Well, in fact only add comments to mark ifdef,
else and endif sections.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Commit 28f8dfdc (v1.0.0) introduced a security hole: in at least
the qemu implementation of virDomainGetXMLDesc, the use of the
flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only
connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE
prior to calling qemuDomainFormatXML.  However, the use of
VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write
clients only.  This patch treats the migratable flag as requiring
the same permissions, rather than analyzing what might break if
migratable xml no longer includes secret information.

Fortunately, the information leak is low-risk: all that is gated
by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password;
but VNC passwords are already weak (FIPS forbids their use, and
on a non-FIPS machine, anyone stupid enough to trust a max-8-byte
password sent in plaintext over the network deserves what they
get).  SPICE offers better security than VNC, and all other
secrets are properly protected by use of virSecret associations
rather than direct output in domain XML.

* src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC):
Tighten rules on use of migratable flag.
* src/libvirt-domain.c (virDomainGetXMLDesc): Likewise.
Signed-off-by: NEric Blake <eblake@redhat.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1159219

Users might want to update startupPolicy via the
virDomainUpdateDeviceFlags API too. This patch
implements the feature on config layer.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

The remote call actually doesn't free the arguments array so we leak
memory in case a domain list is specified. As the remote domain list
array consists only of stolen pointers from the actual domain objects
it's sufficient just to free the array.

Valgrind message:
==1081452== 64 bytes in 1 blocks are definitely lost in loss record 632 of 726
==1081452==    at 0x4C296D0: calloc (vg_replace_malloc.c:618)
==1081452==    by 0x4EA5CB4: virAllocN (viralloc.c:191)
==1081452==    by 0x505D21E: remoteConnectGetAllDomainStats (remote_driver.c:7785)
==1081452==    by 0x50081AA: virDomainListGetStats (libvirt-domain.c:11080)
==1081452==    by 0x155249: cmdDomstats (virsh-domain-monitor.c:2147)
==1081452==    by 0x12FB73: vshCommandRun (virsh.c:1935)
==1081452==    by 0x133FEB: main (virsh.c:3719)

Domain memory elements such as max_balloon and cur_balloon are
implemented as 'unsigned long long', whereas the 'memory' element
in NUMA cells is implemented as 'unsigned int'.

Use the same data type (unsigned long long) for 'memory' element
in NUMA cells.
Signed-off-by: NPrerna Saxena <prerna@linux.vnet.ibm.com>

A domain without a console quietly dies soon after start,
because we try to set /dev/null as a controlling TTY
2014-10-30 15:10:59.705+0000: 1: error : lxcContainerSetupFDs:283 :
ioctl(TIOCSCTTY) failed: Inappropriate ioctl for device

Report an error early instead of trying to start it.

https://bugzilla.redhat.com/show_bug.cgi?id=1155410

It fails after 30 seconds with this error:
error : virDBusCall:1429 : error from service: CanSuspend:
Did not receive a reply. Possible causes include: the remote
application did not send a reply, the message bus security
policy blocked the reply, the reply timeout expired, or the
network connection was broken.

Only probe for the power mgmt capabilities when driver is non-NULL.
This speeds up domain startup by 30 seconds.

https://bugzilla.redhat.com/show_bug.cgi?id=1159227

Coverity found out the very obvious problem in the code.  That is that
virPidFileReleasePath() was called only if
virPidFileAcquirePath() returned 0.  But virPidFileAcquirePath() doesn't
return only 0 on success, but the FD that needs to be closed.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

In qemuMigrationFinish mig->nbd can not be initialized by
qemuMigrationEatCookie without the QEMU_MIGRATION_COOKIE_NBD flag.
That causes qemuMigrationStopNBDServer to return early without
stopping the NBD server properly.
Signed-off-by: NWeiwei Li <nuonuoli@tencent.com>
Signed-off-by: NJán Tomko <jtomko@redhat.com>

Signed-off-by: NChen Fan <chen.fan.fnst@cn.fujitsu.com>

There was no check for 'nodeset' attribute in numatune-related
elements.  This patch adds validation that any nodeset specified does
not exceed maximum host node.
Signed-off-by: NChen Fan <chen.fan.fnst@cn.fujitsu.com>

Signed-off-by: NChen Fan <chen.fan.fnst@cn.fujitsu.com>

As discussed before, this simple script should help with debugging
deadlocks, although there are still some caveats.  RWLocks are not
handled by this and if your deadlock if very racy, it may not lock
up when running with this script due to the slowdown.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

When one domain is being undefined and at the same time started, for
example, there is a possibility of a rare problem occuring.

 - Thread 1 does virDomainUndefine(), has the lock, checks that the
   domain is active and because it's not, calls
   virDomainObjListRemove().

 - Thread 2 does virDomainCreate() and tries to lock the domain.

