This is a prerequisite to the fix for the fix to:

  https://bugzilla.redhat.com/show_bug.cgi?id=1025397

num_virtual_functions needs to be size_t in order to use the
VIR_APPEND_ELEMENT macro.

When supported, ask iptables to wait rather than fail if it is in use
by another caller (like ufw).

(See https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1245322)
Signed-off-by: NSerge Hallyn <serge.hallyn@ubuntu.com>

This gets rid of another stat() per volume, as well as cutting
bytes read in half, when populating the volumes of a directory
pool during a pool refresh.  Not to mention that it provides an
interface that can let gluster pools also probe file types.

* src/util/virstoragefile.h (virStorageFileProbeFormatFromFD):
Delete.
(virStorageFileProbeFormatFromBuf): New prototype.
(VIR_STORAGE_MAX_HEADER): New constant, based on...
* src/util/virstoragefile.c (STORAGE_MAX_HEAD): ...old name.
(vmdk4GetBackingStore, virStorageFileGetMetadataInternal)
(virStorageFileProbeFormat): Adjust clients.
(virStorageFileProbeFormatFromFD): Delete.
(virStorageFileProbeFormatFromBuf): Export.
* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
Adjust client.
* src/libvirt_private.syms (virstoragefile.h): Adjust exports.
Signed-off-by: NEric Blake <eblake@redhat.com>

Future patches will want to learn metadata about a file using
a buffer that was already parsed in order to probe the file's
format.  Rather than reopening and re-reading the file, it makes
sense to separate getting file contents from actually parsing
those contents.

* src/util/virstoragefile.c (virStorageFileGetMetadataFromBuf)
(virStorageFileGetMetadataFromFDInternal): New functions.
(virStorageFileGetMetadataInternal): Hoist fstat() and read() into
callers.
(virStorageFileGetMetadataFromFD)
(virStorageFileGetMetadataRecurse): Rework clients.
* src/util/virstoragefile.h (virStorageFileGetMetadataFromBuf):
New prototype.
* src/libvirt_private.syms (virstoragefile.h): Export it.
Signed-off-by: NEric Blake <eblake@redhat.com>

Our backing file chain code was not very robust to an ill-timed
EINTR, which could lead to a short read causing us to randomly
treat metadata differently than usual.  But the existing
virFileReadLimFD forces an error if we don't read the entire
file, even though we only care about the header of the file.
So add a new virFile function that does what we want.

* src/util/virfile.h (virFileReadHeaderFD): New prototype.
* src/util/virfile.c (virFileReadHeaderFD): New function.
* src/libvirt_private.syms (virfile.h): Export it.
* src/util/virstoragefile.c (virStorageFileGetMetadataInternal)
(virStorageFileProbeFormatFromFD): Use it.
Signed-off-by: NEric Blake <eblake@redhat.com>

'unsigned char *' makes sense if you are doing math on bytes and
don't want to worry about wraparound from a signed 'char'; but
since all we are doing is memcmp() or virReadBufInt*[LB]E(), which
are both safe on either type of char, and since read() prefers to
operate on 'char *', it's simpler to avoid casts by just typing
things as 'char *' from the get-go.  [Technically, read can
operate on an 'unsigned char *' thanks to the C rule that any
pointer can be implicitly converted to 'char *' for legacy K&R
compatibility; but where this patch saves us is if we try to use
virfile.h functions that take 'char **' in order to allocate the
buffer, where the compiler would barf on type mismatch.]

* src/util/virstoragefile.c (FileTypeInfo): Avoid unsigned char.
(cowGetBackingStore, qcow2GetBackingStoreFormat)
(qcowXGetBackingStore, qcow1GetBackingStore)
(qcow2GetBackingStore, vmdk4GetBackingStore, qedGetBackingStore)
(virStorageFileMatchesMagic, virStorageFileMatchesVersion)
(virStorageFileProbeFormatFromBuf, qcow2GetFeatures)
(virStorageFileGetMetadataInternal)
(virStorageFileProbeFormatFromFD): Simplify clients.
Signed-off-by: NEric Blake <eblake@redhat.com>

A qcow2 file with a backing file of 'gluster://host/vol/file' should
not try to look for a directory named './gluster:/' in the file system.

* src/util/virstoragefile.c (virBackingStoreIsFile): Broaden check
to include all protocols.
Signed-off-by: NEric Blake <eblake@redhat.com>

Add a function for efficiently checking if a path is a filesystem
mount point.

