesc)
	(virNWFilterGetXMLDesc): Use unsigned int for flags.
	(virDomainHasCurrentSnapshot): Use consistent spelling.
	* src/libvirt.c (virConnectOpenAuth, virDomainCoreDump)
	(virDomainGetXMLDesc, virNetworkGetXMLDesc)
	(virNWFilterGetXMLDesc, do_open): Update accordingly.

2011-07-08  Eric Blake  

	maint: print flags in hex during debug
	Debugging decimal flags is a pain.

	* src/libvirt.c: Always print flags in hex.

2011-07-08  Eric Blake  

	virsh: make destroy sound less scary
	Destroy has a rather negative English connotation.  Try to reduce
	the impact, so newbies aren't as scared to use it.

	* tools/virsh.c: Tweak all destroy documentation.
	* tools/virsh.pod: Likewise.

2011-07-08  Eric Blake  

	build: use gnulib pthread_sigmask
	Gnulib finally learned how to do pthread_sigmask on mingw.

	* .gnulib: Update to latest, for pthread_sigmask.
	* bootstrap.conf (gnulib_modules): Add pthread_sigmask.
	* configure.ac (AC_CHECK_FUNCS): Drop redundant check.
	* src/rpc/virnetclient.c (virNetClientSetTLSSession)
	(virNetClientIOEventLoop): Make code unconditional.
	* src/util/command.c (virFork): Likewise.
	* tools/virsh.c (doMigrate, cmdMigrate): Likewise.

2011-07-08  Eric Blake  

	build: fix virBufferVasprintf on mingw
	Gnulib documents that mingw vsnprintf is broken (it returns -1
	on out-of-space, instead of the count of what would have been
	printed); but while we were using the snprintf wrapper, we had
	not yet been using the vsnprintf wrapper.

	Meanwhile, mingw (but not mingw64) has a replacement snprintf
	that fixes return values, but still lacks %1$s support; so in
	that case, gnulib didn't replace snprintf, but libintl then
	went ahead and installed a version that supported %1$s but not
	return values.  Gnulib has since been fixed to guarantee that
	the snprintf module will always guarantee the constraints needed
	by libintl.

	Also, we want to guarantee that strdup sets errno on failure.

	* .gnulib: Update to latest, for vsnprintf fix.
	* bootstrap.conf (gnulib_modules): Add vsnprintf, strdup-posix.
	Reported by Matthias Bolte.

2011-07-08  Jim Fehlig  

	Fix compilation of statstest.c during make check

2011-07-07  Matthias Bolte  

	python: Fix bogus label placement

2011-07-07  Laine Stump  

	util: close the ioctl socket at the end of if(Get|Set)MacAddress
	Otherwise this will leak an fd each time one of these functions is
	called.

	util: rename err_exit to cleanup in interface.c
	This brings it in line with the recommendations in HACKING.

2011-07-07  Minoru Usui  

	sysinfo: delete unnecessary white space of sysinfo.
	  * Trim each element and delete null entry of sysinfo by
	  virSkipSpacesBackwards().

2011-07-07  Eric Blake  

	util: add virTrimSpaces
	The next patch wants to adjust an end pointer to trim trailing
	spaces but without modifying the underlying string, but a more
	generally useful ability to trim trailing spaces in place is
	also worth providing.

	* src/util/util.h (virTrimSpaces, virSkipSpacesBackwards): New
	prototypes.
	* src/util/util.c (virTrimSpaces, virSkipSpacesBackwards): New
	functions.
	* src/libvirt_private.syms (util.h): Export new functions.
	Inspired by a patch by Minoru Usui.

2011-07-07  Eric Blake  

	util: fix virSkipSpaces
	Most clients of virSkipSpaces don't want to omit backslashes.
	Also, open-coding the list of spaces is not as nice as using
	c_isspace.

	* src/util/util.c (virSkipSpaces): Use c_isspace.
	(virSkipSpacesAndBackslash): New function.
	* src/util/util.h (virSkipSpacesAndBackslash): New prototype.
	* src/xen/xend_internal.c (sexpr_to_xend_topology): Update caller.
	* src/libvirt_private.syms (util.h): Export new function.

2011-07-07  Eric Blake  

	docs: minor whitespace cleanups
	No change in wording.  One spacing change in a 
    , noticed because
	of odd XML formatting online; the rest is in free-flowing text to
	make it easier to see nesting levels in the document.

	* docs/formatdomain.html.in: Adjust spacing.  Break long lines.

2011-07-06  Matthias Bolte  

	Reduce code duplication in virFileMakePath(Helper)
	Move stat and mkdir to virFileMakePathHelper.

	Also use the stat result to detect whether the existing path
	is a directory and set errno accordingly if it's not.

2011-07-06  Matthias Bolte  

	apparmor: Finish incomplete renaming of relabel to norelabel
	Commit 693eac388f1759d was incomplete here.

2011-07-06  Daniel P. Berrange  

	Fix default value of security label 'relabel' attribute
	When no  is present in the XML, the virDomainSeclabelDef
	struct is left as all zeros. Unfortunately, this means it gets setup
	as type=dynamic, with relabel=no, which is an illegal combination.

	Change the 'bool relabel' attribute in virDomainSeclabelDef to
	the inverse 'bool norelabel' so that the default initialization
	is sensible

	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/security/security_apparmor.c, src/security/security_selinux.c:
	  Replace 'relabel' with 'norelabel'

2011-07-06  Matthias Bolte  

	Fix return value semantic of virFileMakePath
	Some callers expected virFileMakePath to set errno, some expected
	it to return an errno value. Unify this to return 0 on success and
	-1 on error. Set errno to report detailed error information.

	Also optimize virFileMakePath if stat fails with an errno different
	from ENOENT.

2011-07-06  Matthias Bolte  

	nodedev: Let check_fc_host_linux report errors to the caller

2011-07-06  Jean-Baptiste Rouault  

	Fix compilation error when SASL support is disabled
	This patch adds #if HAVE_SASL where needed in libvirtd.h

2011-07-06  Guannan Ren  

	pci: initialize state values on reattach
	add a new API pciDeviceReAttachInit() in pci.c to initialize state values for nodedev reattach

	Initialize three state value of device driver to 1. This is just for a new call to
	qemudNodeDeviceReAttach()

2011-07-06  Laine Stump  

	xml: create an RNG file for common types and move some definitions there
	domain.rng, network.rng, and interface.rng already use a few of the
	same types (or in some cases *should* but don't), and an upcoming code
	change will have them sharing even more. To prepare for that, this
	patch takes those common data type definitions and moves them into
	basictypes.rng.

	This may break some rule about the need to RNG files to be autonomous
	or something, but I saw that storageencryption.rng is used in this
	way, so I figured it must not be completely against the law...

2011-07-06  Laine Stump  

	docs: sort the file list in the schemas Makefile

	qemu: check flags in qemuDomainGetXMLDesc
	Although most functions with flags check to verify no application is
	passing in flag bits that are currently undefined, for some reason
	this function wasn't.

2011-07-06  Laine Stump  

	conf: fix domain parse flags
	* Change all flags args from int to unsigned int

	* Allow passing flags in virDomainObjParseFile (and propogate those
	  flags all the way down the call chain). Previously the flags were
	  hardcoded (to VIR_DOMAIN_XML_INTERNAL_STATUS) several layers down
	  the chain. Pass that value in at the one place that is currently
	  calling virDomainObjParseFile.

2011-07-05  Matthias Bolte  

	tests: Disable networkxml2argvtest when configured without network
	Reported by Ruben Kerkhof.

	qemu: Fix virFileMakePath error handling in snapshot creation
	virFileMakePath returns an errno value on error, that will never
	be negative. An virFileMakePath error would have been ignored here,
	instead of being reported correctly.

2011-07-05  Matthias Bolte  

	conf: Fix declaration of virNetworkDNS(Hosts)Def struct
	The struct A {} A; construct triggers a linker error on OSX about
	duplicate symbols. This also differs from the common struct style.

	Switch to common style to fix this.

	Reported by Justin Clift.

2011-07-04  Daniel P. Berrange  

	Add documentation for the seclabel XML element
	The domain XML documentation is missing information about the
	 element used by security drivers

	* formatdomain.html.in: Document 

2011-07-04  Daniel P. Berrange  

	Allow for resource relabelling with static labels
	Add a new attribute to the  XML to allow resource
	relabelling to be enabled with static label usage.

	  
	    
	  

	* docs/schemas/domain.rng: Add relabel attribute
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Parse
	  the 'relabel' attribute
	* src/qemu/qemu_process.c: Unconditionally clear out the
	  'imagelabel' attribute
	* src/security/security_apparmor.c: Skip based on 'relabel'
	  attribute instead of label type
	* src/security/security_selinux.c: Skip based on 'relabel'
	  attribute instead of label type and fill in 
	  attribute if relabel is enabled.

2011-07-04  Daniel P. Berrange  

	Allow a base label to be specified in dynamic labelling mode
	Normally the dynamic labelling mode will always use a base
	label of 'svirt_t' for VMs. Introduce a  field
	in the  XML to allow this base label to be changed

	eg

	   
	     system_u:object_r:virt_t:s0
	   

	* docs/schemas/domain.rng: Add 
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing
	  of base label
	* src/qemu/qemu_process.c: Don't reset 'model' attribute if
	  a base label is specified
	* src/security/security_apparmor.c: Refuse to support base label
	* src/security/security_selinux.c: Use 'baselabel' when generating
	  label, if available

2011-07-04  Osier Yang  

	storage: Do not override the exact error of createRawFile
	virStorageBackendCreateRaw: createRawFile already reported the
	exact error.

	Before the fix:

	error: Failed to create vol vol-create.img
	error: cannot create path '/var/lib/libvirt/images/vol-create.img': Unknown error 18446744073709551597

	After the fix:

	error: Failed to create vol vol-create.img
	error: cannot fill file '/var/lib/libvirt/images/vol-create.img': No space left on device

2011-07-04  Daniel Veillard  

	Release of libvirt-0.9.3
	* configure.ac docs/news.html.in libvirt.spec.in: update for the
	  new release
	* po/*.po*: updated and regenerated localizations

2011-07-04  Wen Congyang  

	initialize pointer to NULL
	cmd is not initialized to NULL, but we try to freed it if we
	meet some error.

2011-07-04  Eric Blake  

	storage: avoid crash on parse error
	Coverity detected that we could crash on bogus input.  Meanwhile,
	strtok_r is rather heavy compared to strchr.

	* src/storage/storage_backend_iscsi.c (virStorageBackendIQNFound):
	  Check for parse failure, and use lighter-weight functions.

2011-07-04  Eric Blake  

	vmware: avoid null deref on failed lookup
	* src/vmware/vmware_driver.c (vmwareDomainReboot): Check error
	  before dereferencing memory.

2011-07-04  Eric Blake  

	qemu: avoid null deref on low memory
	Detected by Coverity.  qemuDomainEventQueue requires a non-NULL
	pointer; most callers silently drop the event if we encountered
	and OOM situation trying to create the event.

	* src/qemu/qemu_migration.c (qemuMigrationFinish): Check for OOM.

2011-07-04  Eric Blake  

	cgroup: silence coverity warning
	Coverity noted that most clients reacted to failure to hash; but in
	a best-effort kill loop, we can ignore failure.

	* src/util/cgroup.c (virCgroupKillInternal): Ignore hash failure.

2011-07-04  Eric Blake  

	rpc: silence coverity warning
	Coverity noted that 4 out of 5 calls to virNetClientStreamRaiseError
	checked the return value.  This case expects a particular value, so
	warn if our expectations went wrong due to some bug elsewhere.

	* src/rpc/virnetclient.c (virNetClientCallDispatchStream): Warn on
	  unexpected scenario.

2011-07-04  Eric Blake  

	qemu: silence coverity warnings
	Coverity warns if the majority of callers check a function for
	errors, but a few don't; but in qemu_audit and qemu_domain, the
	choice to not check for failures was safe.  In qemu_command, the
	failure to generate a uuid can only occur on a bad pointer.

	* src/qemu/qemu_audit.c (qemuAuditCgroup): Ignore failure to get
	  cgroup controller.
	* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitor)
	  (qemuDomainObjEnterMonitorWithDriver): Ignore failure to get
	  timestamp.
	* src/qemu/qemu_command.c (qemuParseCommandLine): Check for error.

2011-07-04  Eric Blake  

	rpc: avoid memory leak on error
	Detected by Coverity.  The leak is on an error path, but I'm not
	sure whether that path is likely to be triggered in practice.

	* src/rpc/virnetserverservice.c (virNetServerServiceAccept): Plug leak.

2011-07-04  Eric Blake  

	rpc: fix logic bug
	Spotted by Coverity.  If we don't update tmp each time through
	the loop, then if the filter being removed was not the head of
	the list, we accidentally lose all filters prior to the one we
	wanted to remove.

	* src/rpc/virnetserverclient.c (virNetServerClientRemoveFilter):
	    Don't lose unrelated filters.

2011-07-02  Eric Blake  

	pci: avoid memory leak on error
	Detected by Coverity.  Some, but not all, error paths were clean;
	but they were repetitive so I refactored them.

	* src/util/pci.c (pciGetDevice): Plug leak.

2011-07-02  Eric Blake  

	interface: avoid memory leak on parse error
	Detected by Coverity.  Unlikely to hit unless the file contents
	were corrupted.

	* src/util/interface.c (ifaceRestoreMacAddress): Plug leak.

2011-07-02  Eric Blake  

	libvirtd: avoid memory leak on OOM
	Detected by Coverity; only strikes on OOM so not serious.

	* daemon/libvirtd.c (daemonPidFilePath): Plug leak.

2011-07-02  Eric Blake  

	build: avoid 'make syntax-check' failure
	* tests/utiltest.c (DO_TEST): Fix indentation for cppi.

2011-07-02  Matthias Bolte  

	tests: Add a general util test
	Move non-esx specific tests from esxutilstest there and add a
	test for virParseVersionString.

2011-07-02  Eric Blake  

	util: choose whether to require micro in version strings
	To avoid regressions, we let callers specify whether to require a
	minor and micro version.  Callers that were parsing uname() output
	benefit from defaulting to 0, whereas callers that were parsing
	version strings from other sources should not change in behavior.

	* src/util/util.c (virParseVersionString): Allow caller to choose
	whether to fail if minor or micro is missing.
	* src/util/util.h (virParseVersionString): Update signature.
	* src/esx/esx_driver.c (esxGetVersion): Update callers.
	* src/lxc/lxc_driver.c (lxcVersion): Likewise.
	* src/openvz/openvz_conf.c (openvzExtractVersionInfo): Likewise.
	* src/uml/uml_driver.c (umlGetVersion): Likewise.
	* src/vbox/vbox_MSCOMGlue.c (vboxLookupVersionInRegistry):
	Likewise.
	* src/vbox/vbox_tmpl.c (vboxExtractVersion): Likewise.
	* src/vmware/vmware_conf.c (vmwareExtractVersion): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiGetVersion): Likewise.
	Reported by Matthias Bolte.

2011-07-02  Eric Blake  

	build: consistently use CFLAGS
	According to the automake manual, CPPFLAGS (aka INCLUDES, as spelled
	in automake 1.9.6) should only include -I, -D, and -U directives; more
	generic directives like -Wall belong in CFLAGS since they affect more
	phases of the build process.  Therefore, we should be sticking CFLAGS
	additions into a CFLAGS container, not a CPPFLAGS container.

