My commit 2dbfa716 added test data for vircgrouptest but forgot to
distribute the new directory.
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

The following is a long winded way to say this patch is avoiding a
false positive.

Coverity complains that calling networkPlugBandwidth() could eventually
end up with a NULL dereference on iface->bandwidth because in the
networkAllocateActualDevice there's a check of 'iface->bandwidth'
before deciding to try to use the 'portgroup' if it exists or to not
perferm the virNetDevBandwidthCopy if 'bandwidth' is not NULL.

Later in networkPlugBandwidth the 'iface->bandwidth' is sourced from
virDomainNetGetActualBandwidth - which would be either iface->bandwidth
or (preferably) iface->data.network.actual->bandwidth which would have
been filled in from either 'iface->bandwidth' or 'portgroup->bandwidth'
back in networkAllocateActualDevice

There *is* a check in networkCheckBandwidth for the result of the
virDomainNetGetActualBandwidth being NULL and a return 1 based on
that which would cause networkPlugBandwidth to exit properly and thus
never hit the condition that Coverity complains about.

However, since Coverity checks all paths - it somehow believes that
a return of 0 by networkCheckBandwidth in this condition would end
up causing the possible NULL dereference. The "fix" to silence Coverity
is to not have networkCheckBandwidth also call virDomainNetGetActualBandwidth
in order to get the ifaceBand, but rather have it accept it as an argument
which causes Coverity to "see" that it's the exit condition of 1 that won't
have the possible NULL dereference.  Since we're passing that, I added the
passing of iface->mac rather than passing iface as well. This just hopefully
makes sure someone doesn't undo this in the future...

When libvirt is starting a domain, it reports the state as SHUTOFF until
it's RUNNING. This is not ideal because domain startup may take a long
time (usually because of some configuration issues, firewalls blocking
access to network disks, etc.) and domain lists provided by libvirt look
awkward. One can see weird shutoff domains with IDs in a list of active
domains or even shutoff transient domains. In any case, it looks more
like a bug in libvirt than a normal state a domain goes through.
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

The function needs a pointer to the network to get list of DHCP
leases. The pointer is obtained via virNetworkLookupByName() which
requires callers to free the returned network once no longer needed.
Otherwise it's leaked.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

The variable holds formatted suffix to each line printed out
(address type, address and prefix). However, the variable is
never freed. At the same time, honour fact, that data held in
the variable is not constant.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Now that we allow HW address to be not present on our RPC layer,
don't error out if qemu-ga hasn't provided any.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Make sure we don't print (null) (which in fact is printf()'s
cleverness anyway, not ours). If no HW address is present, print
"N/A" string just like we do for other fields.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Not all NICs (esp. the virtual ones like TUN) must have a hardware
address. Teach our RPC that it's possible.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1199182 documents that
after a series of disk snapshots into existing destination images,
followed by active commits of the top image, it is possible for
qemu 2.2 and earlier to end up tracking a different name for the
image than what it would have had when opening the chain afresh.
That is, when starting with the chain 'a <- b <- c', the name
associated with 'b' is how it was spelled in the metadata of 'c',
but when starting with 'a', taking two snapshots into 'a <- b <- c',
then committing 'c' back into 'b', the name associated with 'b' is
now the name used when taking the first snapshot.

Sadly, older qemu doesn't know how to treat different spellings of
the same filename as identical files (it uses strcmp() instead of
checking for the same inode), which means libvirt's attempt to
commit an image using solely the names learned from qcow2 metadata
fails with a cryptic:

error: internal error: unable to execute QEMU command 'block-commit': Top image file /tmp/images/c/../b/b not found

even though the file exists.  Trying to teach libvirt the rules on
which name qemu will expect is not worth the effort (besides, we'd
have to remember it across libvirtd restarts, and track whether a
file was opened via metadata or via snapshot creation for a given
qemu process); it is easier to just always directly ask qemu what
string it expects to see in the first place.

As a safety valve, we validate that any name returned by qemu
still maps to the same local file as we have tracked it, so that
a compromised qemu cannot accidentally cause us to act on an
incorrect file.

