Fix for CVE-2012-4423.

When generating RPC protocol messages, it's strictly needed to have a
continuous line of numbers or RPC messages. However in case anyone
tries backporting some functionality and will skip a number, there is
a possibility to make the daemon segfault with newer virsh (version of
the library, rpc call, etc.) even unintentionally.

The problem is that the skipped numbers will get func filled with
NULLs, but there is no check whether these are set before the daemon
tries to run them. This patch very simply enhances one check and fixes
that.

BZ:https://bugzilla.redhat.com/show_bug.cgi?id=843372
when qemu supports the 'transaction' monitor command,
and libvirt's --reuse-ext flag was not specified, libvirt created
a stub file with zero size in first place. After the failure of
QEMU transaction command performing qcow2 snapshots on more than
one drives, the stub file is left behind with non-empty
by the QEMU transaction command.
In order to unlink the file, the patch removes the file size checking.

Steps to reproduce the issue:
Steps:
 1, Create a qemu instance with two drive images of qcow2 type (root user)
    /usr/libexec/qemu-kvm -m 1024 -smp 1 -name "rhel6u1" \
      -drive file=/var/lib/libvirt/images/firstqcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none
      -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 \
      -drive file=/var/lib/libvirt/images/secondqcow2,if=none,id=drive-virtio-disk1,format=qcow2,cache=none \
      -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk1,id=virtio-disk1 -qmp stdio

 2, Initialize qemu qmp
    {"execute":"qmp_capabilities"}

 3, Remove the second drive image file
    rm -f /var/lib/libvirt/images/secondqcow2

 4, Run 'transaction' command with snapshot qemu commands in.
    {"execute":"transaction","arguments":
      {"actions":
        [{"type":"blockdev-snapshot-sync","data":
          {"device":"drive-virtio-disk0","snapshot-file":"/var/lib/libvirt/images/firstqcow2-snapshot.img","format":"qcow2"}
         },
         {"type":"blockdev-snapshot-sync","data":
          {"device":"drive-virtio-disk1","snapshot-file":"/var/lib/libvirt/images/secondqcow2-snapshot.img","format":"qcow2"}
         }]
      },
   "id":"libvirt-6"}

 5, Got the error as follows:
    {"id": "libvirt-6",
      "error": {"class": "OpenFileFailed", "desc": "Could not open '/var/lib/libvirt/images/secondqcow2-snapshot.img'",
                "data": {"filename": "/var/lib/libvirt/images/secondqcow2-snapshot.img"}
               }
    }

 6, List first newly-created snapshot file:
    -rw-r--r--. 1 root root     262144 Sep 13 11:43 firstqcow2-snapshot.img

Assume not only domain object will use it.

so we don't fail when libnetcf is built as multiarch lib.

Commit 9298bfbc changed configure to split the libnl into two
separate pkg config checks instead of nesting the second check
on the failure path of the first.  But the default pkg config
behavior is to abort configure if a check fails.  Since we have
a second check lined up, we need an explicit failure case that
does not abort if the first check fails.

Meanwhile, commit 51b708c6 is reverted.  It did not fix any
behavior, and in fact, introduced a regression to the fallback
case when the user explicitly sets $LIBNL_CFLAGS.

* configure.ac: Don't abort if libnl-3 is not found.

The 'def->target.addr' hasn't been initialized in virDomainChrDefNew() and
its value is always '0xffffffff', in addition, the following test scenario
hasn't also include 'address' element in channel XML block, so the branch
'if (addrStr == NULL)' is hit in virDomainChrDefParseTargetXML(), the
programming jumps to 'error' label to release relevant resources, and the
statement 'if (VIR_ALLOC(def->target.addr) < 0)' hasn't been executed then
the virDomainChrDefFree() will free 'def->target.addr'(0xffffffff) via
VIR_FREE(), which results in libvirt crash, to use valgrind can also
find a 'Invalid free() / delete / delete[]' error. This patch just adjusts
codes order to initialize 'def->target.addr' firstly.

With this patch, libvirt hasn't crash and can get a expected error message "
XML error: guestfwd channel does not define a target address".

How to reproduce?

1. define a guest with the following channel XML configuration

$ cat foo.xml
<snip>
    <channel type='pty'>
      <target type='guestfwd'/>
    </channel>
</snip>

$ virsh define foo.xml

2. actual result

error: Failed to define domain from /tmp/foo.xml
error: End of file while reading data: Input/output error
error: Failed to reconnect to the hypervisor

GDB debugger information:
<snip>
Breakpoint 1, virDomainChrDefFree (def=0x7f8ab000ec70) at conf/domain_conf.c:1264
...ignore
1264    {
(gdb) p def->target
$2 = {port = -1, addr = 0xffffffff, name = 0xffffffff <Address 0xffffffff out of bounds>}
</snip>

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=856489Signed-off-by: NAlex Jia <ajia@redhat.com>

Add separate function parallelsCreateCt, which creates container.
Also add example xml configuration domain-parallels-ct-simple.xml.
Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>

Fix code, which checks what is changed in virDomainDef structure.
It looks slightly different for containers and VMs: containers haven't
boot devices, but have init path
Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>

