Define an <encryption> tag specifying volume encryption format and
format-depenedent parameters (e.g. passphrase, cipher name, key
length, key).

Currently the only defined parameter is a reference to a "secret"
(passphrase/key) managed using the virSecret* API.

Only the qcow/qcow2 encryption format, and a "default" format used to
let libvirt choose the format during volume creation, is currently
supported.

This patch does not add any users; the <encryption> tag is added in
the following patches to both volumes (to support encrypted volume
creation) and domains.

* docs/*.html: Re-generate
* docs/formatstorageencryption.html.in, docs/sitemap.html.in:
  Add page describing storage encryption data format
* docs/schemas/Makefile.am, docs/schemas/storageencryption.rng:
  Add RNG schema for storage encryption format
* po/POTFILES.in: Add src/storage_encryption_conf.c
* src/libvirt_private.syms: Export virStorageEncryption* functions
* src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal
  helper APIs for dealing with storage encryption format
* libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng
  RNG schema

* src/remote_internal.c: Implement client binding for new secrets
  APIs
* src/datatypes.h: Add 'void *secretPrivateData' to virConnectPtr
  struct

* include/libvirt/virterror.h, src/virterror.c: Add VIR_ERR_INVALID_SECRET
  and VIR_FROM_SECRET
* src/libvirt.c: Define stubs for every new public API

* include/libvirt/virterror.h, src/virterror.c: Add VIR_WAR_NO_SECRET
* src/libvirt_private.syms, src/datatypes.h, src/datatypes.c: Type
  virSecret struct definition and helper APIs
* src/driver.h: Sub-driver API definitions for secrets
* src/libvirt.c: Define new sub-driver for secrets

This patch adds a "secret" as a separately managed object, using a
special-purpose API to transfer the secret values between nodes and
libvirt users.

* docs/schemas/secret.rng, docs/schemas/Makefilem.am: Add new
  schema for virSecret objects
* docs/*html: Re-generated
* docs/formatsecret.html.in, docs/sitemap.html.in: Add page
  describing the virSecret XML schema
* include/libvirt/libvirt.h.in: Define the new virSecret public
  API
* src/libvirt_public.syms: Export symbols for new public APIs
* mingw32-libvirt.spec.in, libvirt.spec.in: Add secret.rng to
  files list

Per prior discussion -- this was, indeed, trivial.

I'm a little disappointed to be breaking the ordering characteristics of
the enum (as it had been ordered by increasing time requirements and
decreasing output size), but breaking any save files with the old
constants in the headers would of course be worse.

>From 2a9cdcfc88de091a8d34aa3fc3b1208d7681790e Mon Sep 17 00:00:00 2001
From: Charles Duffy <Charles_Duffy@dell.com>
Date: Fri, 28 Aug 2009 11:49:54 -0500
Subject: [PATCH] support lzop save compression for qemu

One of the larger disincentives towards use of compression for migrated-out save
files is performance impact. This patch adds support for lzop; CPU time for
compression is about 5x faster than gzip (the next most performant algorithm)
and decompression is about 3x faster.
Signed-off-by: NCharles Duffy <Charles_Duffy@dell.com>
Signed-off-by: NChris Lalancette <clalance@redhat.com>

All of the other drivers that support the getMaxVcpus callback
also accept a NULL value for type.  Make openvz also accept a
NULL value.
Signed-off-by: NChris Lalancette <clalance@redhat.com>

qemudExtractMonitorPath() was doing a VIR_ALLOC_N followed by a
strncpy.  However, this isn't necessary; we can do the same thing
using strndup, which is much safer.
Signed-off-by: NChris Lalancette <clalance@redhat.com>

The documentation for virNodeGetCellsFreeMemory claims the values
returned are in kilobytes, but that's actually wrong; the value
returned is actually in bytes.  Fix up the documentation to be
correct.
Signed-off-by: NChris Lalancette <clalance@redhat.com>

S-expression containing empty lists, e.g. (cpus (() () () ())),
was not being handled properly in sexpr2string() serialization.
Emit an empty list when encountering NIL sexpr kind.