	* src/Makefile.am (libvirt_driver_vmware_la_CFLAGS): Use AM_CFLAGS.
	(INCLUDES): Move CFLAGS items...
	(AM_CFLAGS): ...to their proper location.
	* python/Makefile.am (INCLUDES, AM_CFLAGS): Likewise.
	* tests/Makefile.am (INCLUDES, AM_CFLAGS): Likewise.
	(commandtest_CFLAGS, commandhelper_CFLAGS)
	(virnetmessagetest_CFLAGS, virnetsockettest_CFLAGS): Use AM_CFLAGS.

2011-07-01  Daniel Veillard  

	Explicitely invoke python for API doc generator
	This fixes the problem of not finding python in /usr/bin
	which broke build on FreeBSD

2011-07-01  Scott Moser  

	fix virParseVersionString with linux 3.0
	linux 3.0 has no micro version number, and that is causing problems
	for virParseVersionString.  The patch below should allow for:
	  major
	  major.minor
	  major.minor.micro

	If major or minor are not present they just default to zero.
	We found this in Ubuntu (https://bugs.launchpad.net/bugs/802977)

2011-07-01  Eric Blake  

	build: remove dead variables
	Detected by Coverity.  No real harm in leaving these, but fixing
	them cuts down on the noise for future analysis.

	* src/rpc/virnetserver.c (virNetServerAddService): Delete unused
	entry.
	* src/util/sysinfo.c (virSysinfoRead): Delete dead assignment to
	base.

2011-07-01  Daniel P. Berrange  

	Remove bogus jsondata.h file reference which does not exist
	* tests/Makefile.am: Remove jsondata.h

2011-07-01  Eric Blake  

	build: simplify sanlock distribution
	EXTRA_DIST files should unconditionally be part of the tarball,
	rather than depending on the presence of sanlock-devel.

	Meanwhile, parallel builds could fail if we don't use mkdir -p.

	* src/Makefile.am (EXTRA_DIST): Always ship sanlock .aug and
	template .conf files.
	(%-sanlock.conf): Use MKDIR_P.

2011-07-01  Eric Blake  

	build: allow 'make syntax-check' on fresh checkout
	For good or for bad, I did a fresh checkout, ./autogen.sh, then
	'configure', then 'make syntax-check', and was surprised that it
	failed.  Running 'make' before 'make syntax-check' cleaned up the
	issue, but this patch makes it work up front.

	* cfg.mk (sc_po_check): Add prerequisites.

2011-07-01  Eric Blake  

	build: ignore generated file
	* .gitignore: Exempt jsontest binary.

2011-07-01  Daniel P. Berrange  

	Add conditionals to allow build without SASL
	* daemon/libvirtd.c, daemon/remote.c: Add #if HAVE_SASL and
	  suitable function stubs to allow build without SASL

2011-07-01  Eric Blake  

	build: avoid double-close bug with pipe2
	Based on Coverity's finding on the previous patch, I audited
	gnulib's pipe2 code and found that we had the potential for
	a subtle double-close bug, unless gnulib guarantees that the
	contents of the fd array are unchanged on pipe2() failure.

	* .gnulib: Update to latest, for pipe2 fix.

2011-07-01  Eric Blake  

	rpc: avoid freeing uninitialized variable
	Detected by Coverity.  Both are instances of bad things happening
	if pipe2 fails; the virNetClientNew failure could free garbage,
	and virNetSocketNewConnectCommand could close random fds.

	Note: POSIX doesn't guarantee the contents of fd[0] and fd[1]
	after pipe failure: http://austingroupbugs.net/view.php?id=467
	We may need to introduce a virPipe2 wrapper that guarantees
	that on pipe failure, the fds are explicitly set to -1, rather
	than our current state of assuming the fds are unchanged from
	their value prior to the failed pipe call.

	* src/rpc/virnetclient.c (virNetClientNew): Initialize variable.
	* src/rpc/virnetsocket.c (virNetSocketNewConnectCommand):
	Likewise.

2011-07-01  Eric Blake  

	virsh: avoid uninitialized variable
	Detected by Coverity; neither vshCmddefHelp nor vshCmdOptParse
	was initializing opts_required.

	* tools/virsh.c (vshCmddefOptParse): Always initialize bitmaps.

2011-07-01  Eric Blake  

	virsh: avoid integer overflow
	Detected by Coverity.  info.nrVirtCpu is unsigned short, but if
	cpumaplen is int, then the product of the two in vshMalloc risks
	unintended sign extension.  cmdVcpuinfo had already solved this
	by using size_t cpumaplen.

	* tools/virsh.c (cmdVcpuPin): Use correct type.

2011-07-01  Daniel P. Berrange  

	Fix stream procedure number for virDomainMigratePrepareTunnel3
	The virDomainMigratePrepareTunnel3 impl in the remote driver
	was using the procedure number for the virDomainMigratePrepareTunnel
	method. This doesn't work out so well, because it makes the server
	ignore & drop all stream packets

	* src/remote/remote_driver.c: Fix procedure for PrepareTunnel3

2011-07-01  Daniel P. Berrange  

	Send back an error if we get unexpected stream control message
	We ignore any stream data packets which come in for streams which
	are not registered, since these packets are async and do not have
	a reply. If we get a stream control packet though we must send back
	an actual error, otherwise a (broken) client may hang forever
	making it hard to diagnose the client bug.

	* src/rpc/virnetserverprogram.c: Send back error for unexpected
	  stream control messages

2011-07-01  Daniel P. Berrange  

	Fix release of virNetMessagePtr instances in streams processing
	If a message packet for a invalid stream is received it is just
	free'd. This is not good because it doesn't let the client RPC
	request counter decrement. If a stream is shutdown with pending
	packets the message also isn't released properly because of an
	incorrect header type

	* daemon/stream.c: Fix message header type
	* src/rpc/virnetserverprogram.c: Send dummy reply instead of
	  free'ing ignored stream message

2011-07-01  Daniel P. Berrange  

	Add missing include of signal.h in virnetsocket.c
	virNetSocketFree uses kill(SIGTERM) so we must include
	signal.h for the definitions

	* src/rpc/virnetsocket.c: Include signal.h

2011-07-01  Daniel P. Berrange  

	Add test case for parsing JSON docs
	While investigating some memory leaks it was unclear whether the
	JSON code correctly free'd all memory during parsing. Add a test
	case which can be run under valgrind to clearly demonstrate that
	the parser is leak free.

	* tests/Makefile.am: Add 'jsontest'
	* tests/jsontest.c: A few simple JSON parsing tests

2011-07-01  Daniel P. Berrange  

	Fix potential crash when saving guests
	The qemudDomainSaveFlag method will call EndJob on the 'vm'
	object it is passed in. This can result in the 'vm' object
	being free'd if the last reference is removed. Thus no caller
	of 'qemudDomainSaveFlag' must *ever* reference 'vm' again
	upon return.

	Unfortunately qemudDomainSave and qemuDomainManagedSave
	both call 'virDomainObjUnlock', which can result in a
	crash. This is non-deterministic since it involves a race
	with the monitor I/O thread.

	Fix this by making qemudDomainSaveFlag responsible for
	calling virDomainObjUnlock instead.

	* src/qemu/qemu_driver.c: Fix potential use after free
	  when saving guests

2011-07-01  Daniel P. Berrange  

	Fix uninitialized value in QEMU monitor FD sending code
	The 'char control[CMSG_SPACE(sizeof(int))];' was not being
	wiped, so could potentially contain uninitialized bytes.
	While this was harmless in this case, it caused complaints
	from valgrind

	* src/qemu/qemu_monitor.c: memset 'control' variable
	  in qemuMonitorIOWriteWithFD

2011-07-01  Daniel P. Berrange  

	Fix leak of JSON object for events
	The event handler functions do not free the virJSONValuePtr
	object. Every event received from a VM thus caused a memory
	leak

	* src/qemu/qemu_monitor_json.c: Fix leak of event object

2011-07-01  Daniel P. Berrange  

	Remove bogus warning message in JSON code
	* src/util/json.c: Remove warning message

2011-07-01  Daniel P. Berrange  

	Fix use of uninitialized memory when releasing PCI slots
	The 'function' field in the PCI address was not correctly
	initialized, so it was building the wrong address address
	string and so not removing all functions from the in use
	list.

	* src/qemu/qemu_command.c: Fix initialization of PCI function

2011-07-01  Daniel P. Berrange  

	Fix leak of virStreamPtr object with callback added in fdstream impl
	When adding a callback to an FD stream, we take an extra reference
	on the virStreamPtr instance. We forgot to registered a free function
	with the callback, so when the callback was removed, the extra
	reference held on virStreamPtr was not released.

	* src/fdstream.c: Use a free callback to release reference on
	  virStreamPtr when removing callback

2011-07-01  Daniel P. Berrange  

	Fix leak of mdnsGroupName in virNetServer object
	* src/rpc/virnetserver.c: Free mdnsGroupName

2011-07-01  Daniel P. Berrange  

	Fix release of filtered stream messages
	The stream code was reusing a stream message object before
	it was removed from the linked list of filtered messages.
	This caused any later queued messages to be completely lost.

	* daemon/stream.c: Delay reuse of stream message until
	  after it is removed from the queue

2011-07-01  Daniel P. Berrange  

	Ensure RPC message is cleared before being reused
	To save on memory reallocation, virNetMessage instances that
	have been transmitted, may be reused for a subsequent incoming
	message. We forgot to clear out the old data of the message
	fully, which caused later confusion upon read.

	* src/rpc/virnetserverclient.c: memset entire message before
	  reusing it

2011-07-01  Daniel P. Berrange  

	Fix hardcoded limit on client requests in RPC code
	The virNetServerClient object had a hardcoded limit of 10 requests
	per client. Extend constructor to allow it to be passed in as a
	configurable variable. Wire this up to the 'max_client_requests'
	config parameter in libvirtd

	* daemon/libvirtd.c: Pass max_client_requests into services
	* src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h: Pass
	  nrequests_client_max to clients
	* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h: Allow
	  configurable request limit

2011-06-30  Osier Yang  

	tests: Add valgrind.supp into EXTRA_DIST

	virsh: Fix a problem of buildPoolXML
	It doesn't generate "" and "" nodes for ""
	even if they are explicitly specified. This patch fixes it.

2011-06-30  Wen Congyang  

	lock qemu_driver early in qemuGetSchedulerParametersFlags()
	If we pass VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG to
	qemuGetSchedulerParametersFlags() or *nparams is less than 1,
	we will unlock qemu_driver without locking it. It's very dangerous.

	We should lock qemu_driver after calling virCheckFlags().

2011-06-30  Wen Congyang  

	save domain status after modifing vcpupin
	We should save domain status after modifing vcpupin. If not,
	we will get wrong vcpupin information after rebooting libvirtd.

2011-06-30  Wen Congyang  

	Fix memory leak in virDomainVcpuPinDel()
	virDomainVcpuPinDefFree() does not free def->cputune.vcpupin if nvcpupin
	is 0, and does not set def->cputune.vcpupin to NULL.

	If we set nvcpupin to 0 but do not free vcpupin, vcpupin will not be freed
	when vm->def is freed.

	Use VIR_FREE() instead of virDomainVcpuPinDefFree() to free the memory
	and set def->cputune.vcpupint to NULL.

2011-06-29  Eric Blake  

	build: avoid pod2man on tarball
	virt-sanlock-cleanup.8 has static contents (no dependency on
	configure), but is generated by pod2man (a perl dependency that
	maintainers must have, but which ordinary tarball users need
	not have).  Therefore, ensure that it is always part of the
	tarball, even though it is only conditionally installed.

	This is similar to commit 6db98a2d4b, but made simpler by the fact
	that the .8 page is static content.

	* tools/Makefile.am (EXTRA_DIST): Add virt-sanlock-cleanup.8.

2011-06-29  Minoru Usui  

	sysinfo: fix illegal NULL return
	If virSysinfoParse{BIOS,System,Processor,Memory}()
	can't find newline('\n'), these return NULL.
	This patch fixes this.

2011-06-29  Daniel P. Berrange  

	Ensure that EOF is dispatched to the stream callback
	When the remote client receives end of file on the stream
	it never invokes the stream callback. Applications relying
	on async event driven I/O will thus never see the EOF
	condition on the stream

	* src/rpc/virnetclient.c, src/rpc/virnetclientstream.c:
	  Ensure EOF is dispatched

2011-06-29  Daniel P. Berrange  

	Fix locking wrt virNetClientStreamPtr object
	The client stream object can be used independently of the
	virNetClientPtr object, so must have full locking of its
	own and not rely on any caller.

	* src/remote/remote_driver.c: Remove locking around stream
	  callback
	* src/rpc/virnetclientstream.c: Add locking to all APIs
	  and callbacks

2011-06-29  Daniel P. Berrange  

	Avoid referencing NULL pointer when copying stream error
	* src/rpc/virnetclientstream.c: Avoid referencing NULL

2011-06-29  Daniel P. Berrange  

	Avoid free'ing a filtered RPC message in the server
	When a filter steals an RPC message, that message must
	not be freed, except by the filter code itself

	* src/rpc/virnetserverclient.c: Don't free stolen RPC
	  messages

2011-06-29  Daniel P. Berrange  

	Improve two log messages in virNetMessage
	Improve log messages issued when encountering a bogus
	message length to include the actual length and the
	limit violated

	* src/rpc/virnetmessage.c: Improve log messages

2011-06-29  Daniel P. Berrange  

	Ensure empty payload is written upon stream completion
	On stream completion it is neccessary to send back a
	message with an empty payload. The message header was
	not being filled out correctly, since we were not writing
	any payload. Add a method for encoding an empty payload
	which updates the message headers correctly.

	* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h: Add
	  a virNetMessageEncodePayloadEmpty method
	* src/rpc/virnetserverprogram.c: Write empty payload on
	  stream completion

2011-06-29  Daniel P. Berrange  

	Lower logging level when failing to register socket watch
	The RPC client treats failure to register a socket watch
	as non-fatal, since we do not mandate that a libvirt client
	application provide an event loop implementation. It is
	thus inappropriate to a log a message at VIR_LOG_WARN

	* src/rpc/virnetsocket.c: Lower logging level

2011-06-29  Daniel P. Berrange  

	Fix propagation of RPC errors from streams
	If a streams error is raised, virNetClientIOEventLoop
	returns 0, but an error is set. Check for this and
	propagate it if present

	* src/rpc/virnetclient.c: Propagate streams error

2011-06-29  Daniel P. Berrange  

	Fix crash when aborting a stream from a I/O callback
	If a callback being invoked from a stream issues a virStreamAbort
	operation, the stream data will be free'd but the callback will
	then still try to use this. Delay free'ing of the stream data when
	a callback is dispatching

	* src/fdstream.c: Delay stream free when callback is active

2011-06-29  Michal Privoznik  

	screenshot: Set access rights to temporary file
	Although we create a temporary file, it is owned by root:root and have
	rights 0600. In case qemu does not run under root, it is unable to write
	to that file and thus we transfer 0B sized file.

2011-06-29  Matthias Bolte  

	dnsmasq: Fix errno handling and don't unlink non-existing files
	addnhostsSave and hostsfileSave expect < 0 return value on error from
	addnhostsWrite and hostsfileWrite but then pass err instead of -err
	to virReportSystemError that expects an errno value.

