Right-aligning backslashes when defining macros or using complex
commands in Makefiles looks cute, but as soon as any changes is
required to the code you end up with either distractingly broken
alignment or unnecessarily big diffs where most of the changes
are just pushing all backslashes a few characters to one side.

Generated using

  $ git grep -El '[[:blank:]][[:blank:]]\\$' | \
    grep -E '*\.([chx]|am|mk)$$' | \
    while read f; do \
      sed -Ei 's/[[:blank:]]*[[:blank:]]\\$/ \\/g' "$f"; \
    done
Signed-off-by: NAndrea Bolognani <abologna@redhat.com>

This adds a rule to require https links for the libvirt, qemu
and kvm websites.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Seeing a log message saying 'flags=93' is ambiguous & confusing unless
you happen to know that libvirt always prints flags as hex.  Change our
debug messages so that they always add a '0x' prefix when printing flags,
and '0' prefix when printing mode. A few other misc places gain a '0x'
prefix in error messages too.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The commandhelper binary is a helper for commandtest that
validates what file handles were inherited. For this to
work reliably we must not have any libraries that leak
file descriptors into commandhelper. Unfortunately some
versions of gnutls will intentionally open file handles
at library load time via a constructor function.

We previously hacked around this in

  commit 4cbc15d0
  Author: Martin Kletzander <mkletzan@redhat.com>
  Date:   Fri May 2 09:55:52 2014 +0200

    tests: don't fail with newer gnutls

    gnutls-3.3.0 and newer leaves 2 FDs open in order to be backwards
    compatible when it comes to chrooted binaries [1].  Linking
    commandhelper with gnutls then leaves these two FDs open and
    commandtest fails thanks to that.  This patch does not link
    commandhelper with libvirt.la, but rather only the utilities making
    the test pass.

    Based on suggestion from Daniel [2].

    [1] http://lists.gnutls.org/pipermail/gnutls-help/2014-April/003429.html
    [2] https://www.redhat.com/archives/libvir-list/2014-April/msg01119.html

That fix relied on fact that while libvirt.so linked with
gnutls, libvirt_util.la did not link to it.  With the
introduction of the util/vircrypto.c file that assumption
is no longer valid. We must not link to libvirt_util.la
at all - only gnulib and libc can (hopefully) be relied
on not to open random file descriptors in constructors.
Reviewed-by: NMartin Kletzander <mkletzan@redhat.com>
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Despite being a generated file, HACKING has been tracked in
the git repository along with actual source files. As far as
I'm aware, it's the only generated file for which that happens.

Times and times again, people[1] have committed changes to
the source file without refreshing the generated copy at the
same time.

The rationale for tracking the generated file is to help out
people who just cloned the git repository looking to contribue;
however, README-hacking already contains enough information to
get perspective contributors to a place where they can simply
look at docs/hacking.html instead.

[1] Mostly me, to be honest
Signed-off-by: NAndrea Bolognani <abologna@redhat.com>

This mock (which is actually not mock at all, see later) can redirect
all accesses to a path into another path.  There is no need to
create mocks for particular directories, you just create a directory
with all the data a redirect the test there.

In the future, this should also be able to register callbacks for
calls/paths, e.g. when the test is going to write into anything under
"/sys/devices", call function fce();  Then in the open() call we would
add information about the fd into some structure and in write() we
would call fce() with parameters like @path to write to, @data to
be written and pointer to optional return value, so that fce() itself
could stop the call from happening or change its behaviour.  But
that's an idea for a latter day.

This is not a mock because it will not be preloaded, but compiled in
the test itself.  See future patches for usage.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Per xen-xl conversions from and to native under host-passthrough
mode we take care for Xen (nestedhvm = mode) applied and inherited
settings generating or processing correct feature policy:

[On Intel (VT-x) architectures]
<feature policy='disable' name='vmx'/>

or

[On AMD (AMD-V) architectures]
<feature policy='disable' name='svm'/>

It will then generate (or parse) for nestedhvm=1 in/from xl format.
Signed-off-by: NJoao Martins <joao.m.martins@oracle.com>
Signed-off-by: NWim ten Have <wim.ten.have@oracle.com>

The goal is twofold: firstly, we want to extend the script so
that it can deal with more than a single git submodule, and
secondly we'd like to reduce the amount of duplicated code.
Moreover, since we're making heavy changes to the code anyway,
we might as well make sure it follows a somewhat consistent
coding style too.