* src/uml_driver.c: Fix numa API driver entries to avoid
  infinite loop

* src/virsh.c: Pass in pool object to avoid crash in key lookup

* src/remote_internal.c: Split remoteAuthPolkit into separate
  impls for v0 and v1 to avoid compile warnings due to unused
  variables/params
* qemud/remote.c: Remove accidental tabs

* configure.in: Check for pkcheck which indicates new policykit
* qemud/Makefile.am: Install different versions of policy
* qemud/libvirtd.policy: Rename to libvirtd.policy-0
* qemud/libvirtd.policy-1: new style policy
* qemud/qemud.c, qemud/qemud.h, qemud/remote.c: Support new
  policykit API via external pkcheck helper
* src/remote_internal.c: Don't prompt for polkit auth with new
  policykit API
* libvirt.spec.in: deal with new policy install locations & deps

* src/security_selinux.c: ignores EOPNOTSUPP when attempting to access an
  NFS share

Matthias correctly points out that escape_specialcharaters() takes a
length, and since we are now malloc()'ing string in phypOpen instead of
making it a static array, we can't use sizeof(string) anymore.  Calculate
the proper strlen and then use that both to allocate the string and also
pass it to escape_specialcharacters().
Signed-off-by: NChris Lalancette <clalance@redhat.com>

I came across this line in the phypOpen function:

char string[strlen(conn->uri->path)];

Here the path part of the given URI is used without checking it for
NULL, this can cause a segfault as strlen expects a string != NULL.
Beside that uuid_db and connection_data leak in case of an error.

In this line

conn->uri->path = string;

the original path of the URI leaks. The patch adds a VIR_FREE call
before setting the new path.

The attached patch is compile-tested but I don't have a Power
Hypervisor installation at hand to test it for real.

Matthias
Signed-off-by: NChris Lalancette <clalance@redhat.com>

Fix up a small memory leak pointed out by DanB; I was forgetting
to release memory allocated to driver->saveImageFormat.
Also add the "save_image_format" and "security" entries to
the augeas lens.
Signed-off-by: NChris Lalancette <clalance@redhat.com>

* src/qemu_conf.c, src/uml_conf.c: use virReportSystemError() to report
  system errors

https://bugzilla.redhat.com/517371

Matt Booth points out that if you use a non-existent bridge name when
start a guest you get a weird error message:

  Failed to add tap interface 'vnet%d' to bridge 'virbr0'

and dev='vnet%d' appears in the dumpxml output.

Fix that by not including 'vnet%d' in the error message and freeing the
'vnet%d' string if adding the tap device to the bridge fails.

* src/qemu_conf.c, src/uml_conf.c: fix qemudNetworkIfaceConnect()
  and umlConnectTapDevice() to not expose 'vnet%d' to the user

As we start/shutdown guests, or hotplug/hot-unplug devices, we can add
or delete devices as appropriate from a list of active devices.

Then, in pciReset(), we can use this to determine whether its safe to
reset a device as a side effect of resetting another device.

* src/qemu_conf.h: add activePciHostdevs to qemud_driver

* src/qemu_driver.c: maintain the activePciHostdevs list, and pass it
  to pciResetDevice()

* src/pci.[ch]: pass the activeDevs list to pciResetDevice() and use
  it to determine whether a Secondary Bus Reset is safe

The qemuPrepareHostDevices() and qemuDomainReAttachHostDevices()
functions are clutter with a bunch of calls to pciGetDevice() and
pciFreeDevice() obscuring the basic logic.

Add a pciDeviceList type and add a qemuGetPciHostDeviceList() function
to build a list from a domain definition. Use this in prepare/re-attach
fto simplify things and eliminate the multiple pciGetDevice calls.

This is especially useful because in the next patch we need to iterate
the hostdevs list a third time and we also need a list type for keeping
track of active devices.