	Also addnhostsWrite returns -ENOMEM and errno, change this to -errno.

	addnhostsWrite and hostsfileWrite tried to unlink the tempfile after
	renaming it, making both fail on the final step. Remove the unnecessary
	unlink calls.

2011-06-29  Eric Blake  

	maint: improve makefile whitespace
	None of these instances cause any semantic differences, but
	consistency is nice.

	* src/Makefile.am: Replace leading spaces with tabs.

2011-06-29  Osier Yang  

	tests: Fix memory leak in virnetmessagetest
	Detected when playing with "make -C tests valgrind".

	conf: Fix memory leak in virNetworkDNSDefFormat

2011-06-29  Matthias Bolte  

	network: Don't ignore errors in dnsmasq config file creation

2011-06-29  Matthias Bolte  

	network: Fix dnsmasq hostsfile creation logic and related tests
	networkSaveDnsmasqHostsfile was added in 8fa9c2214247 (Apr 2010).
	It has a force flag. If the dnsmasq hostsfile already exists force
	needs to be true to overwrite it. networkBuildDnsmasqArgv sets force
	to false, networkDefine sets it to true. This results in the
	hostsfile being written only in networkDefine in the common case.
	If no error occurred networkSaveDnsmasqHostsfile returns true and
	networkBuildDnsmasqArgv adds the --dhcp-hostsfile to the dnsmasq
	command line.

	networkSaveDnsmasqHostsfile was changed in 89ae9849f744 (24 Jun 2011)
	to return a new dnsmasqContext instead of reusing one. This change broke
	the logic of the force flag as now networkSaveDnsmasqHostsfile returns
	NULL on error, but the early return -- if force was not set and the
	hostsfile exists -- returns 0. This turned the early return in an error
	case and networkBuildDnsmasqArgv didn't add the --dhcp-hostsfile option
	anymore if the hostsfile already exists. It did because networkDefine
	created the hostsfile already.

	Then 9d4e2845d498 fixed the return 0 case in networkSaveDnsmasqHostsfile
	but didn't apply the force option correctly to the new addnhosts file.
	Now force doesn't control an early return anymore, but influences the
	handling of the hostsfile context creation and dnsmasqSave is always
	called now. This commit also added test cases that reveal several
	problems. First, the tests now calls functions that try to write the
	dnsmasq config files to disk. If someone runs this tests as root this
	might overwrite actively used dnsmasq config files, this is a no-go. Also
	the tests depend on configure --localstatedir, this needs to be fixed as
	well, because it makes the tests fail when localstatedir is different
	from /var.

	This patch does several things to fix this:

	1) Move dnsmasqContext creation and saving out of networkBuildDnsmasqArgv
	to the caller to separate the command line generation from the config
	file writing. This makes the command line generation testable without the
	risk of interfering with system files, because the tests just don't call
	dnsmasqSave.

	2) This refactoring of networkSaveDnsmasqHostsfile makes the force flag
	useless as the saving happens somewhere else now. This fixes the wrong
	usage of the force flag in combination with then newly added addnhosts
	file by removing the force flag.

	3) Adapt the wrong test cases to the correct behavior, by adding the
	missing --dhcp-hostsfile option. Both affected tests contain DHCP host
	elements but missed the necessary --dhcp-hostsfile option.

	4) Rename networkSaveDnsmasqHostsfile to networkBuildDnsmasqHostsfile,
	because it doesn't save the dnsmasqContext anymore.

	5) Move all directory creations in dnsmasq context handling code from
	the *New functions to dnsmasqSave to avoid directory creations in system
	paths in the test cases.

	6) Now that networkBuildDnsmasqArgv doesn't create the dnsmasqContext
	anymore the test case can create one with the localstatedir that is
	expected by the tests instead of the configure --localstatedir given one.

2011-06-29  Matthias Bolte  

	Fix compilation with systemtap 1.3
	Version 1.3 of  uses this macro

	  #define STAP_CAST(t) (size_t)t

	that breaks like this if t is a function

	  remote.c:1775: error: cast from function call of type 'const char *'
	  to non-matching type 'long unsigned int' [-Wbad-function-cast]

	For that to work it should probably look like this

	  #define STAP_CAST(t) ((size_t)(t))

	In systemtap 1.4 this was completely rewritten.

	Anyway, before commit df0b57a95a767c t was always a variable, but now
	also a function is used here, namely virNetSASLSessionGetIdentity.

	Use an intermediate variable to avoid this problem.

2011-06-29  Eric Blake  

	build: fix mingw build
	./autobuild.sh died on several messages resembling:

	../../src/rpc/virnetsocket.c: In function 'virNetSocketNewListenTCP':
	../../src/rpc/virnetsocket.c:231:9: error: implicit declaration of function 'bind_used_without_requesting_gnulib_module_bind' [-Wimplicit-function-declaration]
	../../src/rpc/virnetsocket.c:231:9: error: nested extern declaration of 'bind_used_without_requesting_gnulib_module_bind' [-Wnested-externs]

	Basically, gnulib socket fds are not safe to pass to mingw socket
	functions unless we pull in those gnulib modules.

	* bootstrap.conf (gnulib_modules): Add modules to handle socket
	functions on mingw.

2011-06-29  Eric Blake  

	sysinfo: fix parsing regression
	Detected by gcc -O2, introduced in commit 532ce9c2.  If dmidecode
	outputs a field unrecognized by the parsers, then the code would
	dereference an uninitialized eol variable.

	* src/util/sysinfo.c (virSysinfoParseBIOS)
	(virSysinfoParseSystem, virSysinfoParseProcessor)
	(virSysinfoParseMemory): Avoid uninitialized variable.

2011-06-29  Eric Blake  

	build: update translated files
	The last patch was incomplete.  The translated strings merely
	moved between generated file names, rather than disappearing.

	* cfg.mk (generated_files): Update generated file names.
	* po/POTFILES.in: Add remote_dispatch.h

2011-06-29  Jiri Denemark  

	build: Don't expect translatable strings in a dead file
	daemon/remote_dispatch_bodies.h is no longer with us and shouldn't be
	searched for translatable strings.

	daemon: Fix build without polkit

2011-06-29  Eric Blake  

	remote: fix uninitialized variable
	Detected by gcc -O2:

	remote/remote_driver.c: In function 'doRemoteOpen':
	remote/remote_driver.c:2753:26: error: 'sasl' may be used uninitialized in this function [-Werror=uninitialized]

	* src/remote/remote_driver.c (remoteAuthSASL): Initialize sasl.

2011-06-29  Eric Blake  

	build: fix 'make check' when pdwtags is available
	Problem introduced in commit 6818cf86.

	* src/remote_protocol-structs: Delete unused struct.

2011-06-29  Eric Blake  

	build: sanlock-devel is not in F15 yet
	* libvirt.spec.in (with_sanlock): Only default on in rawhide.
	Reported by Gerhard Stenzel.

2011-06-29  Daniel P. Berrange  

	Add documentation for configuration lock managers
	Add a page which documents how to configure lock managers,
	focusing on use of sanlock with the QEMU/KVM driver

	* docs/locking.html.in: Docs about lock managers
	* docs/sitemap.html.in: Add lock manager config to
	  the deployment section

2011-06-29  Daniel P. Berrange  

	Support automatic creation of leases for disks in sanlock
	The current sanlock plugin requires a central management
	application to manually add  elements to each guest,
	to protect resources that are assigned to it (eg writable
	disks). This makes the sanlock plugin useless for usage
	in more ad hoc deployment environments where there is no
	central authority to associate disks with leases.

	This patch adds a mode where the sanlock plugin will
	automatically create leases for each assigned read-write
	disk, using a md5 checksum of the fully qualified disk
	path. This can work pretty well if guests are using
	stable disk paths for block devices eg /dev/disk/by-path/XXXX
	symlinks, or if all hosts have NFS volumes mounted in
	a consistent pattern.

	The plugin will create one lockspace for managing disks
	with filename /var/lib/libvirt/sanlock/__LIBVIRT__DISKS__.
	For each VM disks, there will be another file to hold
	a lease /var/lib/libvirt/sanlock/5903e5d25e087e60a20fe4566fab41fd
	Each VM disk lease is usually 1 MB in size. The script
	virt-sanlock-cleanup should be run periodically to remove
	unused lease files from the lockspace directory.

	To make use of this capability the admin will need to do
	several tasks:

	 - Mount an NFS volume (or other shared filesystem)
	   on /var/lib/libvirt/sanlock
	 - Configure 'host_id' in /etc/libvirt/qemu-sanlock.conf
	   with a unique value for each host with the same NFS
	   mount
	 - Toggle the 'auto_disk_leases' parameter in qemu-sanlock.conf

	Technically the first step can be skipped, in which case
	sanlock will only protect against 2 vms on the same host
	using the same disk (or the same VM being started twice
	due to error by libvirt).

	* src/locking/libvirt_sanlock.aug,
	  src/locking/sanlock.conf,
	  src/locking/test_libvirt_sanlock.aug: Add config params
	  for configuring auto lease setup
	* libvirt.spec.in: Add virt-sanlock-cleanup program, man
	  page
	* tools/virt-sanlock-cleanup.in: Script to purge unused
	  disk resource lease files

2011-06-29  Daniel P. Berrange  

	Support loading a configuration file for sanlock plugin
	Introduce a configuration file with a single parameter
	'require_lease_for_disks', which is used to decide whether
	it is allowed to start a guest which has read/write disks,
	but without any leases.

	* libvirt.spec.in: Add sanlock config file and augeas
	  lens
	* src/Makefile.am: Install sanlock config file and
	  augeas lens
	* src/locking/libvirt_sanlock.aug: Augeas master lens
	* src/locking/test_libvirt_sanlock.aug: Augeas test file
	* src/locking/sanlock.conf: Example sanlock config
	* src/locking/lock_driver_sanlock.c: Wire up loading
	  of configuration file

2011-06-29  Daniel P. Berrange  

	Allow per-driver config file for lock manager plugins
	Allow a 'configFile' parameter to be passed into the lock
	drivers to provide configuration. Wire up the QEMU driver
	to pass in file names '/etc/libvirt/qemu-$NAME.conf
	eg qemu-sanlock.conf

	* src/locking/lock_driver.h, src/locking/lock_driver_nop.c,
	  src/locking/lock_driver_sanlock.c, src/locking/lock_manager.c,
	  src/locking/lock_manager.h: Add configFile parameter
	* src/qemu/qemu_conf.c: Pass in configuration file path to
	  lock driver plugins

2011-06-29  Laine Stump  

	network: add domain to unqualified names defined with 
	If a domain name is defined for a network, add the --expand-hosts
	option to the dnsmasq commandline. This results in the domain being
	added to any hostname that is defined in a dns  element and
	contains no '.' characters (i.e. it is an "unqualified"
	hostname). Since PTR records are automatically created for any name
	defined in , the result of a PTR request will change from the
	unqualified name to the qualified name.

	This also has the same effect on any hostnames that dnsmasq reads
	from the host's /etc/hosts file.

	(In the case of guest hostnames that were learned by dnsmasq via DHCP
	requests, they were already getting the domain name added on, even
	without --expand-hosts).

2011-06-29  Daniel P. Berrange  

	Cleanup remote protocol definitions
	The standard remote protocol for libvirtd no longer needs to
	include definitions of the generic message header/error structs
	or status codes. This is all defined in the generic RPC protocol

	* src/remote/remote_protocol.x: Remove all RPC message definitions
	* src/remote/remote_protocol.h, src/remote/remote_protocol.c:
	  Re-generate
	* daemon/remote_generate_stubs.pl: Delete obsolete script

2011-06-29  Daniel P. Berrange  

	Remove obsolete libvirtd mdns code
	libvirtd now uses the generic RPC code for MDNS, so its
	custom mdns APIs are no longer required

	* daemon/mdns.c, daemon/mdns.h: Removed obsolete files

2011-06-29  Daniel P. Berrange  

	Convert libvirtd over to the new RPC handling APIs
	This guts the libvirtd daemon, removing all its networking and
	RPC handling code. Instead it calls out to the new virServerPtr
	APIs for all its RPC & networking work

	As a fallout all libvirtd daemon error reporting now takes place
	via the normal internal error reporting APIs. There is no need
	to call separate error reporting APIs in RPC code, nor should
	code use VIR_WARN/VIR_ERROR for reporting fatal problems anymore.

	* daemon/qemu_dispatch_*.h, daemon/remote_dispatch_*.h: Remove
	  old generated dispatcher code
	* daemon/qemu_dispatch.h, daemon/remote_dispatch.h: New dispatch
	  code
	* daemon/dispatch.c, daemon/dispatch.h: Remove obsoleted code
	* daemon/remote.c, daemon/remote.h: Rewrite for new dispatch
	  APIs
	* daemon/libvirtd.c, daemon/libvirtd.h: Remove all networking
	  code
	* daemon/stream.c, daemon/stream.h: Update for new APIs
	* daemon/Makefile.am: Link to libvirt-net-rpc-server.la

2011-06-29  Daniel P. Berrange  

	Convert the remote driver to new RPC client APIs
	This guts the current remote driver, removing all its networking
	handling code. Instead it calls out to the new virClientPtr and
	virClientProgramPtr APIs for all RPC & networking work.

	* src/Makefile.am: Link remote driver with generic RPC code
	* src/remote/remote_driver.c: Gut code, replacing with RPC
	  API calls
	* src/rpc/gendispatch.pl: Update for changes in the way
	  streams are handled

2011-06-29  Daniel P. Berrange  

	Add XDR_CFLAGS to libvirt-net-rpc.la library
	* src/Makefile.am: Add XDR_CFLAGS

2011-06-28  Daniel P. Berrange  

	Ensure sanlock socket is labelled with the VM process label
	The libvirt sanlock plugin is intentionally leaking a file
	descriptor to QEMU. To enable QEMU to use this FD under
	SELinux, it must be labelled correctly. We dont want to use
	the svirt_image_t for this, since QEMU must not be allowed
	to actually use the FD. So instead we label it with svirt_t
	using virSecurityManagerSetProcessFDLabel

	* src/locking/domain_lock.c, src/locking/domain_lock.h,
	  src/locking/lock_driver.h, src/locking/lock_driver_nop.c,
	  src/locking/lock_driver_sanlock.c, src/locking/lock_manager.c,
	  src/locking/lock_manager.h: Optionally pass an FD back to
	  the hypervisor for security driver labelling
	* src/qemu/qemu_process.c: label the lock manager plugin
	  FD with the process label

2011-06-28  Daniel P. Berrange  

	Add a virSecurityManagerSetProcessFDLabel
	Add a new security driver method for labelling an FD with
	the process label, rather than the image label

	* src/libvirt_private.syms, src/security/security_apparmor.c,
	  src/security/security_dac.c, src/security/security_driver.h,
	  src/security/security_manager.c, src/security/security_manager.h,
	  src/security/security_selinux.c, src/security/security_stack.c:
	  Add virSecurityManagerSetProcessFDLabel & impl

2011-06-28  Daniel P. Berrange  

	Rename virSecurityManagerSetFDLabel method
	The virSecurityManagerSetFDLabel method is used to label
	file descriptors associated with disk images. There will
	shortly be a need to label other file descriptors in a
	different way. So the current name is ambiguous. Rename
	the method to virSecurityManagerSetImageFDLabel to clarify
	its purpose

	* src/libvirt_private.syms,
	  src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
	  src/security/security_apparmor.c, src/security/security_dac.c,
	  src/security/security_driver.h, src/security/security_manager.c,
	  src/security/security_manager.h, src/security/security_selinux.c,
	  src/security/security_stack.c: s/FDLabel/ImageFDLabel/

2011-06-28  Matthias Bolte  

	Add node prefix to virNodeGet(CPU|Memory)Stats structs and defines

2011-06-28  Jiri Denemark  

	qemu: Fix update device for CURRENT + FORCE flags
	When CURRENT and FORCE flags were used together, UpdateDeviceFlags did
	nothing because it failed to transform CURRENT into either LIVE or
	CONFIG.

