* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesWriteToTempFile):
Skip the close if "fd" is negative.

History has shown that there are frequent bugs in the QEMU driver
code leading to the monitor being invoked with a NULL pointer.
Although the QEMU driver code should always report an error in
this case before invoking the monitor, as a safety net put in a
generic check in the monitor code entry points.

* src/qemu/qemu_monitor.c: Safety net to check for NULL monitor
  object

Any method which intends to invoke a monitor command must have
a check for virDomainObjIsActive() before using the monitor to
ensure that priv->mon != NULL.

There is one subtle edge case in this though. If a method invokes
multiple monitor commands, and calls qemuDomainObjExitMonitor()
in between two of these commands then there is no guarentee that
priv->mon != NULL anymore. This is because the QEMU process may
exit or die at any time, and because qemuDomainObjEnterMonitor()
releases the lock on virDomainObj, it is possible for the background
thread to close the monitor handle and thus qemuDomainObjExitMonitor
will release the last reference allowing priv->mon to become NULL.

This affects several methods, most notably migration but also some
hotplug methods. This patch takes a variety of approaches to solve
the problem, depending on the particular usage scenario. Generally
though it suffices to add an extra virDomainObjIsActive() check
if qemuDomainObjExitMonitor() was called during the method.

* src/qemu/qemu_driver.c: Fix multiple potential NULL pointer flaws
  in usage of the monitor

* cfg.mk (useless_free_options): Add many vir*Free* function names,
and then remove the useless if-before-free tests exposed by running
make syntax-check.
* src/conf/interface_conf.c (virInterfaceDefFree): Remove useless "if".
(virInterfaceAssignDef): Likewise.
* src/conf/network_conf.c (virNetworkAssignDef): Likewise.
* src/conf/storage_conf.c (virStoragePoolObjAssignDef): Likewise.
* src/node_device/node_device_hal.c (dev_create): Likewise.
* src/security/virt-aa-helper.c (vahDeinit): Likewise.
* src/test/test_driver.c (testNodeDeviceCreateXML): Likewise.
* src/util/conf.c (virConfSetValue): Likewise.

This makes the useless-if-before-free test in maint.mk spot
uses of virCgroupFree just like it does for free and the other
listed functions.
* cfg.mk (useless_free_options): Add virCgroupFree.
Prompted by suggestion from Eric Blake.

* src/qemu/qemu_driver.c (qemudDomainSetVcpus): Upon look-up failure,
i.e., vm==NULL, goto cleanup, rather than to "endjob", superficially
since the latter would dereference vm, but more fundamentally because
we certainly don't want to call qemuDomainObjEndJob before we've
even attempted qemuDomainObjBeginJob.

* src/lxc/lxc_driver.c (lxcFreezeContainer): Remove test-after-deref.
Correct indentation in expression.

ESX supports NFS and CIFS. The ESX storage driver will reflect this.

This status will be used by the ESX storage driver.

For example a running NFS pool is inaccessible when the NFS server is
currently unreachable.

(gdb) p/x QEMUD_CMD_FLAG_VNET_HOST
$7 = 0xffffffff80000000

Oops - that meant we were incorrectly setting QEMU_CMD_FLAG_RTC_TD_HACK
for qemu-kvm-0.12.3 (and probably botching a few other settings as well).

Fixes Red Hat BZ#592070

* src/qemu/qemu_conf.h (QEMUD_CMD_FLAG_VNET_HOST): Avoid sign
extension.
* tests/qemuhelpdata/qemu-kvm-0.12.3: New file.
* tests/qemuhelptest.c (mymain): Add another case.

A fedora translator filed:

https://bugzilla.redhat.com/show_bug.cgi?id=580816

Pointing out these two error messages as unclear: "write save" sounds
like a typo without context, and lack of a colon made the second message
difficult to parse.

virFileResolveLink was returning a positive value on error,
thus confusing callers that assumed failure was < 0.  The
confusion is further evidenced by callers that would have
ended up calling virReportSystemError with a negative value
instead of a valid errno.

Fixes Red Hat BZ #591363.

* src/util/util.c (virFileResolveLink): Live up to documentation.
* src/qemu/qemu_security_dac.c
(qemuSecurityDACRestoreSecurityFileLabel): Adjust callers.
* src/security/security_selinux.c
(SELinuxRestoreSecurityFileLabel): Likewise.
* src/storage/storage_backend_disk.c
(virStorageBackendDiskDeleteVol): Likewise.

