When shutting down, the QEMU driver forgot to free the
securityDriverNames string list
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The autodestroy callback code has the following function
called from a hash iterator

  qemuDriverCloseCallbackRun(void *payload,
                             const void *name,
                             void *opaque)
  {
    ...
    char *uuidstr = name
    ...

    dom = closeDef->cb(data->driver, dom, data->conn);
    if (dom)
        virObjectUnlock(dom);

    virHashRemoveEntry(data->driver->closeCallbacks, uuidstr);
  }

The closeDef->cb function may well cause the current callback
to be removed, if it shuts down 'dom'. As such the use of
'uuidstr' in virHashRemoveEntry is accessing free'd memory.
We must make a copy of the uuid str before invoking the
callback to be safe.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

When linuxNodeInfoCPUPopulate() method triggered use of an
uninitialize value, since it did not initialize the 'sockets'
field in the virNodeInfoPtr struct:

==30020== Conditional jump or move depends on uninitialised value(s)
==30020==    at 0x5125DBD: linuxNodeInfoCPUPopulate (nodeinfo.c:513)
==30020==    by 0x51261A0: nodeGetInfo (nodeinfo.c:884)
==30020==    by 0x149B9B10: qemuCapsInit (qemu_capabilities.c:846)
==30020==    by 0x14A11B25: qemuCreateCapabilities (qemu_driver.c:424)
==30020==    by 0x14A12426: qemuStartup (qemu_driver.c:874)
==30020==    by 0x512A7AF: virStateInitialize (libvirt.c:822)
==30020==    by 0x40DE04: daemonRunStateInit (libvirtd.c:877)
==30020==    by 0x50ADCE5: virThreadHelper (virthreadpthread.c:161)
==30020==    by 0x328CA07D14: start_thread (pthread_create.c:308)
==30020==    by 0x328C6F246C: clone (clone.S:114)
(happened twice)

        if (socks > nodeinfo->sockets)    <--- here
            nodeinfo->sockets = socks;

Rather than doing this for each field, just make the caller memset
the entire struct to zero.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

0eedb1d9 fixed the wrong variable

Commit 87b4c10c added code that may call
the virCapabilitiesClearHostNUMACellCPUTopology function with
uninitialized second argument. Although the value wouldn't be used some
compilers whine about that.

According to Eric Paris this is slightly more efficient because it
only loads the regular expressions in libselinux once.

Be sure to VIR_FREE(accel) and moved virDomainVideoDefFree() within no_memory
label to be consistent

Resolve resource leak in parallelsApplyIfaceParams() when the 'oldnet' is
allocated locally. Also virCommandFree(cmd) as necessary.

This patch adds demo processor topology information for the test driver.

This patch adds data gathering to the NUMA gathering files and adds
support for outputting the data. The test driver and xend driver need to
be adapted to fill sensible data to the structure in a future patch.

This will allow storing additional topology data in the NUMA topology
definition.

This patch changes the storage type and fixes fallout of the change
across the drivers using it.

This patch also changes semantics of adding new NUMA cell information.
Until now the data were re-allocated and copied to the topology
definition. This patch changes the addition function to steal the
pointer to a pre-allocated structure to simplify the code.

This patch adds RNG schemas for adding more information in the topology
output of the NUMA section in the capabilities XML.

The added elements are designed to provide more information about the
placement and topology of the processors in the system to management
applications.

A demonstration of supported XML added by this patch:
<capabilities>
  <host>
    <topology>
      <cells num='3'>
        <cell id='0'>
          <cpus num='4'> <!-- this is node with Hyperthreading -->
            <cpu id='0' socket_id='0' core_id='0' siblings='0-1'/>
            <cpu id='1' socket_id='0' core_id='0' siblings='0-1'/>
            <cpu id='2' socket_id='0' core_id='1' siblings='2-3'/>
            <cpu id='3' socket_id='0' core_id='1' siblings='2-3'/>
          </cpus>
        </cell>
        <cell id='1'>
          <cpus num='4'> <!-- this is node with modules (Bulldozer) -->
            <cpu id='4' socket_id='0' core_id='2' siblings='4-5'/>
            <cpu id='5' socket_id='0' core_id='3' siblings='4-5'/>
            <cpu id='6' socket_id='0' core_id='4' siblings='6-7'/>
            <cpu id='7' socket_id='0' core_id='5' siblings='6-7'/>
          </cpus>
         </cell>
        <cell id='2'>
          <cpus num='4'> <!-- this is a normal multi-core node -->
            <cpu id='8' socket_id='1' core_id='0' siblings='8'/>
            <cpu id='9' socket_id='1' core_id='1' siblings='9'/>
            <cpu id='10' socket_id='1' core_id='2' siblings='10'/>
            <cpu id='11' socket_id='1' core_id='3' siblings='11'/>
          </cpus>
         </cell>
      </cells>
    </topology>
  </host>
</capabilities>

The socket_id field represents identification of the physical socket the
CPU is plugged in. This ID may not be identical to the physical socket
ID reported by the kernel.

The core_id identifies a core within a socket. Also this field may not
accurately represent physical ID's.

The core_id is guaranteed to be unique within a cell and a socket. There
may be duplicates between sockets. Only cores sharing core_id within one
cell and one socket can be considered as threads. Cores sharing core_id
within sparate cells are distinct cores.

