This is place as a sub-element of <source>, where other aspects of the
host-side connection to the network device are located (network or
bridge name, udp listen port, etc). It's a bit odd that the interface
we're configuring with this info is itself named in <target dev='x'/>,
but that ship sailed long ago:

    <interface type='ethernet'>
      <mac address='00:16:3e:0f:ef:8a'/>
      <source>
        <ip address='192.168.122.12' family='ipv4'
            prefix='24' peer='192.168.122.1'/>
        <ip address='192.168.122.13' family='ipv4' prefix='24'/>
        <route family='ipv4' address='0.0.0.0'
               gateway='192.168.122.1'/>
        <route family='ipv4' address='192.168.124.0' prefix='24'
               gateway='192.168.124.1'/>
      </source>
    </interface>

In practice, this will likely only be useful for type='ethernet', so
its presence in any other type of interface is currently forbidden in
the generic device Validate function (but it's been put into the
general population of virDomainNetDef rather than the
ethernet-specific union member so that 1) we can more easily add the
capability to other types if needed, and 2) we can retain the info
when set to an invalid interface type all the way through to
validation and report a proper error, rather than just ignoring it
(which is currently what happens for many other type-specific
settings).

(NB: The already-existing configuration of IP info for the guest-side
of interfaces is in subelements directly under <interface>, and the
name of the guest-side interface (when configurable) is in <guest
dev='x'/>).

(This patch had been pushed earlier in
commit fe6a7789, but was reverted in
commit d6584565 because it had been
accidentally pushed during the freeze for release 2.0.0)

The peer attribute is used to set the property of the same name in the
interface IP info:

  <interface type='ethernet'>
    ...
    <ip family='ipv4' address='192.168.122.5'
        prefix='32' peer='192.168.122.6'/>
    ...
  </interface>

Note that this element is used to set the IP information on the
*guest* side interface, not the host side interface - that will be
supported in an upcoming patch.

(This patch now has quite a history: it was originally pushed in
commit 690969af, which was subsequently reverted in commit 1d14b13f,
then reworked and pushed (along with a lot of other related/supporting
patches) in commit 93135abf; however *that* commit had been
accidentally pushed during dev. freeze for release 2.0.0, so it was
again reverted in commit f6acf039).
Signed-off-by: NVasiliy Tolstov <v.tolstov@selfip.ru>
Signed-off-by: NLaine Stump <laine@laine.org>

This patch takes the code out of
lxcContainerRenameAndEnableInterfaces() that adds all IP addresses and
IP routes to the interface, and puts it into a utility function
virNetDevIPInfoAddToDev() in virnetdevip.c so that it can be used by
anyone.

One small change in functionality -
lxcContainerRenameAndEnableInterfaces() previously would add all IP
addresses to the interface while it was still offline, then set the
interface online, and then add the routes. Because I don't want the
utility function to set the interface online, I've moved this up so
the interface is first set online, then IP addresses and routes are
added. This is the same order that the network service from
initscripts (in ifup-ether) does it, so it shouldn't pose any problem
(and hasn't, in the tests that I've run).

(This patch had been pushed earlier in commit
f1e0d0da, but was reverted in commit
05eab475 because it had been
accidentally pushed during the freeze for release 2.0.0)

Introduce a helper to help determine if a disk src could be possibly used
for a disk secret... Going to need this for hot unplug.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

For a luks device, allow the configuration of a specific cipher to be
used for encrypting the volume.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

Add parse and format of the luks/passphrase secret including tests for
volume XML parsing.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

In order to use more common code and set up for a future type, modify the
encryption secret to allow the "usage" attribute or the "uuid" attribute
to define the secret. The "usage" in the case of a volume secret would be
the path to the volume as dictated by the backwards compatibility brought
on by virStorageGenerateQcowEncryption where it set up the usage field as
the vol->target.path and didn't allow someone to provide it. This carries
into virSecretObjListFindByUsageLocked which takes the secret usage attribute
value from from the domain disk definition and compares it against the
usage type from the secret definition. Since none of the code dealing
with qcow/qcow2 encryption secrets uses usage for lookup, it's a mostly
cosmetic change. The real usage comes in a future path where the encryption
is expanded to be a luks volume and the secret will allow definition of
the usage field.