2011-06-28  Stefan Berger  

	nwfilter: Return error message about unresolvable variables
	This is in response to bugzilla 664629

	https://bugzilla.redhat.com/show_bug.cgi?id=664629

	The patch below returns an appropriate error message if the chain of
	nwfilters is found to contain unresolvable variables and therefore
	cannot be instantiated.

	Example: The following XMl added to a domain:

	    
	      
	      
	      
	      
	    

	that references the following filter

	
	  
	  
	

	now displays upon 'virsh start mydomain'

	error: Failed to start domain mydomain
	error: internal error Cannot instantiate filter due to unresolvable variable: DHCPSERVER

	'DHPCSERVER' is contained in allow-dhcp-server.

2011-06-27  Eric Blake  

	build: rename Vcpupin to VcpuPin
	We already have a public virDomainPinVcpu, which implies that
	Pin and Vcpu are treated as separate words.  Unreleased commit
	e261987c introduced virDomainGetVcpupinInfo as the first public
	API that used Vcpupin, although we had prior internal uses of
	that spelling.  For consistency, change the spelling to be two
	words everywhere, regardless of whether pin comes first or last.

	* daemon/remote.c: Treat vcpu and pin as separate words.
	* include/libvirt/libvirt.h.in: Likewise.
	* src/conf/domain_conf.c: Likewise.
	* src/conf/domain_conf.h: Likewise.
	* src/driver.h: Likewise.
	* src/libvirt.c: Likewise.
	* src/libvirt_private.syms: Likewise.
	* src/libvirt_public.syms: Likewise.
	* src/libxl/libxl_driver.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/remote/remote_driver.c: Likewise.
	* src/xen/xend_internal.c: Likewise.
	* tools/virsh.c: Likewise.
	* src/remote/remote_protocol.x: Likewise.
	* src/remote_protocol-structs: Likewise.
	Suggested by Matthias Bolte.

2011-06-27  Minoru Usui  

	sysinfo: cleanup function/struct names.
	Fix lack of 'virSysinfo' prefix of functions/structs in src/util/sysinfo.[ch]

	sysinfo: fix lack of error check in virSysinfoFormat().
	Fix lack of error check in virSysinfoFormat().

2011-06-27  Matthias Bolte  

	tests: Partly fix networkxml2argvtest being configure result dependent
	Convert networkDnsmasqLeaseFileName to a replaceable function pointer
	that allow the testsuite to use a version of that function that is not
	depending on configure --localstatedir.

	This fixes 5 of 6 test failures, when configure --localstatedir isn't
	set to /var.

2011-06-27  Osier Yang  

	qemu: Remove bogus error codes for NUMA memory tuning
	This is no code between virSaveLastError and virGetLastError will
	set an error, remove the bogus codes.

2011-06-27  Laine Stump  

	network: fix indentation in networkBuildDnsmasqArgv
	This block was inadvertently added with the wrong indentation.

2011-06-27  Ruben Kerkhof  

	Only include parthelper if built with storage_disk
	Parthelper is only compiled if both --with-libvirtd
	and --with-storage-disk are set.

2011-06-25  Eric Blake  

	build: avoid uninitialized variable
	Caught by gcc -O2, during autobuild.sh.

	* src/qemu/qemu_driver.c (qemudDomainGetVcpupinInfo): Initialize vm.

2011-06-25  Eric Blake  

	build: fix VPATH builds
	The build currently fails when trying to create virnetprotocol.c
	into $(builddir)/rpc, which doesn't exist.  But since the file
	is part of the tarball, it should be generated into $(srcdir).
	Caught by autobuild.sh.

	* src/Makefile.am (VIR_NET_RPC_GENERATED): Generate into srcdir.

2011-06-25  Taku Izumi  

	vcpupin: add query option to virsh vcpupin command
	This patch teaches "virsh vcpupin" command to query if no list
	is given. Its feature is to show CPU affinity information in more
	reader-friendly way.

	 # virsh vcpupin VM --config
	 VCPU: CPU Affinity
	 ----------------------------------
	    0: 1-6,9-20
	    1: 10
	    2: 5,9-11,15-20
	    3: 1,3,5,7,9,11,13,15

	When cpulist is omitted, vcpu number is optional. When vcpu number is
	provided, information of only specified vcpu is displayed.

2011-06-25  Taku Izumi  

	vcpuinfo: add the code to fallback to try new API
	The "virsh vcpuinfo" command results in failure when the target domain
	is inactive on KVM. This patch improves this behavior by adding the
	fallback to invoke virDomainGetVcpupinInfo API in case of
	virDomainGetVcpus API returns error and the target domain is inactive.

	vcpupin: implement the remote protocol to address the new API
	This patch implements the remote protocol to address the new API
	(virDomainGetVcpupinInfo).

	vcpupin: implement the code to support new API for the qemu driver
	This patch implements the code to address the new API (virDomainGetVcpupinInfo)
	in the qemu driver.

2011-06-25  Taku Izumi  

	vcpupin: introduce the new libvirt API (virDomainGetVcpupinInfo)
	This patch introduces a new libvirt API (virDomainGetVcpupinInfo),
	as a counterpart to virDomainPinVcpuFlags.

	We can use virDomainGetVcpus API to retrieve CPU affinity information,
	but can't use this API against inactive domains (at least in case of KVM),
	as it lacks a flags parameter.
	The usual thing is to add a new virDomainGetVcpusFlags, but that API name
	is already occupied by the counterpart to virDomainGetMaxVcpus, which
	has a completely different signature.

	The virDomainGetVcpupinInfo is the new API to retrieve CPU affinity
	information of active and inactive domains.  While the usual convention
	is to list an array before its length, this API violates that rule
	in order to be more like virDomainGetVcpus (where maxinfo was doing
	double-duty as the length of two different arrays).

2011-06-25  Laine Stump  

	docs: fix indentation of sub-elements of  in network XML
	The sub-elements of  had been placed at the same level of
	indentation as ip itself, implying that they were really elements of
	. Within that, sub-elements of ip/dhcp were also at that same
	level. These have been double-indented.

	At the same time, I realized that the documentation for the new 
	element had been placed right in the middle of the description of the
	sub-elements of . I moved it up out of the way.

2011-06-25  Eric Blake  

	buf: protect against integer overflow
	It's unlikely that we'll ever want to escape a string as long as
	INT_MAX/6, but adding this check can't hurt.

	* src/util/buf.c (virBufferEscapeSexpr, virBufferEscapeString):
	Check for (unlikely) overflow.

2011-06-25  Eric Blake  

	remote: protect against integer overflow
	Integer overflow and remote code are never a nice mix.

	This has existed since commit 56cd414.

	* src/libvirt.c (virDomainGetVcpus): Reject overflow up front.
	* src/remote/remote_driver.c (remoteDomainGetVcpus): Avoid overflow
	on sending rpc.
	* daemon/remote.c (remoteDispatchDomainGetVcpus): Avoid overflow on
	receiving rpc.

2011-06-25  Eric Blake  

	build: update gnulib for intprops
	Done as a separate commit to make backporting the next patch easier.
	We are already using "intprops.h", but this makes it explicit.

	* .gnulib: Update, for syntax-check fix.
	* bootstrap.conf (gnulib_modules): Make intprops use explicit.
	* src/locking/domain_lock.c (includes): Drop unused header.
	* src/nwfilter/nwfilter_learnipaddr.c (includes): Use "", not <>,
	for gnulib.

2011-06-25  Eric Blake  

	build: avoid long line tests
	'make syntax-check' regression introduced in commit 60b9c69.

	* tests/networkxml2argvdata/*.argv: Break long lines.

2011-06-25  Matthias Bolte  

	Rename iface(G|S)etMacaddr to iface(G|S)etMacAddress for consistency

	Fix typo in libvirt_private.syms
	Triggered a linker error on MinGW.

2011-06-25  Michal Novotny  

	Network: Add support for DNS hosts definition to the network XML
	This commit introduces names definition for the DNS hosts file using
	the following syntax:

	  
	    
	      alias1
	      alias2
	    
	  

	Some of the improvements and fixes were done by Laine Stump so
	I'm putting him into the SOB clause again ;-)

2011-06-25  Michal Novotny  

	Network: Add additional hosts internal infrastructure

	Network: Add regression tests for the command-line arguments
	The regression testing done by comparison of command-line
	generated from the network XML file and the expected
	command-line arguments (read from file).

	Network: modify dnsmasq commandline build function to allow testing
	The dnsmasq commandline was being built as a part of running
	dnsmasq. This patch puts the commandline build into a separate
	function (and exports it as a private API) making it possible to build
	a dnsmasq commandline without executing it, so that we can write a
	test program to verify that the proper commandlines are being created.

2011-06-25  Michal Novotny  

	Add TXT record support for virtual DNS service
	This commit introduces the  element and  record for the
	virtual DNS network. The DNS TXT record can be defined using following
	syntax in the network XML file:

	  
	    
	  

	Also, the Relax-NG scheme has been altered to allow the texts without
	spaces only for the name element and some nitpicks about memory
	free'ing have been fixed by Laine so therefore I'm adding Laine to the
	SOB clause ;-)

2011-06-25  Matthias Bolte  

	python: Don't declare Py_ssize_t for Python 2.6
	Commit cd48c3f4e95597 added a Py_ssize_t typedef for Python < 2.7.
	But Py_ssize_t was added in Python 2.5. This makes the build fail
	for Python 2.6.

	Adjust the check to match Python < 2.5 to fix this.

2011-06-25  Matthias Bolte  

	tests: Improve IPv6 detection for virNetSocket tests
	getifaddrs can return an IPv6 address, but getaddrinfo can fail
	for an IPv6 address. Cover this combination.

2011-06-25  Jamie Strandboge  

	Move load of AppArmor profile to GenLabel()
	Commit 12317957ecd6c37a2fb16275dcdeeacfe25c517 introduced an incompatible
	architectural change for the AppArmor security driver. Specifically,
	virSecurityManagerSetAllLabel() is now called much later in
	src/qemu/qemu_process.c:qemuProcessStart(). Previously, SetAllLabel() was
	called immediately after GenLabel() such that after the dynamic label (profile
	name) was generated, SetAllLabel() would be called to create and load the
	AppArmor profile into the kernel before qemuProcessHook() was executed. With
	12317957ecd6c37a2fb16275dcdeeacfe25c517, qemuProcessHook() is now called
	before SetAllLabel(), such that aa_change_profile() ends up being called
	before the AppArmor profile is loaded into the kernel (via ProcessLabel() in
	qemuProcessHook()).

	This patch addresses the change by making GenLabel() load the AppArmor
	profile into the kernel after the label (profile name) is generated.
	SetAllLabel() is then adjusted to only reload_profile() and append stdin_fn to
	the profile when it is specified. This also makes the AppArmor driver work
	like its SELinux counterpart with regard to SetAllLabel() and stdin_fn.
	Bug-Ubuntu: https://launchpad.net/bugs/801569

2011-06-24  Eric Blake  

	docs: document correct flag name
	When adding virDomainGetVcpusFlags in commit ea3f5c6, I did
	enough rebasing that the doc comments in libvirt.c no longer
	matched the final chosen enum names in libvirt.h.

	And now we've gone ahead and deprecated the names
	VIR_DOMAIN_VCPU_{LIVE,CONFIG}.

	* src/libvirt.c (virDomainGetVcpusFlags): Fix comment.

2011-06-24  Eric Blake  

	Revert "Add new API virDomainBlockPull* to headers"
	This reverts commit 7d56a16d036d9aa7292e10e884c129742036f8a7.

	Conflicts:

		python/generator.py
		src/libvirt_public.syms

2011-06-24  Eric Blake  

	Revert "virDomainBlockPull: Implement the main entry points"
	This reverts commit 6419f596e114ee9f372136cc2b9eb19f1cbb7a77.

2011-06-24  Eric Blake  

	Revert "Add virDomainBlockPull support to the remote driver"
	This reverts commit d1693bb160ea78954592c45a40eb856190c619c8.

	Conflicts:

		daemon/remote.c
		src/remote/remote_driver.c
		src/remote/remote_protocol.x

2011-06-24  Eric Blake  

	Revert "Implement virDomainBlockPull for the qemu driver"
	This reverts commit 784ee08d2220d2a77424d5fc756b6eebe8efd5fa.

	Revert "Enable the virDomainBlockPull API in virsh"
	This reverts commit 3e2493ce28b7e20416e916fdf893a9569c267925.

2011-06-24  Eric Blake  

	Revert "Enable virDomainBlockPull in the python API."
	This reverts commit d74b86f5d6ecae3d18a391f90a918fcac75914db.

	Conflicts:

		python/generator.py

2011-06-24  Eric Blake  

	Revert "Asynchronous event for BlockPull completion"
	This reverts commit 12cd77a0c58a80179182f7d09e8e73f9f66b4677.

	Conflicts:

		python/libvirt-override-virConnect.py
		python/libvirt-override.c
		src/remote/remote_protocol.x

2011-06-24  Eric Blake  

	build: avoid python 2.4 build failure
	I'm not sure when Py_ssize_t was introduced; but Fedora 14 Python 2.7
	has it, while RHEL 5 Python 2.4 lacks it.  It should be easy enough
	to adjust if someone runs into problems.

	* python/typewrappers.h (Py_ssize_t): Define for older python.

2011-06-24  Eric Blake  

	build: fix NUMA build on RHEL 5
	Use NUMA's older nodemask_t (fixed-size map) rather than the newer
	'struct bitmask' (variable-size) in order to still compile on RHEL 5,
	with its numactl-devel-0.9.8.

	* src/qemu/qemu_process.c [HAVE_NUMA]: Prefer back-compat mode.
	(qemuProcessInitNumaMemoryPolicy): Use older nodemask_t.

2011-06-24  Minoru Usui  

	Add Memory Device Information to virSysinfoRead() from dmidecode type 17
	* src/util/sysinfo.[ch]: also parse and save all the SMBIOS informations
	  about memory modules

	Add Processor Information to virSysinfoRead() from dmidecode type 4
	* src/util/sysinfo.c: add parsing and formatting of processor
	  information data

	Cleanup virSysinfoRead()
	* src/util/sysinfo.c: Separate BIOSInfo and SystemInfo part from
	                      virSysinfoRead()

2011-06-24  Daniel P. Berrange  

	Make sure virnetprotocol.[ch] are in BUILT_SOURCES
	To ensure virnetprotocol.[ch] are generated before any other
	files, add them to BUILT_SOURCES and MAINTAINERCLEANFILES.
	At the same time, move ESX_DRIVER_GENERATED out of DISTCLEAN
	and into MAINTAINERCLEANFILES, since they are included in
	EXTRA_DIST

	* src/Makefile.am: Add virnetprotocol.[ch] to BUILT_SOURCES

2011-06-24  Eric Blake  

	maint: typo fixes
	* src/xenxs/xen_sxpr.c (xenParseSxprPCI): Comment fix.
	* tests/object-locking.ml (driverTables): Likewise.
	* tests/testutils.c (virtTestDifferenceBin): Likewise.