To reduce code duplication, we introduce a new --dry-run
option, which can be used by third parties to figure out
whether calling autogen.sh is necessary or not: this allows
us to get rid of the reimplementation of part of the logic
in cfg.mk and guarantee they'll never get out of sync.

Other changes include: making dirty submodules checking and
cleaning entirely independent of other operations; removing
the use of 'set -e' and handling errors explicitly instead;
better parsing of command line arguments.

CLang's optimizer is more aggressive at inlining functions than
gcc and so will often inline functions that our tests want to
mock-override. This causes the test to fail in bizarre ways.

We don't want to disable inlining completely, but we must at
least prevent inlining of mocked functions. Fortunately there
is a 'noinline' attribute that lets us control this per function.

A syntax check rule is added that parses tests/*mock.c to extract
the list of functions that are mocked (restricted to names starting
with 'vir' prefix). It then checks that src/*.h header file to
ensure it has a 'ATTRIBUTE_NOINLINE' annotation. This should prevent
use from bit-rotting in future.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Similarly to virshDomainFree add a wrapper for the snapshot object
freeing function.

virDomainFree has it's quirks (does not like NULL pointers, resets
libvirt errors). Replace it by a virsh helper which will allow us to
centrally fix issues with it.

The syntax-check rule will prohibit new uses of virDomainFree.

Fixing make syntax-check broken by commit 4da534c0.
Signed-off-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: NBjoern Walk <bwalk@linux.vnet.ibm.com>

Matching the beginning of a path in syntax check does not work because
each path is enriched with a prefix of the source tree.
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

This check makes sense only in *.c files.
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

There is no reason for it not to be in the utils, all global symbols
under that file already have prefix vir* and there is no reason for it
to be part of DRIVER_SOURCES because that is just a leftover from
older days (pre-driver modules era, I believe).
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Now that we have some qemuSecurity wrappers over
virSecurityManager APIs, lets make sure everybody sticks with
them. We have them for a reason and calling virSecurityManager
API directly instead of wrapper may lead into accidentally
labelling a file on the host instead of namespace.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

The utils code should stay separated from other code (except for very
well justified cases). Unfortunately commit 272769be
made it trivial to break the separation (and not get slapped by the
syntax-check rule) by adding -I src/conf to the CFLAGS for utils.

Remove this shortcut and except the two offenders from the syntax check
so that the codebase can be kept separated.

Problem with VIR_FREE() is that we are not linking
libvirt-utils.so to our mock libs therefore there will be an
unresolved symbol. Fortunately, nsstest that eventually links
with the nssmock links also with libvirt-utils.so and thus the
symbol is resolved after all. However, if one wants to run the
test binary under valgrind it is impossible to do so. Because of
the unresolved symbol.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

The front page contains a bunch of content that is either
outdated (eg links to libvirt qpid) or not particularly
useful (links to vendor hypervisor sites).

This rewrites it to be more directly useful to visitors,
providing a updated intro to libvirt project, direct
links to key pieces of website content (new contributors
guide, security process, bug reporting, XML formats), and
feed showing recent 5 blog posts on the virt tools planet.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

This reverts commit 1f29f3da.