This code will make use of the virSecretLookup{Parse|Format}Secret common code.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

Add a new secret type known as "passphrase" - it will handle adding the
secret objects that need a passphrase without a specific username.

The format is:

   <secret ...>
     <uuid>...</uuid>
     ...
     <usage type='passphrase'>
       <name>mumblyfratz</name>
     </usage>
   </secret>
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

Since the virSecretDefParseUsage ensures each of the fields is present,
no need to check during virSecretDefFormatUsage (also virBufferEscapeString
is a no-op with a NULL argument).
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

    This replicates the metadata field found in the domain configuration
    and adds it to the network configuration XML.

This is a generic version of virDomainDefMetadataSanitize() - the same
functionality is now needed for network metadata.

Remove the local kvmpath variable from
virHostCPUGetThreadsPerSubcore() and use the file-global
KVM_DEVICE define instead.

Since it's not strictly a uuid anymore

This allows event implementations to match on something other
than an object's uuid, like nodedev or interface objects which
don't have a uuid.

This should not have any functional difference, it's just a step
towards matching on non-uuid string keys

In every other instance virObjectEventCallbackPtr is named 'cb',
and in other code 'event' usually means a virObjectEventPtr

It's only used in object_event.c, so remove it from the header. We
need to move the _virObjectEventCallback definition earlier as a
result.

A helper that will execute a callback on every USB device
in the domain definition.

With an ability to skip USB hubs, since we will want to treat
them differently in some cases.

Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

I'm not sure why our code claimed "-boot menu=on" cannot be used in
combination with per-device bootindex, but it was proved wrong about
four years ago by commit 8c952908. Let's always use bootindex when QEMU
supports it.

https://bugzilla.redhat.com/show_bug.cgi?id=1323085Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

virttype is already included in domCaps, no need to pass it separately.
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

Pretending (partial) support for something we don't understand is risky.
Reporting a failure is much better.
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

virTypedParameterAssign steals the string rather than copying it into
the typed parameter and thus freeing it leads to a crash when attempting
to serialize the results.

This was introduced in commit 9f50f6e2 and later made an universal
helper in 32e6339c.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1351473

Some code paths already assume that it is allocated since it was always
allocated by virDomainPerfDefParseXML. Make it member of virDomainDef
directly so that we don't have to allocate it all the time.

This fixes crash when attempting to connect to an existing process via
virDomainQemuAttach since we would not allocate it in that code path.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1350688

Ensure that the given controller and all controllers with a smaller
index exist; there must not be any missing index in between.
Reviewed-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: NBjoern Walk <bwalk@linux.vnet.ibm.com>
Signed-off-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com>

The commit "qemu: hot-plug: Assume support for -device in
qemuDomainAttachSCSIDisk" dropped the code for the automatic SCSI
controller creation used in SCSI disk hot-plugging. If we are
hot-plugging a SCSI disk to a domain and there is no proper SCSI
controller defined, it results in an "error: internal error: Could not
find scsi controller with index X required for device" error.

For that reason reverting a hunk of the commit
d4d32005.

This patch also adds an extra comment to the code to clarify the
loop.
Reviewed-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: NBjoern Walk <bwalk@linux.vnet.ibm.com>
Signed-off-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com>

CVE-2016-5008

Setting an empty graphics password is documented as a way to disable
VNC/SPICE access, but QEMU does not always behaves like that. VNC would
happily accept the empty password. Let's enforce the behavior by setting
password expiration to "now".

https://bugzilla.redhat.com/show_bug.cgi?id=1180092Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

Similarly to what virsh virt-login-shell do, call virAdmInitialize prior to
initializing an event loop and initializing the error handler. Commit 97973ebb
described and fixed an identical issue for libvirt_lxc.
Since virAdmInitialize becomes a public API after applying this patch,
the symbol is also added to public syms and the doc string of the method is
slightly enhanced analogically to virInitialize.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

virNetServerClientGetInfo returns the client's remote address
as a string, which is a part of the client object.