2011-06-24  Daniel P. Berrange  

	Fix some bugs in RPC protocol make rules
	The Makefile.am rules for generating RPC protocol had a couple
	of bugs

	 - A instance of remote/rpcgen_fix.pl  was not changed
	   to rpc/genprotocol.pl
	 - A dep from rpc/virnetmessage.h on the generated
	   rpc/virnetprotocol.h was missing
	 - The generated rpc/virnetprotocol.[ch] were not listed
	   in MAINTAINERCLEANFILES

	* Makefile.am: Fix RPC protocol generation

2011-06-24  Daniel P. Berrange  

	Add missing translation of error message from QEMU reboot patch
	* src/qemu/qemu_process.c: Add missing _(...)

2011-06-24  Daniel P. Berrange  

	Fix job type set in qemuMigrationPrepareDirect/PrepareTunnel
	The qemuMigrationPrepareDirect/PrepareTunnel methods accidentally
	set the domain job to  QEMU_JOB_MIGRATION_OUT when it should have
	been  QEMU_JOB_MIGRATION_IN. This didn't have any ill-effect, but
	it is none-the-less wrong.

	* src/qemu/qemu_migration.c: Fix job type

2011-06-24  Daniel P. Berrange  

	Avoid high privileges taint warning for QEMU session driver
	The code emitting taint warnings was mistakenly thinking
	that guests run from the QEMU session driver were tainted
	for having high privileges. This is of course nonsense
	since the session driver is always unprivileged

	* src/qemu/qemu_domain.c: Don't warn for high privileges in
	  non-privileged QEMU

2011-06-24  Daniel P. Berrange  

	Allow automatic kill of guests when a connection is closed
	If an application is using libvirt + KVM as a piece of its
	internal infrastructure to perform a specific task, it can
	be desirable to guarentee the VM dies when the virConnectPtr
	disconnects from libvirtd. This ensures the app can't leak
	any VMs it was using. Adding VIR_DOMAIN_START_AUTOKILL as
	a flag when starting guests enables this to be done.

	* include/libvirt/libvirt.h.in: All VIR_DOMAIN_START_AUTOKILL
	* src/qemu/qemu_driver.c: Support automatic killing of guests
	  upon connection close
	* tools/virsh.c: Add --autokill flag to 'start' and 'create'
	  commands

2011-06-24  Daniel P. Berrange  

	Automatically kill target QEMU if migration aborts abnormally
	Migration is a multi-step process

	  1. Begin(src)
	  2. Prepare(dst)
	  3. Perform(src)
	  4. Finish(dst)
	  5. Confirm(src)

	At step 2, a QEMU process is lauched in the destination to
	accept the incoming migration. Occasionally the process
	that is controlling the migration workflow aborts, and fails
	to call step 4, Finish. This leaves a QEMU process running
	on the target (albeit with paused CPUs). Unfortunately because
	step 2 actives a job on the QEMU process, it is unkillable by
	normal means.

	By registering the VM for autokill against the src virConnectPtr
	in step 2, we can ensure that the guest is forcefully killed off
	if the connection is closed without step 4 being invoked

	* src/qemu/qemu_migration.c: Register autokill in PrepareDirect
	  and PrepareTunnel. Unregister autokill on successful run
	  of Finish
	* src/qemu/qemu_process.c: Unregister autokill when stopping a
	  process

2011-06-24  Daniel P. Berrange  

	Add infrastructure to automatically destroy guests when a connection closes
	Sometimes it is useful to be able to automatically destroy a guest when
	a connection is closed. For example, kill an incoming migration if
	the client managing the migration dies. This introduces a map between
	guest 'uuid' strings and virConnectPtr objects. When a connection is
	closed, any associated guests are killed off.

	* src/qemu/qemu_conf.h: Add autokill hash table to qemu driver
	* src/qemu/qemu_process.c, src/qemu/qemu_process.h: Add APIs
	  for performing autokill of guests associated with a connection
	* src/qemu/qemu_driver.c: Initialize autodestroy map

2011-06-24  Daniel P. Berrange  

	Support reboots with the QEMU driver
	For controlled shutdown we issue a 'system_powerdown' command
	to the QEMU monitor. This triggers an ACPI event which (most)
	guest OS wire up to a controlled shutdown. There is no equiv
	ACPI event to trigger a controlled reboot. This patch attempts
	to fake a reboot.

	 - In qemuDomainObjPrivatePtr we have a bool fakeReboot
	   flag.
	 - The virDomainReboot method sets this flag and then
	   triggers a normal 'system_powerdown'.
	 - The QEMU process is started with '-no-shutdown'
	   so that the guest CPUs pause when it powers off the
	   guest
	 - When we receive the 'POWEROFF' event from QEMU JSON
	   monitor if fakeReboot is not set we invoke the
	   qemuProcessKill command and shutdown continues
	   normally
	 - If fakeReboot was set, we spawn a background thread
	   which issues 'system_reset' to perform a warm reboot
	   of the guest hardware. Then it issues 'cont' to
	   start the CPUs again

	* src/qemu/qemu_command.c: Add -no-shutdown flag if
	  we have JSON support
	* src/qemu/qemu_domain.h: Add 'fakeReboot' flag to
	  qemuDomainObjPrivate struct
	* src/qemu/qemu_driver.c: Fake reboot using the
	  system_powerdown command if JSON support is available
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  binding for system_reset command
	* src/qemu/qemu_process.c: Reset the guest & start CPUs if
	  fakeReboot is set

2011-06-24  Daniel P. Berrange  

	Move the RPC generator scripts into src/rpc
	Move the daemon/remote_generator.pl to src/rpc/gendispatch.pl
	and move the src/remote/rpcgen_fix.pl to src/rpc/genprotocol.pl

	* daemon/Makefile.am: Update for new name/location of generator
	* src/Makefile.am: Update for new name/location of generator

2011-06-24  Daniel P. Berrange  

	Introduce generic RPC client objects
	To facilitate creation of new clients using XDR RPC services,
	pull alot of the remote driver code into a set of reusable
	objects.

	 - virNetClient: Encapsulates a socket connection to a
	   remote RPC server. Handles all the network I/O for
	   reading/writing RPC messages. Delegates RPC encoding
	   and decoding to the registered programs

	 - virNetClientProgram: Handles processing and dispatch
	   of RPC messages for a single RPC (program,version).
	   A program can register to receive async events
	   from a client

	 - virNetClientStream: Handles generic I/O stream
	   integration to RPC layer

	Each new client program now merely needs to define the list of
	RPC procedures & events it wants and their handlers. It does
	not need to deal with any of the network I/O functionality at
	all.

2011-06-24  Daniel P. Berrange  

	Introduce generic RPC module for advertising via MDNS
	Allow RPC servers to advertise themselves using MDNS,
	via Avahi

	* src/rpc/virnetserver.c, src/rpc/virnetserver.h: Allow
	  registration of MDNS services via avahi
	* src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h: Add
	  API to fetch the listen port number
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add API to
	  fetch the local port number
	* src/rpc/virnetservermdns.c, src/rpc/virnetservermdns.h: Represent
	  an MDNS advertisement

2011-06-24  Daniel P. Berrange  

	Introduce generic RPC server objects
	To facilitate creation of new daemons providing XDR RPC services,
	pull a lot of the libvirtd daemon code into a set of reusable
	objects.

	 * virNetServer: A server contains one or more services which
	   accept incoming clients. It maintains the list of active
	   clients. It has a list of RPC programs which can be used
	   by clients. When clients produce a complete RPC message,
	   the server passes this onto the corresponding program for
	   handling, and queues any response back with the client.

	 * virNetServerClient: Encapsulates a single client connection.
	   All I/O for the client is handled, reading & writing RPC
	   messages.

	 * virNetServerProgram: Handles processing and dispatch of
	   RPC method calls for a single RPC (program,version).
	   Multiple programs can be registered with the server.

	 * virNetServerService: Encapsulates socket(s) listening for
	   new connections. Each service listens on a single host/port,
	   but may have multiple sockets if on a dual IPv4/6 host.

	Each new daemon now merely has to define the list of RPC procedures
	& their handlers. It does not need to deal with any network related
	functionality at all.

2011-06-24  Daniel P. Berrange  

	Integrate TLS/SASL directly into the socket APIs
	This extends the basic virNetSocket APIs to allow them to have
	a handle to the TLS/SASL session objects, once established.
	This ensures that any data reads/writes are automagically
	passed through the TLS/SASL encryption layers if required.

	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Wire up
	  SASL/TLS encryption

2011-06-24  Daniel P. Berrange  

	Generic module for handling SASL authentication & encryption
	This provides two modules for handling SASL

	 * virNetSASLContext provides the process-wide state, currently
	   just a whitelist of usernames on the server and a one time
	   library init call

	 * virNetTLSSession provides the per-connection state, ie the
	   SASL session itself. This also include APIs for providing
	   data encryption/decryption once the session is established

	* src/Makefile.am: Add to libvirt-net-rpc.la
	* src/rpc/virnetsaslcontext.c, src/rpc/virnetsaslcontext.h: Generic
	  SASL handling code

2011-06-24  Daniel P. Berrange  

	Generic module for handling TLS encryption and x509 certs
	This provides two modules for handling TLS

	 * virNetTLSContext provides the process-wide state, in particular
	   all the x509 credentials, DH params and x509 whitelists
	 * virNetTLSSession provides the per-connection state, ie the
	   TLS session itself.

	The virNetTLSContext provides APIs for validating a TLS session's
	x509 credentials. The virNetTLSSession includes APIs for performing
	the initial TLS handshake and sending/recving encrypted data

	* src/Makefile.am: Add to libvirt-net-rpc.la
	* src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h: Generic
	  TLS handling code

2011-06-24  Daniel P. Berrange  

	Introduce a generic object for using network sockets
	Introduces a simple wrapper around the raw POSIX sockets APIs
	and name resolution APIs. Allows for easy creation of client
	and server sockets with correct usage of name resolution APIs
	for protocol agnostic socket setup.

	It can listen for UNIX and TCP stream sockets.

	It can connect to UNIX, TCP streams directly, or indirectly
	to UNIX sockets via an SSH tunnel or external command

	* src/Makefile.am: Add to libvirt-net-rpc.la
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Generic
	  sockets APIs
	* tests/Makefile.am: Add socket test
	* tests/virnetsockettest.c: New test case
	* tests/testutils.c: Avoid overriding LIBVIRT_DEBUG settings
	* tests/ssh.c: Dumb helper program for SSH tunnelling tests

2011-06-24  Daniel P. Berrange  

	Provide a simple object for encoding/decoding RPC messages
	This provides a new struct that contains a buffer for the RPC
	message header+payload, as well as a decoded copy of the message
	header. There is an API for applying a XDR encoding & decoding
	of the message headers and payloads. There are also APIs for
	maintaining a simple FIFO queue of message instances.

	Expected usage scenarios are:

	To send a message

	   msg = virNetMessageNew()

	   ...fill in msg->header fields..
	   virNetMessageEncodeHeader(msg)
	   ...loook at msg->header fields to determine payload filter
	   virNetMessageEncodePayload(msg, xdrfilter, data)
	   ...send msg->bufferLength worth of data from buffer

	To receive a message

	   msg = virNetMessageNew()
	   ...read VIR_NET_MESSAGE_LEN_MAX of data into buffer
	   virNetMessageDecodeLength(msg)
	   ...read msg->bufferLength-msg->bufferOffset of data into buffer
	   virNetMessageDecodeHeader(msg)
	   ...look at msg->header fields to determine payload filter
	   virNetMessageDecodePayload(msg, xdrfilter, data)
	   ...run payload processor

	* src/Makefile.am: Add to libvirt-net-rpc.la
	* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h: Internal
	  message handling API.
	* testutils.c, testutils.h: Helper for printing binary differences
	* virnetmessagetest.c: Validate all XDR encoding/decoding

2011-06-24  Daniel P. Berrange  

	Defines the basics of a generic RPC protocol in XDR
	This patch defines the basics of a generic RPC protocol in XDR.
	This is wire ABI compatible with the original remote_protocol.x.
	It takes everything except for the RPC calls / events from that
	protocol

	 - The basic header virNetMessageHeader (aka remote_message_header)
	 - The error object virNetMessageError  (aka remote_error)
	 - Two dummy objects virNetMessageDomain & virNetMessageNetwork
	   sadly needed to keep virNetMessageError ABI compatible with
	   the old remote_error

	The RPC protocol supports method calls, async events and
	bidirectional data streams as before

	* src/Makefile.am: Add rules for generating RPC code from
	  protocol & define a new libvirt-net-rpc.la helper library
	* src/rpc/virnetprotocol.x: New generic RPC protocol

2011-06-24  Eric Blake  

	build: avoid python 2.4 build failure
	On RHEL 5, I got:

	/usr/bin/python ./generator.py /usr/bin/python
	  File "./generator.py", line 427
	    "virStreamFree", # Needed in custom virStream __del__, but free shouldn't
	                   ^
	SyntaxError: invalid syntax

	* python/generator.py (function_skip_python_impl): Use same syntax
	as other skip lists.

2011-06-24  Eric Blake  

	build: avoid compiler failure
	GCC complained about a C99 for-loop declaration outside of C99 mode
	when compiling on RHEL 5.

	* src/qemu/qemu_driver.c (qemudDomainPinVcpuFlags): Avoid C99 for
	loop, since gcc 4.1.2 hates it.

2011-06-24  David S. Wang  

	documenting the 802.1Qbh parameters of a 'direct' interface
	This patch adds documentation about the 802.1Qbh related parameters
	of the virtualport element for 'direct' interfaces.

2011-06-24  Eric Blake  

	build: update to latest gnulib
	Gnulib has been busy, with 397 commits; it's easier to update now
	even without any known libvirt issue to be fixed, rather than
	having to analyze an even larger changeset later on.

	* .gnulib: Update to latest, for lots of changes.
	* bootstrap: Synchronize to upstream.

2011-06-23  Stefan Berger  

	build: fix compilation on systems missing libnl and new includes
	This patch fixes the compilation of netlink.c and interface.c on those
	systems missing either libnl or that have an older linux/if_link.h
	include file not supporting macvtap or VF_PORTS.

	WITH_MACVTAP is '1' if newer include files were detected, '0' otherwise.

	IFLA_PORT_MAX is defined in linux/if_link.h if yet more functionality is
	supported.

2011-06-23  Matthias Bolte  

	configure: Make libnl optional unless macvtap is required
	If macvtap is required then libnl has to be available, otherwise
	libnl is optional.

2011-06-23  Cole Robinson  

	python: Generate virStreamFree but don't expose in bindings
	Turns out I was right in removing this the first time :) This is
	needed in our custom __del__ function, but the C code wasn't
	being generated. Add new infrastructure to do what we want

2011-06-23  Eric Blake  

	maint: avoid future setgid problems
	* cfg.mk (sc_prohibit_setuid)
	(exclude_file_name_regexp--sc_prohibit_setuid): New rule.
	(VC_LIST_ALWAYS_EXCLUDE_REGEX): Always exempt po files.
	(exclude_file_name_regexp--sc_prohibit_asprintf): Simplify.
	(exclude_file_name_regexp--sc_prohibit_can_not): Drop.
	(exclude_file_name_regexp--sc_prohibit_doubled_word): Likewise.