 - Thread 1 needs to lock domain list in order to remove the domain from
   it, but must unlock domain first (proper order is to lock domain list
   first and the domain itself second).

 - Thread 2 grabs the lock, starts the domain and releases the lock.

 - Thread 1 grabs the lock and removes the domain from list.

With this patch:

 - qemuDomainRemoveInactive() creates a QEMU_JOB_MODIFY if that's
   possible, but since it must remove the domain from list either way,
   it continues even when starting the job failed.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1150505Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

When the list of domains is fetched and being printed, but in the
meantime one domain was undefined before its status was fetched, the
output then includes domain with "no state".  With this patch, such
domain is skipped over as consecutive 'virsh list --all' (or the same
one ran a second later) wouldn't list it anyway.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Before:
  $ virsh blkiotune dummy --device-read-bytes-sec /dev/sda,-1
  error: Unable to change blkio parameters
  error: invalid argument: unable to parse blkio device
  'device_read_bytes_sec' '/dev/sda,-1'

After:
  $ virsh blkiotune dummy --device-read-bytes-sec /dev/sda,-1
  error: Unable to change blkio parameters
  error: invalid argument: invalid value '-1' for parameter
  'device_read_bytes_sec' of device '/dev/sda'

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1131306Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Before:
  $ virsh blkiotune dummy --device-read-bytes-sec /dev/sda,-1
  error: Unable to change blkio parameters
  error: invalid argument: unable to parse blkio device
  'device_read_bytes_sec' '/dev/sda,-1'

After:
  $ virsh blkiotune dummy --device-read-bytes-sec /dev/sda,-1
  error: Unable to change blkio parameters
  error: invalid argument: invalid value '-1' for parameter
  'device_read_bytes_sec' of device '/dev/sda'

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1131306Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

When daemon is killed right in the middle of probing a qemu binary for
its capabilities, the qemu process is left running.  Next time the
daemon is starting, it cannot start the probing qemu process because the
one that's already running does have the pidfile flock()'d.
Reported-by: NWang Yufei <james.wangyufei@huawei.com>
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

This function is used to cleanup a pidfile doing whatever it takes, even
killing the owning process.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

We were missing check for the fact that the storage driver was found and
in case there is no vbox storage driver available, daemon raised the
following error each start:

  error : virRegisterStorageDriver:592 : driver in
  virRegisterStorageDriver must not be NULL

Fixing this makes the condition unified with networkDriver registration
in vbox as well.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Particularly in qemuBuildNumaArgStr(), there was a need for the advice
due to memory backing, which needs to know the nodeset it will be pinned
to.  With newer qemu this caused the following error when starting
domain:

  error: internal error: Advice from numad is needed in case of
  automatic numa placement

even when starting perfectly valid domain, e.g.:

  ...
  <vcpu placement='auto'>4</vcpu>
  <numatune>
    <memory mode='strict' placement='auto'/>
  </numatune>
  <cpu>
    <numa>
      <cell id='0' cpus='0' memory='524288'/>
      <cell id='1' cpus='1' memory='524288'/>
    </numa>
  </cpu>
  ...

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1138545Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

- docs/news.html.in libvirt.spec.in: update for release
- po/*.po*: fetched loclalization and regenerated

Hotplugging and hotunplugging char devices is only supported through
'-device' and the check for device capability should be independently.

Coverity also complains about 'tmpChr->info.alias' could be NULL and we
are dereferencing it but it somehow only in this case don't recognize
that the value is set by 'qemuAssignDeviceChrAlias' so it's clearly
false positive. Add sa_assert to make coverity happy.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

Coverity is complaining about overwriting value in 'rc' variable
without using the old value because it somehow doesn't recognize that
the value is used by MACRO. The 'rc' variable is there only for checking
return code so it's save to remove it and make coverity happy.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

Since commit 3f99d64d no new scsi_host pools can be defined
if one of the already defined scsi_host pools does not refer
to an accessible scsi_host adapter.

Relax the check by skipping over these inaccessible pools
when checking for duplicates.

If both source adapters are specified by a parent address,
just comparing the address is faster and catches even addresses
that do not refer to valid adapters.

This macro seems to be defined only on linux/unix and it fails during
mingw build. Its value is '16' (taken from net/if.h) so define it if
it's not defined.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

Commit 6c9a8a49 (Oct 2014) exposed a long-standing issue on 32-bit
machines: code related to virDomainSetMemoryParameters has always
been documented as using a 64-bit limit, but it was implemented by
calling virDomainParseMemory which enforced an 'unsigned long'
limit.  Since VIR_DOMAIN_MEMORY_PARAM_UNLIMITED capped to a
long is -1, but virDomainParseScaledValue no longer accepts
negative values, an attempt to use 2^53-1 as a hard memory limit
started failing the testsuite.  However, the problem with capping
things artificially low has existed for much longer - ever since
commits 4888f0fb and 2e22f23b (Mar 2012) switched internal tracking
from 'unsigned long' to 'unsigned long long' (prior to that time,
the cap was a side-effect of the choice of types).  We _have_ to
cap the balloon memory values, (no thanks to baked in 'unsigned long'
of API such as virDomainSetMaxMemory or virDomainGetInfo with no
counterpart API that guarantees 64-bit access to those numbers)
but memory parameters have never needed the artificial limit.