* src/qemu/qemu_monitor.h (qemuMonitorDiskNameLookup): New
prototype.
* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDiskNameLookup):
Likewise.
* src/qemu/qemu_monitor.c (qemuMonitorDiskNameLookup): New function.
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskNameLookup)
(qemuMonitorJSONDiskNameLookupOne): Likewise.
* src/qemu/qemu_driver.c (qemuDomainBlockCommit)
(qemuDomainBlockJobImpl): Use it.
Signed-off-by: NEric Blake <eblake@redhat.com>

Use the utilities introduced in the previous patches so the qemu
driver is able to create tap devices that are bound (and unbound
on domain destroyal) to Midonet virtual ports.
Signed-off-by: NAntoni Segura Puimedon <toni+libvirt@midokura.com>

Midonet is an opensource virtual networking that over lays the IP
network between hypervisors. Currently, such networks can be made
with the openvswitch virtualport type.

This patch, defines the schema and documentation that will serve
as basis for the follow up patches that will add support to libvirt
for using Midonet virtual ports for its interfaces. The schema
definition requires that the port profile expresses its interfaceid
as part of the port profile. For that reason, this is part of the
patch too.
Signed-off-by: NAntoni Segura Puimedon <toni+libvirt@midokura.com>

Adds the port type definitions and methods that will be used to bind
interfaces to the Midonet virtual ports.

virtnetdevmidonet.c adds the way to bind and unbind the ports by
calling into the Midonet Host Agent control command line (installed
with the midolman package).
Signed-off-by: NAntoni Segura Puimedon <toni+libvirt@midokura.com>

Previously we had to check for 3 fields to see if the source was filled.
Repurpose one of the variables as a boolean flag and use it instead of
combining multiple sources.

For the condition that checks that only CDROM/FLOPPY drives can be empty
we can use the virStorageSourceIsEmpty() helper.

If the storage device type is parsed as network our parser still allows
it to omit the <source> element. The empty drive check would not trigger
on such device as it expects that every network storage source is valid.

Use VIR_STORAGE_NET_PROTOCOL_NONE as a marker that the storage source is
empty.

Only selected fields from the disk source were copied when cold updating
source in a CDROM drive. When such drive was backed by a network file
this resulted into corruption of the definition:

    <disk type='network' device='cdrom'>
      <driver name='qemu' type='raw' cache='none'/>
      <source protocol='gluster' name='gluster-vol1(null)'>
        <host name='localhost'/>
      </source>
      <target dev='vdc' bus='virtio'/>
      <readonly/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
    </disk>

Update the whole source instead of cherry-picking elements.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1166024

The command did not modify the disk type and thus didn't allow to change
media from a file image to a block backed image or vice versa. In
addition when operating on a network backed removable devices the
command would replace the while <source> subelement with an invalid one.

This patch adds the --block option that allows to specify that the new
image is block backed and assumes that without that option all images
are file backed. Since network backends were always mangled it should
not cause problems.

Allow printing the XML that would be used mostly for debugging purposes.

Since cmdDetachDisk() calls into vshPrepareDiskXML() with
type == VSH_PREPARE_DISK_XML_NONE && source == NULL this would result
into skipping all the checks and effectively turn the function into a
XML formatter.

This patch changes the code to use the formatter directly so that the
function can be refactored in a easier way.

Fix indentation in prlsdkGetNetInf()o, remove unnecessary error
message in prlsdkDomainChangeState(), remove unnecessary job
freeing in prlsdkLoadDomains().
Signed-off-by: NMaxim Nestratov <mnestratov@parallels.com>
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

tools/virsh-domain-monitor.c
   * Introduce new command : domifaddr
     Usage: domifaddr <domain> [interface] [--full] [--source lease|agent]

     Example outputs:
     virsh # domifaddr f20
     Name       MAC address          Protocol     Address
     -------------------------------------------------------------------------------
     lo         00:00:00:00:00:00    ipv4         127.0.0.1/8
     -          -                    ipv6         ::1/128
     vnet0      52:54:00:2e:45:ce    ipv4         10.1.33.188/24
     -          -                    ipv6         2001:db8:0:f101::2/64
     -          -                    ipv6         fe80::5054:ff:fe2e:45ce/64
     vnet1      52:54:00:b1:70:19    ipv4         192.168.105.201/16
     -          -                    ipv4         192.168.201.195/16
     -          -                    ipv6         fe80::5054:ff:feb1:7019/64
     vnet2      52:54:00:36:2a:e5    N/A          N/A
     vnet3      52:54:00:20:70:3d    ipv4         192.168.105.240/16
     -          -                    ipv6         fe80::5054:ff:fe20:703d/64