The max path length for unix sockets is pretty small (108, see man 7 unix).
If 'make check' is run from a directory that exceeds this, one of the tests
will fail, and in such a way that requires manually editting the test to
determine why.

There are certainly other ways to handle this, but I've chosen just to skip
the offending test if we will exceed the length limitation.

v2: Drop bashism, use test infrastructure to warn and skip

v2: Use intended F_OK. Drop devdir param, just check dev->path for device
existence.

v3: Use virReportSystemError, include dev->path in error message.

Fix the cygwin regression introduced in commit 48445ccf, but
without repeating the fresh build regression of commit
2d550542.

* src/Makefile.am (libvirt_test_la_LIBADD): Split out subset of
locally-built libraries...
(libvirt_test_la_BUILT_LIBADD): ...into new variable.
(libvirt_test_la_DEPENDENCIES): Depend only on the subset that
automake would have given us for free if we didn't have to add our
own extra file.

* src/uml/uml_driver.c (umlAutostartDomain): Handle a NULL return
from virGetLastError.

Matthias noted that the line:
virt_aa_helper_LDFLAGS = $(WARN_CFLAGS)
looks inconsistent, so I did an audit.

Currently, the set of compiler warning flags passed to gcc as $CC are
equally permitted as the set of linker flags passed to gcc as $LD, so
there was no problem with that usage.  But if we ever get in a
situation where $CC and $LD treat particular flags differently, using
the right variable form will make it easier.

In the process, I spotted a couple of typos that were omitting useful
flags, as well as specifying a -l under the wrong variable.

* acinclude.m4 (LIBVIRT_COMPILE_WARNINGS): Define WARN_LDFLAGS as
an alias for WARN_CFLAGS.
* tools/Makefile.am (virsh_LDFLAGS): Use more canonical spelling.
* proxy/Makefile.am (libvirt_proxy_LDFLAGS): Likewise. Move
library...
(libvirt_proxy_LDADD): ...here.
* src/Makefile.am (virt_aa_helper_LDFLAGS): Use more canonical
spelling of WARN_LDFLAGS.
(libvirt_parthelper_LDFLAGS, libvirt_lxc_LDFLAGS): Likewise.  Use
correct spelling of COVERAGE_LDFLAGS.
Reported by Matthias Bolte.

* configure.ac: Check for <linux/magic.h>.
* src/util/storage_file.c: Include <linux/magic.h> only if present.
Linux kernels prior to 2.6.19 lacked it.
[__linux__] (NFS_SUPER_MAGIC): Define if not already defined.

* src/cpu/cpu_x86.c (x86ModelHasFeature): Do not dereference the pointer
returned by x86cpuidFind without first ensuring it is non-NULL.

qemuReadLogOutput early VM death detection is racy and won't always work.
Startup then errors when connecting to the VM monitor. This won't report
the emulator cmdline output which is typically the most useful diagnostic.

Check if the VM has died at the very end of the monitor connection step,
and if so, report the cmdline output.

See also: https://bugzilla.redhat.com/show_bug.cgi?id=581381

* src/qemu/qemu_driver.c (qemudDomainStart): After setting vm to NULL,
goto cleanup, rather than dereferencing the NULL pointer.

* src/qemu/qemu_driver.c: Remove debugging fprintf() calls
  accidentally left in code

* src/qemu/qemu_driver.c (qemudDomainSetVcpus): Avoid NULL-deref
upon unknown UUID.  Call qemuDomainObjBeginJob(vm) only after
ensuring that vm != NULL, not before.  This potential NULL-deref
was introduced by commit 2c555d87.

This reverts commit 2d550542.

The patch worked for incremental builds, but broke fresh
builds, because it interfered with automake's automatic
dependency generation.  Until I figure out how to make
automake do what we want, I'd rather leave cygwin broken
but fresh Linux builds working.

make[3]: *** No rule to make target `-lxml2', needed by `libvirt.la'.  Stop.

Due to treating the wrong string as a dependency.

* src/Makefile.am (libvirt_la_DEPENDENCIES): Depend only on
locally-built file, not on strings that might resolve as '-lxml2'.

This adds a missing driver lock in the qemu driver to protect
the list of domains.

The code specifies driver->cacheDir as the format string,
but it usually doesn't contain '%s', so the subsequent
argument, "/qemu.mem.XXXXXX", is always ignored.

