When creating a virtual FC HBA with virsh/libvirt API, an error message
will be returned: "error: Node device not found",
also the 'nodedev-dumpxml' shows wrong information of wwpn & wwnn
for the new created device.

Signed-off-by: xschen@tnsoft.com.cn

This reverts f90af691 which switched wwpn & wwwn in the wrong place.

https://www.kernel.org/doc/Documentation/scsi/scsi_fc_transport.txt
(cherry picked from commit 3c0d5e22)

If networkUnplugBandwidth is called on a network which has
no bandwidth defined, print a warning instead of crashing.

This can happen when destroying a domain with bandwidth if
bandwidth was removed from the network after the domain was
started.

https://bugzilla.redhat.com/show_bug.cgi?id=975359
(cherry picked from commit 658c932a)

On Thu, Jun 27, 2013 at 03:56:42PM +0100, Daniel P. Berrange wrote:
> Hi Security Team,
>
> I've discovered a way for an unprivileged user with a readonly connection
> to libvirtd, to crash the daemon.

Ok, the final patch for this is issue will be the simpler variant that
Eric suggested

The embargo can be considered to be lifted on Monday July 1st, at
0900 UTC

The following is the GIT change that DV or myself will apply to libvirt
GIT master immediately before the 1.1.0 release:

>From 177b4165c531a4b3ba7f6ab6aa41dca9ceb0b8cf Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Fri, 28 Jun 2013 10:48:37 +0100
Subject: [PATCH] CVE-2013-2218: Fix crash listing network interfaces with
 filters

The virConnectListAllInterfaces method has a double-free of the
'struct netcf_if' object when any of the filtering flags cause
an interface to be skipped over. For example when running the
command 'virsh iface-list --inactive'

This is a regression introduced in release 1.0.6 by

  commit 7ac2c4fe
  Author: Guannan Ren <gren@redhat.com>
  Date:   Tue May 21 21:29:38 2013 +0800

    interface: list all interfaces with flags == 0
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 244e0b8c)

Don't check for '\n' at the end of file if zero bytes were read.

Found by valgrind:
==404== Invalid read of size 1
==404==    at 0x529B09F: virCgroupGetValueStr (vircgroup.c:540)
==404==    by 0x529AF64: virCgroupMoveTask (vircgroup.c:1079)
==404==    by 0x1EB475: qemuSetupCgroupForEmulator (qemu_cgroup.c:1061)
==404==    by 0x1D9489: qemuProcessStart (qemu_process.c:3801)
==404==    by 0x18557E: qemuDomainObjStart (qemu_driver.c:5787)
==404==    by 0x190FA4: qemuDomainCreateWithFlags (qemu_driver.c:5839)

Introduced by 0d0b4098.

https://bugzilla.redhat.com/show_bug.cgi?id=978356
(cherry picked from commit 306c49ff)

We only break out of the while loop if *content is an empty string.
However the buffer has been allocated to BUFSIZ + 1 (8193 in my case),
but it gets overwritten in the next for iteration.

Move VIR_FREE right before we overwrite it to avoid the leak.

==5777== 16,386 bytes in 2 blocks are definitely lost in loss record 1,022 of 1,027
==5777==    by 0x5296E28: virReallocN (viralloc.c:184)
==5777==    by 0x52B0C66: virFileReadLimFD (virfile.c:1137)
==5777==    by 0x52B0E1A: virFileReadAll (virfile.c:1199)
==5777==    by 0x529B092: virCgroupGetValueStr (vircgroup.c:534)
==5777==    by 0x529AF64: virCgroupMoveTask (vircgroup.c:1079)

Introduced by 83e4c775.

https://bugzilla.redhat.com/show_bug.cgi?id=978352
(cherry picked from commit 5bc8ecb8)

Free the old XML strings before overwriting them if the user
has chosen to reedit the file or force the redefinition.

Found by Alex Jia trying to reproduce another bug:
https://bugzilla.redhat.com/show_bug.cgi?id=977430#c3
(cherry picked from commit 1e3a2529)

As a consequence of the cgroup layout changes from commit 'cfed9ad4', the
lxcDomainGetSchedulerParameters[Flags]()' and lxcGetSchedulerType() APIs
failed to return data for a non running domain.  This can be seen through
a 'virsh schedinfo <domain>' command which returns:

Scheduler      : Unknown
error: Requested operation is not valid: cgroup CPU controller is not mounted

Prior to that change a non running domain would return:

Scheduler      : posix
cpu_shares     : 0
vcpu_period    : 0
vcpu_quota     : 0
emulator_period: 0
emulator_quota : 0