User may set "unlimited" cpus for containers, which means to
take all available cpus on the node.
Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>

This patch makes parallelsLoadDomains to be able to load information
about containers. So functions, which return different information
and change state will work.

parallelsDomainDefineXML will be fixed in separate patch.
Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>

The QEMU capabilities APIs used a misc of 'int' and
'unsigned int' for variables relating to array sizes.
Change all these to use 'size_t'
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

To allow each VM instance to record additional capabilities
without affecting other VMs, there needs to be a way to do
a deep copy of the qemuCapsPtr object

Add struct fields and APIs to allow the qemu capabilities object
to store version, arch, machines & cpu names, etc
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The qemuCapsProbeCommand API is only used by the capabilities
code, so can be static
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The current qemu capabilities are stored in a virBitmapPtr
object, whose type is exposed to callers. We want to store
more data besides just the flags, so we need to move to a
struct type. This object will also need to be reference
counted, since we'll be maintaining a cache of data per
binary. This change introduces a 'qemuCapsPtr' virObject
class. Most of the change is just renaming types and
variables in all the callers
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

If no private data needs to be maintained, it can be useful
to create virDomainObjPtr instances without having a virCapsPtr
instance around. Adapt the virDomainObjNew() function to allow
for a NULL caps
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Technically speaking we should wait until we receive the QMP
greeting message before attempting to send any QMP monitor
commands. Mostly we've got away with this, but there is a race
in some QEMU which cause it to SEGV if you sent it data too
soon after startup. Waiting for the QMP greeting avoids the
race
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Add an API allowing flags from one virBitmapPtr to be copied
into another instance.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Input XML snip:
<redirdev bus='usb' type='spicevmc'>
   <address type='usb' bus='0' port='4'/>
 </redirdev>
<redirfilter>
  <usbdev class='0x08' vendor='0x1234' product='0xbeef' \
          version='2.00' allow='yes'/>
  <usbdev class='-1' vendor='-1' product='-1' version='-1' allow='no'/>
</redirfilter>

will be converted to:
-device usb-redir,chardev=charredir0,id=redir0,\
filter=0x08:0x1234:0xBEEF:0x2000:1|-1:-1:-1:-1:0,bus=usb.0,port=4

https://bugzilla.redhat.com/show_bug.cgi?id=795929
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=6af165892cf900291046f1d25f95416f379504c2

This patch define and parse the input XML of USB redirection filter.
<devices>
...
  <redirdev bus='usb' type='spicevmc'>
    <address type='usb' bus='0' port='4'/>
  </redirdev>
  <redirfilter>
    <usbdev class='0x08' vendor='0x1234' product='0xbeef' \
            version='2.00' allow='yes'/>
    <usbdev allow='no'/>
  </redirfilter>
...
</devices>

There is no 1:1 mapping between ports and redirected devices and
qemu and spicy client couldn't decide into which usbredir ports
the client can 'plug' redirected devices. So it make sense to apply
all of filter rules global to all existing usb redirection devices.
class attribute is USB Class codes. version is bcdDevice value
of USB device. vendor and product is USB vendorId and productId.
-1 can be used to allow any value for a field. Except allow attribute
the other four are optional, default value is -1.

And redundant error resetting.

Pushed under trivial rule.

Add a qemu flag for USB redirection filter support.

The output:
usb-redir.chardev=chr
usb-redir.debug=uint8
usb-redir.filter=string
usb-redir.port=string

Pushed under build-breaker rule.

Recent spec file changes ensure that in distro situations, netcf
and libvirt will link against the same libnl in order to avoid
dumping core.  But for every-day development, if you use F17 and
have the libnl3-devel headers available, libvirt was blindly
linking against libnl3 even though F17 netcf still links against
libnl1, making testing a self-built binary on F17 impossible.

By making configure a little bit smarter, we can avoid this
situation - we merely skip the probe of libnl-3 if we can prove
that netcf is still using libnl-1.  I intentionally wrote the
test so that we still favor libnl-3 if netcf is not installed or
if we couldn't use ldd to determine things.

Defaults being what they are, someone will invariably complain
that our smarts were wrong.  Never fear - in that case, just run
./configure LIBNL_CFLAGS=..., where the fact that you set
LIBNL_CFLAGS (even to the empty string) will go back to probing
for libnl-3, regardless of netcf's choice.

* configure.ac (LIBNL): Don't probe libnl3 if netcf doesn't use it.

I got an off-list report about a bad diagnostic:
Target network card mac 52:54:00:49:07:ccdoes not match source 52:54:00:49:07:b8

True to form, I've added a syntax check rule to prevent it
from recurring, and found several other offenders.