NB will not work for bind mounts, only true filesystem mounts.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1018897

If a PCI deivce is not binded to any driver (e.g. there's yet no PCI
driver in the linux kernel) but still users want to passthru the device
we fail the whole operation as we fail to resolve the 'driver' link
under the PCI device sysfs tree. Obviously, this is not a fatal error
and it shouldn't be error at all.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Avoid necessary checks for the numa library with this helper.

All functions from libnuma must be protected with ifdefs. Avoid this by
using our own wrapper.

Most of the usage of getuid()/getgid() is in cases where we are
considering what privileges we have. As such the code should be
using the effective IDs, not real IDs.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

We already have stubs for getuid, geteuid, getgid but
not for getegid. Something in gnulib already does a
check for it during configure, so we already have the
HAVE_GETEGID macro defined.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The use of getenv is typically insecure, and we want people
to use our wrappers, to force them to think about setuid
needs.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Unconditional use of getenv is not secure in setuid env.
While not all libvirt code runs in a setuid env (since
much of it only exists inside libvirtd) this is not always
clear to developers. So make all the code paranoid, even
if it only ever runs inside libvirtd.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

When running setuid, we must be careful about what env vars
we allow commands to inherit from us. Replace the
virCommandAddEnvPass function with two new ones which do
filtering

  virCommandAddEnvPassAllowSUID
  virCommandAddEnvPassBlockSUID

And make virCommandAddEnvPassCommon use the appropriate
ones
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

We must not allow file/syslog/journald log outputs when running
setuid since they can be abused to do bad things. In particular
the 'file' output can be used to overwrite files.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Care must be taken accessing env variables when running
setuid. Introduce a virGetEnvAllowSUID for env vars which
are safe to use in a setuid environment, and another
virGetEnvBlockSUID for vars which are not safe. Also add
a virIsSUID helper method for any other non-env var code
to use.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

In fact, the suffix should be _QUIET not _QUIT to stress the
fact, that no OOM error is reported on error.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

The recent patch series proposing the addition of PPC little endian
arch support to Linux defines new arch names 'ppcle' and 'ppc64le':

https://lists.ozlabs.org/pipermail/linuxppc-dev/2013-August/109908.html

This just makes libvirt know about these arch names, so it doesn't
immediately trip up if it seems these new names from uname.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Implement the bare minimal sysinfo for AArch64 platforms by
reading the CPU models from /proc/cpuinfo.
Signed-off-by: NAnup Patel <anup.patel@linaro.org>
Signed-off-by: NPranavkumar Sawargaonkar <pranavkumar@linaro.org>

Adding AArch64(ARMv8 64bit) to the current list of valid architectures.

For now, AArch64 name would imply AArch64 LE mode only. In future,
we might have separate names for AArch64 LE and BE.
Signed-off-by: NAnup Patel <anup.patel@linaro.org>
Signed-off-by: NPranavkumar Sawargaonkar <pranavkumar@linaro.org>

The range of valid values for cgroup tunables has
changed in the past and may change again in future
kernels. Avoid hardcoding range checks in libvirt
code, delegating range checking to the kernel itself.
Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>

When EINVAL is returned while changing a cgroups value, tell
user that what values are invalid for the field.
Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>

'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up remaining offenders in src/util.