2011-06-23  Matthias Bolte  

	docs: Make virConnectClose comply to apibuild.py expectations
	apibuild.py expects a sentence that starts with "Returns"
	describing the return value of a function.

2011-06-23  Osier Yang  

	util: Fix memory leak in virJSONParserHandleStartMap

	qemu: Fix memory leak in qemuProcessWaitForMonitor
	Move "VIR_FREE(buf) into label "closelog", so that "buf" could be
	freed before returning.

2011-06-23  Jiri Denemark  

	qemu: Only check for NUMA availability if required
	We only care about NUMA availability if NUMA configuration is requested
	in domain XML.

2011-06-23  Matthew Booth  

	storage: fix volDelete return when volume still being allocated
	volDelete used to return VIR_ERR_INTERNAL_ERROR when attempting to
	delete a volume which was still being allocated. It should return
	VIR_ERR_OPERATION_INVALID.

	* src/storage/storage_driver.c: Fix return of volDelete.

2011-06-23  Eric Blake  

	util: avoid PATH_MAX-sized array
	See previous patch for why this is good...

	* src/util/pci.c (struct _pciDevice, pciGetDevice, pciFreeDevice):
	Manage path dynamically.  Report snprintf overflow.
	* src/util/hostusb.c (struct _usbDevice, usbGetDevice)
	(usbFreeDevice): Likewise.

2011-06-23  Eric Blake  

	xen: avoid PATH_MAX-sized array
	See previous patch for why this is good...

	* src/xen/xen_driver.h (xenXMConfCache): Manage filename
	dynamically.
	* src/xen/xm_internal.c (xenXMConfigCacheAddFile)
	(xenXMConfigFree, xenXMDomainDefineXML): Likewise.

2011-06-23  Eric Blake  

	tests: avoid PATH_MAX-sized array
	See previous patch for why this is good...

	* src/test/test_driver.c (struct _testConn, testOpenFromFile)
	(testClose): Manage path dynamically.

2011-06-23  Eric Blake  

	virStorageVol: avoid PATH_MAX-sized array
	POSIX allows implementations where PATH_MAX is undefined, leading
	to compilation error.  Not to mention that even if it is defined,
	it is often wasteful in relation to the amount of data being stored.

	All clients of vol->key were audited, and found not to care about
	whether key is static or dynamic, except for these offenders:

	* src/datatypes.h (struct _virStorageVol): Manage key dynamically.
	* src/datatypes.c (virReleaseStorageVol): Free key.
	(virGetStorageVol): Copy key.

2011-06-23  Eric Blake  

	maint: add omitted copyright header
	Bug introduced in commit 6a597883.

	* src/util/netlink.h: Add boilerplate.

2011-06-23  Eric Blake  

	docs: fix docs to match behavior of virConnectClose
	* src/libvirt.c (virConnectClose): Mention reference count return.
	Reported by Michal Novotny, analyzed by Matthias Bolte.

2011-06-23  Stefan Berger  

	cleanup: make several interface functions commonly available
	In a second cleanup step this patch makes several interface functions from macvtap.c commonly available by moving them into interface.c and prefixing their names with 'iface'. Those functions taking Linux-specific structures as parameters are only visible on Linux.

	ifaceRestoreMacAddress returns the return code from the ifaceSetMacAddr call and display an error message if setting the MAC address did not work. The caller is unchanged and still ignores the return code (which is ok).

2011-06-23  Stefan Berger  

	cleanup: make nlComm commonly available
	In a first cleanup step, make nlComm from macvtap.c commonly available
	for other code to use. Since nlComm uses Linux-specific structures as
	parameters it's prototype is only visible on Linux.

2011-06-23  Eric Blake  

	maint: remove syntax-check exception
	We weren't using the @FOO@ notation for a Makefile substitution,
	but instead for a sed rule, so using [@]FOO@ instead avoids the
	need to exempt this syntax check.

	* cfg.mk (_makefile_at_at_check_exceptions): Delete.
	* tools/Makefile.am (virt-xml-validate, virt-pki-validate): Avoid
	tripping syntax-check.
	Reported by Daniel P. Berrange.

2011-06-23  Daniel P. Berrange  

	Fix use-after-free in handling domain taint flags
	* src/conf/domain_conf.c: Fix use after free

2011-06-23  Daniel P. Berrange  

	Remove macvtap dependency on domain configuration
	Files under src/util must not depend on src/conf
	Solve the macvtap problem by moving the definition
	of macvtap modes from domain_conf.h into macvtap.h

	* src/util/macvtap.c, src/util/macvtap.h: Add enum
	  for macvtap modes
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Remove
	  enum for macvtap modes

2011-06-22  Osier Yang  

	util: Correct the error prompt string
	virCommandProcessIO: It's reading from stdout or stderr of child,
	but not writing.

2011-06-22  Osier Yang  

	qemu: Fix one memory leak
	* src/qemu/qemu_domain.c: (qemuDomainAppendLog)

	  Free "message" in "cleanup".

2011-06-22  Daniel Veillard  

	Fix to python API extractor and API doc generation
	This fixes a number of issues most of them raised by Eric Blake on the
	generated documentation output:
	   - parsing of "long long int" and similar
	   - add parsing of unions within a struct
	   - remove spurious " * " fron comments on structure fields and enums
	   - fix concatenation of base type and name in arrays
	   - extend XSLT to cope with union in structs

	* docs/apibuild.py: fix and extend API extraction tool
	* docs/newapi.xsl: extend the stylesheets to cope with union in
	  public structures

2011-06-22  Michal Privoznik  

	qemu: domain I/O asynchronous handling
	For virtio disks and interfaces, qemu allows users to enable or disable
	ioeventfd feature. This means, qemu can execute domain code, while
	another thread waits for I/O event. Basically, in some cases it is win,
	in some loss. This feature is available via 'ioeventfd' attribute in disk
	and interface  element. It accepts 'on' and 'off'. Leaving this
	attribute out defaults to hypervisor decision.

2011-06-22  Eric Blake  

	build: require newer netcf when it is available
	When building rpms for newer Fedora or RHEL, take advantage of the
	newer netcf packaging to guarantee interface snapshot support.

	* libvirt.spec.in (BuildRequires): Bump minimum version on
	platforms that support netcf 0.1.8.

2011-06-22  Eric Blake  

	virsh: avoid bogus description
	https://bugzilla.redhat.com/show_bug.cgi?id=682121

	Gettext reserves the empty string for internal use, and it must
	not be passed through _().  We were violating this for commands
	that (for whatever reason) used "" for their description.

	* tools/virsh.c (vshCmddefHelp): Don't translate empty string.
	Reported by Tatsuo Kawasaki.

2011-06-21  Dirk Herrendoerfer  

	set and restore MAC address of a NIC when using PASSTHROUGH mode
	The following patch addresses the problem that when a PASSTHROUGH
	mode DIRECT NIC connection is made the MAC address of the NIC is
	not automatically set and reset to the configured VM MAC and
	back again.

	The attached patch fixes this problem by setting and resetting the MAC
	while remembering the previous setting while the VM is running.
	This also works if libvirtd is restarted while the VM is running.

	the patch passes make syntax-check

2011-06-21  Cole Robinson  

	python: Mark event callback wrappers as private
	These functions aren't intended to be called directly by users, so mark
	them as private.

	While we're at it, remove unneeded exception handling, and break some
	long lines.

2011-06-21  Cole Robinson  

	python: events: Fix C->Python handle callback prototype
	If registering our own event loop implementation written in python,
	any handles or timeouts callbacks registered by libvirt C code must
	be wrapped in a python function. There is some argument trickery that
	makes this all work, by wrapping the user passed opaque value in
	a tuple, along with the callback function.

	Problem is, the current setup requires the user's event loop to know
	about this trickery, rather than just treating the opaque value
	as truly opaque.

	Fix this in a backwards compatible manner, and adjust the example
	python event loop to do things the proper way.

2011-06-21  Cole Robinson  

	python: Add bindings for virEvent*Handle/Timeout

	events: Correct virEventAddTimeout docs

2011-06-21  Cole Robinson  

	Promote virEvent*Handle/Timeout to public API
	Since we virEventRegisterDefaultImpl is now a public API, callers need
	a way to invoke the default registered Handle and Timeout functions. We
	already have general functions for these internally, so promote
	them to the public API.

	v2:
	    Actually add APIs to libvirt.h

2011-06-21  Cole Robinson  

	python: Implement virStreamSend/RecvAll helpers
	Pure python implementation. The handler callbacks have been altered
	a bit compared to the C API: RecvAll doesn't pass length of the data read
	since that can be trivially obtained from python string objects, and SendAll
	requires the handler to return the string data to send rather than
	store the data in a string pointer.

	python: Implement virStreamSend/Recv
	The return values for the python version are different that the C version
	of virStreamSend: on success we return a string, an error raises an exception,
	and if the stream would block we return int(-2). We need to do this
	since strings aren't passed by reference in python.

2011-06-21  Osier Yang  

	conf: Make full use of goto label
	* virDomainDefParse: There is a goto label "no_memory", which
	reports OOM error, and then fallthrough label "error". This
	patch changes things like following:

	    virReportOOMError();
	    goto error;

	into:

	    goto no_memory;

2011-06-21  Osier Yang  

	conf: Fix one memory leak
	Free def->numatune.memory.nodemask in virDomainDefFree.

2011-06-21  Cole Robinson  

	python: Implement bindings for virStreamEventAddCallback
	v2:
	    Don't generate virStreamFree

	python: generator: Don't print warning if nothing to warn about

2011-06-21  Cole Robinson  

	python: libvirt-override: use simpler debug
	In a couple instances we have to mark a debug variable as ATTRIBUTE_UNUSED
	to avoid warnings.

	v2:
	    Use #if 0 to comment out debug define

2011-06-21  Eric Blake  

	virsh: enhance snapshot-create-as
	Similar to pool-create-as.

	* tools/virsh.c (cmdSnapshotCreateAs): Add --print-xml.
	* tools/virsh.pod: Document it.

2011-06-21  Eric Blake  

	virsh: add snapshot-create-as command
	Producing an xml file just for name and description fields is
	overkill; this makes life easier from virsh.

	* tools/virsh.c (cmdSnapshotCreateAs): New command.
	(snapshotCmds): Install it.
	* tools/virsh.pod: Document it.

2011-06-21  Eric Blake  

	virsh: clarify snapshot vs. save
	* tools/virsh.c (info_snapshot_create, info_save): Clarify
	description.
	* tools/virsh.pod (save): Likewise.

2011-06-20  Daniel P. Berrange  

	Fix compile warnings in virsh vcpupin
	The 'char *cur' variable was being assigned from a
	'const char *' string, thus discarding constness.
	As well as causing a compile warning, it masked a
	piece of code which attempts to assign to the
	previously const string.

	* tools/virsh.c: Fix const-ness of 'cur' variable in vcpupin

2011-06-20  Matthias Bolte  

	remote generator: Allow to annotate arrays with typecasts
	Removes special case code from the generator and handle additional
	methods.

	The generated version of remoteDispatchDomainPinVcpu(Flags) has no
	length check, but this check was useless anyway as it was applied to
	data that was already deserialized from its XDR form.

2011-06-20  Matthias Bolte  

	remote: Handle functions that return optional strings

	remote: Generate virDomainGetBlockPullInfo
	It was already generatable but skipped.

2011-06-20  Taku Izumi  

	vcpupin: add vcpupin resetting feature to qemu driver
	Pinning to all physical cpus means resetting, hence it is preferable to
	delete vcpupin setting of XML.

	This patch changes qemu driver to delete vcpupin setting by invoking
	virDomainVcpupinDel API when pinning the specified virtual cpu to
	all host physical cpus.

2011-06-20  Taku Izumi  

	vcpupin: add virDomainVcpupinDel function
	This patch add the private API (virDomainVcpupinDel).
	This API can delete the vcpupin setting of a specified virtual cpu.

2011-06-20  Taku Izumi  

	vcpupin: add reset option to virsh vcpupin command
	When resetting vcpupin setting, we have to specify all host physical
	cpus as a cpulist parameter of virsh vcpupin command. It's a little
	tedious.

	This patch changes to allow to receive the special keyword 'r' as a cpulist
	parameter of virsh vcpupin command when resetting vcpupin setting.

	If you set the following:

	 # virsh vcpupin VM 0 r

	the vcpu0 will be pinned to all physical cpus.

2011-06-20  Taku Izumi  

	vcpupin: improve vcpupin definition of virsh vcpupin
	When using vcpupin command, we have to speficy comma-separated list as cpulist,
	but this is tedious in case the number of phsycal cpus is large.
	This patch improves this by introducing special markup "-" and "^" which are
	similar to XML schema of "cpuset" attribute.

	The example:

	 # virsh vcpupin Guest 0 0-15,^8

	 is identical to

	 # virsh vcpupin Guest 0 0,1,2,3,4,5,6,7,9,10,11,12,13,14,15

	NOTE: The expression is sequentially evaluated, so "0-15,^8" is not identical
	to "^8,0-15".

2011-06-20  Matthias Bolte  

	Fix preprocessor indentation in nodeinfo.c

	Move XenAPI driver to correct spec file section
	The XenAPI driver works like the ESX and PHyp driver by using its
	own HTTPS based remote protocol.

2011-06-20  Osier Yang  

	numatune: Add tests for numatune XML
	Only add tests for qemuxmlargvtest.c, as there is no qemu command line
	for numatune XML, just want to make sure the XML could be validated
	well.

2011-06-20  Osier Yang  

	numatune: Support NUMA memory tuning in qemu driver
	Implemented as setting NUMA policy between fork and exec as a hook,
	using libnuma. Only support memory tuning on domain process currently.

	For the nodemask out of range, will report soft warning instead of
	hard error in libvirt layer. (Kernel will be silent as long as one
	of set bit in the nodemask is valid on the host. E.g. For a host
	has two NUMA nodes, kernel will be silent for nodemask "01010101").
	So, soft warning is the only thing libvirt can do, as one might want
	to specify the numa policy prior to a node that doesn't exist yet,
	however, it may come as hotplug soon.

2011-06-20  Osier Yang  

	numatune: Support persistent XML for numatune
	* src/conf/domain_conf.h: Introduce one new struct for representing
	NUMA tuning related stuffs.

	* src/conf/domain_conf.c: Parse and format numatune XML.

2011-06-20  Osier Yang  

	numatune: Add doc for new numatune XML

2011-06-20  Osier Yang  

	numatune: Define XML schema
	Example XML:

	
	  
	

	Please enter the commit message for your changes. Lines starting

2011-06-20  Hu Tao  

	Update qemuDomainSetBlkioParameters to use flags

	update qemuDomainGetBlkioParameters to use flags

	Add new parameters for blkiotune
	Add --config, --live and --current for command blkiotune

2011-06-20  Wen Congyang  

	build: fix building error when building without libvirtd
	When building libvirt without libvirtd, we will receive the following error
	message:

	make[3]: Entering directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.2/tools'
	  CC     virsh-virsh.o
	  CC     virsh-console.o
	  GEN    virt-xml-validate
	  GEN    virt-pki-validate
	  CCLD   virsh
	./src/.libs/libvirt.so: undefined reference to `numa_available'
	./src/.libs/libvirt.so: undefined reference to `numa_max_node'
	collect2: ld returned 1 exit status

	The reason is that: we check numactl only when building qemu driver, and qemu
	driver will not be built when bulding without libvirtd. So with_numactl's
	value is check and we will not link libnuma.so.