This patch will restore the capability to return configuration only data
for a non running domain regardless of whether cgroups are available.
(cherry picked from commit 38ada092)

As a consequence of the cgroup layout changes from commit '632f78ca', the
qemuDomainGetSchedulerParameters[Flags]()' and qemuGetSchedulerType() APIs
failed to return data for a non running domain.  This can be seen through
a 'virsh schedinfo <domain>' command which returns:

Scheduler      : Unknown
error: Requested operation is not valid: cgroup CPU controller is not mounted

Prior to that change a non running domain would return:

Scheduler      : posix
cpu_shares     : 0
vcpu_period    : 0
vcpu_quota     : 0
emulator_period: 0
emulator_quota : 0

This patch will restore the capability to return configuration only data
for a non running domain regardless of whether cgroups are available.
(cherry picked from commit b2375453)

Use the host number as the host number when constructing the sysfs path
instead of the variable we are trying to fill.

https://bugzilla.redhat.com/show_bug.cgi?id=973543
(cherry picked from commit 371c1551)

(cherry picked from commit ddf8ad82)

https://bugzilla.redhat.com/show_bug.cgi?id=973543
(cherry picked from commit cbb3b71d)

Change the socket path to match the one used by lockd driver.

https://bugzilla.redhat.com/show_bug.cgi?id=968128
(cherry picked from commit 70fe1295)

Our configure.ac says:

    Not all versions of gnutls include -lgcrypt, and so we add
    it explicitly for the calls to gcry_control/check_version

Thus we cannot rely on gnutls-devel to bring grcypt-devel as a
dependency.
(cherry picked from commit 3b50a711)

Using an uninitialized value and a bool saying if the value is valid may
confuse compilators.
(cherry picked from commit 4db39e3f)

Found by 'git grep FREE.*cpumask' after looking at 31f1f6bf.
(cherry picked from commit de688959)

* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: pull localization updates and regenerate the po

Use style like:

void
foo (const char *name)
{
    printf("Hello, %s\n", name);
}

Later patches will clean up node_device_hal.c more.

With unknown good reasons, the attribute "bus" of scsi device
address is always set to 0, same for attribute "target". (See
virDomainDiskDefAssignAddress).

Though we might need to change the algorithm to honor "bus"
and "target" too, that's a different issue. The address generator
for scsi host device in this patch just follows the unknown
good reasons, only considering the "controller" and "unit".
It walks through all scsi controllers and their units, to see
if the address $controller:0:0:$unit can be used (if not used
by any disk or scsi host device yet), if found one, it sits on
it, otherwise, it creates a new controller (actually the controller
is implicitly created by someone else), and sits on
$new_controller:0:0:0 instead.

This should resolve:

  https://bugzilla.redhat.com/show_bug.cgi?id=959191

The problem was that qemuUpdateActivePciHostdevs was returning 0
(success) when no hostdevs were present, but would otherwise return -1
(failure) even when it completed successfully. It is only called from
qemuProcessReconnect(), and when qemuProcessReconnect got back an
error, it would not only stop reconnecting, but would terminate the
guest qemu process "to remove danger of it ending up running twice if
user tries to start it again later".

(This bug was introduced in commit 011cf7ad, which was pushed between
v1.0.2 and v1.0.3, so all maintenance branches from v1.0.3 up to 1.0.5
will need this one line patch applied.)

Similar to what Eric did for Cygwin it helps at least to compile
without --without-vbox

A mingw build (where the qemu driver is not built, so WITH_QEMU
is undefined) failed with:

In file included from ../../src/qemu/qemu_command.h:30:0,
                 from ../../tests/testutilsqemu.h:4,
                 from ../../tests/networkxml2xmltest.c:14:
../../src/qemu/qemu_conf.h:53:4: error: #error "Port me"

But since testutilsqemu.c is already conditional, the header
should be likewise.

* tests/testutilsqemu.h: Make content conditional.
Signed-off-by: NEric Blake <eblake@redhat.com>

We can't use GNULIB's fprintf-posix due to licensing
incompatibilities. We do already have a portable
formatting via virAsprintf() which we got from GNULIB
though. We can use to create a virFilePrintf() function.

But really gnulib could just provide a 'fprintf'
module, that depended on just its 'asprintf' module.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

A literal IPv6 must be escaped, otherwise migration fails with:
unable to execute QEMU command 'drive-mirror': address resolution failed
for f0::0d:5901: Servname not supported for ai_socktype
since QEMU treats everything after the first ':' as the port.

https://bugzilla.redhat.com/show_bug.cgi?id=903480

During domain destruction it's possible that the learnIPAddressThread has
already removed the interface prior to the teardown filter path being run.
The teardown code would only be telling the thread to terminate.

