This negation in names of boolean variables is driving me insane. The
code is much more readable if we drop the 'no-' prefix. Well, at least
for me.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

For non-local storage drivers we can't expect to use the FDStream
backend for up/downloading volumes. Split the code into a separate
backend function so that we can add protocol specific code later.

This saves a few lines of code and catches the error when:
<spice autoport ='yes' defaultMode='any' ..>
  <channel name='main' mode='secure'/>
</spice>
is specified with spice_tls = 0 in qemu.conf.

Instead of this error in qemuBuildGraphicsSPICECommandLine:
error: unsupported configuration: spice secure channels set in XML
configuration, but TLS port is not provided

an error is reported in qemuProcessSPICEAllocatePorts:
error: unsupported configuration: Auto allocation of spice TLS port
requested but spice TLS is disabled in qemu.conf

Inspired by:
https://www.redhat.com/archives/libvir-list/2014-June/msg01408.html

Translate libvirt discard settings into libxl-4.5 discard settings.
Signed-off-by: NOlaf Hering <olaf@aepfle.de>

When creating cgroups for vcpu and emulator threads whilst starting a
domain, we explicitly skip creating those cgroups in case priv->cgroup
is NULL (cgroups not supported) because SetAffinity() serves the same
purpose.  If the host supports only some cgroups (the ones we need are
either unmounted or disabled in qemu.conf), we error out with weird
message even though we could continue starting the domain.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1097028Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

The commit referenced above changed function arguments of
virStorageFileGetMetadataFromBuf() but didn't tweak the
ATTRIBUTE_NONNULL tied to them. This was caught by coverity as it
actually obeys them. We disabled them for GCC and thus it didn't show
up.

Additionally in commit 3ea661de I passed
NULL to the backingFormat argument which was also marked as nonnull. Use
a dummy int's address when the argument isn't supplied so that the code
doesn't need to change much.

Split out checking of invalid metadata type from the switch statement so
that we can use the typecasted enum value to allow tracking addition of
new items by the compliler.

Also avoids two dead-code break statements.

The default graphics channel mode is 'any', so as to defaultMode attribute.
If defaultMode and channel mode are all the default value 'any',
qemuConnectDomainXMLToNative will set TLSPort.
But in qemuBuildGraphicsSPICECommandLine, if spice_tls is not enabled, libvirtd
will report an error to tell the user that spice TLS is disabled in qemu.conf.

So qemuConnectDomainXMLToNative should check spice_tls is enabled,
then decide to allocate an tlsPort number to this graphics.

If user specified defaultMode is 'secure', qemuConnectDomainXMLToNative
could allocate tlsPort, and then let qemuBuildGraphicsSPICECommandLine reports
the spice_tls disabled error.

The related bug is:
https://bugzilla.redhat.com/show_bug.cgi?id=1113868Signed-off-by: NJincheng Miao <jmiao@redhat.com>
Signed-off-by: NJán Tomko <jtomko@redhat.com>

Now that cgroups/security driver/locking driver support labelling of
individual images and tolerate network storage we don't have to refrain
from passing all image files to it. This allows removing the checking
code as we already make sure that the snapshot function won't be called
with unsupported options.

Now that security, cgroup and locking APIs support working on individual
images and we track the backing chain security info on a per-image basis
we can finally kill swapping the disk source in virDomainDiskDef and use
the virStorageSource directly.

Until now we were changing information about the disk source via
multiple steps of copying data. Now that we changed to a pointer to
store the disk source we might use it to change the approach to track
the data.

Additionally this will allow proper tracking of the backing chain.

When pivoting to a new disk source after a block commit (and possibly
after a soon-to-be-added active block commit) we changed just a few
fields to the new target. In case we'd copy a network disk to a local
file we'd not change the type properly.

To avoid such problems, switch to tracking of the source via changing of
the complete source struct to the one tracking the mirroring info.

Use the source struct and the corresponding function so that we can
avoid using the path separately. Now that
qemuDomainPrepareDiskChainElementPath isn't use anywhere, we can safely
remove it.

Additionally, the removal fixes a misaligned comment as the removed
function was added under a comment for a different function.

Instead of just returning the parent path, return the complete parent
source structure.

Add a few checks and avoid resolving relative links on networked
storage.

Refactor the code and reuse it to implement the functionality.

Refactor the existing code to allow re-using it for the per-image label
restore too.

Refactor the code and reuse it to implement the functionality.

Refactor the existing code to allow re-using it for the per-image label
restore too.

Refactor the code and reuse it to implement the functionality.

Refactor the existing code to allow re-using it for the per-image label
restore too.

Add security driver functions to label separate storage images using the
virStorageSource definition. This will help to avoid the need to do ugly
changes to the disk struct and use the source directly.

Add helper APIs to manage individual image files rather than disks. To
simplify the addition some parts of the code were refactored in this
patch.

Only the top level gets writes, so the rest of the backing chain
requires only read-only access.

Add functions that will allow to set all the required cgroup stuff on
individual images taking a virStorageSourcePtr. Also convert functions
designed to setup whole backing chain to take advantage of the change.