* cfg.mk (sc_require_whitespace_in_translation): New rule.
* src/conf/domain_conf.c (virDomainNetDefCheckABIStability): Add
space.
* src/esx/esx_util.c (esxUtil_ParseUri): Likewise.
* src/qemu/qemu_command.c (qemuCollectPCIAddress): Likewise.
* src/qemu/qemu_driver.c (qemuDomainSetMetadata)
(qemuDomainGetMetadata): Likewise.
* src/qemu/qemu_hotplug.c (qemuDomainChangeNetBridge): Likewise.
* src/rpc/virnettlscontext.c
(virNetTLSContextCheckCertDNWhitelist): Likewise.
* src/vmware/vmware_driver.c (vmwareDomainResume): Likewise.
* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc, vboxAttachDrives):
Avoid false negatives.
* tools/virsh-domain.c (info_save_image_dumpxml): Reword.
Based on a report by Luwen Su.

Make has a builtin operator 'undefine', and coupled with latest
automake.git, this test name ended up confusing make into thinking
the file name was meant to be used as the make operator.  Renaming
the file avoids the confusion.

* tests/undefine: Rename...
* tests/virsh-undefine: ...to this.
* tests/Makefile.am (test_scripts): Use new name.
Reported by Jim Meyering.

Currently qemuMonitorOpen() requires an address of the QEMU
monitor. When doing QMP based capabilities detection it is
easier if a pre-opened FD can be provided, since then the
monitor can be run on the STDIO console. Add a new API
qemuMonitorOpenFD() for such usage
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

virDomainDefParseString assigns 0 to port if autoport enabled.
So fix code, which check different between old and new
configurations.

Don't try to dereferece NULL pointer.

Historically, the first <console> element is treated as the
alias of a <serial> device. In the virDomainDeviceInfoIterate,
This situation is not considered. It still handles the first <console>
element as another devices, which means that for console[0] with
serial targetType, it calls callback function another time.
It will cause the problem of address conflicts when assigning
spapr-vio address for serial device on pSeries guest.

For pSeries guest, the serial configuration in the xml file
is as the following:
         <serial type='pty'>
               <target port='0'/>
               <address type='spapr-vio'/>
          </serial>

Console configuration is default, the dumped xml file is as the following:
   <serial type='pty'>
      <source path='/dev/pts/5'/>
      <target port='0'/>
      <alias name='serial0'/>
      <address type='spapr-vio' reg='0x30000000'/>
    </serial>
    <console type='pty' tty='/dev/pts/5'>
      <source path='/dev/pts/5'/>
      <target type='serial' port='0'/>
      <alias name='serial0'/>
      <address type='spapr-vio' reg='0x30000000'/>
    </console>

It shows that the <console> device is the alias of serial device.
So its address is the same as the serial device. When detecting
the conflicts in the qemuAssignSpaprVIOAddress the first console
and the serial device conflicts because virDomainDeviceInfoIterate()
still handle these as two different devices, and in the qemuAssignSpaprVIOAddress(),
it will compare these two devices' addressed. If they have same address,
it will report address conflict error.

So this patch is to handle the first console which targetType is serial
as the alias of serial device to avoid address conflicts error reported.
Signed-off-by: NLi Zhang <zhlcindy@linux.vnet.ibm.com>

The implementation is done manually as the generator does not support
wrapping lists of C pointers into Python objects.

python/libvirt-override-api.xml: Document

python/libvirt-override-virConnect.py:
  * New file, includes implementation of listAllInterfaces.

python/libvirt-override.c: Implementation for the wrapper.

tools/virsh-interface.c:
  * vshInterfaceSorter to sort interfaces by name

  * vshInterfaceListFree to free the interface objects list.

  * vshInterfaceListCollect to collect the interface objects, trying
    to use new API first, fall back to older APIs if it's not supported.

This is not that ideal as API for other objects, as it's still
O(n). Because interface driver uses netcf APIs to manage the
stuffs, instead of by itself. And netcf APIs don't return a object.
It provides APIs like old libvirt APIs:

   ncf_number_of_interfaces
   ncf_list_interfaces
   ncf_lookup_by_name
   ......

Perhaps we should further improve netcf to let it provide an API
to return the object, but it could be a later patch. And anyway,
we will still benefit from the new API for the simplification,
and no race like the old APIs.

src/interface/netcf_driver.c: Implement listAllInterfaces

The RPC generator doesn't support returning list of object yet, this patch
do the work manually.

  * daemon/remote.c:
    Implemente the server side handler remoteDispatchConnectListAllInterfaces.

  * src/remote/remote_driver.c:
    Add remote driver handler remoteConnectListAllInterfaces.

  * src/remote/remote_protocol.x:
    New RPC procedure REMOTE_PROC_CONNECT_LIST_ALL_INTERFACES and
    structs to represent the args and ret for it.

  * src/remote_protocol-structs: Likewise.

This is to list the interface objects, supported filtering flags
are: active|inactive.

include/libvirt/libvirt.h.in: Declare enum virConnectListAllInterfaceFlags
                              and virConnectListAllInterfaces.
python/generator.py: Skip auto-generating
src/driver.h: (virDrvConnectListAllInterfaces)
src/libvirt.c: Implement the public API
src/libvirt_public.syms: Export the symbol to public

Reported on the libvirt-users list.

* docs/apps.html.in: Add Eucalyptus.
Reported by Eric Choi.

Should not return 0 when failed to setup cgroup.

* HACKING: Regenerate.