	In the other function, we call numa_available() and numa_max_node() only
	when HAVE_NUMACTL is 1. We should do the same check in the function nodeGetMemoryStats().

2011-06-20  Jamie Strandboge  

	apparmor: implement AppArmorSetFDLabel()
	During a savevm operation, libvirt will now use fd migration if qemu
	supports it. When the AppArmor driver is enabled, AppArmorSetFDLabel()
	is used but since this function simply returns '0', the dynamic AppArmor
	profile is not updated and AppArmor blocks access to the save file. This
	patch implements AppArmorSetFDLabel() to get the pathname of the file by
	resolving the fd symlink in /proc, and then gives that pathname to
	reload_profile(), which fixes 'virsh save' when AppArmor is enabled.

	Reference: https://launchpad.net/bugs/795800

2011-06-17  Daniel P. Berrange  

	Add missing checks for NULL in domain lock manager
	The domain lock manager forgot to include a bunch of checks
	for NULL which could occur on OOM

	* src/locking/domain_lock.c: Add checks for NULL

2011-06-17  Daniel P. Berrange  

	Fix errno return in safezero()
	Most of the safezero() implementations return -1 on error,
	setting errno. The safezero() impl using posix_fallocate()
	though returned a positive errno value on error (due to
	the unusual API contract of posix_fallocate() compared to
	most syscall APIs).

	* src/util/util.c: Ensure safezero() returns -1 and sets
	  errno on error.
	* src/storage/storage_backend.c: Change safezero != 0 to
	  < 0 for detecting errors

2011-06-17  Daniel P. Berrange  

	Add missing error reporting when loading mac filter config for QEMU
	If the 'mac_filter' configuration parameter is enabled, and there
	is a failure to enable filtering, no error is reported back to
	the caller. Also fix some bogus whitespace indentation for
	hugetlbfs_mount

	* src/qemu/qemu_conf.c: Add missing error reporting

2011-06-17  Jiri Denemark  

	virsh: Add support for virDomainGetControlInfo

	qemu: Implement virDomainGetControlInfo

	Wire protocol and remote driver for virDomainGetControlInfo

	Introduce virDomainGetControlInfo API
	The API can be used to query current state of an interface to VMM used
	to control a domain. In QEMU world this translates into monitor
	connection.

2011-06-16  Matthias Bolte  

	Fix documentation of virStreamRecv
	virStreamRecv is for reading.

	Also add some missing punctuation to virStreamSend's documentation.

2011-06-16  Eric Blake  

	sendkey: use consistent API convention
	Even though rpc uses 'unsigned int' for the _len parameter that
	passes the length of item, the public libvirt APIs all
	use 'int' and filter out lengths < 0, except for virDomainSendKey.

	* include/libvirt/libvirt.h.in (virDomainSendKey): All other APIs
	use int for array length.
	* src/libvirt.c (virDomainSendKey): Adjust.
	* src/driver.h (virDrvDomainSendKey): Likewise.
	* daemon/remote_generator.pl: Likewise.

2011-06-16  Eric Blake  

	build: export correct function names
	Detected by autobuild.sh, when targetting mingw.
	Introduced in commit 98bfdff.

	* src/libvirt_private.syms: Fix typos.

2011-06-16  Eric Blake  

	build: avoid compiler warning on non-Linux
	Detected by autobuild.sh when cross-building for mingw.
	Introduced in commits ce76e85 and af35cec.

	* src/nodeinfo.c (nodeGetCPUStats, nodeGetMemoryStats): Mark
	parameters as potentially unused.

2011-06-15  Matthias Bolte  

	remote generator: Handle struct returning functions better (part 2)
	Commit 64000eabedf2 is part 1, that only covered the daemon side by
	accident. Part 2 covers the client side too.

	Fix apibuild.py warnings about missing comment headers
	Also improve wording of some comments.

	remote generator: Handle struct returning functions better
	The position of the struct parameter in the function signature
	differs. Instead of hardcoding the handling for this add an annotation
	to the .x file to define the position.

2011-06-15  Daniel Gollub  

	support for Xen HVM Viridian (Hyper-V) enlightenment interface
	Introduce libvirt support for Xen HVM Viridian (Hyper-V) enlightenment
	interface guest feature.

	 src/conf/domain_conf.c     |    3 ++-
	 src/conf/domain_conf.h     |    1 +
	 src/xen/xen_hypervisor.c   |   11 +++++++++++
	 src/xenapi/xenapi_driver.c |    2 ++
	 src/xenapi/xenapi_utils.c  |    2 ++
	 src/xenxs/xen_sxpr.c       |    4 ++++
	 src/xenxs/xen_xm.c         |   12 +++++++++++-
	 7 files changed, 33 insertions(+), 2 deletions(-)

2011-06-15  Eric Blake  

	virsh: reduce complexity in argv iteration
	This reduces things from O(n^2) to O(n).

	* tools/virsh.c (vshCommandOptArgv): Change signature.
	(cmdEcho): Update caller.
	Based on a patch by Lai Jiangshan.

2011-06-15  Daniel P. Berrange  

	Add support for network filter code in LXC driver
	The LXC driver networking uses veth device pairs. These can
	be easily hooked into the network filtering code.

	* src/lxc/lxc_driver.c: Add calls to setup/teardown nwfilter

2011-06-15  Daniel P. Berrange  

	Fix allocation of veth's to not skip an index
	The algorithm for autoassigning vethXXX devices, was always
	skipping over the starting dev index when finding a free
	name for the guest device. This should only be done if the host
	device was autoallocated.

	* src/lxc/veth.c: Don't skip over veth indexes

2011-06-15  Jiri Denemark  

	qemu: Translate boot config into bootindex if possible
	Prefer bootindex=N option for -device over the old way -boot ORDER
	possibly accompanied with boot=on option for -drive. This gives us full
	control over which device will actually be used for booting guest OS.
	Moreover, if qemu doesn't support boot=on, this is the only way to boot
	of certain disks in some configurations (such as virtio disks when used
	together IDE disks) without transforming domain XML to use per device
	boot elements.

2011-06-15  Adam Litke  

	Asynchronous event for BlockPull completion
	When an operation started by virDomainBlockPullAll completes (either with
	success or with failure), raise an event to indicate the final status.  This
	allows an API user to avoid polling on virDomainBlockPullInfo if they would
	prefer to use the event mechanism.

	* daemon/remote.c: Dispatch events to client
	* include/libvirt/libvirt.h.in: Define event ID and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle the new event
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for block_stream completion and emit a libvirt block pull event
	* src/remote/remote_driver.c: Receive and dispatch events to application
	* src/remote/remote_protocol.x: Wire protocol definition for the event
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for BLOCK_STREAM_COMPLETED event
	  from QEMU monitor

2011-06-15  Adam Litke  

	Enable virDomainBlockPull in the python API.
	virDomainBlockPullAll and virDomainBlockPullAbort are handled automatically.
	virDomainBlockPull and virDomainBlockPullInfo require manual overrides since
	they return a custom type.

	* python/generator.py: reenable bindings for this entry point
	* python/libvirt-override-api.xml python/libvirt-override.c:
	  manual overrides

	Acked-by: Daniel P. Berrange 

2011-06-15  Adam Litke  

	Enable the virDomainBlockPull API in virsh
	Define two new virsh commands:
	 * blockpull: Perform block pull operations (incremental plus start
	              and stop continuous streams)
	 * blockpullinfo: Retrieve progress info for continuous block pull

	Share print_job_progress() with the migration code.

	* tools/virsh.c: implement the new commands

2011-06-15  Adam Litke  

	Implement virDomainBlockPull for the qemu driver
	The virDomainBlockPull* family of commands are enabled by the
	'block_stream' and 'info block_stream' qemu monitor commands.

	* src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement disk
	  streaming by using the stream and info stream text monitor commands
	* src/qemu/qemu_monitor_json.[ch]: implement commands using the qmp monitor

	Acked-by: Daniel P. Berrange 

2011-06-15  Adam Litke  

	Add virDomainBlockPull support to the remote driver
	The generator can handle DomainBlockPullAll and DomainBlockPullAbort.
	DomainBlockPull and DomainBlockPullInfo must be written by hand.

	* src/remote/remote_protocol.x: provide defines for the new entry points
	* src/remote/remote_driver.c daemon/remote.c: implement the client and
	  server side
	* src/remote_protocol-structs: structure definitions for protocol verification

2011-06-15  Adam Litke  

	virDomainBlockPull: Implement the main entry points
	* src/libvirt.c: implement the main entry points

	Acked-by: Daniel P. Berrange 

2011-06-15  Adam Litke  

	Add new API virDomainBlockPull* to headers
	Set up the types for the block pull functions and insert them into the
	virDriver structure definition.  Symbols are exported in this patch to prevent
	documentation compile failures.

	* include/libvirt/libvirt.h.in: new API
	* src/driver.h: add the new entry to the driver structure
	* python/generator.py: fix compiler errors, the actual python bindings are
	  implemented later
	* src/libvirt_public.syms: export symbols

2011-06-15  Marc-André Lureau  

	spice: add  option
	From a security pov copy and paste between the guest and the client is not
	always desirable. So we need to be able to enable/disable this. The best place
	to do this from an administration pov is on the hypervisor, so the qemu cmdline
	is getting a spice disable-copy-paste option, see bug 693645. Example qemu
	invocation:
	qemu -spice port=5932,disable-ticketing,disable-copy-paste

	https://bugzilla.redhat.com/show_bug.cgi?id=693661

2011-06-15  Minoru Usui  

	virNodeGetMemoryStats: Implement linux support

	virNodeGetMemoryStats: Implement virsh support

	virNodeGetMemoryStats: Implement remote protocol

	virNodeGetMemoryStats: Implement public API

	virNodeGetMemoryStats: Define internal driver API

	virNodeGetMemoryStats: Expose new API

	virNodeGetCPUStats: Implement linux support

	virNodeGetCPUStats: Implement virsh support

	virNodeGetCPUStats: Implement remote protocol

	virNodeGetCPUTime: Implement public API

	virNodeGetCPUStats: Define internal driver API

	virNodeGetCPUStats: Expose new API

2011-06-15  Guido Günther  

	Skip nodeinfo test on non intel architectures
	since the testfiles assume a /proc/cpuinfo specific to this
	architecture. We e.g. can't parse the number of cores on other
	architectures.

2011-06-15  Michael Chapman  

	Fix autostart flag when loading running domains
	Drivers load running persistent and transient domain configs before
	inactive persistent domain configs, however only the latter would set a
	domain's autostart flag. This mismatch between the loaded and on-disk
	state could later cause problems with "virsh autostart":

	  # virsh autostart example
	  error: Failed to mark domain example as autostarted
	  error: Failed to create symlink '/etc/libvirt/qemu/autostart/example.xml to '/etc/libvirt/qemu/example.xml': File exists

	This patch ensures the autostart flag is set correctly even when the
	domain is already defined.

	Fixes:

	  https://bugzilla.redhat.com/show_bug.cgi?id=632100
	  https://bugzilla.redhat.com/show_bug.cgi?id=675319

2011-06-15  Lai Jiangshan  

	send-key: Implementing the remote protocol

	send-key: Implementing the public API

	send-key: Defining the internal API

2011-06-15  Lai Jiangshan  

	send-key: Defining the public API
	Add public virDomainSendKey() and enum libvirt_keycode_set
	for the @codeset.

	Python version of virDomainSendKey() has not been implemented yet,
	it will be done soon.

2011-06-15  Lai Jiangshan  

	remote generator: Handle (unsigned) int arrays

2011-06-15  Lai Jiangshan  

	add VSH_OFLAG_REQ_OPT options
	A VSH_OFLAG_REQ_OPT option means --optionname is required when used.
	It will kill any ambiguity, even a !VSH_OFLAG_REQ option listed before
	a VSH_OFLAG_REQ option, if the !VSH_OFLAG_REQ option is a
	VSH_OFLAG_REQ_OPT option.

	It will help us use optional argument with VSH_OT_ARGV argument.

2011-06-15  Lai Jiangshan  

	allow name for VSH_OT_ARGV options
	A name will improve the usege, example

	# virsh help echo
	  NAME
	    echo - echo arguments

	  SYNOPSIS
	    echo [--shell] [--xml] []...

	  DESCRIPTION
	    Echo back arguments, possibly with quoting.

	  OPTIONS
	    --shell          escape for shell use
	    --xml            escape for XML use
	             arguments to echo

	"[]..." is added to SYNOPSIS.
	"         arguments to echo" is added to OPTIONS.

2011-06-15  Ohad Levy  

	docs: updated list of applications using libvirt.
	Added:
	* Virt ruby bindings
	* Foreman for provisioning and webui.

2011-06-14  Eric Blake  

	storage: avoid an intermediate malloc
	Suggested here:
	https://www.redhat.com/archives/libvir-list/2011-May/msg00594.html

	* src/storage/storage_backend.c (virStorageBackendCreateQemuImg):
	Generate size inline.

2011-06-14  Eric Blake  

	command: avoid double close
	Previously, the parent process opened 'null' to /dev/null, then
	the child process closes 'null' as well as 'childout'.  But if
	childout was set to be null, then this is a double close.  At
	least the double close was confined to the child process after a
	fork, and therefore there is no risk of another thread opening
	an fd of the same value to be bitten by the double close, but it
	is always better to avoid double-close to begin with.

	Additionally, if all three fds were specified, then opening
	'null' was wasted.

	This patch fixes things to lazily open null on the first use,
	then guarantees it gets closed exactly once.

	* src/util/command.c (getDevNull): New helper function.
	(virExecWithHook): Use it to avoid spurious opens and double close.

2011-06-14  Eric Blake  

	command: reduce duplicated debug messages
	This also reduces malloc pressure for invoking a child when
	VIR_DEBUG is enabled.

	* src/util/command.c (virExecWithHook): Drop debug, since the only
	caller (virCommandRunAsync) also prints debug info.

2011-06-14  Eric Blake  

	docs: improve VIR_DOMAIN_AFFECT_CURRENT description
	* include/libvirt/libvirt.h.in (virDomainModificationImpact): Reword.

2011-06-14  Cole Robinson  

	qemu: Fix parsing 'info chardev'
	If qemu supports -chardev, our char frontend aliases are ex. 'charserial0'
	not just 'serial0'. Typically we don't use this code path because the
	pty's are scraped from stdout.

	qemu: Scrape stdout for virtio console pty
	Currently we forget to do this and have to fallback to info chardev (which
	also fails, see following patch)

2011-06-14  Michal Privoznik  

	virsh: Add daemon version reporting
	'virsh version' might report against which version of libvirtd is
	running.

2011-06-14  Guido Günther  

	nodeinfo: remove superflous braces
	that break compilation on non intel architectures:

	mips:
	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=mips&ver=0.9.2-1&stamp=1307570195
	powerpc:
	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=powerpc&ver=0.9.2-1&stamp=1307550913
	s390:
	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=s390&ver=0.9.2-1&stamp=1307641748
	sparc:
	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=sparc&ver=0.9.2-1&stamp=1307552926

2011-06-14  Osier Yang  

	util: Cleanup indention problem in virterror.c
	Push under trivial rule.