The patch fixes the misuse.

Setting dynamic_ownership=0 in /etc/libvirt/qemu.conf prevents
libvirt's DAC security driver from setting uid/gid on disk
files when starting/stopping QEMU, allowing the admin to manage
this manually. As a side effect it also stopped setting of
uid/gid when saving guests to a file, which completely breaks
save when QEMU is running non-root. Thus saved state labelling
code must ignore the dynamic_ownership parameter

* src/qemu/qemu_security_dac.c: Ignore dynamic_ownership=0 when
  doing save/restore image labelling

When QEMU runs with its disk on NFS, and as a non-root user, the
disk is chownd to that non-root user. When migration completes
the last step is shutting down the QEMU on the source host. THis
normally resets user/group/security label. This is bad when the
VM was just migrated because the file is still in use on the dest
host. It is thus neccessary to skip the reset step for any files
found to be on a shared filesystem

* src/libvirt_private.syms: Export virStorageFileIsSharedFS
* src/util/storage_file.c, src/util/storage_file.h: Add a new
  method virStorageFileIsSharedFS() to determine if a file is
  on a shared filesystem (NFS, GFS, OCFS2, etc)
* src/qemu/qemu_driver.c: Tell security driver not to reset
  disk labels on migration completion
* src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c,
  src/security/security_selinux.c, src/security/security_driver.h,
  src/security/security_apparmor.c: Add ability to skip disk
  restore step for files on shared filesystems.

The cgroups ACL code was only allowing the primary disk image.
It is possible to chain images together, so we need to search
for backing stores and add them to the ACL too. Since the ACL
only handles block devices, we ignore the EINVAL we get from
plain files. In addition it was missing code to teardown the
cgroup when hot-unplugging a disk

* src/qemu/qemu_driver.c: Allow backing stores in cgroup ACLs
  and add missing teardown code in unplug path

If the IO error event does not include a reason, then there
is a possible crash dispatching the event

* src/conf/domain_event.c: Missing check for a NULL reason before
  strduping allows for a crash

QEMU is gaining a new monitor command netdev_add for hotplugging
NICs using the netdev backend code. We already support this on
the command this, though it is disabled. This adds support for
hotplug too, also to remain disabled until 0.13 QEMU is released

* src/qemu/qemu_driver.c: Support netdev hotplug for NICs
* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
  support for netdev_add and netdev_remove commands

* src/datatypes.c: Use correct word.

When closing a monitor using qemuMonitorClose(), we are aware of
the possibility the monitor is still being used somewhere:

    /* NB: ordinarily one might immediately set mon->watch to -1
     * and mon->fd to -1, but there may be a callback active
     * that is still relying on these fields being valid. So
     * we merely close them, but not clear their values and
     * use this explicit 'closed' flag to track this state */

but since we call virEventAddHandle() on that monitor without increasing
its ref counter, the monitor is still freed which makes possible users
of it quite unhappy. The unhappiness can lead to a hang if qemuMonitorIO
tries to lock mutex which no longer exists.

First calling REMOTE_PROC_CLOSE and then removing watches might lead to
a hang as HANGUP event can be triggered before the watches are actually
removed but after virConnectPtr is already freed. As a result of that
remoteDomainEventFired() would try to lock uninitialized mutex, which
would hang for ever.

* tests/cpuset: Change from GPLv3 to GPLv2+
* tests/read-bufsiz: Likewise.
* tests/read-non-seekable: Likewise.
* tests/start: Likewise.
* tests/undefine: Likewise.
* tests/vcpupin: Likewise.
* tests/virsh-all: Likewise.
* tests/virsh-schedinfo: Likewise.
* tests/virsh-synopsis: Likewise.

Continuation of earlier patches to fix LIB_PTHREAD, only
triggered by ./configure --with-xen-proxy (a la autobuild.sh).

* proxy/Makefile.am (libvirt_proxy_LDADD): Add LIB_PTHREAD.

Product and vendor values were swapped in the XML, which made virt-manager
PCI device listing kinda useless.

* .gnulib: Update to latest.
* bootstrap.conf (gnulib_modules): Import netdb.
* src/esx/esx_util.c (AI_ADDRCONFIG): Rely on gnulib.
* src/remote/remote_driver.c (AI_ADDRCONFIG): Likewise.
* tools/virsh.c (WEXITSTATUS, O_SYNC): Likewise.