     virsh # domifaddr f20 eth1 --source lease
     Name       MAC address          Protocol     Address
     -------------------------------------------------------------------------------
     vnet1      52:54:00:b1:70:19    ipv4         192.168.105.201/16
     -          -                    ipv4         192.168.201.195/16
     -          -                    ipv6         fe80::5054:ff:feb1:7019/64

     virsh # domifaddr f20 eth0 --source agent --full
     Name       MAC address          Protocol     Address
     -------------------------------------------------------------------------------
     eth0       52:54:00:2e:45:ce    ipv4         10.1.33.188/24
     eth0       52:54:00:2e:45:ce    ipv6         2001:db8:0:f101::2/64
     eth0       52:54:00:2e:45:ce    ipv6         fe80::5054:ff:fe2e:45ce/64

tools/virsh.pod
   * Document new command
Signed-off-by: NNehal J Wani <nehaljw.kkd1@gmail.com>

By querying the qemu guest agent with the QMP command
"guest-network-get-interfaces" and converting the received JSON
output to structured objects.

Although "ifconfig" is deprecated, IP aliases created by "ifconfig"
are supported by this API. The legacy syntax of an IP alias is:
"<ifname>:<alias-name>". Since we want all aliases to be clubbed
under parent interface, simply stripping ":<alias-name>" suffices.
Note that IP aliases formed by "ip" aren't visible to "ifconfig",
and aliases created by "ip" do not have any specific name. But
we are lucky, as qemu guest agent detects aliases created by both.

src/qemu/qemu_agent.h:
  * Define qemuAgentGetInterfaces

src/qemu/qemu_agent.c:
  * Implement qemuAgentGetInterface

src/qemu/qemu_driver.c:
  * New function qemuGetDHCPInterfaces
  * New function qemuDomainInterfaceAddresses

src/remote_protocol-sructs:
  * Define new structs

tests/qemuagenttest.c:
  * Add new test: testQemuAgentGetInterfaces
    Test cases for IP aliases, 0 or multiple ipv4/ipv6 address(es)
Signed-off-by: NNehal J Wani <nehaljw.kkd1@gmail.com>

daemon/remote.c
   * Define remoteSerializeDomainInterface, remoteDispatchDomainInterfaceAddresses

src/remote/remote_driver.c
   * Define remoteDomainInterfaceAddresses

src/remote/remote_protocol.x
   * New RPC procedure: REMOTE_PROC_DOMAIN_INTERFACE_ADDRESSES
   * Define structs remote_domain_ip_addr, remote_domain_interface,
     remote_domain_interfaces_addresse_args, remote_domain_interface_addresses_ret
   * Introduce upper bounds (to handle DoS attacks):
     REMOTE_DOMAIN_INTERFACE_MAX = 2048
     REMOTE_DOMAIN_IP_ADDR_MAX = 2048
     Restrictions on the maximum number of aliases per interface were
     removed after kernel v2.0, and theoretically, at present, there
     are no upper limits on number of interfaces per virtual machine
     and on the number of IP addresses per interface.

src/remote_protocol-structs
   * New structs added
Signed-off-by: NNehal J Wani <nehaljw.kkd1@gmail.com>

Define helper function virDomainInterfaceFree, which allows
the upper layer application to free the domain interface object
conveniently.

The API is going to provide multiple methods by flags, e.g.
  * Query guest agent
  * Parse DHCP lease file

include/libvirt/libvirt-domain.h
  * Define virDomainInterfaceAddresses, virDomainInterfaceFree
  * Define structs virDomainInterface, virDomainIPAddress

src/driver-hypervisor.h:
  * Define domainInterfaceAddresses

src/libvirt-domain.c:
  * Implement virDomainInterfaceAddresses
  * Implement virDomainInterfaceFree

src/libvirt_public.syms:
  * Export the new symbols
Signed-off-by: NNehal J Wani <nehaljw.kkd1@gmail.com>

Failures of parallelsStorageOpen occured because we incorrectly treated
path to VM' configuration file as a directory. Now initialization of
parallels VM domains home directory is fixed.
Signed-off-by: NMaxim Nestratov <mnestratov@parallels.com>

Signed-off-by: NMaxim Nestratov <mnestratov@parallels.com>

Otherwise exporting existing domain config and defining a new one like this:
virsh -c parallels:///system dumpxml instance01 > my.xml
virsh -c parallels:///system define my.xml
leads to an error because PCS default x64 mode turns to x32.
Thus, we need to set correct cpuMode in prlsdkDoApplyConfig() explicitly.
Signed-off-by: NMikhail Feoktistov <mfeoktistov@parallels.com>
Signed-off-by: NMaxim Nestratov <mnestratov@parallels.com>
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

We're parsing memballoon status period as unsigned int, but when we're
trying to set it, both we and qemu use signed int.  That means large
values will get wrapped around to negative one resulting in error.
Basically the same problem as commit e3a7b874 was dealing with when
updating live domain.