* src/pci.[ch]: add pciDeviceList type and also a per-device 'managed'
  property

* src/libvirt_private.syms: export the new functions

* src/qemu_driver.c: add qemuGetPciHostDeviceList() and re-write
  qemuPrepareHostDevices() and qemuDomainReAttachHostDevices() to use it

Newer versions of QEMU accept 'pci_add auto', but older versions require
'pci_add pci_addr=auto'

* src/qemu_driver.c: use pci_addr= in qemudDomainAttachHostPciDevice()
  for older versions of QEMU

* src/qemu_driver.c: Add missing break statement in
  qemudDomainDetachHostDevice()

When we hot-unplug a PCI host device from a guest, we should reset it.

Both managed and unmanaged devices should be reset, but only managed
devices should be re-attached.

* src/qemu_driver.c: reset devices in qemudDomainDetachHostPciDevice()

Right now we're only resetting managed devices before hotplug, but we
should reset them irrespective of whether they are managed.

* src/qemu_driver.c: reset all PCI hostdevs before hotplug

It turns out that the previous attempt at this doesn't work well
in the case of hotplug. We need qemuCheckPciHostDevice() to
disallow the reset affecting devices already attach to the guest,
but we still need to avoid double locking the virDomainObjPtr.

This is all getting messy, I've a better idea.

This reverts commit 63188082 and
c106c8a1.

* src/qemu_driver.c, src/pci.[ch], src/xen_unified.c,
  src/libvirt_private.syms: revert a bunch of stuff.

The current code makes a poor effort at updating the device arrays after
hot-unplug. Fix that and combine the two code paths into one.

* src/qemu_driver.c: fix list updating in qemudDomainDetachNetDevice(),
  qemudDomainDetachPciDiskDevice() and qemudDomainDetachHostPciDevice()

Confused me when poking at another 'driver' variable in gdb which gcc
had optimized away

* src/remote_internal.c: rename driver to remote_driver

Maybe it's just me, but I try to select an item from the tree using
double-click and get annoyed when "+-" gets included in the selection.

* src/virsh.c: add a space between "+-" and the node device name
  in 'virsh nodedev-list --tree'

Currently the reference counting for connections is busted.  I
first noticed it while trying to use virConnectRef; it would
eventually cause a crash in the remote_internal driver, although
that was really just a victim.  Really, we should only call the
close callbacks on the methods when the references drop to 0.  To
accomplish this, move all of the close callbacks into
virUnrefConnect (since there are lots of internal users of that
function), and arrange for virConnectClose to call that.

V2: Make sure to drop the connection lock before we call the close
    callbacks, otherwise we could deadlock the daemon
V3: Fix up a crash when we got an error from one of the drivers
Signed-off-by: NChris Lalancette <clalance@redhat.com>

* src/domain_conf.c: Make virDomainObjListFree a no-op if list
  is NULL
* src/domain_event.c: make virDomainEventCallbackListFree a no-op
  if event list is NULL
* src/lxc_driver.c: Log a message if LXC driver does not startup
  due to lacking kernel support

Implement a compressed save image format for qemu.  While ideally
we would have the choice between compressed/non-compressed
available to the libvirt API, unfortunately there is no "flags"
parameter to the virDomainSave() API.  Therefore, implement this
as a qemu.conf option.  gzip, bzip2, and lzma are implemented, and
it should be very easy to implement additional compression
methods.

One open question is if/how we should detect the compression
binaries.  One way to do it is to do compile-time setting of the
paths (via configure.in), but that doesn't seem like a great thing
to do.  My preferred solution is not to detect at all;
when we go to run the commands that need them, if they
aren't available, or aren't available in one of the standard paths,
then we'll fail.  That's also the solution implemented in this patch.

In the future, we'll have a more robust (managed) save/restore API,
at which time we can expose this functionality properly in the API.