Use VIR_STRDUP to make a copy which can be freely accessed
even after the virNetServerClient object is unlocked.

To reproduce, put a sleep between virObjectUnlock in
virNetServerClientGetInfo and virTypedParamsAddString in
adminClientGetInfo, then close the queried connection during
that sleep.

https://bugzilla.redhat.com/show_bug.cgi?id=1316370

Consider the following disk for a domain:

    <disk type='volume' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <auth username='libvirt'>
        <secret type='iscsi' usage='libvirtiscsi'/>
      </auth>
      <source pool='iscsi-secret-pool' volume='unit:0:0:0' mode='direct' startupPolicy='optional'/>
      <target dev='sda' bus='scsi'/>
      <readonly/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>

Now, startupPolicy is currently not allowed for iscsi disks, so
one would expect an error message to be thrown. But what a
surprise is waiting for users if they try to start up such
domain:

==15724== Invalid free() / delete / delete[] / realloc()
==15724==    at 0x4C2B1F0: free (vg_replace_malloc.c:473)
==15724==    by 0x54B7A69: virFree (viralloc.c:582)
==15724==    by 0x552DC90: virStorageAuthDefFree (virstoragefile.c:1549)
==15724==    by 0x552F023: virStorageSourceClear (virstoragefile.c:2055)
==15724==    by 0x552F054: virStorageSourceFree (virstoragefile.c:2067)
==15724==    by 0x55556AA: virDomainDiskDefFree (domain_conf.c:1562)
==15724==    by 0x5557ABE: virDomainDefFree (domain_conf.c:2547)
==15724==    by 0x1B43CC42: qemuProcessStop (qemu_process.c:5918)
==15724==    by 0x1B43BA2E: qemuProcessStart (qemu_process.c:5511)
==15724==    by 0x1B48993E: qemuDomainObjStart (qemu_driver.c:7050)
==15724==    by 0x1B489B9A: qemuDomainCreateWithFlags (qemu_driver.c:7104)
==15724==    by 0x1B489C01: qemuDomainCreate (qemu_driver.c:7122)
==15724==  Address 0x21cfbb90 is 0 bytes inside a block of size 48 free'd
==15724==    at 0x4C2B1F0: free (vg_replace_malloc.c:473)
==15724==    by 0x54B7A69: virFree (viralloc.c:582)
==15724==    by 0x552DC90: virStorageAuthDefFree (virstoragefile.c:1549)
==15724==    by 0x12D1C8D4: virStorageTranslateDiskSourcePool (storage_driver.c:3475)
==15724==    by 0x1B4396E4: qemuProcessPrepareDomain (qemu_process.c:4896)
==15724==    by 0x1B43B880: qemuProcessStart (qemu_process.c:5466)
==15724==    by 0x1B48993E: qemuDomainObjStart (qemu_driver.c:7050)
==15724==    by 0x1B489B9A: qemuDomainCreateWithFlags (qemu_driver.c:7104)
==15724==    by 0x1B489C01: qemuDomainCreate (qemu_driver.c:7122)
==15724==    by 0x561CA97: virDomainCreate (libvirt-domain.c:6787)
==15724==    by 0x12B6FD: remoteDispatchDomainCreate (remote_dispatch.h:4116)
==15724==    by 0x12B61A: remoteDispatchDomainCreateHelper (remote_dispatch.h:4092)

The problem is, in virStorageTranslateDiskSourcePool disk
def->src->auth is freed, but the pointer is not set to NULL. So
later, when qemuProcessStop starts to free the domain definition,
virStorageAuthDefFree() tries to free the memory again, instead
of jumping out immediately.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Reorder code for setting default log level from cmdline prior
initialization of log outputs. Thus the --verbose option is reflected.

This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1325072

Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

Patch fixes vz build after changes in IP-related netdev functions(cf0568b0, fbc1843d).
Signed-off-by: NOlga Krishtal <okrishtal@virtuozzo.com>

This reverts commit f1e0d0da.

This feature was accidentally pushed in the feature freeze.

This reverts commit 93135abf.

This feature was accidentally pushed in the feature freeze.