The doRemoteOpen method was a little unusual in declaring a bunch of
local variables in the middle of the function. Move them to the top as
it is normal libvirt style.
Reviewed-by: NFabiano Fidêncio <fidencio@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Mention libssh as possible transport in the error message of an
unrecognized transport.

https://bugzilla.redhat.com/show_bug.cgi?id=1727013Signed-off-by: NPino Toscano <ptoscano@redhat.com>
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>

We currently refuse to connect to remote libvirtd over SSH if we see the
path ends in /session. Earlier on though we checked for /session and set
the VIR_DRV_OPEN_REMOTE_USER flag. There is one subtle distinction
though with the test driver. All test URIs are marked with this flag,
regardless of whether the URI indicates a local or remote connection.
Previously a local connection to the test driver would have used the
unprivileged libvirtd while a remote connection would have tried the
privileged libvirtd. With this we are consistent and use the
unprivileged for both local & remote, if the current user is non-root.
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Currently the VIR_DRV_OPEN_REMOTE_USER flag is only set when we identify
that we're connecting to a local libvirtd daemon. We would like to be
able to set that even if connecting to a remote libvirtd daemon. This
entails refactoring the conditional check.

One subtle change is that the VIR_DRV_OPEN_REMOTE_USER is now set when
the test+XXX://  URI is used, even if a servername is present. This has
no effect in this patch, but will later.
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Define the wire protocol for the virNetworkPort APIs and enable the
client/server RPC dispatch.
Reviewed-by: NLaine Stump <laine@laine.org>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

According to the official documentation for autoconf[1], the
correct names for these variables are abs_top_{src,build}dir
rather than abs_top{src,build}dir; in fact, we're already
using the correct names in various places, so let's just make
everything nice and consistent.

[1] https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Preset-Output-Variables.htmlSigned-off-by: NAndrea Bolognani <abologna@redhat.com>
Reviewed-by: NMartin Kletzander <mkletzan@redhat.com>

Introduce the API to expose the storage pool capabilities along
with all the remote munglement required to hook up the client.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
ACKed-by: NMichal Privoznik <mprivozn@redhat.com>

If we call virStreamFinish and virStreamAbort from 2 distinct
threads for example we can have access to freed memory.
Because when virStreamFinish finishes for example virStreamAbort
yet to be finished and it access virNetClientStreamPtr object
in stream->privateData.

Also it does not make sense to clear @driver field. After
stream is finished/aborted it is better to have appropriate
error message instead of "unsupported error".

This commit reverts [1] or virNetClientStreamPtr and
virStreamPtr will never be unrefed due to cyclic dependency.
Before this patch we don't have leaks because all execution
paths we call virStreamFinish or virStreamAbort.

[1] 8b6ffe40 : virNetClientStreamNew: Track origin stream
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>

Checking virNetClientStreamRaiseError without client lock
is racy which is fixed in [1] for example. Thus let's remove such checks
when we are sending message to server. And in other cases
(like virNetClientStreamRecvHole for example) let's move the check
into client stream code.

virNetClientStreamRecvPacket already have stream lock so we could
introduce another error checking function like virNetClientStreamRaiseErrorLocked
but as error is set when both client and stream lock are hold we
can remove locking from virNetClientStreamRaiseError because all
callers hold either client or stream lock.

Also let's split virNetClientStreamRaiseErrorLocked into checking
state function and checking message send status function. They are
same yet.

[1] 1b6a29c21: rpc: fix race on stream abort/finish and server side abort
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

In many files there are header comments that contain an Author:
statement, supposedly reflecting who originally wrote the code.
In a large collaborative project like libvirt, any non-trivial
file will have been modified by a large number of different
contributors. IOW, the Author: comments are quickly out of date,
omitting people who have made significant contribitions.

In some places Author: lines have been added despite the person
merely being responsible for creating the file by moving existing
code out of another file. IOW, the Author: lines give an incorrect
record of authorship.

With this all in mind, the comments are useless as a means to identify
who to talk to about code in a particular file. Contributors will always
be better off using 'git log' and 'git blame' if they need to  find the
author of a particular bit of code.

This commit thus deletes all Author: comments from the source and adds
a rule to prevent them reappearing.