The siblings field is a list of CPU id's the cpu id's the CPU is sibling
with - thus a thread. The list is in the cpuset format.

The way in that memory balloon suppression was handled for S390
is flawed for a number or reasons.
1. Just preventing the default balloon to be created in the case
   of VIR_ARCH_S390[X] is not sufficient. An explicit memballoon
   element in the guest definition will still be honored, resulting
   both in a -balloon option and the allocation of a PCI bus address,
   neither being supported.
2. Prohibiting balloon for S390 altogether at a domain_conf level
   is no good solution either as there's work in progress on the QEMU
   side to implement a virtio-balloon device, although in
   conjunction with a new machine type. Suppressing the balloon
   should therefore be done at the QEMU driver level depending
   on the present capabilities.

Therefore we remove the conditional suppression of the default
balloon in domain_conf.c.
Further, we are claiming the memballoon device for virtio-s390
during device address assignment to prevent it from being considered
as a PCI device.
Finally, we suppress the generation of the balloon command line option
if this is a virtio-s390 machine.
Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
Signed-off-by: NEric Blake <eblake@redhat.com>

Should have been done in commit 56fd5134 already, but was missed
due to oversight: qemuDomainSendKey didn't release the driver lock
in its cleanup section. This fixes an issue introduced by commit
8c5d2bad.
Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

virNetworkObjUpdateParseFile used ',' as the termination character for
virBitmapParse. This would break if an non-contiguous range would be
parsed.

This patch changes the name of the @sep argument to @terminator and
clarifies it's usage. This patch also explicitly documents that
whitespace can't be used as @terminator as it is skipped multiple times
in the implementation.

Just add the head line to let the editor know it's XML document.

https://bugzilla.redhat.com/show_bug.cgi?id=892079

One of my previous patches (f2a4e5f1) tried to fix crashing
libvirtd on domain detroy. However, we need to copy pattern from
qemuProcessHandleMonitorEOF() instead of decrementing reference
counter. The rationale for this is, if qemu process is dying due
to domain being destroyed, we obtain EOF on both the monitor and
agent sockets. However, if the exit is expected, qemuProcessStop
is called, which cleans both agent and monitor sockets up. We
want qemuAgentClose() to be called iff the EOF is not expected,
so we don't leak an FD and memory. Moreover, there could be race
with qemuProcessHandleMonitorEOF() which could have already
closed the agent socket, in which case we don't want to do
anything.

test1: Need to check for bitmap before using as well as free it properly
test2: need to check for bitsString2 before using it.

Turns out the fix for VIR_FREE made this particular Coverity tag
unnecessary, so I'm removing it.

A followon to commit id: 68dceb63 - if iface->iname is NULL, then
neither virNetDevOpenvswitchRemovePort() nor virNetDevVethDelete()
should be called.  Found by Coverity.

Although the nwfilter driver skips startup when running in a
session libvirtd, it did not skip reload or shutdown. This
caused errors to be reported when sending SIGHUP to libvirtd,
and caused an abort() in libdbus on shutdown due to trying
to remove a dbus filter that was never added

When building with static analysis enabled, we turn on attribute
nonnull checking.  However, this caused the build to fail with:

../../src/util/virobject.c: In function 'virObjectOnceInit':
../../src/util/virobject.c:55:40: error: null argument where non-null required (argument 1) [-Werror=nonnull]

Creation of the virObject class is the one instance where the
parent class is allowed to be NULL.  Making things conditional
will let us keep static analysis checking for all other .c file
callers, without breaking the build on this one exception.

* src/util/virobject.c: Define witness.
* src/util/virobject.h (virClassNew): Use it to force most callers
to pass non-null parameter.

Adds a "ram" attribute globally to the video.model element, that changes
the resulting qemu command line only if video.type == "qxl".

<video>
  <model type='qxl' ram='65536' vram='65536' heads='1'/>
</video>

That attribute gets a default value of 64*1024. The schema is unchanged
for other video element types.

The resulting qemu command line change is the addition of

-global qxl-vga.ram_size=<ram>*1024

or

-global qxl.ram_size=<ram>*1024

For the main and secondary qxl devices respectively.

The default for the qxl ram bar is 64*1024 kilobytes (the same as the
default qxl vram bar size).

The Coverity static analyzer was generating many false positives for the
unary operation inside the VIR_FREE() definition as it was trying to evaluate
the else portion of the "?:" even though the if portion was (1).
Signed-off-by: NEric Blake <eblake@redhat.com>

The count of vCPUs for a domain is extracted as a usingned long variable
but is stored in a unsigned short. If the actual number was too large,
a faulty number was stored.

This patch fixes the following issues in the cpu-stats virsh command:

1) Renames label failed_params to no_memory to match coding style
2) Uses proper typed parameter cleanup in error paths to avoid leaks
3) Adds a ret variable and simplifies error labels
4) Changes error message to a slightly more descriptive one and gets rid
   of the newline at the end:

Before:
$ virsh cpu-stats tr
error: Failed to virDomainGetCPUStats()

error: Requested operation is not valid: domain is not running

After:
$ tools/virsh cpu-stats tr
error: Failed to retrieve CPU statistics for domain 'tr'
error: Requested operation is not valid: domain is not running

In the error path, the test buffer is free'd, but due to how the free
routine is written the 'test' buffer pointer does not return to the caller
as NULL and then the free'd buffer address is returned to the caller.

The 'msg' free is handled via virNetMessageFree() already.