* src/util/virnetdev.h (virNetDevSetMAC)
(virNetDevReplaceMacAddress, virNetDevValidateConfig)
(virNetDevReplaceNetConfig): Use intended type.
* src/util/virnetdevbandwidth.h (virNetDevBandwidthCopy)
(virNetDevBandwidthPlug): Likewise.
* src/util/virnetdevmacvlan.h (virNetDevMacVLanCreate)
(virNetDevMacVLanCreateWithVPortProfile)
(virNetDevMacVLanDeleteWithVPortProfile)
(virNetDevMacVLanRestartWithVPortProfile)
(virNetDevMacVLanVPortProfileRegisterCallback): Likewise.
* src/util/virnetdevopenvswitch.h (virNetDevOpenvswitchAddPort):
Likewise.
* src/util/virnetdevtap.h (virNetDevTapCreateInBridgePort):
Likewise.
* src/util/virnetdevvlan.h (virNetDevVlanEqual)
(virNetDevVlanCopy): Likewise.
* src/util/virnetdevvportprofile.h
(virNetDevVPortProfileAssociate)
(virNetDevVPortProfileDisassociate): Likewise.
* src/util/virnetlink.h (virNetlinkEventRemoveCallback)
(virNetlinkEventAddClient, virNetlinkEventRemoveClient):
Likewise.
* src/util/virnetdev.c (virNetDevSetMAC)
(virNetDevReplaceMacAddress, virNetDevValidateConfig)
(virNetDevReplaceNetConfig): Fix fallout.
* src/util/virnetdevbandwidth.c (virNetDevBandwidthCopy)
(virNetDevBandwidthPlug): Likewise.
* src/util/virnetdevmacvlan.c (virNetDevMacVLanCreate)
(virNetDevMacVLanCreateWithVPortProfile)
(virNetDevMacVLanDeleteWithVPortProfile)
(virNetDevMacVLanRestartWithVPortProfile)
(virNetDevMacVLanVPortProfileRegisterCallback): Likewise.
* src/util/virnetdevopenvswitch.c (virNetDevOpenvswitchAddPort):
Likewise.
* src/util/virnetdevtap.c (virNetDevTapCreateInBridgePort):
Likewise.
* src/util/virnetdevvlan.c (virNetDevVlanEqual)
(virNetDevVlanCopy): Likewise.
* src/util/virnetdevvportprofile.c
(virNetDevVPortProfileAssociate)
(virNetDevVPortProfileDisassociate)
(virNetDevVPortProfileOpSetLink, virNetDevVPortProfileOpCommon)
(virNetDevVPortProfileOp8021Qbg, virNetDevVPortProfileOp8021Qbh):
Likewise.
* src/util/virnetlink.c (virNetlinkEventRemoveCallback)
(virNetlinkEventAddClient, virNetlinkEventRemoveClient):
Likewise.
Signed-off-by: NEric Blake <eblake@redhat.com>

'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up offenders in src/util outside of the virnet namespace.

Also, make a few virSocketAddr functions const-correct, for easier
conversions in future patches.

* src/util/virbuffer.h (virBufferError, virBufferUse)
(virBufferGetIndent): Use intended type.
* src/util/virmacaddr.h (virMacAddrCmp, virMacAddrCmpRaw)
(virMacAddrSet, virMcAddrFormat, virMacAddrIsUnicast)
(virMacAddrIsMulticast): Likewise.
* src/util/virebtables.h (ebtablesAddForwardAllowIn)
(ebtablesRemoveForwardAllowIn): Likewise.
* src/util/virsocketaddr.h (virSocketAddrSetIPv4Addr): Drop
incorrect const.
(virMacAddrGetRaw, virSocketAddrFormat, virSocketAddrFormatFull):
Make const-correct.
(virSocketAddrMask, virSocketAddrMaskByPrefix)
(virSocketAddrBroadcast, virSocketAddrBroadcastByPrefix)
(virSocketAddrGetNumNetmaskBits, virSocketAddrGetIpPrefix)
(virSocketAddrEqual, virSocketAddrIsPrivate)
(virSocketAddrIsWildcard): Use intended type.
* src/util/virbuffer.c (virBufferError, virBufferUse)
(virBufferGetIndent): Fix fallout.
* src/util/virmacaddr.c (virMacAddrCmp, virMacAddrCmpRaw)
(virMacAddrSet, virMcAddrFormat, virMacAddrIsUnicast)
(virMacAddrIsMulticast): Likewise.
* src/util/virebtables.c (ebtablesAddForwardAllowIn)
(ebtablesRemoveForwardAllowIn): Likewise.
* src/util/virsocketaddr.c (virSocketAddrMask, virMacAddrGetRaw)
(virSocketAddrMaskByPrefix, virSocketAddrBroadcast)
(virSocketAddrBroadcastByPrefix, virSocketAddrGetNumNetmaskBits)
(virSocketAddrGetIpPrefix, virSocketAddrEqual)
(virSocketAddrIsPrivate, virSocketAddrIsWildcard)
(virSocketAddrGetIPv4Addr, virSocketAddrGetIPv6Addr)
(virSocketAddrFormat, virSocketAddrFormatFull): Likewise.
Signed-off-by: NEric Blake <eblake@redhat.com>

'const fooPtr' is the same as 'foo * const' (the pointer won't
change, but it's contents can).  But in general, if an interface
is trying to be const-correct, it should be using 'const foo *'
(the pointer is to data that can't be changed).