The Copyright headers are similarly misleading and inaccurate, however,
we cannot delete these as they have legal meaning, despite being largely
inaccurate. In addition only the copyright holder is permitted to change
their respective copyright statement.
Reviewed-by: NErik Skultety <eskultet@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Create a new API that will allow an adjustment of IOThread
polling parameters for the specified IOThread. These parameters
will not be saved in the guest XML. Currently the only parameters
supported will allow the hypervisor to adjust the parameters used
to limit and alter the scope of the polling interval. The polling
interval allows the IOThread to spend more or less time processing
in the guest.

Based on code originally posted by Pavel Hrdina <phrdina@redhat.com>
to add virDomainAddIOThreadParams and virDomainModIOThreadParams.
Modification of those changes to use virDomainSetIOThreadParams
instead and remove concepts related to saving the data in guest
XML as well as the way to specifically enable the polling parameters.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
ACKed-by: NMichal Privoznik <mprivozn@redhat.com>

Currently, the functions return a pointer to the
destination buffer on success or NULL on failure.

Not only does this kind of error handling look quite
alien in the context of libvirt, where most functions
return zero on success and a negative int on failure,
but it's also somewhat pointless because unless there's
been a failure the returned pointer will be the same
one passed in by the user, thus offering no additional
value.

Change the functions so that they return an int
instead.
Signed-off-by: NAndrea Bolognani <abologna@redhat.com>

Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Add remote support for launch security info.
Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com>
Reviewed-by: NErik Skultety <eskultet@redhat.com>

Add remote support for virNodeGetSEVInfo().
Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com>
Reviewed-by: NErik Skultety <eskultet@redhat.com>

And replace all calls with virObjectEventStateQueue such that:

    remoteEventQueue(priv, event, callbackID);

becomes:

    virObjectEventStateQueue(priv->eventState, event, callbackID);
Signed-off-by: NAnya Harter <aharter@redhat.com>

Remove NULL check around call to virObjectEventStateQueueRemote in
remote_driver.c.
Signed-off-by: NAnya Harter <aharter@redhat.com>

Replace instances where we previously called virGetLastError just to
either get the code or to check if an error exists with
virGetLastErrorCode to avoid a validity pre-check.
Signed-off-by: NRamy Elkest <ramyelkest@gmail.com>
Reviewed-by: NErik Skultety <eskultet@redhat.com>

Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

The code for building UNIX socket paths will be getting more complex to
cope with accessing various different daemons. Refactor it to eliminate
the code duplication and isolation the logic for constructing paths.
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Currently the remote driver extracts the transport from URI scheme and
plays games to temporarily hide the driver part when formatting URIs.
Refactor the code to split the URI scheme upfront so the two pieces are
easily available where needed.
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Move to within the #if since the #else portion ends with a goto
and that raised concern by Coverity.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

Now that the legacy Xen driver has been dropped, we no longer need to
support URIs such as "/path/to/xend/socket", and so can mandate that a
URI scheme must always be present.
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

When removing a conditional in:

  commit da1ade7a
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   Fri Mar 23 10:50:59 2018 +0000

    remote: remove some __sun conditionals

the corresponding comment was mistakenly left behind.
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

The libvirtd daemon has some arbitrary logic to drop privileges, but
only on Solaris platforms. This was added during Xen days, when Xen was
the only driver running in libvirtd. There's no expectation or testing
that this works with the new libxl stack, nor whether dropping
privileges breaks any of the secondary drivers. Finally, we'll be
splitting drivers out into their own independant daemons, so this won't
be applicable to libvirtd in future anyway.

The remote driver client meanwhile arbitrarily disables daemon
auto-spawn when connecting as non-root, breaking a key feature of
libvirt unprivileged connections.

Since we've not had any contributions for Solaris since circa 2012
and we don't do any CI testing we should consider this platform
unmaintained and thus reasonable to remove this cruft. If someone steps
forward to maintain Solaris again, this code would need re-evaluating to
come up with something more targetted.

There's various __sun conditionals in the Xen driver code, but those are
not touched. This is all for the legacy Xen driver, which will be
entirely removed at some point in future, so not benefit to hacking out
just the Solaris parts.
Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Policy-Kit has been replaced by polkit (referred to, respectively,
as POLKIT0 and POLKIT1 in our Makefiles).