Assuming <dt> is always used to document symbols is way too
broad, requiring far too many exemptions to be marked to
avoid syntax check rules.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The original libvirt logo was built using what appears to be
either Overpass font, or one stylistically very similar (the
slanted top of letters like 'l', 't', etc). The newly recreated
libvirt logo will use Overpass. Use this font for the website
text too, to provide a consistent style.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The library.xen file contains a braindump of thoughts dating
from the very first days of libvirt, when it was briefly
called libxen. This is not useful and potentially misleading
or confusing for people.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

This initially started as a fix of some debug printing in
virCgroupDetect. However it turned out that other places suffer
from the similar problem. While dealing with pids, esp. in cases
where we cannot use pid_t for ABI stability reasons, we often
chose an unsigned integer type. This makes no sense as pid_t is
signed.
Also, new syntax-check rule is introduced so we won't repeat this
mistake.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

This way we get reference counting and we can get rid of locking
function.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

The marginally nicer error message is not worth the extra lines in
cfg.mk.

Also drop the excludes since there was only one offender in the tests.

Both gethostbyaddr and gethostbyname* are already checked
by sc_prohibit_nonreentrant.

GNU make is able to replace characters, no need to call tr.

Some of the examples make use of asprintf and strtol functions (to keep
things simple) which are prohibited to use within our code (enforced by
syntax-check). Therefore besides adding some examples, this patch also updates
cfg.mk to exclude examples directory from asprintf and strtol rules, as well as
updates .gitignore to exclude all the new admin binaries created in the
'examples' dir.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Prefer virDirOpen.

Introduce a helper that only calls closedir if DIR* is non-NULL
and sets it to NULL afterwards.

Invoke the script only once instead of once for every file.

This script can already operate on a list of files.
Add a --check parameter to check if multiple files are wrapped
correctly with a single invocation of the script.

This checks forbids using "can not" and checks the placement
of some texinfo tags.

Drop it since we do not use texinfo and the check takes almost
twice as much as the rest of the checks.

We test whitespace with lots of other characters now.

The prohibit_nonreentrant syntax-check rule spawns a new shell
for every non-reentrant function we know, to make it easier
to mention the function name in the error message, with the _r
appended.

Since the line with the offending function is already printed
and some of the functions on our list do not have a _r counterpart,
compile them into one big regex and use a more generic error message
to save time.

Move all APIs with a virHostCPU name prefix out into new
util/virhostcpu.h & util/virhostcpu.c files
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Fix the regex for excluding files for this syntax-rule.  The rule "include/"
will not work, because we are matching the whole line like this
"^(...|include/|...)$ so we need to use "include/libvirt/libvirt.+".  The second
issue is that we are using only one '$' but there should be two of those at the
end.  The last small adjustment is to escape dots '.' so it match only dot.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

There is a lot to explain, but I try to make it as short as
possible. I'd start by pasting some parts of sys/stat.h:

extern int stat (const char *__restrict __file,
		 struct stat *__restrict __buf) __THROW __nonnull ((1, 2));

extern int __REDIRECT_NTH (stat, (const char *__restrict __file,
				  struct stat *__restrict __buf), stat64)
     __nonnull ((1, 2));

__extern_inline int
__NTH (stat (const char *__path, struct stat *__statbuf))
{
  return __xstat (_STAT_VER, __path, __statbuf);
}

Only one of these is effective at once, due to some usage of
the mess we are dealing with in here. So, basically, while
compiling or linking stat() in our code can be transformed into
some other func. Or a dragon.
Now, if you read stat(2) manpage, esp. "C library/kernel
differences" section, you'll learn that glibc uses some tricks
for older applications to work. I haven't gotten around actual
code that does this, but based on my observations, if 'stat'
symbol is found, glibc assumes it's dealing with ancient
application. Unfortunately, it can be just ours stat coming from
our mock. Therefore, calling stat() from a test will end up in
our mock. But since glibc is not exposing the symbol anymore, our
call of real_stat() will SIGSEGV immediately as the pointer to
function is NULL. Therefore, we should expose only those symbols
we know glibc has.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

The intent is that this library is going to be called every time
to check if we are not touching anything outside srcdir or
builddir.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Commit 61b070cf cleaned up a number of cases where the <dt>
element was used to document symbols, but the symbol itself was
not inside a <code> element.

To make sure we don't end up having to clean up again a few
months from now, introduce a syntax-check rule that can spot
such mistakes.

All existing exceptions are marked as such, with either file
or line granularity depending on the case.