Fix up virhash to provide a const-correct interface: all actions
that don't modify the table take a const table.  Note that in
one case (virHashSearch), we actually strip const away - we aren't
modifying the contents of the table, so much as associated data
for ensuring that the code uses the table correctly (if this were
C++, it would be a case for the 'mutable' keyword).

* src/util/virhash.h (virHashKeyComparator, virHashEqual): Use
intended type.
(virHashSize, virHashTableSize, virHashLookup, virHashSearch):
Make const-correct.
* src/util/virhash.c (virHashEqualData, virHashEqual)
(virHashLookup, virHashSize, virHashTableSize, virHashSearch)
(virHashComputeKey): Fix fallout.
* src/conf/nwfilter_params.c
(virNWFilterFormatParameterNameSorter): Likewise.
* src/nwfilter/nwfilter_ebiptables_driver.c
(ebiptablesFilterOrderSort): Likewise.
* tests/virhashtest.c (testHashGetItemsCompKey)
(testHashGetItemsCompValue): Likewise.
Signed-off-by: NEric Blake <eblake@redhat.com>

In Fedora 20, libvirt_lxc crashes immediately at startup with a
trace

 #0  0x00007f0cddb653ec in free () from /lib64/libc.so.6
 #1  0x00007f0ce0e16f4a in virFree (ptrptr=ptrptr@entry=0x7f0ce1830058) at util/viralloc.c:580
 #2  0x00007f0ce0e2764b in virResetError (err=0x7f0ce1830030) at util/virerror.c:354
 #3  0x00007f0ce0e27a5a in virResetLastError () at util/virerror.c:387
 #4  0x00007f0ce0e28858 in virEventRegisterDefaultImpl () at util/virevent.c:233
 #5  0x00007f0ce0db47c6 in main (argc=11, argv=0x7fff4596c328) at lxc/lxc_controller.c:2352

Normally virInitialize calls virErrorInitialize and
virThreadInitialize, but we don't link to libvirt.so
in libvirt_lxc, and nor did we ever call the error
or thread initializers.

I have absolutely no idea how this has ever worked, let alone
what caused it to stop working in Fedora 20.

In addition not all code paths from virLogSetFromEnv will
ensure virLogInitialize is called correctly, which is another
possible crash scenario.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Previous commit

  commit 7ada155c
  Author: Gao feng <gaofeng@cn.fujitsu.com>
  Date:   Wed Sep 11 11:15:02 2013 +0800

    DBus: introduce virDBusIsServiceEnabled

Made the cgroups code fallback to non-systemd based setup
when dbus is not running. It was too big a hammer though,
as it did not check what error code was received when the
dbus connection failed. Thus it silently ignored serious
errors from dbus such as "too many client connections",
which should always be treated as fatal.

We only want to ignore errors if the dbus unix socket does
not exist, or if nothing is listening on it.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The log message regex has been

[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}\+[0-9]{4}: [0-9]+: debug|info|warning|error :

The precedence of '|' is high though, so this is equivalent to matching

   [0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}\+[0-9]{4}: [0-9]+: debug

Or

   info

Or

   warning

Or

   error :

Which is clearly not what it should have done. This caused the code to
skip over things which are not log messages. The solution is to simply
add brackets.

A test case is also added to validate correctness.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

If the dbus system bus connection is marked as private, then
allow it to be closed.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The dbus_bus_get() function returns a shared bus connection that
all libraries in a process can use. You are forbidden from calling
close on this connection though, since you can never know if any
other code might be using it.

Add an option to use private dbus bus connections, if the app
wants to be able to close the connection.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The helper function virCompareLimitUlong compares limit values,
where value of 0 is equal to unlimited. If the latter parameter is 0,
it should return -1 instead of 1, hence the user can only set hard_limit when
swap_hard_limit currently is unlimited.

Worse, all callers pass 2 64-bit values, but on 32-bit platforms,
the second argument was silently truncated to 32 bits, which
could lead to incorrect computations.
Signed-off-by: NBing Bu Cao <mars@linux.vnet.ibm.com>
Signed-off-by: NEric Blake <eblake@redhat.com>

The enum for virNetDevVPort is declared in the header file
virnetdevvportprofile.h, but for some reason the impl is
in netdev_vport_profile_conf.c.

This causes a dep from src/util onto src/conf which is not
allowed. Move the enum impl into virnetdevvportprofile.c
to break the circle.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

This function takes exactly one argument: an address to check.
It returns true, if the address is an IPv4 or IPv6 address in numeric
format, false otherwise (e.g. for "examplehost").
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

s/shoule/should
Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>