V2: get rid of redundant dd command and just use >> to append data.
V3: Add back the missing pieces for the enum and bumping the save version.
V4: Make the compressed field in the save_header an int.
    Implement LZMA compression.
Signed-off-by: NChris Lalancette <clalance@redhat.com>

If a PCI device reset causes other devices to be reset, allow it so long
as those other devices are note assigned to another active domain.

Note, we need to take the driver lock qemudNodeDeviceReset() because the
check function will iterate over the domain list.

* src/qemu_conf.c: add qemuCheckPciHostDevice() to iterate over active
  domains checking whether the affected device is assigned

* src/pci.[ch]: add pciDeviceEquals() helper

When using a Secondary Bus Reset, all devices on the bus are reset.

Extend the pciResetDevice() API so that a 'check' callback can be
supplied which will verify that it is safe to reset the other devices
on the bus.

The virDomainObjPtr parameter is needed so that when the check function
iterates over the domain list, it can avoid double locking.

* src/pci.[ch]: add a 'check' callback to pciResetDevice(), re-work
  pciIterDevices() to pass the check function to the iter functions,
  use the check function in the bus iterator, return the first unsafe
  device from pciBusCheckOtherDevices() and include its details in
  the bus reset error message.

* src/qemu_driver.c, src/xen_uninified.c: just pass NULL as the
  check function for now

Currently, if we are unable to reset a PCI device we return a fairly
generic 'No PCI reset capability available' error message.

Fix that by returning an error from the individual reset messages and
using that error to construct the higher level error mesage.

* src/pci.c: set errors in pciTryPowerManagementReset() and
  pciTrySecondaryBusReset() on failure; use those error messages
  in pciResetDevice(), or explain that no reset support is available

When the guest shuts down, we should attempt to restore all PCI host
devices to a sane state.

In the case of managed hostdevs, we should reset and re-attach the
devices. In the case of unmanaged hostdevs, we should just reset them.

Note, KVM will already reset assigned devices when the guest shuts
down using whatever means it can, so we are only doing it to cover the
cases the kernel can't handle.

* src/qemu_driver.c: add qemuDomainReAttachHostDevices() and call
  it from qemudShutdownVMDaemon()

It turns out that a PCI Power Management reset only affects individual
functions, and not the whole device.

The PCI Power Management spec talks about resetting the 'device' rather
than the 'function', but Intel's Dexuan Cui informs me that it is
actually a per-function reset.

Also, Yu Zhao has added pci_pm_reset() to the kernel, and it doesn't
reject multi-function devices, so it must be true! :-)

(A side issue is that we could defer the PM reset to the kernel if we
could detect that the kernel has PM reset support, but barring version
number checks we don't have a way to detect that support)

* src/pci.c: remove the pciDeviceContainsOtherFunctions() check from
  pciTryPowerManagementReset() and prefer PM reset over bus reset
  where both are available

Cc: Cui, Dexuan <dexuan.cui@intel.com>
Cc: Yu Zhao <yu.zhao@intel.com>

PCI device assignment is only supported in KVM's fork of qemu, so we
should really detect its availability and give a nice error if its
not supported.

* src/qemu_conf.[ch]: introduce QEMUD_CMD_FLAG_PCIDEVICE indicating
  that the -pcidevice command line option is available

* tests/*: update the tests

Attaching a host PCI device to a qemu guest is done with a
straightforward 'pci_add auto host host=XX:XX.X' command.

Like with NIC and disk hotplug, we need to retain the guest PCI address
assigned by qemu so that we can use it for hot-unplug.

Identifying a device for detach is done using the host PCI address.

Managed mode is handled by detaching/resetting the device before
attaching it to the guest and re-attaching it after detaching it from
the guest.

* src/qemu_driver.c: add qemudDomainAttachHostPciDevice() and
  qemudDomainDetachHostPciDevice()

* src/domain_conf.h: add somewhere to store the guest PCI address

* src/domain_conf.c: handle formatting and parsing the guest PCI
  address