QEMU changed the accepted value to int64 in commit 1f9296b5, but even
values as INT_MAX don't make sense since the value passed means seconds.
Hence adding capability flag for this change isn't worth it.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140958Signed-off-by: NLuyao Huang <lhuang@redhat.com>
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

In order not to leave old error messages set, this patch refactors the
code so the error is reported only when acted upon.  The only such place
already rewrites any error, so cleaning up all the error reporting in
qemuMonitorSetMemoryStatsPeriod() is enough.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

All the devices we have format their address as its last sub-element, so
let's change memballoon to follow suit.  Also adjust RNG to allow any
order of them so 'virsh edit' doesn't shout at us.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Change it so it really *always* eats the @toadd buffer.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Add $(top_builddir) paths to INCLUDES to fix VPATH build.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Wireshark supports pkg-config since 1.11.3.  Right now we build
wireshark-dissectior tool as default trough rpm build only on
fedora >= 21 and there is new wireshark that supports pkg-config.
If someone wants to build libvirt with wireshark-dissector against old
wireshark, they should specify the location by hand.

This patch is mainly to fix wrong dependency on wireshark binary as it
doesn't make sense to require that binary file to just get version info
of that package in makefile.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

Commit 4ab8cd77 added a check requiring input devices to have
a bus type of VIR_DOMAIN_INPUT_BUS_USB, failing to start the
domain otherwise.  But virDomainDefParseXML adds implicit mouse
and keyboard if a graphics device is configured.  See calls to
virDomainDefMaybeAddInput.

The regression is fixed by removing the check requiring USB input
devices, and skipping non-USB input devices when populating USB
'usbdevice' in libxl_domain_build_info struct.

Patch 51f9f03a introduces a regression
where if a blockCommit operation fails the disk is still marked as being
part of a block job but can't be unmarked later.

Commit 4f25146b (v1.2.8) managed to silence Coverity, but at the
cost of a memory leak detected by valgrind:
==24129== 40 bytes in 5 blocks are definitely lost in loss record 355 of 637
==24129==    at 0x4A08B1C: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==24129==    by 0x5084B8E: virReallocN (viralloc.c:245)
==24129==    by 0x514D5AA: virDomainObjListExport (domain_conf.c:22200)
==24129==    by 0x201227DB: qemuConnectListAllDomains (qemu_driver.c:18042)
==24129==    by 0x51CC1B6: virConnectListAllDomains (libvirt-domain.c:6797)
==24129==    by 0x14173D: remoteDispatchConnectListAllDomains (remote.c:1580)
==24129==    by 0x121BE1: remoteDispatchConnectListAllDomainsHelper (remote_dispatch.h:1072)

In short, every time a client calls a ListAll variant and asks
for the resulting list, but there are 0 elements to return, we
end up leaking the 1-entry array that holds the NULL terminator.

What's worse, a read-only client can access these functions in a
tight loop to cause libvirtd to eventually run out of memory; and
this can be considered a denial of service attack against more
privileged clients.  Thankfully, the leak is so small (8 bytes per
call) that you would already have some other denial of service with
any guest calling the API that frequently, so an out-of-memory
crash is unlikely enough that this did not warrant a CVE.

* daemon/remote.c (remoteDispatchConnectListAllDomains)
(remoteDispatchDomainListAllSnapshots)
(remoteDispatchDomainSnapshotListAllChildren)
(remoteDispatchConnectListAllStoragePools)
(remoteDispatchStoragePoolListAllVolumes)
(remoteDispatchConnectListAllNetworks)
(remoteDispatchConnectListAllInterfaces)
(remoteDispatchConnectListAllNodeDevices)
(remoteDispatchConnectListAllNWFilters)
(remoteDispatchConnectListAllSecrets)
(remoteDispatchNetworkGetDHCPLeases): Plug leak.
Signed-off-by: NEric Blake <eblake@redhat.com>

This one is no longer necessary since the Vcpu and IOThreads API's share

Since both Vcpu and IOThreads code use the same API's, alter the naming
of the API's to remove the "Vcpu" specific reference