At any rate, the solution is to make the parser function gain a
parameter, and only do the reduced 32-bit cap for the values that
are constrained due to API.

* src/conf/domain_conf.h (_virDomainMemtune): Add comments.
* src/conf/domain_conf.c (virDomainParseMemory): Add parameter.
(virDomainDefParseXML): Adjust callers.
Signed-off-by: NEric Blake <eblake@redhat.com>

commit 3e1e16aa (Use a port from the
migration range for NBD as well) changed ndb port allocation from
remotePorts to migrationPorts, but did not change the port releasing
process, which makes an error when migrating several times (above 64):
error: internal error: Unable to find an unused port in range
'migration' (49152-49215)

https://bugzilla.redhat.com/show_bug.cgi?id=1159245Signed-off-by: NWeiwei Li <nuonuoli@tencent.com>
Signed-off-by: NJán Tomko <jtomko@redhat.com>

On error, libxlMakeDomBuildInfo() frees the caller-provided
libxl_domain_build_info struct embedded in libxl_domain_config,
causing a segfault

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f9c13020700 (LWP 40988)]
(gdb) bt
0  0x00007f9c162f95b4 in free () from /lib64/libc.so.6
1  0x00007f9c0d0965ad in libxl_bitmap_dispose () from
   /usr/lib64/libxenlight.so.4.4
2  0x00007f9c0d0a73bf in libxl_domain_build_info_dispose ()
   from /usr/lib64/libxenlight.so.4.4
3  0x00007f9c0d0a7974 in libxl_domain_config_dispose () from
   /usr/lib64/libxenlight.so.4.4
4  0x00007f9c0d2e00c5 in libxlDomainStart (driver=0x7f9c0400e4e0,
   vm=0x7f9c0412b0d0, start_paused=false, restore_fd=-1) at
   libxl/libxl_domain.c:1323
5  0x00007f9c0d2e1d4b in libxlDomainCreateXML (conn=0x7f9c000009a0,...)
   at libxl/libxl_driver.c:660

Remove the call to libxl_domain_build_info_dispose() from
libxlMakeDomBuildInfo().  On error, callers will dispose the
libxl_domain_config object, which in turn disposes the build info.

With the introduction of the libxlDomainGetEmulatorType function,
it is trivial to support a user-specfied <emulator> in the libxl
driver.  This patch is based loosely on David Scott's old patch
to do the same

https://www.redhat.com/archives/libvir-list/2013-April/msg02119.htmlSigned-off-by: NJim Fehlig <jfehlig@suse.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1155441

It makes sense for none of the callers to have negative value as an
output and, fortunately, if anyone tried defining domain with negative
memory or any other value parsed by virDomainParseScaledValue(), the
resulting value was 0.  That means we can error out during parsing as
it won't break anything.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1155843Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

After cidr_format is allocated by virAsprintf and used by vshPrintExtra
it needs to be freed.

Fix the following memory leak from valgrind:
 18 bytes in 1 blocks are definitely lost in loss record 41 of 192
    at 0x4C29BBD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
    by 0x85CE36F: __vasprintf_chk (vasprintf_chk.c:80)
    by 0x4EE52D5: UnknownInlinedFun (stdio2.h:210)
    by 0x4EE52D5: virVasprintfInternal (virstring.c:459)
    by 0x4EE53CA: virAsprintfInternal (virstring.c:480)
    by 0x14FE96: cmdNetworkDHCPLeases (virsh-network.c:1378)
    by 0x13006B: vshCommandRun (virsh.c:1915)
    by 0x12A9E1: main (virsh.c:3699)
Signed-off-by: NLuyao Huang <lhuang@redhat.com>

The virGetSCSIHostNumber function return type is int, however
its stubbed version returns NULL. That results in a build fail
on systems that use the stubbed version. Fix by using a proper
return type.

Currently, build fails on FreeBSD because its struct ifreq does not
have ifr_hwaddr member. In order to fix that, check if this member
is present, otherwise fall back to the stub version of the
virNetDev{Add,Del}Multi functions.

virFileReadAll returns a chunk of memory that needs to be free'd when
done

The complaint is that if cleanup is called when virFileReadAll fails,
then mcast->entries is NULL and could be dereferenced in the clear
function. After following the code some - I saw that the caller to
the function (virNetDevGetMulticastTable) will also call
virNetDevMcastListClear if this function returns -1, so this
isn't necessary, so I removed the call.