The last build fix with old Policy-Kit was in May 2013:
commit <442eb2ba> and build with -Wunused-label was broken
since April 2016: commit <84371303>
Signed-off-by: NJán Tomko <jtomko@redhat.com>

In remoteConnectOpen, conn->uri cannot be NULL in the second
part of the OR expression due to short-circuit evaluation.
Signed-off-by: NJán Tomko <jtomko@redhat.com>

The storagePoolLookupByTargetPath() method in the storage driver is used
by the QEMU driver during block migration. If there's a valid use case
for this in the QEMU driver, then external apps likely have similar
needs. Exposing it in the public API removes the direct dependancy from
the QEMU driver to the storage driver.
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Right-aligning backslashes when defining macros or using complex
commands in Makefiles looks cute, but as soon as any changes is
required to the code you end up with either distractingly broken
alignment or unnecessarily big diffs where most of the changes
are just pushing all backslashes a few characters to one side.

Generated using

  $ git grep -El '[[:blank:]][[:blank:]]\\$' | \
    grep -E '*\.([chx]|am|mk)$$' | \
    while read f; do \
      sed -Ei 's/[[:blank:]]*[[:blank:]]\\$/ \\/g' "$f"; \
    done
Signed-off-by: NAndrea Bolognani <abologna@redhat.com>

Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

Seeing a log message saying 'flags=93' is ambiguous & confusing unless
you happen to know that libvirt always prints flags as hex.  Change our
debug messages so that they always add a '0x' prefix when printing flags,
and '0' prefix when printing mode. A few other misc places gain a '0x'
prefix in error messages too.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Similar to domainSaveImageDefineXML this commit adds domainManagedSaveDefineXML
API which allows to edit domain's managed save state xml configuration.
Signed-off-by: NKothapally Madhu Pavan <kmp@linux.vnet.ibm.com>

Similar to domainSaveImageGetXMLDesc this commit adds domainManagedSaveGetXMLDesc
API which allows to get the xml of managed save state domain.
Signed-off-by: NKothapally Madhu Pavan <kmp@linux.vnet.ibm.com>

Add code to support querying maximum allowable downtime during live migration.

If a remote call fails during event registration (more than likely from
a network failure or remote libvirtd restart timed just right), then when
calling the virObjectEventStateDeregisterID we don't want to call the
registered @freecb function because that breaks our contract that we
would only call it after succesfully returning.  If the @freecb routine
were called, it could result in a double free from properly coded
applications that free their opaque data on failure to register, as seen
in the following details:

    Program terminated with signal 6, Aborted.
    #0  0x00007fc45cba15d7 in raise
    #1  0x00007fc45cba2cc8 in abort
    #2  0x00007fc45cbe12f7 in __libc_message
    #3  0x00007fc45cbe86d3 in _int_free
    #4  0x00007fc45d8d292c in PyDict_Fini
    #5  0x00007fc45d94f46a in Py_Finalize
    #6  0x00007fc45d960735 in Py_Main
    #7  0x00007fc45cb8daf5 in __libc_start_main
    #8  0x0000000000400721 in _start

The double dereference of 'pyobj_cbData' is triggered in the following way:

    (1) libvirt_virConnectDomainEventRegisterAny is invoked.
    (2) the event is successfully added to the event callback list
        (virDomainEventStateRegisterClient in
        remoteConnectDomainEventRegisterAny returns 1 which means ok).
    (3) when function remoteConnectDomainEventRegisterAny is hit,
        network connection disconnected coincidently (or libvirtd is
        restarted) in the context of function 'call' then the connection
        is lost and the function 'call' failed, the branch
        virObjectEventStateDeregisterID is therefore taken.
    (4) 'pyobj_conn' is dereferenced the 1st time in
        libvirt_virConnectDomainEventFreeFunc.
    (5) 'pyobj_cbData' (refered to pyobj_conn) is dereferenced the
         2nd time in libvirt_virConnectDomainEventRegisterAny.
    (6) the double free error is triggered.

Resolve this by adding a @doFreeCb boolean in order to avoid calling the
freeCb in virObjectEventStateDeregisterID for any remote call failure in
a remoteConnect*EventRegister* API. For remoteConnect*EventDeregister* calls,
the passed value would be true indicating they should run the freecb if it
exists; whereas, it's false for the remote call failure path.

Patch based on the investigation and initial patch posted by
fangying <fangying1@huawei.com>.

Use ATTRIBUTE_FALLTHROUGH, introduced by commit
5d84f596, instead of comments to
indicate that the fall through is an intentional behavior.
Signed-off-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: NBjoern Walk <bwalk@linux.vnet.ibm.com>