2011-06-14  Osier Yang  

	qemu: Parse current balloon value returned by query_balloon
	Qemu once supported following memory stats which will returned by
	"query_balloon":

	    stat_put(dict, "actual", actual);
	    stat_put(dict, "mem_swapped_in", dev->stats[VIRTIO_BALLOON_S_SWAP_IN]);
	    stat_put(dict, "mem_swapped_out", dev->stats[VIRTIO_BALLOON_S_SWAP_OUT]);
	    stat_put(dict, "major_page_faults", dev->stats[VIRTIO_BALLOON_S_MAJFLT]);
	    stat_put(dict, "minor_page_faults", dev->stats[VIRTIO_BALLOON_S_MINFLT]);
	    stat_put(dict, "free_mem", dev->stats[VIRTIO_BALLOON_S_MEMFREE]);
	    stat_put(dict, "total_mem", dev->stats[VIRTIO_BALLOON_S_MEMTOT]);

	But it later disabled all the stats except "actual" by commit
	07b0403dfc2b2ac179ae5b48105096cc2d03375a.

	libvirt doesn't parse "actual", so user will always see a empty result
	with "virsh dommemstat $domain". Even qemu haven't disabled the stats,
	we should support parsing "actual".

2011-06-14  Taku Izumi  

	vcpupin: Fix cpu affinity setting bug of qemu driver
	There is the case where cpu affinites for vcpu of qemu doesn't work
	correctly. For example, if only one vcpupin setting entry is provided
	and its setting is not for vcpu0, it doesn't work.

	   # virsh dumpxml VM
	   ...
	   4
	   
	     
	   
	   ...

	   # virsh start VM
	   Domain VM started

	   # virsh vcpuinfo VM
	   VCPU:           0
	   CPU:            31
	   State:          running
	   CPU time:       2.5s
	   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

	   VCPU:           1
	   CPU:            12
	   State:          running
	   CPU time:       0.9s
	   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

	   VCPU:           2
	   CPU:            30
	   State:          running
	   CPU time:       1.5s
	   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

	   VCPU:           3
	   CPU:            13
	   State:          running
	   CPU time:       1.7s
	   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

	This patch fixes this problem.

2011-06-14  Matthias Bolte  

	Fix dlopen dependency
	Since the addition of the lock manager framework in 6a943419c528fdd7
	dlopen is always required, but the checks in configure wasn't changed
	to reflect that. This didn't show up directly because the VirtualBox
	driver linking dlopen in covered it. But disabling the VirtualBox
	driver makes the build fail due to missing dlopen.

	Change the dlopen check in configure to pick up dlopen when available.

	Reported by Ruben Kerkhof.

2011-06-14  Hu Tao  

	Deprecate several CURRENT/LIVE/CONFIG enums
	This patch deprecates following enums:

	VIR_DOMAIN_MEM_CURRENT
	VIR_DOMAIN_MEM_LIVE
	VIR_DOMAIN_MEM_CONFIG

	VIR_DOMAIN_VCPU_LIVE
	VIR_DOMAIN_VCPU_CONFIG

	VIR_DOMAIN_DEVICE_MODIFY_CURRENT
	VIR_DOMAIN_DEVICE_MODIFY_LIVE
	VIR_DOMAIN_DEVICE_MODIFY_CONFIG

	And modify internal codes to use virDomainModificationImpact.

2011-06-14  Stefan Berger  

	qemu: Faster response time to qemu startup errors
	The below patch decreases the response time of libvirt to errors reported by Qemu upon startup by checking whether the qemu process is still alive while polling for the local socket to show up.

	This patch also introduces a special handling of signal for the Win32 part of virKillProcess.

2011-06-14  Eric Blake  

	build: update to latest gnulib
	* .gnulib: Update to latest, for more strerror_r fixes.

2011-06-13  Taku Izumi  

	vcpupin: add the new option to "virsh vcpupin" command
	This patch adds the new option (--live, --config and --current) to
	"virsh vcpupin" command. The behavior of above aption is the same as
	that of "virsh setmem", "virsh setvcpus", and whatnot.
	When the --config option is specified, the command affects a persistent
	domain, while --live option is specified, it affects a running (live) domain.
	The --current option cannot be used with --config or --live at the same
	time, and when --current is specified, it affects a "current" domain.

	vcpupin: implement the remote protocol to address the new API
	This patch implements the remote protocol for the new API
	(virDomainPinVcpuFlags).

	vcpupin: implement the code to address the new API in the qemu driver
	This patch implements the new API (virDomainPinVcpuFlags) in the qemu
	driver.

	vcpupin: introduce a new libvirt API (virDomainPinVcpuFlags)
	This patch introduces a new libvirt API virDomainPinVcpuFlags,
	a direct extension from the existing virDomainPinVcpu

2011-06-13  Jiri Denemark  

	Use virTimeMs when appropriate

	Introduce virTimeMs for getting current time in ms

	test: Remove unused timeval

2011-06-13  Wen Congyang  

	tests: add a test for multi function PCI device

2011-06-13  Wen Congyang  

	support multifunction PCI device
	If qemu supports multi function PCI device, the format of the PCI address passed
	to qemu is "bus=pci.0,multifunction=on,addr=slot.function".

	If qemu does not support multi function PCI device, the format of the PCI address
	passed to qemu is "bus=pci.0,addr=slot".

2011-06-13  Wen Congyang  

	the hotplugged PCI device should use the whole slot
	Hot pluging/unpluging multi PCI device is not supported now. So the function
	of hotplugged PCI device must be 0. When we hot unplug it, we should set release
	all functions in the slot.

	assign the whole slot to the PCI device that has no address
	If user does not specify the PCI address, we should auto assign an unused slot.

	Reimplement qemuDomainPCIAddressReserveSlot(): reserve all functions in the slot
	We will support multi function PCI device. So we should reserve all functions in
	the slot if we want to reserve a slot.

	the key of hash table should include the function value
	We save all used PCI address in the hash table. The key is generated by domain,
	bus and slot now. We will support multi function PCI device, so the key should
	be generated by domain, bus, slot and function.

	prevent hot unplugging multi function PCI device
	We do not support to hot unplug multi function PCI device now. If the device is
	one function of multi function PCI device, we shoul not allow to hot unplugg
	it.

	check whether qemu supports multi function PCI device
	qemu supports multi function PCI device at least version 0.13.0.

2011-06-10  Matthew Booth  

	xenapi: Improve error message on session failure
	XenAPI session login can fail for a number of reasons, but currently no
	specific
	reason is displayed to the user, e.g.:

	virsh -c XenAPI://citrix-xen.example.com/
	Enter username for citrix-xen.example.com: root
	Enter root's password for citrix-xen.example.com:
	error: authentication failed: (null)
	error: failed to connect to the hypervisor

	This patch displays the session error description on failure.

2011-06-10  Osier Yang  

	qemu: Fix one type in the error prompt string
	s/hostdevwork/hostdev/

2011-06-10  Matthias Bolte  

	Move VMware Workstation/Player driver to correct spec file section
	The VMware driver works like the OpenVZ driver by using a commandline
	tool for management. It dosen't use it's own remote protocol.

2011-06-08  Eric Blake  

	virt-aa-helper: add missing include
	Regression introduced in commit 02e8691.

	* src/security/virt-aa-helper.c (includes): Reflect move of virRun.

2011-06-08  Eric Blake  

	daemon: plug memory leak
	Detected by Coverity.  Commit ef21beda was incomplete; it solved
	a leak one one path, but not on the other.

	* daemon/libvirtd.c (qemudSetLogging): Avoid leak on success.

2011-06-08  Eric Blake  

	build: break some long lines
	As long as I was already touching the function...

	* src/qemu/qemu_hotplug.c (qemuDomainChangeGraphics): Line wrap.

2011-06-08  Eric Blake  

	qemu: add missing break statement
	Detected by Coverity.  Bug introduced in commit 9d73efd (v0.8.8).

	* src/qemu/qemu_hotplug.c (qemuDomainChangeGraphics): Don't report
	error on success.

2011-06-08  Eric Blake  

	build: silence coverity false positives
	Coverity complained about these intentional fallthrough cases, but
	not about other cases that were explicitly marked with nice comments.

	For some reason, Coverity doesn't seem smart enough to parse the
	up-front English comment in virsh about intentional fallthrough :)

	* tools/virsh.c (cmdVolSize): Mark fallthrough in a more typical
	fashion.
	* src/conf/nwfilter_conf.c (virNWFilterRuleDefDetailsFormat)
	(virNWFilterRuleDetailsParse): Mark explicit fallthrough.

2011-06-08  Eric Blake  

	esx: avoid dead code
	Detected by Coverity.  The beginning of the function already filtered
	out NULL objectContentList as invalid.  Further investigation shows:

	esxVI_RetrieveProperties is generated and returns a list of objects
	that match the given propertyFilterSpec.
	esxVI_LookupObjectContentByType then tests whether the result
	corresponds to the expected occurrence and reports an error otherwise.
	This simplifies the callers of  esxVI_LookupObjectContentByType, but
	due to the missing dereference the check was never performed because
	the code thought that at least one item was obtained. NULL represents
	an empty list. This is a potential segfault fix because callers of
	esxVI_LookupObjectContentByType that specified "required" occurrence
	assume *objectContentList to be non-NULL when
	esxVI_LookupObjectContentByType succeeds.

	* src/esx/esx_vi.c (esxVI_LookupObjectContentByType): Check
	correct pointer.

2011-06-08  Eric Blake  

	secret: drop dead code
	Detected by Coverity.  The only ways to get to the cleanup label
	were by an early abort (list still unassigned) or after successfully
	transferring list to dest, so there is no list to clean up.

	* src/secret/secret_driver.c (loadSecrets): Kill dead code.

2011-06-08  Eric Blake  

	qemu: reorder checks for safety
	Detected by Coverity.  All existing callers happen to be in
	range, so this isn't too serious.

	* src/qemu/qemu_cgroup.c (qemuCgroupControllerActive): Check
	bounds before dereference.

2011-06-08  Eric Blake  

	uuid: annotate non-null requirements
	Coverity already saw through a NULL dereference without these
	annotations, and gcc is still too puny to do good NULL analysis.
	But clang still benefits (and is easier to run than coverity),
	not to mention that adding this bit of documentation to the code
	may help future developers remember the constraints.

	* src/util/uuid.h (virGetHostUUID, virUUIDFormat): Document
	restrictions, for improved static analysis.

2011-06-08  Eric Blake  

	debug: avoid null dereference on uuid lookup api
	Detected by Coverity.  Commit a98d8f0d tried to make uuid debugging
	more robust, but missed some APIs.  And on the APIs that it visited,
	the mere act of preparing the debug message ends up dereferencing
	uuid prior to the null check.  Which means the APIs which are supposed
	to gracefully reject NULL arguments now end up with SIGSEGV.

	* src/libvirt.c (VIR_UUID_DEBUG): New macro.
	(virDomainLookupByUUID, virDomainLookupByUUIDString)
	(virNetworkLookupByUUID, virNetworkLookupByUUIDString)
	(virStoragePoolLookupByUUID, virStoragePoolLookupByUUIDString)
	(virSecretLookupByUUID, virSecretLookupByUUIDString)
	(virNWFilterLookupByUUID, virNWFilterLookupByUUIDString): Avoid
	null dereference.

2011-06-08  Eric Blake  

	python: avoid unlikely sign extension bug
	Detected by Coverity.  cpumap was allocated with a value of
	(unsigned short)*(int), which is an int computation, and then
	promotes to size_t.  On a 64-bit platform, this fails if bit
	32 of the product is set (because of sign extension giving
	a HUGE value to malloc), even though a naive programmer would
	assume that since the first value is unsigned, the product
	is also unsigned and at most 4GB would be allocated.

	Won't bite in practice (the product should never be that large),
	but worth using the right types to begin with, so that we are
	now computing (unsigned short)*(size_t).

	* python/libvirt-override.c (libvirt_virDomainGetVcpus): Use
	correct type.

2011-06-08  Eric Blake  

	build: silence coverity false positive
	Similar in nature to commit fd21ecfd, which shut up valgrind.

	sigaction is apparently a nasty interface for analyzer tools,
	at least for how many false positives it generates.

	* src/util/command.c (virExecWithHook): Initialize entire var, since
	coverity gripes about the (unused and non-standard) sa_restorer.

2011-06-08  Eric Blake  

	storage: avoid mishandling backing store > 2GB
	Detected by Coverity.  The code was doing math on shifted unsigned
	char (which promotes to int), then promoting that to unsigned long
	during assignment to size.  On 64-bit platforms, this risks sign
	extending values of size > 2GiB.  Bug present since commit
	489fd3 (v0.6.0).

	I'm not sure if a specially-crafted bogus qcow2 image could
	exploit this, although it's probably not possible, since we
	were already checking for the computed results being within
	range of our fixed-size buffer.

	* src/util/storage_file.c (qcowXGetBackingStore): Avoid sign
	extension.

2011-06-08  Eric Blake  

	build: detect Coverity 5.3.0
	Coverity 5.3.0 still outputs lots of COVERITY_* variables, but no
	longer modifies COVERITY_BUILD_COMMAND in the environment.  Pick
	one that seems likely to stay around.

	* configure.ac (STATIC_ANALYSIS): Detect newer Coverity.

2011-06-08  Osier Yang  

	build: Fix typos in configure.ac

	virsh: Expose virDomainMigrateSetMaxSpeed API to virsh
	API virDomainMigrateSetMaxSpeed was introduced since 0.9.0, but
	no command in virsh yet.

2011-06-08  Cole Robinson  

	lxc: Ensure container  actually exists
	Since we can't really get useful error reporting from virCommandExec since
	it needs to be the last thing we do.

	lxc: Verify root fs exists before mounting
	Otherwise the following virFileMakePath will create the directory for
	us and fail further ahead, which probably isn't intended.

	lxc: controller: Improve container error reporting
	Add a handshake with the cloned container process to try and detect
	if it fails to start.

	lxc: Improve guest startup error reporting
	Add a simple handshake with the lxc_controller process so we can detect
	process startup failures. We do this by adding a new --handshake cli arg
	to lxc_controller for passing a file descriptor. If the process fails to
	launch, we scrape all output from the logfile and report it to the user.

	lxc: Refactor controller command building
	Arranges things similar to the qemu driver. Will allow us to more easily
	report command error output.

	lxc: Don't report error in Wait/SendContinue
	We will reuse these shortly, and each use should have a different error
	message.

	lxc: Drop container stdio as late as possible
	Makes it more likely we get useful error output in the logs

2011-06-08  Cole Robinson  

	Move virRun, virExec*, virFork to util/command
	Seems reasonable to have all command wrappers in the same place

	v2:
	    Dont move SetInherit

	v3:
	    Comment spelling fix
	    Adjust WARN0 comment
	    Remove spurious #include movement
	    Don't include sys/types.h
	    Combine virExec enums

2011-06-07  Cole Robinson  

	util: Implement virRun as a wrapper around virCommand
	v2:
	    Simplify command building
	    Handle command building failure

	v3:
	    Remove unneeded NULL check

2011-06-07  Cole Robinson  

	util: Remove unused virExec wrapper
	v3:
	    Remove obsolete comment

2011-06-07  Cole Robinson  

	qemu: Convert virExec usage to virCommand
	v2:
	    Have virCommand cleanup intermediate process for us

	v3:
	    Preserve original FD closing behavior

2011-06-07  Matthias Bolte  

	esx: Remove duplicated invalid-argument checks
	Those checks are already performed at the public API level.

2011-06-07  Osier Yang  

	docs: Add doc for video element
	For backwards compatibility, if no