When dispatching events from the event loop, the array of registered
handles is searched to see what handles happened an event on. However,
the array is searched in weird way: the check for the array boundaries
is at the end, so we may touch the elements after the end of the
array:

==10434== Invalid read of size 4
==10434==    at 0x52D06B6: virEventPollDispatchHandles (vireventpoll.c:486)
==10434==    by 0x52D10E4: virEventPollRunOnce (vireventpoll.c:660)
==10434==    by 0x52CF207: virEventRunDefaultImpl (virevent.c:308)
==10434==    by 0x1639D1: virNetServerRun (virnetserver.c:1139)
==10434==    by 0x1220DC: main (libvirtd.c:1507)
==10434==  Address 0xc11ff04 is 4 bytes after a block of size 960 alloc'd
==10434==    at 0x4C2CA5E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==10434==    by 0x52AD378: virReallocN (viralloc.c:245)
==10434==    by 0x52AD46E: virExpandN (viralloc.c:294)
==10434==    by 0x52AD5B1: virResizeN (viralloc.c:352)
==10434==    by 0x52CF2EC: virEventPollAddHandle (vireventpoll.c:116)
==10434==    by 0x52CEF5B: virEventAddHandle (virevent.c:78)
==10434==    by 0x11F69A90: nodeStateInitialize (node_device_udev.c:1797)
==10434==    by 0x53C3C89: virStateInitialize (libvirt.c:743)
==10434==    by 0x120563: daemonRunStateInit (libvirtd.c:919)
==10434==    by 0x5317719: virThreadHelper (virthread.c:197)
==10434==    by 0x8376F39: start_thread (in /lib64/libpthread-2.17.so)
==10434==    by 0x8A7F9FC: clone (in /lib64/libc-2.17.so)
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Recursive functions apparently don't need them, but I originally thought
they do.

Commit a48f4451 introduced a helper
function to convert cgroup device mode to string. The function was only
conditionally compiled on platforms that support cgroup. This broke the
build when attempting to export the symbol:

  CCLD     libvirt.la
  Cannot export virCgroupGetDevicePermsString: symbol not defined

Move the function out of the ifdef, as it doesn't really depend on the
cgroup code being present.

Also fix the error message if an IPv6 host with no MAC
is not found.

https://bugzilla.redhat.com/show_bug.cgi?id=991290

Another patch for
https://bugzilla.redhat.com/show_bug.cgi?id=994731

In libxlDomainMigrationConfirm(), a transient domain is removed
from the domain list after successful migration.  Later in cleanup,
the domain object is unlocked, resulting in a crash

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fb4208ed700 (LWP 12044)]
0x00007fb4267251e6 in virClassIsDerivedFrom (klass=0xdeadbeef,
  parent=0x7fb42830d0c0) at util/virobject.c:169
169	        if (klass->magic == parent->magic)
(gdb) bt
0  0x00007fb4267251e6 in virClassIsDerivedFrom (klass=0xdeadbeef,
  parent=0x7fb42830d0c0) at util/virobject.c:169
1  0x00007fb42672591b in virObjectIsClass (anyobj=0x7fb4100082b0,
  klass=0x7fb42830d0c0) at util/virobject.c:365
2  0x00007fb42672583c in virObjectUnlock (anyobj=0x7fb4100082b0)
  at util/virobject.c:338
3  0x00007fb41a8c7d7a in libxlDomainMigrationConfirm (driver=0x7fb4100404c0,
  vm=0x7fb4100082b0, flags=1, cancelled=0) at libxl/libxl_migration.c:583

Fix by setting the virDomainObjPtr to NULL after removing it from
the domain list.

During migration, the libxl driver starts a modify job in the
begin phase, ending the job in the confirm phase.  This is
essentially VIR_MIGRATE_CHANGE_PROTECTION semantics, but the
driver does not support that flag.  Without CHANGE_PROTECTION
support, the job would never be terminated in error conditions
where migrate confirm phase is not executed.  Further attempts
to modify the domain would result in failure to acquire a job
after LIBXL_JOB_WAIT_TIME.

Similar to the qemu driver, end the job in the begin phase.
Protecting the domain object across all phases of migration can
be done in a future patch adding CHANGE_PROTECTION support.

In libxlDomainMigrationPrepare(), a new virDomainObj is created
from the incoming domain def and added to the driver's domain
list, but never removed if there are subsequent failures during
the prepare phase.

targethost# virsh list --all

sourcehost# virsh migrate --live dom xen+ssh://targethost/system
   error: operation failed: Fail to create socket for incoming migration.

targethost# virsh list --all
error: Failed to list domains
error: name in virGetDomain must not be NULL

After adding code to remove the domain on prepare failure, noticed
that libvirtd crashed due to double free of the virDomainDef.  Similar
to the qemu driver, pass a pointer to virDomainDefPtr so it can be set
to NULL once a virDomainObj is created from it.

In libxlDomainMigrationPrepare(), the cleanup label handles error
conditions and should be renamed as such for clarity.

Currently @flag is not used yet.
Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>

Qemu will fallback to aio=threads when the cache mode doesn't use
O_DIRECT, even if aio=native was explictly set.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1086704Signed-off-by: NGiuseppe Scrivano <gscrivan@redhat.com>

Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Cgroups code uses VIR_CGROUP_DEVICE_* flags to specify the mode but in
the end it needs to be converted to a string. Add a helper to do it and
use it in the cgroup code before introducing it into the rest of the
code.

When discovering a disk backing chain the parent disk's metadata need to
be populated into the guest images so that each piece of the backing
chain contains a copy of those. This will allow us to refactor the
security driver so that it will not need to carry around the original
disk definition.

We are going to modify storage source chains in place. Add a helper that
will copy relevant information such as security labels to the new
element if that doesn't contain it.