Commit '6afdfc8e' adjusted the exit and error paths to go through the error
and cleanup labels, but neglected to remove the return ret prior to cleanup.
Also noted the 'type' xml string fetch was never checked for NULL which
could lead to some interesting results.

If snapshot creation failed for example due to invalid use of the
"REUSE_EXTERNAL" flag, libvirt killed access to the original image file
instead of the new image file. On machines with selinux this kills the
whole VM as the selinux context is enforced immediately.

* qemu_driver.c:qemuDomainSnapshotUndoSingleDiskActive():
    - Kill access to the new image file instead of the old one.

Partially resolves: https://bugzilla.redhat.com/show_bug.cgi?id=906639

After deleting "WithDriver" from the async job function the code was
unaligned.

Commit d671121d was incomplete; I hit another compile fail on
cygwin not finding the correct rpc/rpc.h.

* src/Makefile.am (virtlockd_CFLAGS): Add XDR_CFLAGS.
Signed-off-by: NEric Blake <eblake@redhat.com>

A bug in Cygwin [1] and poor error messages from gcc [2] lead
to this confusing compilation error:

qemu/qemu_monitor.c:418:9: error: passing argument 2 of 'sendmsg' from incmpatible pointer type
/usr/include/sys/socket.h:42:11: note: expected 'const struct msghdr *' but argument is of type 'struct msghdr *'

[1] http://cygwin.com/ml/cygwin/2013-05/msg00451.html
[2] http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57475

* src/qemu/qemu_monitor.c (includes): Include <sys/socket.h>
before <sys/un.h>.
Signed-off-by: NEric Blake <eblake@redhat.com>

This is a recurring problem for cygwin :)
For example, see commit 23a4df88.

qemu/qemu_driver.c: In function 'qemuStateInitialize':
qemu/qemu_driver.c:691:13: error: format '%d' expects type 'int', but argument 8 has type 'uid_t' [-Wformat]

* src/qemu/qemu_driver.c (qemuStateInitialize): Add casts.
* daemon/remote.c (remoteDispatchAuthList): Likewise.
Signed-off-by: NEric Blake <eblake@redhat.com>

A cygwin build of the qemu driver fails with:

qemu/qemu_process.c: In function 'qemuPrepareCpumap':
qemu/qemu_process.c:1803:31: error: 'CPU_SETSIZE' undeclared (first use in this function)

CPU_SETSIZE is a Linux extension in <sched.h>; a bit more portable
is using sysconf if _SC_NPROCESSORS_CONF is defined (several platforms
have it, including Cygwin).  Ultimately, I would have preferred to
use gnulib's 'nproc' module, but it is currently under an incompatible
license.

* src/qemu/qemu_conf.h (QEMUD_CPUMASK_LEN): Provide definition on
cygwin.
Signed-off-by: NEric Blake <eblake@redhat.com>

On cygwin, the build failed with:

In file included from ./rpc/virnetmessage.h:24:0,
                 from ./rpc/virnetclient.h:29,
                 from locking/lock_driver_lockd.c:31:
./rpc/virnetprotocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory

* src/Makefile.am (lockd_la_CFLAGS): Add XDR_CFLAGS.
Signed-off-by: NEric Blake <eblake@redhat.com>

Compilation on cygwin failed due to a bug in the sasl headers
present on that platform (libsasl2-devel 2.1.26):

In file included from rpc/virnetserverclient.c:27:0:
/usr/include/sasl/sasl.h:230:38: error: expected declaration specifiers or '...' before 'size_t'

Upstream is aware of their bug:
https://bugzilla.cyrusimap.org/show_bug.cgi?id=3759

* src/rpc/virnetserverclient.c (includes): Ensure size_t is
defined before using sasl.h.
Signed-off-by: NEric Blake <eblake@redhat.com>

Bummer, I committed, then fixed a typo, then tested, and forgot to
amend the commit before pushing 7d21d6b6.

* src/rpc/virnettlscontext.c (includes): Use correct spelling.

Because it's a valid combination. p2p still uses a separate channel
for qemu migration, so there's value in letting the user specify a manual
migrate URI for overriding auto-port, or libvirt's FQDN lookup.

What _isn't_ allowed is --migrateuri and TUNNELLED, since there is
no separate migration channel. Disallow that instead

Since as the code indicates it doesn't work yet, so let's be
explicit about it.

By actually showing the Open() error to the user